You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ol...@apache.org on 2014/05/08 18:33:44 UTC
svn commit: r1593323 - in
/sling/site/trunk/content/documentation/the-sling-engine/authentication:
authentication-actors.mdtext authentication-authenticationhandler.mdtext
authentication-framework.mdtext authentication-tasks.mdtext
Author: olli
Date: Thu May 8 16:33:44 2014
New Revision: 1593323
URL: http://svn.apache.org/r1593323
Log:
fix some glitches (mainly replacing Sling Commons Auth by Sling Auth Core)
Modified:
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.mdtext
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.mdtext
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.mdtext
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.mdtext
Modified: sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.mdtext?rev=1593323&r1=1593322&r2=1593323&view=diff
==============================================================================
--- sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.mdtext (original)
+++ sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.mdtext Thu May 8 16:33:44 2014
@@ -10,7 +10,7 @@ The main support for authentication is d
The main method of interest to the authentication process is the `handleSecurity` method. This is called by the OSGi Http Service implementation before the registered servlet is called. Its intent is to authenticate the request and to provide authentication information for the request object: the authentication type and the remote user name.
-The Sling Commons Auth bundle provides the `AuthenticationSupport` service which may be used to the implement the `HttpContext.handleSecurity` method.
+The Sling Auth Core bundle provides the `AuthenticationSupport` service which may be used to the implement the `HttpContext.handleSecurity` method.
## Sling Engine
@@ -22,13 +22,13 @@ When the request hits the `service` meth
That's all there is for the Sling Engine to do with respect to authentication.
-## Sling Commons Auth
+## Sling Auth Core
-The support for authenticating client requests is implemented in the Sling Commons Auth bundle. As such this bundle provides three areas of support
+The support for authenticating client requests is implemented in the Sling Auth Core bundle. As such this bundle provides three areas of support
* `AuthenticationHandler` service interface. This is implemented by services providing functionality to extract credentials from HTTP requests.
- * `Authenticator` service interface. This is implemented by the `SlingAuthenticator` class in the Commons Auth bundle and provides applications with entry points to login and logout.
- * `AuthenticationSupport` service interface. This is implemented by the `SlingAuthenticator` class in the Commons Auth bundle and allows applications registering with the OSGi HTTP Service to make use of the Sling authentication infrastructure.
+ * `Authenticator` service interface. This is implemented by the `SlingAuthenticator` class in the Sling Auth Core bundle and provides applications with entry points to login and logout.
+ * `AuthenticationSupport` service interface. This is implemented by the `SlingAuthenticator` class in the Sling Auth Core bundle and allows applications registering with the OSGi HTTP Service to make use of the Sling authentication infrastructure.
## JCR Repository
Modified: sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.mdtext?rev=1593323&r1=1593322&r2=1593323&view=diff
==============================================================================
--- sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.mdtext (original)
+++ sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.mdtext Thu May 8 16:33:44 2014
@@ -1,5 +1,5 @@
Title: Authentication - AuthenticationHandler
-Excerpt: The {{AuthenticationHandler}} interface defines the service API which may be implemented by authentication handlers registered as OSGi services.
+Excerpt: The `AuthenticationHandler` interface defines the service API which may be implemented by authentication handlers registered as OSGi services.
The `AuthenticationHandler` interface defines the service API which may be implemented by authentication handlers registered as OSGi services.
Modified: sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.mdtext?rev=1593323&r1=1593322&r2=1593323&view=diff
==============================================================================
--- sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.mdtext (original)
+++ sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.mdtext Thu May 8 16:33:44 2014
@@ -1,17 +1,17 @@
Title: Authentication - Framework
-Excerpt: The core piece of functionality with respect to authentication in Sling is contained in the Sling Commons Auth bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.
+Excerpt: The core piece of functionality with respect to authentication in Sling is contained in the Sling Auth Core bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.
-The core piece of functionality with respect to authentication in Sling is contained in the Sling Commons Auth bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.
+The core piece of functionality with respect to authentication in Sling is contained in the Sling Auth Core bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.
This support encompasses three parts:
* The `AuthenticationSupport` service provided by the `SlingAuthenticator` class. This service can be used by implementations of the OSGi `HttpContext` interface to delegate authentication.
- * The `Authenticator` service also provided by the `SlingAuthenticator` class. This service may be used by Sling Applications to help clients login and logout.
+ * The `Authenticator` service also provided by the `SlingAuthenticator` class. This service may be used by Sling applications to help clients login and logout.
* The `AuthenticationHandler` service interface. These services may be implemented by extensions to support various ways for transporting credentials from clients to the Sling server.
This page describes how the `SlingAuthenticator` class provides the `AuthenticationSupport` and `Authenticator` services. For a description of the `AuthenticationHandler` service interface and the interaction between the `SlingAuthenticator` and the `AuthenticationHandler` services refer to the [AuthenticationHandler]({{ refs.authentication-authenticationhandler.path }}) page.
-The `SlingAuthenticator` class is an internal class of the `org.apache.sling.commons.auth` bundle and implements the `Authenticator` and `AuthenticationSupport` services.
