You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/09/17 14:55:50 UTC
svn commit: r998105 - in /sling/trunk/bundles/auth:
core/src/main/java/org/apache/sling/auth/core/spi/
form/src/main/java/org/apache/sling/auth/form/impl/
openid/src/main/java/org/apache/sling/auth/openid/
selector/src/main/java/org/apache/sling/auth/s...
Author: fmeschbe
Date: Fri Sep 17 12:55:49 2010
New Revision: 998105
URL: http://svn.apache.org/viewvc?rev=998105&view=rev
Log:
SLING-1783 Make the use of the j_reason request attribute to inform about failures for authentication official
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java
sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java
sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java Fri Sep 17 12:55:49 2010
@@ -40,6 +40,12 @@ public interface AuthenticationFeedbackH
* authentication handler whose
* {@link AuthenticationHandler#requestCredentials(HttpServletRequest, HttpServletResponse)
* requestCredentials} method will be called.
+ * <p>
+ * Implementations may also wish to set the
+ * {@link AuthenticationHandler#FAILURE_REASON} request attribute to inform
+ * interested parties (including its any
+ * {@link AuthenticationHandler#requestCredentials(HttpServletRequest, HttpServletResponse)}
+ * method about the reasons of failure to to authenticate.
*
* @param request The current request
* @param response The current response
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java Fri Sep 17 12:55:49 2010
@@ -81,6 +81,16 @@ public interface AuthenticationHandler {
static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
/**
+ * Name of the request attribute which may be set by the
+ * {@link #extractCredentials(HttpServletRequest, HttpServletResponse)}
+ * method if {@link AuthenticationInfo#FAIL_AUTH} is returned.
+ * <p>
+ * This result may be used by authentication handlers to inform the user
+ * of any failures.
+ */
+ static final String FAILURE_REASON = "j_reason";
+
+ /**
* Extracts credential data from the request if at all contained.
* <p>
* The method returns any of the following values :
@@ -104,7 +114,11 @@ public interface AuthenticationHandler {
* <td>the handler failed extracting the credentials from the request for
* any reason. An example of this result is that credentials are present in
* the request but they could not be validated and thus not be used for
- * request processing.
+ * request processing. When returning this value, the authentication handler
+ * may also set the {@link #FAILURE_REASON} request attribute to inform
+ * interested parties (including its own
+ * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}
+ * method for the reasons of failure to extract the credentials.
* </tr>
* <tr>
* <td><code>AuthenticationInfo</code> object
Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java (original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java Fri Sep 17 12:55:49 2010
@@ -26,6 +26,7 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.form.FormReason;
/**
@@ -65,12 +66,12 @@ public class AuthenticationFormServlet e
*/
protected String getReason(final HttpServletRequest request) {
// return the resource attribute if set to a non-empty string
- Object resObj = request.getAttribute(FormAuthenticationHandler.PAR_J_REASON);
+ Object resObj = request.getAttribute(AuthenticationHandler.FAILURE_REASON);
if (resObj instanceof FormReason) {
return ((FormReason) resObj).toString();
}
- final String reason = request.getParameter(FormAuthenticationHandler.PAR_J_REASON);
+ final String reason = request.getParameter(AuthenticationHandler.FAILURE_REASON);
if (reason != null) {
try {
return FormReason.valueOf(reason).toString();
Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java Fri Sep 17 12:55:49 2010
@@ -241,15 +241,6 @@ public class FormAuthenticationHandler e
private static final String PAR_J_VALIDATE = "j_validate";
/**
- * The name of the request parameter indicating to the login form why the
- * form is being rendered. If this parameter is not set the form is called
- * for the first time and the implied reason is that the authenticator just
- * requests credentials. Otherwise the parameter is set to a
- * {@link FormReason} value.
- */
- static final String PAR_J_REASON = "j_reason";
-
- /**
* Key in the AuthenticationInfo map which contains the domain on which the
* auth cookie should be set.
