You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bu...@apache.org on 2012/04/22 18:52:31 UTC
svn commit: r813967 [10/16] - /websites/staging/sling/trunk/content/
Added: websites/staging/sling/trunk/content/openid-authenticationhandler.html
==============================================================================
--- websites/staging/sling/trunk/content/openid-authenticationhandler.html (added)
+++ websites/staging/sling/trunk/content/openid-authenticationhandler.html Sun Apr 22 16:52:28 2012
@@ -0,0 +1,340 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+ <head>
+ <title>Apache Sling - OpenID AuthenticationHandler</title>
+ <link rel="stylesheet" href="http://sling.apache.org/site/media.data/site.css" type="text/css" media="all">
+ <link rel="icon" href="http://sling.apache.org/site/media.data/favicon.ico">
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+ </head>
+ <body>
+ <div class="title">
+ <div class="logo">
+ <a href="http://sling.apache.org/site/index.html">
+ <img border="0" alt="Apache Sling" src="http://sling.apache.org/site/media.data/logo.png">
+ </a>
+ </div>
+ <div class="header">
+ <a href="http://www.apache.org/">
+ <img border="0" alt="Apache" src="http://sling.apache.org/site/media.data/apache.png">
+ </a>
+ </div>
+ </div>
+
+ <div class="menu">
+ <h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="getting-started.html">Getting Started</a></li>
+<li><a href="the-sling-engine.html">The Sling Engine</a></li>
+<li><a href="development.html">Development</a></li>
+<li><a href="bundles.html">Bundles</a></li>
+<li><a href="tutorials-&-how-tos.html">Tutorials & How-Tos</a></li>
+<li><a href="configuration.html">Configuration</a></li>
+<li><a href="http://sling.apache.org/apidocs/sling5/index.html">API docs</a></li>
+<li><a href="http://s.apache.org/sling.wiki">Wiki</a></li>
+<li><a href="http://s.apache.org/sling.faq">FAQ</a></li>
+</ul>
+<h1 id="project-info">Project info</h1>
+<ul>
+<li><a href="http://sling.apache.org/site/downloads.cgi">Downloads</a></li>
+<li><a href="http://www.apache.org/licenses/">License</a></li>
+<li><a href="contributing.html">Contributing</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="links.html">Links</a></li>
+<li><a href="project-information.html">Project Information</a></li>
+<li><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a></li>
+<li><a href="http://svn.apache.org/viewvc/sling/trunk">Browse Source Repository</a></li>
+<li><a href="http://www.apache.org/security/">Security</a></li>
+</ul>
+<h1 id="sponsorship">Sponsorship</h1>
+<ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+<li><a href="http://www.apache.org/foundation/buy_stuff.html">Buy Stuff</a></li>
+</ul>
+<iframe
+ src="http://www.apache.org/ads/button.html"
+ style="border-width:0; float: left" frameborder="0"
+ scrolling="no"
+ width="135"
+ height="135">
+</iframe>
+ </div>
+
+ <div class="main">
+ <div class="breadcrump" style="font-size: 80%;">
+ (TODO: breadcrumb here)
+ </div>
+ <h1 class="title">OpenID AuthenticationHandler</h1>
+ <div>
+ <p><a name="OpenIDAuthenticationHandler-OpenIDAuthenticationHandler"></a></p>
+<h1 id="openid-authenticationhandler">OpenID AuthenticationHandler</h1>
+<p>{toc:type=flat|separator=pipe|minLevel=2|maxLevel=3}</p>
+<p>The OpenID Authentication Handler supports authentication of request users
+using the <a href="http://www.openid.net">OpenID</a>
+ authentication protocol. If the user has successfully authenticated with
+his OpenID provider a signed OpenID identity is further used to identify
+the user.</p>
+<p>Since generally an OpenID identity is an URL and URLs may not be used as
+JCR user names, an association mechanism is used by the OpenID
+authentication handler to associate an OpenID identity with an existing JCR
+user: The OpenID identity URL is set as the value of a JCR user property.
