You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bu...@apache.org on 2015/09/22 12:23:33 UTC
svn commit: r966334 [7/11] - in /websites/staging/sling/trunk/content: ./
documentation/ documentation/bundles/ documentation/bundles/scripting/
documentation/development/ documentation/getting-started/
documentation/legacy/ documentation/the-sling-eng...
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/architecture.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/architecture.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/architecture.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Architecture</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Architecture</h1>
- <p>The following is a short list of high-lights of Sling:</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The following is a short list of high-lights of Sling:</p>
<ul>
<li><strong><a href="#osgi">OSGi</a></strong> — The Sling application is built as a series of OSGi bundles and makes heavy use of a number of OSGi core and compendium services.</li>
<li><strong><a href="#sling-api">Sling API</a></strong> — To implement content based Web applications with Sling, an API has been defined, this extends the Servlet API and provides more functionality to work on the content.</li>
@@ -100,16 +122,16 @@
<li><strong><a href="#launchpad">Launchpad</a></strong> — Sling uses a very thin launcher to integrate with an existing servlet container, launching Sling as a Web application or providing a main class to represent a standalone Java application.</li>
</ul>
<p>The following sections elaborate on each of these highlights.</p>
-<h2 id="osgi">OSGi</h2>
+<h2 id="osgi">OSGi<a class="headerlink" href="#osgi" title="Permanent link">¶</a></h2>
<p><a href="http://www.osgi.org">OSGi</a> is a consortium that has developed a specification to build modular and extensible applications. This offers <a href="http://www.osgi.org/About/WhyOSGi">various benefits</a>. We deal mainly with two parts of the specifications: The Core Specification, which defines the OSGi Framework and Core Services, and the Compendium Services Specification, which defines a host of services that extend the functionality of the OSGi Framework.</p>
-<h3 id="osgi-framework">OSGi Framework</h3>
+<h3 id="osgi-framework">OSGi Framework<a class="headerlink" href="#osgi-framework" title="Permanent link">¶</a></h3>
<p>The OSGi Framework is made up of three layers – Module, Lifecycle, and Services – that define how extensible applications are built and deployed. The responsibilities of the layers are:</p>
<ul>
<li><strong>Module</strong> — Defines how a module, or a <em>Bundle</em> in OSGi-speak, is defined. Basically, a bundle is just a plain old JAR file, whose manifest file has some defined entries. These entries identify the bundle with a symbolic name, a version and more. In addition there are headers which define what a bundle provides <code>Export-Package</code> and what a bundle requires to be operative <code>Import-Package</code> and <code>Require-Bundle</code>.</li>
<li><strong>Lifecycle</strong> — The lifecycle layer defines the states a bundle may be in and describes the state changes. By providing a class, which implements the <code>BundleActivator</code> interface and which is named in the <code>Bundle-Activator</code> manifest header, a bundle may hook into the lifecycle process when the bundle is started and stopped.</li>
<li><strong>Services</strong> — For the application to be able to interact, the OSGi Core Specification defines the service layer. This describes a registry for services, which may be shared.</li>
</ul>
-<h3 id="compendium-services">Compendium Services</h3>
+<h3 id="compendium-services">Compendium Services<a class="headerlink" href="#compendium-services" title="Permanent link">¶</a></h3>
<p>Based on the OSGi Framework specification, the Compendium Services specification defines a (growing) number of extension services, which may be used by applications for various tasks. Of these Compendium Services, Sling is using just a small number:</p>
<ul>
<li><strong>Log Service</strong> — Sling comes with its own implementation of the OSGi Log Service specification. The respective bundle not only provides this implementation, it also exports the SLF4J, Log4J and Commons Logging APIs needed for the Sling application to perform logging.</li>
@@ -119,25 +141,25 @@
<li><strong>Event Admin Service</strong> — Sling uses the OSGi EventAdmin service to dispatch events when scheduling tasks.</li>
<li><strong>Declarative Services</strong> — One of the most important (beside the Log Service) services used by Sling is the Declarative Services Specification. This specification defines how to declaratively create components and services to have the Declarative Services runtime actually manage the lifecycle, configuration and references of components.</li>
</ul>
-<h2 id="sling-api">Sling API</h2>
+<h2 id="sling-api">Sling API<a class="headerlink" href="#sling-api" title="Permanent link">¶</a></h2>
<p>The Sling API is an extension to the Servlet API which provides more functionality to interact with the Sling framework and also to extend Sling itself and to implement Sling applications.</p>
<p>See the <a href="/old-stuff/sling-api.html">Sling API</a> page for more information.</p>
-<h2 id="request-processing">Request Processing</h2>
+<h2 id="request-processing">Request Processing<a class="headerlink" href="#request-processing" title="Permanent link">¶</a></h2>
<p>Traditional Web Application framework emply more or less elaborate methods to select a Servlet or Controller based on the request URL, which in turn tries to load some data (usually from a database) to act upon and finally to render the result somehow.</p>
<p>Sling turns this processing around in that it places the data to act upon at the center and consequently uses the request URL to first resolve the data to process. This data is internally represented as an instance of the <code>Resource</code> interface. Based on this resource as well as the request method and more properties of the request URL a script or servlet is then selected to handle the request.</p>
<p>See the <a href="/documentation/the-sling-engine/servlets.html">Servlets</a> page for more information.</p>
-<h2 id="resources">Resources</h2>
+<h2 id="resources">Resources<a class="headerlink" href="#resources" title="Permanent link">¶</a></h2>
<p>The Resource is one of the central parts of Sling. Extending from JCR's <em>Everything is Content</em>, Sling assumes <em>Everthing is a Resource</em>. Thus Sling is maintaining a virtual tree of resources, which is a merger of the actual contents in the JCR Repository and resources provided by so called resource providers.</p>
