You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/06/21 11:36:00 UTC
svn commit: r956515 [2/2] - in /sling/trunk/bundles/extensions/openidauth:
./ src/main/java/org/apache/sling/openidauth/
src/main/java/org/apache/sling/openidauth/impl/ src/main/resources/
src/main/resources/OSGI-INF/metatype/ src/main/resources/SLING-...
Modified: sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=956515&r1=956514&r2=956515&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties Mon Jun 21 09:35:58 2010
@@ -25,92 +25,71 @@
#
# Open ID Authentication handler
-auth.openid.name = Apache Sling OpenID Authenticator
-auth.openid.description = The OpenID Authenticator authenticates Sling users via OpenID. \
-The login sequence is triggered automatically for a resource if 'Allow Anonymous Access' \
-is false in the Request Authenticator. You can manually show the login form by accessing \
-the Login Request path (/system/sling/openid/login). You can logout by accessing the \
-Logout Request path (/system/sling/openid/logout). The various displayed pages \
-(login, auth success, auth fail & logout) are customizable.
-
-path.name = URL path prefixes
-path.description = URL path prefixes handled by this Authenticator. If no \
-path is configured, it is regarded as inactive. If the handler should be \
-used for all requests, the path should be '/'.
-
-openid.use.cookie.name = Use cookie
-openid.use.cookie.description = Use a cookie to persist the authentication. If this is \
-false, uses an HTTP session attribute.
+auth.openid.name = Apache Sling OpenID Authentication Handler
+auth.openid.description = The OpenID Authentication Handler authenticates \
+ users via OpenID. A default login form is provided by the handler, while \
+ custom forms can be provided by configuring the URL (or path) to the \
+ login form. To map OpenID identifiers to Repository users it is expected that \
+ the Repository users have a property "open.id.identifier" set to the OpenID \
+ identifier of the user. This property may be a multi-value
+
+path.name = Path
+path.description = Repository path for which this authentication handler \
+ should be used by Sling. If this is empty, the authentication handler will \
+ be disabled.
+
+openid.use.cookie.name = Use Cookie
+openid.use.cookie.description = Whether to use a regular Cookie or an HTTP \
+ Session to cache the OpenID authentication details. By default a regular \
+ cookie is used to prevent use of HTTP Sessions.
openid.cookie.name.name = Cookie name
-openid.cookie.name.description = Name of cookie used to persist authentication. Only \
-used if 'Use Cookie' is true.
+openid.cookie.name.description = Name of cookie used to persist authentication. \
+ Only used if 'Use Cookie' is checked.
openid.cookie.domain.name = Cookie domain
-openid.cookie.domain.description = Domain of cookie used to persist authentication. Only \
-used if 'Use Cookie' is true.
-
-openid.cookie.path.name = Cookie path
-openid.cookie.path.description = Path of cookie used to persist authentication. Only \
-used if 'Use Cookie' is true.
+openid.cookie.domain.description = Domain of cookie used to persist \
+ authentication. This defaults to the host name of the Sling server but may \
+ be set to a different value to share the cookie amongst a server farm or \
+ if the server is running behind a proxy. Only used if 'Use Cookie' is checked.
openid.cookie.secret.key.name = Cookie Secret Key
-openid.cookie.secret.key.description = Secret key used to encrypt cookie contents. Must \
-be less than 24 characters long. Only used if 'Use Cookie' is true.
+openid.cookie.secret.key.description = Secret key used to create a signature \
+ of the cookie value to prevent tampering. Only used if 'Use Cookie' is true.
openid.login.form.name = URL of Open ID login form
-openid.login.form.description = This should provide a way to capture the user's \
-OpenID identifier. This is not the OpenID Provider's login page, however, it does \
-not have to be a local URL. If it is a local Sling URL, it must be readable by \
-the anonymous user AND either 'Allow Anonymous Access' must be on in the Request \
-Authenticator OR 'Access auth resources anonymously' must be checked here. \
-The user is HTTP Redirect'ed to this URL. This page \
-should POST back the user's OpenID identifier (as named by the form field parameter) \
-to the originally requested URL (obtainable from HTTP Session attribute \
-OpenIDConstants.ORIGINAL_URL_ATTRIBUTE). If this form is accessed directly, \
-an optional request parameter 'OpenID.redirect' can set the \
-redirect URL that will be used after successful authentication (if 'Redirect to \
-original URL' is true).