+The `SlingAuthenticator` class is an internal class of the `org.apache.sling.auth.core` bundle and implements the `Authenticator` and `AuthenticationSupport` services.
## AuthenticationSupport
@@ -29,7 +29,7 @@ The implementation follows this algorith
1. If any `AuthenticationInfoPostProcessor` services are registered, the `AuthenticationInfo` object is passed to their `postProcess()` method.
1. If no handler returns a non-`null` result, the request may be handled anonymously. In these cases, an empty `AuthenticationInfo` object is passed to any `AuthenticationInfoPostProcessor` services.
1. (Try to) log into the repository either with the provided credentials or anonymously.
-1. If there were credentials provided and the login was successful, a login event is posted *if* the `AuthenticationInfo` object contains a non-null object with the key `$$auth.info.login$$` (`AuthConstants.AUTH*INFO*LOGIN`). This event is posted with the topic `org/apache/sling/auth/core/Authenticator/LOGIN`. (added in Sling Auth Core 1.1.0)
+1. If there were credentials provided and the login was successful, a login event is posted *if* the `AuthenticationInfo` object contains a non-null object with the key `$$auth.info.login$$` (`AuthConstants.AUTH_INFO_LOGIN`). This event is posted with the topic `org/apache/sling/auth/core/Authenticator/LOGIN`. (added in Sling Auth Core 1.1.0)
1. Set request attributes listed below.
Extracting the credentials and trying to login to the repository may yield the following results:
@@ -54,11 +54,11 @@ The `handleSecurity` method gets credent
|--|--|
| `org.osgi.service.http.authentication.remote.user` | The user ID of the JCR Session. This attribute is used by the HTTP Service implementation to implement the `HttpServletRequest.getRemoteUser` method. |
| `org.osgi.service.http.authentication.type` | The authentication type defined by the `AuthenticationHandler`. This attribute is used by the HTTP Service implementation to implement the `HttpServletRequest.getAuthType` method. |
-| `org.apache.sling.commons.auth.ResourceResolver` | The `ResourceResolver` created from the credentials and the logged in JCR Session. This attribute may be used by servlets to access the repository. Namely the `SlingMainServlet` uses this request attribute to provide the `ResourceResolver` to handle the request. |
+| `org.apache.sling.auth.core.ResourceResolver` | The `ResourceResolver` created from the credentials and the logged in JCR Session. This attribute may be used by servlets to access the repository. Namely the `SlingMainServlet` uses this request attribute to provide the `ResourceResolver` to handle the request. |
| `javax.jcr.Session` | The JCR Session. This attribute is for backwards compatibility only. *Its use is deprecated and the attribute will be removed in future versions*. |
-| `org.apache.sling.commons.auth.spi.AuthenticationInfo` | The `AuthenticationInfo` object produced from the `AuthenticationHandler`. |
+| `org.apache.sling.auth.core.spi.AuthenticationInfo` | The `AuthenticationInfo` object produced from the `AuthenticationHandler`. |
-**NOTE**: Do *NOT* use the `javax.jcr.Session` request attribute in your Sling applications. This attribute must be considered implementation specific to convey the JCR Session to the `SlingMainServlet`. In future versions of the Sling Commons Auth bundle, this request attribute will not be present anymore. To get the JCR Session for the current request adapt the request's resource resolver to a JCR Session:
+**NOTE**: Do *NOT* use the `javax.jcr.Session` request attribute in your Sling applications. This attribute must be considered implementation specific to convey the JCR Session to the `SlingMainServlet`. In future versions of the Sling Auth Core bundle, this request attribute will not be present anymore. To get the JCR Session for the current request adapt the request's resource resolver to a JCR Session:
Session session = request.getResourceResolver().adaptTo(Session.class);
@@ -78,7 +78,7 @@ The URLs set on the *Authentication Requ
**Examples**
-* The `LoginServlet` contained in the Commons Auth bundle registers itself with the service registration property `sling.auth.requirements = "-/system/sling/login"` to ensure the servlet can be accessed without requiring authentication.
+* The `LoginServlet` contained in the Sling Auth Core bundle registers itself with the service registration property `sling.auth.requirements = "-/system/sling/login"` to ensure the servlet can be accessed without requiring authentication.
* An authentication handler may register itself with the service registration property `sling.auth.requirements = "-/apps/sample/loginform"` to ensure the login form can be rendered without requiring authentication.
Modified: sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.mdtext
URL: http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.mdtext?rev=1593323&r1=1593322&r2=1593323&view=diff
==============================================================================
--- sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.mdtext (original)
+++ sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.mdtext Thu May 8 16:33:44 2014
@@ -5,7 +5,7 @@ Authentication of HTTP Requests is gener
## Extract Credentials from the Request
- * Implemented and controlled by the Sling Commons Auth bundle
+ * Implemented and controlled by the Sling Auth Core bundle
* Takes `HttpServletRequest`
* Provides credentials for futher processing (basically JCR `Credentials` and Workspace name)
* Extensible with the help of `AuthenticationHandler` services