<p>Each resource has a path by which it is addressed in the resource tree, a resource type and some resource metadata (such as file size, last modification time). It is important to understand, that a <code>Resource</code> instance actually is only a handle to the actual data. By virtue of the <code>adaptTo(Class<Type>)</code> method, a resource may be coerced into another data type, which may then be used while processing the request. Examples of data types are <code>javax.jcr.Node</code> and <code>java.io.InputStream</code>.</p>
<p>See the <a href="/documentation/the-sling-engine/resources.html">Resources</a> page for more information.</p>
-<h2 id="servlets-and-scripts">Servlets and Scripts</h2>
+<h2 id="servlets-and-scripts">Servlets and Scripts<a class="headerlink" href="#servlets-and-scripts" title="Permanent link">¶</a></h2>
<p>Scripts are usually provided as content in a JCR repository. But since Sling is using a resource tree, a script actually is represented as a Resource and may be provided from within a Bundle (by virtue of the bundle resource provider) or even from the platform file system (by virtue of the file system resource provider).</p>
<p>Accessing scripts in the resource tree, allows for a very easy to understand mapping from resource type to some script path.</p>
<p>Having found the script resource, we still need access to the appropriate script language implementation to evaluate the script. To this avail, Sling is making use of the <code>Resource.adaptTo(Class<Type>)</code> method: If a script language implementation is available for the extension of the script name an adaptor for the script resource can be found, which handles the evaluation of the script.</p>
<p>Besides scripting languages, such as ECMAScript, Groovy, JSP, Sling also supports regular servlets. To be able to use servlets for request processing, such servlets must be registered as OSGi services for the <code>javax.servlet.Servlet</code> interface and provide a number of service registration properties, which are used to use the servlets. In fact servlets thus registered as OSGi services are mapped into the resource tree by means of a servlet resource provider. This resource provider mapps the servlets into the resource tree using the service registration properties to build one or more resource paths for the servlet.</p>
<p>As a result of mapping servlets into the resource tree and the possibility to adapt resource to an adaptor data type, scripts and servlets may be handled completely transparently: The servlet resolver just looks for a resource matching the resource type and adapts the resource found to <code>javax.jcr.Servlet</code>. If the resource happens to be provided by a servlet resource provider, the adapter is of course the servlet itself. If the resource happens to be a script, the adapter is a servlet facade which internally calls the script language implementation to evaluate the script.</p>
<p>See the <a href="/old-stuff/servlet-resolution.html">Servlet Resolution</a> page for more information.</p>
-<h2 id="launchpad">Launchpad</h2>
+<h2 id="launchpad">Launchpad<a class="headerlink" href="#launchpad" title="Permanent link">¶</a></h2>
<p>Sling may be launched as a standalone application using the Sling Application or as a Web Application running inside any Servlet API 2.4 or newer Servlet Container.</p>
<p>The Sling Application is a standalone Java Application which is really small: Just the main class and some glue classes. The OSGi framework as well as the OSGi API libraries are packaged as a JAR file, which is loaded through a custom classloader. This enables to update the framework and/or OSGi API libraries from within Sling by updating the system bundle.</p>
<p>The Sling Servlet is equally small as the Sling Application. It uses the Felix <code>HttpService</code> bridge as the glue between the servlet container and the OSGi framework.</p>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Authentication</h1>
- <p>This section describes the framework provided by Sling to authenticate HTTP requests.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>This section describes the framework provided by Sling to authenticate HTTP requests.</p>
<p>Let's look at generic request processing of Sling: Sling is linked into the outside world by registering the Sling Main Servlet – implemented by the <code>SlingMainServlet</code> class in the Sling Engine bundle – with an OSGi <code>HttpService</code>. This registration is accompanyied with an implementation instance of the OSGi <code>HttpContext</code> interface, which defines a method to authenticate requests: <code>handleSecurity</code>.</p>
<p>This method is called by the OSGi HTTP Service implementation after the servlet has been selected to handle the request but before actually calling the servlet's <code>service</code> method.</p>
<p><a href="authentication.png" style="float:left;padding-right:5%">
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - Actors</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,23 +101,34 @@
<h1>Authentication - Actors</h1>
- <p>The authentication process involves a number of actors contributing to the concepts, the API and the particular implementations.</p>
-<h2 id="osgi-http-service-specification">OSGi Http Service Specification</h2>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The authentication process involves a number of actors contributing to the concepts, the API and the particular implementations.</p>
+<h2 id="osgi-http-service-specification">OSGi Http Service Specification<a class="headerlink" href="#osgi-http-service-specification" title="Permanent link">¶</a></h2>
<p>The main support for authentication is defined by the OSGi Http Service specification. This specification defines how an OSGi application can register servlets and resources to build web applications. As part of the servlet and/or resource registration a <code>HttpContext</code> may be provided, which allows for additional support.</p>
<p>The main method of interest to the authentication process is the <code>handleSecurity</code> method. This is called by the OSGi Http Service implementation before the registered servlet is called. Its intent is to authenticate the request and to provide authentication information for the request object: the authentication type and the remote user name.</p>
<p>The Sling Auth Core bundle provides the <code>AuthenticationSupport</code> service which may be used to the implement the <code>HttpContext.handleSecurity</code> method.</p>
-<h2 id="sling-engine">Sling Engine</h2>
+<h2 id="sling-engine">Sling Engine<a class="headerlink" href="#sling-engine" title="Permanent link">¶</a></h2>
<p>The Sling Engine implements the main entry point into the Sling system by means of the <code>SlingMainServlet</code>. This servlet is registered with the OSGi Http Service and provides a custom <code>HttpContext</code> whose <code>handleSecurity</code> method is implemented by the <code>AuthenticationSupport</code> service.</p>
<p>When the request hits the <code>service</code> method of the Sling Main Servlet, the resource resolver provided by the <code>AuthenticationSupport</code> service is retrieved from the request attributes and used as the resource resolver for the request.</p>