+openid.login.form.description = This should provide a way to capture the \
+ user's OpenID identifier. This is not the OpenID Provider's login page, \
+ however, it does not have to be a local URL. If it is a local Sling URL, it \
+ must be accessible by the anonymous user. The user is HTTP Redirect'ed to this \
+ URL. This page should POST back the user's OpenID identifier (as named by \
+ the "OpenID identifier form field" property) to the originally requested URL \
+ set in the "resource" request parameter.
openid.login.identifier.name = OpenID identifier form field
-openid.login.identifier.description = The name of the form parameter that contains \
-the user's OpenID identifier. By convention this is 'openid_identifier'.
+openid.login.identifier.description = The name of the form parameter that \
+ provides the user's OpenID identifier. By convention this is \
+ 'openid_identifier'. Only change this if you have a very good reason to do so.
-openid.original.url.onsuccess.name = Redirect to original URL
-openid.original.url.onsuccess.description = Whether to redirect to the originally \
-requested URL after successful authentication.
-
-openid.login.success.name = Authentication Success URL
-openid.login.success.description = URL to redirect user to after successful \
-authentication. Only respected if 'Redirect to original URL' is false.
-
-openid.login.fail.name = Authentication Failure URL
-openid.login.fail.description = URL to redirect user to after failed \
-OpenID authentication. It does not have to be a local URL. If it is a local \
-Sling URL, it must be readable by the anonymous user AND either \
-'Allow Anonymous Access' must be on in the Request Authenticator OR 'Access auth \
-resources anonymously' must be checked here. The user is HTTP Redirect'ed to this URL. \
-NOTE: this redirect is NOT called for a failed Repository login (in that case, \
-the login form will be re-displayed)
-
-openid.logout.name = Post-Logout URL
-openid.logout.description = URL to redirect user to after logging out. Logout \
-is triggered by accessing Logout Request Path (/system/sling/openid/logout). An \
-optional request parameter 'OpenID.redirect' can override this URL for a single \
-logout request.
-
openid.external.url.prefix.name = External URL prefix
-openid.external.url.prefix.description = The prefix of URLs generated for OpenID \
-authentication requests. This URL must be resolvable from the client browser. \
-This is usually necessary when running Sling behind a proxy (like Apache) since proxy \
-mapping is not performed on the OpenID ReturnTo and TrustRoot URLs as they \
-are sent to the Provider as form parameters. If this is empty, the URLs are generated \
-using the hostname found in the original request.
-
-openid.anon.auth.resources.name = Access auth resources anonymously
-openid.anon.auth.resources.description = Causes the authenticator to authenticate the \
-request as the anonymous user for the local login, auth failure & logout pages. \
-This is an explicit authentication as anonymous, and so circumvents the Request Authenticator's \
-'Allow Anonymous' setting (which operates as a fallback). Setting this to true enables \
-Sling to serve the authentication resources to unauthenticated users even if 'Allow Anonymous' \
-is false (assuming the ACLs on the resources allow the anonymous user read access).
\ No newline at end of file
+openid.external.url.prefix.description = The prefix of URLs generated for the \
+ ReturnTo and TrustRoot properties of the OpenID request to the OpenID \
+ provider. Thus this URL prefix should bring back the authenticated user to \
+ this Sling instance. Configuring this property is usually necessary when \
+ running Sling behind a proxy (like Apache) since proxy mapping is not \
+ performed on the OpenID ReturnTo and TrustRoot URLs as they are sent to the \
+ OpenID Provider as form parameters. If this property is empty, the URLs are \
+ generated using the hostname found in the original request.