*/
@@ -333,7 +324,7 @@ public class FormAuthenticationHandler e
} else {
if (this.loginAfterExpire) {
// signal the requestCredentials method a previous login failure
- request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT);
+ request.setAttribute(FAILURE_REASON, FormReason.TIMEOUT);
info = AuthenticationInfo.FAIL_AUTH;
}
// clear the cookie, its invalid and we should get rid of it so that the invalid cookie
@@ -421,13 +412,13 @@ public class FormAuthenticationHandler e
}
// append indication of previous login failure
- if (request.getAttribute(PAR_J_REASON) != null) {
- final Object jReason = request.getAttribute(PAR_J_REASON);
+ if (request.getAttribute(FAILURE_REASON) != null) {
+ final Object jReason = request.getAttribute(FAILURE_REASON);
@SuppressWarnings("unchecked")
final String reason = (jReason instanceof Enum)
? ((Enum) jReason).name()
: jReason.toString();
- targetBuilder.append(parSep).append(PAR_J_REASON);
+ targetBuilder.append(parSep).append(FAILURE_REASON);
targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
}
@@ -470,7 +461,7 @@ public class FormAuthenticationHandler e
authStorage.clear(request, response);
// signal the requestCredentials method a previous login failure
- request.setAttribute(PAR_J_REASON, FormReason.INVALID_CREDENTIALS);
+ request.setAttribute(FAILURE_REASON, FormReason.INVALID_CREDENTIALS);
}
/**
@@ -1003,23 +994,23 @@ public class FormAuthenticationHandler e
final StringBuilder header = new StringBuilder();
// default setup with name, value, cookie path and HttpOnly
- header.append(name).append('=').append(value);
- header.append(";Path=").append(cookiePath);
- header.append(";HttpOnly"); // don't allow JS access
+ header.append(name).append("=\"").append(value).append('"');
+ header.append("; Path=\"").append(cookiePath).append('"');
+ header.append("; HttpOnly"); // don't allow JS access
// set the cookie domain if so configured
if (domain != null) {
- header.append(";Domain=").append(domain);
+ header.append("; Domain=\"").append(domain).append('"');
}
// Only set the Max-Age attribute to remove the cookie
- if (age == 0) {
- header.append(";Max-Age=").append(age);
+ if (age >= 0) {
+ header.append("; Max-Age=\"").append(age).append('"');
}
// ensure the cookie is secured if this is an https request
if (request.isSecure()) {
- header.append(";Secure");
+ header.append("; Secure");
}
response.addHeader(HEADER_SET_COOKIE, header.toString());
Modified: sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java (original)
+++ sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java Fri Sep 17 12:55:49 2010
@@ -18,6 +18,8 @@
*/
package org.apache.sling.auth.openid;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+
/**
* The <code>OpenIDConstants</code> class defines useful constants for
* implementors of login forms for OpenID authentication.
@@ -56,7 +58,7 @@ public final class OpenIDConstants {
* </div>
* </pre>
*/
- public static final String OPENID_FAILURE_REASON = "j_reason";
+ public static final String OPENID_FAILURE_REASON = AuthenticationHandler.FAILURE_REASON;
/**
* The name of the request parameter set by the
Modified: sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java Fri Sep 17 12:55:49 2010
@@ -34,7 +34,6 @@ import org.apache.felix.scr.annotations.
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.auth.core.spi.AbstractAuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
-import org.apache.sling.auth.openid.OpenIDConstants;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,15 +59,6 @@ public class SelectorAuthenticationHandl
AbstractAuthenticationHandler {
/**
- * The name of the request parameter indicating to the login form why the
- * form is being rendered. If this parameter is not set the form is called
- * for the first time and the implied reason is that the authenticator just
- * requests credentials. Otherwise the parameter is set to a
- * {@link FormReason} value.
- */
- static final String PAR_J_REASON = "j_reason";
-
- /**
* Request parameter indicating which authentication type was selected by
* the user. This is used to present the appropriate form if login fails.
*/
@@ -109,21 +99,13 @@ public class SelectorAuthenticationHandl
"UTF-8"));
// append indication of previous login failure
- if (request.getAttribute(PAR_J_REASON) != null) {
- final Object jReason = request.getAttribute(PAR_J_REASON);
- @SuppressWarnings("rawtypes")
- final String reason = (jReason instanceof Enum)
- ? ((Enum) jReason).name()
- : jReason.toString();
- targetBuilder.append('&').append(PAR_J_REASON);
- targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
- } else if (request.getAttribute(OpenIDConstants.OPENID_FAILURE_REASON) != null) {
- final Object jReason = request.getAttribute(OpenIDConstants.OPENID_FAILURE_REASON);
+ if (request.getAttribute(FAILURE_REASON) != null) {
+ final Object jReason = request.getAttribute(FAILURE_REASON);
@SuppressWarnings("rawtypes")
final String reason = (jReason instanceof Enum)
? ((Enum) jReason).name()
: jReason.toString();
- targetBuilder.append('&').append(PAR_J_REASON);
+ targetBuilder.append('&').append(FAILURE_REASON);
targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
}
Modified: sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java (original)
+++ sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java Fri Sep 17 12:55:49 2010
@@ -28,6 +28,7 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.form.FormReason;
import org.apache.sling.auth.openid.OpenIDConstants;
import org.apache.sling.auth.openid.OpenIDFailure;
@@ -87,12 +88,12 @@ public class SelectorFormServlet extends
// 1. Check whether there is a reason from the Form Based Authentication
// Handler
- Object formResObj = request.getAttribute(SelectorAuthenticationHandler.PAR_J_REASON);
+ Object formResObj = request.getAttribute(AuthenticationHandler.FAILURE_REASON);
if (formResObj instanceof Enum<?>) {
return formResObj.toString();
}
- final String jReason = request.getParameter(SelectorAuthenticationHandler.PAR_J_REASON);
+ final String jReason = request.getParameter(AuthenticationHandler.FAILURE_REASON);
if (jReason != null) {
try {
return FormReason.valueOf(jReason).toString();