<p>That's all there is for the Sling Engine to do with respect to authentication.</p>
-<h2 id="sling-auth-core">Sling Auth Core</h2>
+<h2 id="sling-auth-core">Sling Auth Core<a class="headerlink" href="#sling-auth-core" title="Permanent link">¶</a></h2>
<p>The support for authenticating client requests is implemented in the Sling Auth Core bundle. As such this bundle provides three areas of support</p>
<ul>
<li><code>AuthenticationHandler</code> service interface. This is implemented by services providing functionality to extract credentials from HTTP requests.</li>
<li><code>Authenticator</code> service interface. This is implemented by the <code>SlingAuthenticator</code> class in the Sling Auth Core bundle and provides applications with entry points to login and logout.</li>
<li><code>AuthenticationSupport</code> service interface. This is implemented by the <code>SlingAuthenticator</code> class in the Sling Auth Core bundle and allows applications registering with the OSGi HTTP Service to make use of the Sling authentication infrastructure.</li>
</ul>
-<h2 id="jcr-repository">JCR Repository</h2>
+<h2 id="jcr-repository">JCR Repository<a class="headerlink" href="#jcr-repository" title="Permanent link">¶</a></h2>
<p>The actual process of logging into the repository and provided a <code>Session</code> is implementation dependent. In the case of Jackrabbit extensibility is provided by configuration of the Jackrabbit repository by means of an interface and two helper classes:</p>
<ul>
<li><code>LoginModule</code> -- The interface to be implemented to provide login processing plugins</li>
@@ -118,7 +140,7 @@
<li><code>LoginModulePlugin</code> -- The main service interface. Plugins must implement this interface to be able to extend the login process. See for example the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/">Sling OpenID authentication handler</a>, which implements this interface to support OpenID authentication.</li>
<li><code>AuthenticationPlugin</code> -- Helper interface for the <code>LoginModulePlugin</code>.</li>
</ul>
-<h2 id="sling-applications">Sling Applications</h2>
+<h2 id="sling-applications">Sling Applications<a class="headerlink" href="#sling-applications" title="Permanent link">¶</a></h2>
<p>Sling Applications requiring authenticated requests should not care about how authentication is implemented. To support such functionality the <code>Authenticator</code> service is provided with two methods:</p>
<ul>
<li>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - AuthenticationHandler</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,9 +101,20 @@
<h1>Authentication - AuthenticationHandler</h1>
- <p>The <code>AuthenticationHandler</code> interface defines the service API which may be implemented by authentication handlers registered as OSGi services.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The <code>AuthenticationHandler</code> interface defines the service API which may be implemented by authentication handlers registered as OSGi services.</p>
<p><code>AuthenticationHandler</code> services have a single required service registration property which is used to identify requests to which the <code>AuthenticationHandler</code> service is applicable:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Property</th>
@@ -111,7 +133,7 @@
</tbody>
</table>
<p>Each path may be an absolute URL, an URL with just the host/port and path or just a plain absolute path:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>URL part</th>
@@ -143,20 +165,20 @@
</table>
<p>When looking for an <code>AuthenticationHandler</code> the authentication handler is selected whose path is the longest match on the request URL. If the service is registered with Scheme and Host/Port, these must exactly match for the service to be eligible. If multiple <code>AuthenticationHandler</code> services are registered with the same length matching path, the handler with the higher service ranking is selected<sup id="fnref:ranking"><a class="footnote-ref" href="#fn:ranking" rel="footnote">1</a></sup>.</p>
<p>The value of <code>path</code> service registration property value triggering the call to any of the <code>AuthenticationHandler</code> methods is available as the <code>path</code> request attribute (for the time of the method call only). If the service is registered with multiple path values, the value of the <code>path</code> request attribute may be used to implement specific handling.</p>
-<h3 id="implementations-provided-by-sling">Implementations provided by Sling</h3>
+<h3 id="implementations-provided-by-sling">Implementations provided by Sling<a class="headerlink" href="#implementations-provided-by-sling" title="Permanent link">¶</a></h3>
<ul>
<li><a href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html">Form Based AuthenticationHandler</a></li>
<li><a href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html">OpenID AuthenticationHandler</a></li>
</ul>
-<h3 id="sample-implementations">Sample implementations</h3>
-<h4 id="http-basic-authentication-handler">HTTP Basic Authentication Handler</h4>
+<h3 id="sample-implementations">Sample implementations<a class="headerlink" href="#sample-implementations" title="Permanent link">¶</a></h3>
+<h4 id="http-basic-authentication-handler">HTTP Basic Authentication Handler<a class="headerlink" href="#http-basic-authentication-handler" title="Permanent link">¶</a></h4>
<ul>
<li><code>extractCredentials</code> -- Get user name and password from the <code>Authorization</code> HTTP header</li>
<li><code>requestCredentials</code> -- Send a 401/UNAUTHORIZED status with <code>WWW-Authenticate</code> response header setting the Realm</li>
<li><code>dropCredentials</code> -- Send a 401/UNAUTHORIZED status with <code>WWW-Authenticate</code> response header setting the Realm</li>
</ul>
<p>Interestingly the <code>dropCredentials</code> method is implemented in the same way as the <code>requestCredentials</code> method. The reason for this is, that HTTP Basic authentication does not have a notion of login and logout. Rather the request is accompanied with an <code>Authorization</code> header or not. The contents of this header is usually cached by the client browser. So logout is actually simulated by sending a 401/UNAUTHORIZED status thus causing the client browser to clear the cache and ask for user name and password.</p>
-<h4 id="form-based-authentication-handler">Form Based Authentication Handler</h4>
+<h4 id="form-based-authentication-handler">Form Based Authentication Handler<a class="headerlink" href="#form-based-authentication-handler" title="Permanent link">¶</a></h4>
<ul>
<li><code>extractCredentials</code> -- Get user name and password with the help of a special cookie (note, that of course the cookie should not contain this data, but refer to it in an internal store of the authentication handler). If the cookie is not set, check for specific login parameters to setup the cookie.</li>