+
+openid.property.identity.name = OpenID Identity Property
+openid.property.identity.description = The name of the JCR User attribute \
+ listing one or more OpenID Identity URLs with which a user is associated. \
+ The property may be a multi- or single-valued. To resolve a JCR user ID from \
+ an OpenID identity a user is searched who lists the identity in this property. \
+ The default value is "openid.identity".
+
+openid.user.attr.name = Credentials Attribute
+openid.user.attr.description = Name of the JCR SimpleCredentials attribute to \
+ to set with the OpenID User data. This attribute is used by the OpenID \
+ LoginModule to validate the OpenID user authentication data. Default is \
+ "openid.user".
\ No newline at end of file
Added: sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html?rev=956515&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html (added)
+++ sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html Mon Jun 21 09:35:58 2010
@@ -0,0 +1,113 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<html xml:lang="en" lang="en"
+ xmlns="http://www.w3.org/1999/xhtml"
+>
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title>Login</title>
+
+ <style type="text/css">
+ body {
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size: 10px;
+ color: black;
+ background-color: white;
+ }
+
+ #main {
+ border: 1px solid gray;
+ margin-top: 25%;
+ margin-left: 25%;
+ width: 400px;
+ padding: 10px;
+ }
+
+ #loginform {
+ padding: 0px;
+ margin: 0px;
+ }
+
+ #openid_identifier {
+ background-image:url('http://wiki.openid.net/f/openid-16x16.gif');
+ background-repeat: no-repeat;
+ background-position: center left;
+ padding-left: 18px;
+ width: 378px;
+ }
+
+ #err {
+ color: red;
+ }
+ </style>
+
+ <script>
+ function selectProvider( /* Button */ provider, /* String */ url ) {
+ provider.form.openid_identifier.value = url;
+ return true;
+ }
+ </script>
+</head>
+
+<body>
+
+<div id="main"><!-- Login Form -->
+<h3>Login:</h3>
+<form id="loginform" method="POST" action="j_security_check"
+ enctype="multipart/form-data" accept-charset="UTF-8">
+
+ <input type="hidden" name="_charset_" value="UTF-8" />
+ <input type="hidden" name="resource" value="${resource}" />
+ <input type="hidden" name="sling:authRequestLogin" value="OpenID" />
+
+ <div id="err">
+ <p>${j_reason}</p>
+
+ </div>
+
+ <div>
+ <p>
+ Please click your account provider:<br/>
+ <button id="google" accesskey="g" class="form-button" onClick="return selectProvider(this, 'https://www.google.com/accounts/o8/id');"><u>G</u>oogle</button>
+ <button id="yahoo" accesskey="y" class="form-button" onClick="return selectProvider(this, 'https://me.yahoo.com/');"><u>Y</u>ahoo</button>
+ <button id="myopenid" accesskey="m" class="form-button" onClick="return selectProvider(this, 'https://www.myopenid.com/');"><u>M</u>yOpenID</button>
+ </p>
+ </div>
+
+ <div>
+ <label for="openid_identifier">or enter your OpenID <u>I</u>dentifier</label>
+ </div>
+
+ <div>
+ <input id="openid_identifier" accesskey="i" name="openid_identifier"/>
+ </div>
+
+ <div class="buttongroup">
+ <button id="login" accesskey="l" class="form-button" type="submit"><u>L</u>ogin</button>
+ <button id="login" accesskey="c" class="form-button" onClick="document.location='${resource}'; return false;"><u>C</u>ancel</button>
+ </div>
+
+</form>
+</div>
+
+</body>
+</html>
Propchange: sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html
------------------------------------------------------------------------------
svn:eol-style = native