<li><code>requestCredentials</code> -- Send the login form for the user to provide the login parameters.</li>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Form Based AuthenticationHandler</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Form Based AuthenticationHandler</h1>
- <div class="toc">
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<div class="toc">
<ul>
<li><a href="#authenticationhandler-implementation">AuthenticationHandler implementation</a></li>
<li><a href="#authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler implementation</a></li>
@@ -107,18 +129,18 @@
<li>The authentication type as returned by <code>HttpServletRequest.getAuthType()</code> is set to <code>HttpServletRequest.FORM_AUTH</code>.</li>
</ul>
<p>The Form Based Authentication Handler is maintained in the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form">Sling SVN</a></p>
-<h3 id="authenticationhandler-implementation">AuthenticationHandler implementation</h3>
+<h3 id="authenticationhandler-implementation">AuthenticationHandler implementation<a class="headerlink" href="#authenticationhandler-implementation" title="Permanent link">¶</a></h3>
<ul>
<li><code>extractCredentials</code> -- Prepares credentials for the form entered data or from the Cookie or HTTP Session attribute. Returns <code>null</code> if neither data is provided in the request</li>
<li><code>requestCredentials</code> -- Redirects the client (browser) to the login form</li>
<li><code>dropCredentials</code> -- Remove the Cookie or remove the HTTP Session attribute</li>
</ul>
-<h3 id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler implementation</h3>
+<h3 id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler implementation<a class="headerlink" href="#authenticationfeedbackhandler-implementation" title="Permanent link">¶</a></h3>
<ul>
<li><code>authenticationFailed</code> -- Remove the Cookie or remove the HTTP Session attribute</li>
<li><code>authenticationSucceeded</code> -- Set (or update) the Cookie or HTTP Session attribute</li>
</ul>
-<h3 id="phase-1-form-submission">Phase 1: Form Submission</h3>
+<h3 id="phase-1-form-submission">Phase 1: Form Submission<a class="headerlink" href="#phase-1-form-submission" title="Permanent link">¶</a></h3>
<p>The login form submitted in phase 1 to validate the user name and password must be provided in an HTTP <code>POST</code> request to an URL whose last segment is <code>j_security_check</code>. The request is ignored as a form submission if either the method is not <code>POST</code> or the last segment is no <code>j_security_check</code>.</p>
<p>The form is rendered by redirecting the client to the URL indicated by the <code>form.login.form</code> configuration parameter. This redirection request may accompanyied by the following parameters:</p>
<ul>
@@ -135,7 +157,7 @@
</ul>
<p>The <code>j_username</code> and <code>j_password</code> parameters are used to create a JCR <code>SimpleCredentials</code> object to log into the JCR Repository.</p>
<p>The <code>j_validate</code> parameter may be used to implement login form submission using AJAX. If this parameter is set to <code>true</code> (case-insensitive) the credentials are used to login and after success or failure to return a status code:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Status</th>
@@ -154,7 +176,7 @@
</tbody>
</table>
<p>If the <code>j_validate</code> parameter is not set or is set to any value other than <code>true</code>, the request processing depends on authentication success or failure:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Authentication</th>
@@ -174,7 +196,7 @@
</table>
<p>The <code>resource</code> and <code>sling.auth.redirect</code> parameters provide similar functionality but with differing historical backgrounds. The <code>resource</code> parameter is based on the <code>resource</code> request attribute which is set by the login servlet to indicate the original target resource the client desired when it was forced to authenticate. The <code>sling.auth.redirect</code> parameter can be used by clients (applications like cURL or plain HTML forms) to request being redirected after successful login. If both parameters are set, the <code>sling.auth.redirect</code> parameter takes precedence.</p>
<p>The Form Based Authentication Handler contains a <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java">default form servlet</a> and <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html">HTML form template</a>.</p>
-<h3 id="phase-2-authenticated-requests">Phase 2: Authenticated Requests</h3>
+<h3 id="phase-2-authenticated-requests">Phase 2: Authenticated Requests<a class="headerlink" href="#phase-2-authenticated-requests" title="Permanent link">¶</a></h3>
<p>After the successful authentication of the user in phase 1, the authentication state is stored in a Cookie or an HTTP Session. The stored value is a security token with the following contents:</p>
<div class="codehilite"><pre><span class="n">HmacSHA1</span><span class="p">(</span><span class="n">securetoken</span><span class="p">,</span> <span class="o"><</span><span class="n">securetokennumber</span><span class="o">><</span><span class="n">expirytime</span><span class="o">></span><span class="p">@</span><span class="o"><</span><span class="n">userID</span><span class="o">></span><span class="p">)@</span><span class="o"><</span><span class="n">securetokennumber</span><span class="o">><</span><span class="n">expirytime</span><span class="o">></span><span class="p">@</span><span class="o"><</span><span class="n">userID</span><span class="o">></span>
</pre></div>
@@ -194,9 +216,9 @@
<li><em>Secure</em> -- Set to the value returned by the <code>ServletRequest.isSecure()</code> method</li>
</ul>
<p>If the authentication state is kept in an HTTP Session the setup of the session ID cookie is maintained by the servlet container and is outside of the control of the Form Based AuthenticationHandler.</p>
-<h3 id="configuration">Configuration</h3>
+<h3 id="configuration">Configuration<a class="headerlink" href="#configuration" title="Permanent link">¶</a></h3>
<p>The Form Based Authentication Handler is configured with configuration provided by the OSGi Configuration Admin Service using the <code>org.apache.sling.formauth.FormAuthenticationHandler</code> service PID.</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Parameter</th>
@@ -243,7 +265,7 @@
</tbody>
</table>
<p><em>Note:</em> The <code>form.token.file</code> parameter currently refers to a file stored in the file system. If the path is a relative path, the file is either stored in the Authentication Handler bundle private data area or -- if not possible -- below the location indicated by the <code>sling.home</code> framework property or -- if <code>sling.home</code> is not set -- the current working directory. In the future this file may be store in the JCR Repository to support clustering scenarios.</p>
-<h3 id="security-considerations">Security Considerations</h3>
+<h3 id="security-considerations">Security Considerations<a class="headerlink" href="#security-considerations" title="Permanent link">¶</a></h3>
<p>Form Based Authentication has some limitations in terms of security:</p>
<ol>
<li>User name and password are transmitted in plain text in the initial form submission.</li>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - OpenID AuthenticationHandler</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>OpenID AuthenticationHandler</h1>
- <div class="toc">
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<div class="toc">
<ul>
<li><a href="#credentials-extraction">Credentials Extraction</a></li>
<li><a href="#phase-1-form-submission">Phase 1: Form Submission</a></li>
@@ -114,13 +136,13 @@
<p>Since generally an OpenID identity is an URL and URLs may not be used as JCR user names, an association mechanism is used by the OpenID authentication handler to associate an OpenID identity with an existing JCR user: The OpenID identity URL is set as the value of a JCR user property. When a user authenticates with his OpenID identity the matching user searched for by looking for a match in this property.</p>
<p><em>NOTE:</em> This association currently only works with Jackrabbit (or Jackrabbit based repositories) because user management is not part of the JCR 2 specification and the OpenID authentication handler uses the Jackrabbit <code>UserManager</code> to find users by a user property value.</p>
<p>The OpenID Authentication Handler is maintained in the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/">Sling SVN</a></p>
-<h3 id="credentials-extraction">Credentials Extraction</h3>
+<h3 id="credentials-extraction">Credentials Extraction<a class="headerlink" href="#credentials-extraction" title="Permanent link">¶</a></h3>
<p>Theoretically each request with the <code>openid_identifier</code> request parameter set may initiate an OpenID authentication process which involves resolving the OpenID provider for the identifier and subsequently authentication with the provider authorizing the Sling instance to use the OpenID identity.</p>
<p>This initiation, though, is not possible if the request already contains a valid and validated OpenID identifier either set as a request attribute or set in the HTTP Session or the OpenID cookie. In these situations, the current association of a client with an OpenID identity must first be removed by logging out, e.g. by requesting <code>/system/sling/logout.html</code> which causes the current OpenID user data to be removed by either removing it from the HTTP Session or by clearing the OpenID cookie.</p>
-<h3 id="phase-1-form-submission">Phase 1: Form Submission</h3>
+<h3 id="phase-1-form-submission">Phase 1: Form Submission<a class="headerlink" href="#phase-1-form-submission" title="Permanent link">¶</a></h3>
<p>Requesting an OpenID identifier is initiated by the Sling Authenticator deciding, that authentication is actually required to process a request and the OpenID Authentication Handler being selected to request credentials with.</p>
<p>In this case the OpenID authenticator causes a form to be rendered by redirecting the client to the URL indicated by the <code>form.login.form</code> configuration parameter. This redirection request may accompanied by the following parameters:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Request Parameter</th>
@@ -149,9 +171,9 @@
<li><code>resource</code> -- The <code>resource</code> request parameter should be sent back to ensure the user is finally redirected to requested target resource after successful authentication. If this request parameter is not set, or is set to an empty string, it is assumed to be the request context root path.</li>
</ul>
<p>The OpenID Authentication Handler provides a default login form registered at <code>/system/sling/openid/login</code>.</p>
-<h3 id="configuration">Configuration</h3>
+<h3 id="configuration">Configuration<a class="headerlink" href="#configuration" title="Permanent link">¶</a></h3>
<p>The OpenID AuthenticationHandler is configured with configuration provided by the OSGi Configuration Admin Service using the <code>org.apache.sling.openidauth.OpenIdAuthenticationHandler</code> service PID.</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Parameter</th>
@@ -212,8 +234,8 @@
</tr>
</tbody>
</table>
-<h3 id="authenticationhandler-implementation">AuthenticationHandler implementation</h3>
-<h4 id="extractcredentials">extractCredentials</h4>
+<h3 id="authenticationhandler-implementation">AuthenticationHandler implementation<a class="headerlink" href="#authenticationhandler-implementation" title="Permanent link">¶</a></h3>
+<h4 id="extractcredentials">extractCredentials<a class="headerlink" href="#extractcredentials" title="Permanent link">¶</a></h4>
<p>To extract authentication information from the request, the Sling OpenID Authentication handler considers the following information in order:</p>
<ol>
<li>The OpenID credentials cookie or OpenID User data in the HTTP Session (depending on the <code>openid.use.cookie</code> configuration)</li>
@@ -223,10 +245,10 @@
<p>If the existing credentials fail to validate, authentication failure is assumed and the credentials are removed from the request, either by clearing the OpenID cookie or by removing the OpenID User data from the HTTP Session.</p>
<p>If no OpenID credentials are found in the request, the request parameter is considered and if set is used to resolve the actual OpenID identity of the user. This involves redirecting the client to the OpenID provider resolved from the OpenID identifier supplied.</p>
<p>If the supplied OpenID identifier fails to resolve to an OpenID provider or if the identifier fails to be resolved to a validated OpenID identity, authentication fails.</p>
-<h4 id="requestcredentials">requestCredentials</h4>
+<h4 id="requestcredentials">requestCredentials<a class="headerlink" href="#requestcredentials" title="Permanent link">¶</a></h4>
<p>If the <code>sling:authRequestLogin</code> parameter is set to a value other than <code>OpenID</code> this method immediately returns <code>false</code>.</p>
<p>If the parameter is not set or is set to <code>OpenID</code> this method continues with first invalidating any cached OpenID credentials (same as <code>dropCredentials</code> does) and then redirecting the client to the login form configured with the <code>openid.login.form</code> configuration property. The redirect is provided with up to three request parameters:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Request Parameter</th>
@@ -248,20 +270,20 @@
</tr>
</tbody>
</table>
-<h4 id="dropcredentials">dropCredentials</h4>
+<h4 id="dropcredentials">dropCredentials<a class="headerlink" href="#dropcredentials" title="Permanent link">¶</a></h4>