Added: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java?rev=956515&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java (added)
+++ sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java Mon Jun 21 09:35:58 2010
@@ -0,0 +1,149 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth.impl;
+
+import javax.servlet.http.HttpServletRequest;
+
+import junit.framework.TestCase;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+
+public class OpenIDAuthenticationHandlerTest extends TestCase {
+
+ private static final String NAME = "the.server.com";
+
+ private final String HTTP = "http";
+
+ private final String HTTPS = "https";
+
+ private final String ANY = "any";
+
+ private final int port80 = 80;
+
+ private final int port443 = 443;
+
+ private final int port999 = 999;
+
+ private final int port_1 = -1;
+
+ private static final String CTX = "";
+
+ public void test_getBaseUrl() {
+
+ final Mockery ctx = new Mockery();
+ final HttpServletRequest request = ctx.mock(HttpServletRequest.class);
+ ctx.checking(new Expectations() {
+ {
+ // general setup on each calls
+ allowing(request).getServerName();
+ will(returnValue(NAME));
+ allowing(request).getContextPath();
+ will(returnValue(CTX));
+
+ // http/80
+ one(request).getScheme();
+ will(returnValue(HTTP));
+ one(request).getServerPort();
+ will(returnValue(port80));
+
+ // https/443
+ one(request).getScheme();
+ will(returnValue(HTTPS));
+ one(request).getServerPort();
+ will(returnValue(port443));
+
+ // http/999
+ one(request).getScheme();
+ will(returnValue(HTTP));
+ one(request).getServerPort();
+ will(returnValue(port999));
+
+ // https/999
+ one(request).getScheme();
+ will(returnValue(HTTPS));
+ one(request).getServerPort();
+ will(returnValue(port999));
+
+ // any/80
+ one(request).getScheme();
+ will(returnValue(ANY));
+ one(request).getServerPort();
+ will(returnValue(port80));
+
+ // any/443
+ one(request).getScheme();
+ will(returnValue(ANY));
+ one(request).getServerPort();
+ will(returnValue(port443));
+
+ // any/999
+ one(request).getScheme();
+ will(returnValue(ANY));
+ one(request).getServerPort();
+ will(returnValue(port999));
+
+ // http/-1
+ one(request).getScheme();
+ will(returnValue(HTTP));
+ one(request).getServerPort();
+ will(returnValue(port_1));
+
+ // https/-1
+ one(request).getScheme();
+ will(returnValue(HTTPS));
+ one(request).getServerPort();
+ will(returnValue(port_1));
+
+ // any/-1
+ one(request).getScheme();
+ will(returnValue(ANY));
+ one(request).getServerPort();
+ will(returnValue(port_1));
+ }
+ });
+
+ final OpenIDAuthenticationHandler handler1 = new OpenIDAuthenticationHandler();
+ // http/80
+ assertEquals(HTTP + "://" + NAME, handler1.getBaseUrl(request));
+ // https/443
+ assertEquals(HTTPS + "://" + NAME, handler1.getBaseUrl(request));
+ // http/999
+ assertEquals(HTTP + "://" + NAME + ":" + port999,
+ handler1.getBaseUrl(request));
+ // https/999
+ assertEquals(HTTPS + "://" + NAME + ":" + port999,
+ handler1.getBaseUrl(request));
+ // any/80
+ assertEquals(ANY + "://" + NAME + ":" + port80,
+ handler1.getBaseUrl(request));
+ // any/443
+ assertEquals(ANY + "://" + NAME + ":" + port443,
+ handler1.getBaseUrl(request));
+ // any/999
+ assertEquals(ANY + "://" + NAME + ":" + port999,
+ handler1.getBaseUrl(request));
+ // http/-1
+ assertEquals(HTTP + "://" + NAME, handler1.getBaseUrl(request));
+ // https/-1
+ assertEquals(HTTPS + "://" + NAME, handler1.getBaseUrl(request));
+ // any/-1
+ assertEquals(ANY+ "://" + NAME, handler1.getBaseUrl(request));
+ }
+}
Propchange: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev Url