<p>Invalidates the OpenID identity currently stored with the request. This means to either remove the OpenID cookie or to remove the OpenID information from the HTTP Session. This method does not write to the response (except setting the <code>Set-Cookie</code> header to remove the OpenID cookie if required) and does not commit the response.</p>
-<h3 id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler implementation</h3>
-<h4 id="authenticationfailed">authenticationFailed</h4>
+<h3 id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler implementation<a class="headerlink" href="#authenticationfeedbackhandler-implementation" title="Permanent link">¶</a></h3>
+<h4 id="authenticationfailed">authenticationFailed<a class="headerlink" href="#authenticationfailed" title="Permanent link">¶</a></h4>
<p>This method is called, if the Credentials provided by the Authentication Handler could not be validated by the Jackrabbit authentication infrastructure. One cause may be that the integration with Jackrabbit has not been completed (see <em>Integration with Jackrabbit</em> below). Another, more probably cause, is that the validated OpenID identifier cannot be associated with an existing JCR user.</p>
<p>The OpenID Authentication Handler implementation of the <code>authenticationFailed</code> method sets the <code>j_reason</code> request attribute to <code>OpenIDFailure.REPOSITORY</code> and sets the <code>j_openid_identity</code> request attribute to the OpenID identity of the authenticated user.</p>
<p>A login form provider may wish to act upon this situation and provide a login form to the user to allow to his OpenID identity with an existing JCR user.</p>
<p>In addition, the current OpenID identity is invalidated thus the cached OpenID information is removed from the HTTP Session or the OpenID cookie is cleaned. This will allow the user to present a different OpenID identifier to retry or it will require the OpenID identity to be revalidated with the OpenID provider if the identity is associated with a JCR user.</p>
-<h4 id="authenticationsucceeded">authenticationSucceeded</h4>
+<h4 id="authenticationsucceeded">authenticationSucceeded<a class="headerlink" href="#authenticationsucceeded" title="Permanent link">¶</a></h4>
<p>The OpenID Authentication Handler implementation of the <code>authenticationSucceeded</code> method just calls the <code>DefaultAuthenticationFeedbackHandler.handleRedirect</code> method to redirect the user to the initially requested location.</p>
-<h3 id="integration-with-jackrabbit">Integration with Jackrabbit</h3>
+<h3 id="integration-with-jackrabbit">Integration with Jackrabbit<a class="headerlink" href="#integration-with-jackrabbit" title="Permanent link">¶</a></h3>
<p>The OpenID authentication handler can be integrated in two ways into the Jackrabbit authentication mechanism which is based on JAAS <code>LoginModule</code>. One integration is by means of a <code>LoginModulePlugin</code> which plugs into the extensible <code>LoginModule</code> architecture supported by the Sling Jackrabbit Embedded Repository bundle.</p>
<p>The other integration option is the <code>trusted_credentials_attribute</code> mechanism supported by the Jackrabbit <code>DefaultLoginModule</code>. By setting the <code>trusted_credentials_attribute</code> parameter of the Jackrabbit <code>DefaultLoginModule</code> and the <code>openid.user.attr</code> configuration property of the OpenID Authentication Handler to the same value, the existence of an attribute of that name in the <code>SimpleCredentials</code> instance provided to the <code>Repository.login</code> method signals pre-authenticated credentials, which need not be further checked by the <code>DefaultLoginModule</code>.</p>
-<h3 id="security-considerations">Security Considerations</h3>
+<h3 id="security-considerations">Security Considerations<a class="headerlink" href="#security-considerations" title="Permanent link">¶</a></h3>
<p>OpenIDAuthentication has some limitations in terms of security:</p>
<ol>
<li>User name and password are transmitted in plain text in the initial form submission.</li>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - Framework</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Authentication - Framework</h1>
- <p>The core piece of functionality with respect to authentication in Sling is contained in the Sling Auth Core bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The core piece of functionality with respect to authentication in Sling is contained in the Sling Auth Core bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.</p>
<p>This support encompasses three parts:</p>
<ul>
<li>The <code>AuthenticationSupport</code> service provided by the <code>SlingAuthenticator</code> class. This service can be used by implementations of the OSGi <code>HttpContext</code> interface to delegate authentication.</li>
@@ -99,7 +121,7 @@
</ul>
<p>This page describes how the <code>SlingAuthenticator</code> class provides the <code>AuthenticationSupport</code> and <code>Authenticator</code> services. For a description of the <code>AuthenticationHandler</code> service interface and the interaction between the <code>SlingAuthenticator</code> and the <code>AuthenticationHandler</code> services refer to the <a href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html">AuthenticationHandler</a> page.</p>
<p>The <code>SlingAuthenticator</code> class is an internal class of the <code>org.apache.sling.auth.core</code> bundle and implements the <code>Authenticator</code> and <code>AuthenticationSupport</code> services.</p>
-<h2 id="authenticationsupport">AuthenticationSupport</h2>
+<h2 id="authenticationsupport">AuthenticationSupport<a class="headerlink" href="#authenticationsupport" title="Permanent link">¶</a></h2>
<p>The <code>AuthenticationSupport</code> service interface defines a single method: <code>handleSecurity</code>. This method is intended to be called by the <code>handleSecurity</code> method of any <code>HttpContext</code> implementation wishing to make use of the Sling Authentication Framework.</p>
<p>The Sling Authenticator implementation selects an <code>AuthenticationHandler</code> service appropriate for the request and calls the <code>AuthenticationHandler.extractCredentials</code> method to extract the credentials from the request. If no credentials could be extracted, the Sling Authenticator either admits the request as an anonymous request or requests authentication from the client by calling its own <code>login</code> method.</p>
<p>The implementation follows this algorithm:</p>
@@ -114,7 +136,7 @@
<li>Set request attributes listed below.</li>
</ol>
<p>Extracting the credentials and trying to login to the repository may yield the following results:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Credentials</th>
@@ -149,9 +171,9 @@
Only one <code>AuthenticationHandler</code> is able to provide credentials for a given request. If the credentials provided by the handler cannot be used to login to the repository, authentication fails and no further <code>AuthenticationHandler</code> is consulted.
</div>
-<h4 id="request-attributes-on-successful-login">Request Attributes on Successful Login</h4>
+<h4 id="request-attributes-on-successful-login">Request Attributes on Successful Login<a class="headerlink" href="#request-attributes-on-successful-login" title="Permanent link">¶</a></h4>
<p>The <code>handleSecurity</code> method gets credentials from the <code>AuthenticationHandler</code> and logs into the JCR repository using those credentials. If the login is successful, the <code>SlingAuthenticator</code> sets the following request attributes:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Attribute</th>
@@ -186,7 +208,7 @@
</pre></div>
-<h4 id="anonymous-login">Anonymous Login</h4>
+<h4 id="anonymous-login">Anonymous Login<a class="headerlink" href="#anonymous-login" title="Permanent link">¶</a></h4>
<p>The <code>SlingAuthenticator</code> provides high level of control with respect to allowing anonymous requests or requiring authentication up front:</p>
<ul>
<li>Global setting of whether anonymous requests are allowed or not. This is the value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code> configuration. This property is supported for backwards compatibility and defaults to <code>true</code> (allowing anonymous access).</li>
@@ -203,7 +225,7 @@
<p>An authentication handler may register itself with the service registration property <code>sling.auth.requirements = "-/apps/sample/loginform"</code> to ensure the login form can be rendered without requiring authentication.</p>
</li>
</ul>
-<h2 id="authenticator-implementation">Authenticator implementation</h2>
+<h2 id="authenticator-implementation">Authenticator implementation<a class="headerlink" href="#authenticator-implementation" title="Permanent link">¶</a></h2>
<p>The implementation of the <code>Authenticator</code> interface is similar for both methods:</p>
<p><strong><code>login</code></strong></p>
<ol>
@@ -212,7 +234,7 @@
<li>As soon as the first handlers returns <code>true</code>, the process ends and it is assumed credentials have been requested from the client.</li>
</ol>
<p>The <code>login</code> method has three possible exit states:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Exit State</th>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - Tasks</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,15 +101,26 @@
<h1>Authentication - Tasks</h1>
- <p>Authentication of HTTP Requests is generally a two-step process: First the credentials must be extracted from the request and second the credentials must be validated. In the case of Sling this means acquiring a JCR Session.</p>
-<h2 id="extract-credentials-from-the-request">Extract Credentials from the Request</h2>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Authentication of HTTP Requests is generally a two-step process: First the credentials must be extracted from the request and second the credentials must be validated. In the case of Sling this means acquiring a JCR Session.</p>
+<h2 id="extract-credentials-from-the-request">Extract Credentials from the Request<a class="headerlink" href="#extract-credentials-from-the-request" title="Permanent link">¶</a></h2>
<ul>
<li>Implemented and controlled by the Sling Auth Core bundle</li>
<li>Takes <code>HttpServletRequest</code></li>
<li>Provides credentials for futher processing (basically JCR <code>Credentials</code> and Workspace name)</li>
<li>Extensible with the help of <code>AuthenticationHandler</code> services</li>
</ul>
-<h2 id="login-to-the-jcr-repository">Login to the JCR Repository</h2>
+<h2 id="login-to-the-jcr-repository">Login to the JCR Repository<a class="headerlink" href="#login-to-the-jcr-repository" title="Permanent link">¶</a></h2>
<ul>
<li>Implemented and controlled by the JCR Repository</li>
<li>Takes JCR <code>Credentials</code> and Workspace name</li>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/default-mapping-and-rendering.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/default-mapping-and-rendering.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/default-mapping-and-rendering.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Default Mapping and Rendering</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -95,7 +106,18 @@
<h1>Default Mapping and Rendering</h1>
- <p>This page contained obsolete content, moved it to http://cwiki.apache.org/confluence/display/SLING/Default+Mapping+and+Rendering+%28OBSOLETE%29 in case it is useful to someone.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>This page contained obsolete content, moved it to http://cwiki.apache.org/confluence/display/SLING/Default+Mapping+and+Rendering+%28OBSOLETE%29 in case it is useful to someone.</p>
<div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
Rev. 1499238 by fmeschbe on Wed, 3 Jul 2013 07:39:54 +0000
</div>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/dispatching-requests.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/dispatching-requests.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/dispatching-requests.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Dispatching Requests</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Dispatching Requests</h1>
- <h2 id="main-process">Main process</h2>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h2 id="main-process">Main process<a class="headerlink" href="#main-process" title="Permanent link">¶</a></h2>
<p>The following steps should give you an overview how a request is processed in Sling. Details can be found under provided links.</p>
<ol>
<li>
@@ -142,7 +164,7 @@ If any called filter doesn't call <code>
<p>After having called the component level filters, the request servlet or script is finally called to process the request.</p>
</li>
</ol>
-<h2 id="includeforward">Include/Forward</h2>
+<h2 id="includeforward">Include/Forward<a class="headerlink" href="#includeforward" title="Permanent link">¶</a></h2>
<p>If a servlet or script is including another resource for processing through the <code>RequestDispatcher.include</code> or <code>RequestDispatcher.forward</code> (or any JSP or feature of another scripting language which relies on one of this two methods) the following processing takes place:</p>
<ol>
<li>
@@ -162,9 +184,9 @@ If any called filter doesn't call <code>
</li>
</ol>
<p>Note that these steps are processed for every include or forward call.</p>
-<h2 id="included-request-attributes">Included Request Attributes</h2>
+<h2 id="included-request-attributes">Included Request Attributes<a class="headerlink" href="#included-request-attributes" title="Permanent link">¶</a></h2>
<p>When servlet or script is called as a result of <code>RequestDispatcher.include</code> the following request attributes are set:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Attribute Name <br> Attribute Type</th>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/errorhandling.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/errorhandling.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/errorhandling.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Errorhandling</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/featureflags.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/featureflags.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/featureflags.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Feature Flags</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Feature Flags</h1>
- <p>Feature Flags are used to select whether a particular feature is enabled or not. This allows to
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Feature Flags are used to select whether a particular feature is enabled or not. This allows to
continuosly deploy new features of an application without making them globally available yet.</p>
<p>Features may be enabled based on various contextual data:</p>
<ul>
@@ -104,7 +126,7 @@ continuosly deploy new features of an ap
<p>Feature flags can be provided by registering <code>org.apache.sling.featureflags.Feature</code> services.
Alternatively feature flags can be provided by factory configuration with factory PID
<code>org.apache.sling.featureflags.Feature</code> as follows:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Property</th>
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/filters.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/filters.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/filters.html Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Servlet Filter Support</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br />
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Servlet Filter Support</h1>
- <p>Sling supports filter processing by applying filter chains to the requests before actually dispatching to the servlet or script for processing. Filters to be used in such filter processing are plain OSGi services of type <code>javax.servlet.Filter</code> which of course means that the services implement this interface.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Sling supports filter processing by applying filter chains to the requests before actually dispatching to the servlet or script for processing. Filters to be used in such filter processing are plain OSGi services of type <code>javax.servlet.Filter</code> which of course means that the services implement this interface.</p>
<div class="note">
See <a href="https://issues.apache.org/jira/browse/SLING-1213">SLING-1213</a>,
<a href="https://issues.apache.org/jira/browse/SLING-1734">SLING-1734</a>, and
@@ -101,7 +123,7 @@ from our integration tests shows an exam
</div>
<p>For Sling to pick up a <code>javax.servlet.Filter</code> service for filter processing two service registration properties are inspected:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Property</th>
@@ -135,10 +157,10 @@ from our integration tests shows an exam
</tr>
</tbody>
</table>
-<h2 id="filter-chains">Filter Chains</h2>
+<h2 id="filter-chains">Filter Chains<a class="headerlink" href="#filter-chains" title="Permanent link">¶</a></h2>
<p>Sling maintains five filter chains: request level, component level, include filters, forward filters and error filters. Except for the component level filter these filter chains correspond to the filter <code><dispatcher></code> configurations as defined for Servlet API 2.5 web applications (see section SRV.6.2.5 Filters and the RequestDispatcher).</p>
<p>The following table summarizes when each of the filter chains is called and what value must be defined in the <code>sling.filter.scope</code> property to have a filter added to the respective chain:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th><code>sling.filter.scope</code></th>
@@ -175,7 +197,7 @@ from our integration tests shows an exam
</tbody>
</table>
<p>Note on <code>INCLUDE</code> and <code>FORWARD</code> with respect to JSP tags: These filters are also called if the respective including (e.g. <code><jsp:include></code> or <code><sling:include></code>) or forwarding (e.g. <code><jsp:forward></code> or <code><sling:forward></code>) ultimately calls the <code>RequestDispatcher</code>.</p>
-<h2 id="filter-processing">Filter Processing</h2>
+<h2 id="filter-processing">Filter Processing<a class="headerlink" href="#filter-processing" title="Permanent link">¶</a></h2>
<p>Filter processing is part of the Sling request processing, which may be sketched as follows:</p>
<ul>
<li><em>Request Level</em>:<ul>
@@ -205,9 +227,9 @@ from our integration tests shows an exam
</li>
</ul>
<p>As a consequence, request level filters will be called at most once during request processing (they may not be called at all if a filter earlier in the filter chain decides to terminate the request) while the component level, include, and forward filters may be called multiple times while processing a request.</p>
-<h2 id="troubleshooting">Troubleshooting</h2>
+<h2 id="troubleshooting">Troubleshooting<a class="headerlink" href="#troubleshooting" title="Permanent link">¶</a></h2>
<p>Apart form the logs which tell you when filters are executed, two Sling plugins provide information about filters in the OSGi console.</p>
-<h3 id="recent-requests-plugin">Recent Requests plugin</h3>
+<h3 id="recent-requests-plugin">Recent Requests plugin<a class="headerlink" href="#recent-requests-plugin" title="Permanent link">¶</a></h3>
<p>The request traces provided at <code>/system/console/requests</code> contain information about filter execution, as in this example:</p>
<div class="codehilite"><pre>0 <span class="p">(</span>2010<span class="o">-</span>09<span class="o">-</span>08 15<span class="p">:</span>22<span class="p">:</span>38<span class="p">)</span> <span class="n">TIMER_START</span><span class="p">{</span><span class="n">Request</span> <span class="n">Processing</span><span class="p">}</span>
<span class="p">...</span>
@@ -225,7 +247,7 @@ from our integration tests shows an exam
</pre></div>
-<h3 id="config-status-plugin">Config Status plugin</h3>
+<h3 id="config-status-plugin">Config Status plugin<a class="headerlink" href="#config-status-plugin" title="Permanent link">¶</a></h3>
<p>The configuration status page at <code>/system/console/config</code> includes the current list of active filters in its <em>Servlet Filters</em> category, as in this example:</p>
<div class="codehilite"><pre><span class="n">Current</span> <span class="n">Apache</span> <span class="n">Sling</span> <span class="n">Servlet</span> <span class="n">Filter</span> <span class="n">Configuration</span>
@@ -250,7 +272,7 @@ from our integration tests shows an exam
<p>The first numbers on those lines are the filter priorities, and the last number in parentheses is the OSGi service ID.</p>
-<h2 id="support-in-sling-engine-210">Support in Sling Engine 2.1.0</h2>
+<h2 id="support-in-sling-engine-210">Support in Sling Engine 2.1.0<a class="headerlink" href="#support-in-sling-engine-210" title="Permanent link">¶</a></h2>
<p>Up to and including Sling Engine 2.1.0 support for Servlet Filters has been as follows:</p>
<ul>
<li>Any <code>javax.servlet.Filter</code> service is accepted as a filter for Sling unless the <code>pattern</code> property used by the <a href="http://felix.apache.org/site/apache-felix-http-service.html#ApacheFelixHTTPService-UsingtheWhiteboard">Apache Felix HttpService whiteboard support</a> is set in the service registration properties.</li>