+When a user authenticates with his OpenID identity the matching user
+searched for by looking for a match in this property.</p>
+<p><em>NOTE:</em> This association currently only works with Jackrabbit (or
+Jackrabbit based repositories) because user management is not part of the
+JCR 2 specification and the OpenID authentication handler uses the
+Jackrabbit <em>UserManager</em> to find users by a user property value.</p>
+<p>The OpenID Authentication Handler is maintained in the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/">Sling SVN</a></p>
+<p><a name="OpenIDAuthenticationHandler-CredentialsExtraction"></a></p>
+<h3 id="credentials-extraction">Credentials Extraction</h3>
+<p>Theoretically each request with the <em>openid_identifier</em> request parameter
+set may initiate an OpenID authentication process which involves resolving
+the OpenID provider for the identifier and subsequently authentication with
+the provider authorizing the Sling instance to use the OpenID identity.</p>
+<p>This initiation, though, is not possible if the request already contains a
+valid and validated OpenID identifier either set as a request attribute or
+set in the HTTP Session or the OpenID cookie. In these situations, the
+current association of a client with an OpenID identity must first be
+removed by logging out, e.g. by requesting <em>/system/sling/logout.html</em>
+which causes the current OpenID user data to be removed by either removing
+it from the HTTP Session or by clearing the OpenID cookie.</p>
+<p><a name="OpenIDAuthenticationHandler-Phase1:FormSubmission"></a></p>
+<h3 id="phase-1-form-submission">Phase 1: Form Submission</h3>
+<p>Requesting an OpenID identifier is initiated by the Sling Authenticator
+deciding, that authentication is actually required to process a request and
+the OpenID Authentication Handler being selected to request credentials
+with.</p>
+<p>In this case the OpenID authenticator causes a form to be rendered by
+redirecting the client to the URL indicated by the <em>form.login.form</em>
+configuration parameter. This redirection request may accompanied by the
+following parameters:</p>
+<table>
+<tr><th> Request Parameter </th><th> Description </th></tr>
+<tr><td> *resource* </td><td> The location to which the user initially requested access
+and that caused the *requestCredentials* method to be called. This may
+not be set (or be set to an empty string). </td></tr>
+<tr><td> *j_reason* </td><td> The reason why an earlier attempt at authentication with
+the OpenID authentication handler failed. This request parameter is only
+set if the same named request attribute has been set by the
+*extractCredentials* or the *authenticationFailed* method. The value of
+the parameter is the name of one of the *OpenIDFailure* constants. </td></tr>
+<tr><td> *j_openid_identity* </td><td> The OpenID identity which could not successfully
+be associated with an existing JCR user. This request parameter is only set
+if the *authenticationFailed* method has been called due to inability to
+associate an existing and validated OpenID identity with an existing JCR
+user. </td></tr>
+</table>
+
+<p>The OpenID Authentication handlers supports the following request
+parameters submitted by the HTML form:</p>
+<ul>
+<li><em>openid_identifier</em> -- OpenID Claimed Identifier. This may be any
+actual OpenID identity URL or the URL of OpenID Provider such as
+https://www.google.com/accounts/o8/id, https://me.yahoo.com, or
+https://www.myopenid.com.</li>
+<li><em>sling:authRequestLogin</em> -- This request parameter is recommended to be
+set with a hidden field to the value <em>OpenID</em> to ensure the request is
+handled by the OpenID Authentication Handler.</li>
+<li><em>resource</em> -- The <em>resource</em> request parameter should be sent back to
+ensure the user is finally redirected to requested target resource after
+successful authentication. If this request parameter is not set, or is set
+to an empty string, it is assumed to be the request context root path.</li>
+</ul>
+<p>The OpenID Authentication Handler provides a default login form registered
+at <em>/system/sling/openid/login</em>.</p>
+<p><a name="OpenIDAuthenticationHandler-Configuration"></a></p>
+<h3 id="configuration">Configuration</h3>
+<p>The OpenID AuthenticationHandler is configured with configuration provided
+by the OSGi Configuration Admin Service using the
+<em>org.apache.sling.openidauth.OpenIdAuthenticationHandler</em> service PID.</p>
+<table>
+<tr><th> Parameter </th><th> Default </th><th> Description </th></tr>
+<tr><td> *path* </td><td> -- </td><td> Repository path for which this authentication handler
+should be used by Sling. If this is empty, the authentication handler will
+be disabled. </td></tr>
+<tr><td> *openid.login.form* </td><td> */system/sling/openid/login* </td><td> This should
+provide a way to capture the user's OpenID identifier. This is not the
+OpenID Provider's login page, however, it does not have to be a local URL.
+If it is a local Sling URL, it must be accessible by the anonymous user.
+The user is HTTP Redirect'ed to this URL. This page should POST back the
+user's OpenID identifier (as named by the "OpenID identifier form field"
+property) to the originally requested URL set in the "resource" request
+parameter. </td></tr>
+<tr><td> *openid.login.identifier* </td><td> *openid_identifier* </td><td> The name of the
+form parameter that provides the user's OpenID identifier. By convention
+this is *openid_identifier*. Only change this if you have a very good
+reason to do so. </td></tr>
+<tr><td> *openid.external.url.prefix* </td><td> -- </td><td> The prefix of URLs generated for
+the *ReturnTo* and *TrustRoot* properties of the OpenID request to the
+OpenID provider. Thus this URL prefix should bring back the authenticated
+user to this Sling instance. Configuring this property is usually necessary
+when running Sling behind a proxy (like Apache) since proxy mapping is not
+performed on the OpenID ReturnTo and TrustRoot URLs as they are sent to the
+OpenID Provider as form parameters. If this property is empty, the URLs
+are generated using the hostname found in the original request.</td></tr>
+<tr><td> *openid.use.cookie* </td><td> *true* </td><td> Whether to use a regular Cookie or an
+HTTP Session to cache the OpenID authentication details. By default a
+regular cookie is used to prevent use of HTTP Sessions. </td></tr>
+<tr><td> *openid.cookie.domain* </td><td> -- </td><td> Domain of cookie used to persist
+authentication. This defaults to the host name of the Sling server but may
+be set to a different value to share the cookie amongst a server farm or if
+the server is running behind a proxy. Only used if 'Use Cookie' is checked.
+</td></tr>
+<tr><td> *openid.cookie.name* </td><td> *sling.openid* </td><td> Name of cookie used to
+persist authentication. Only used if 'Use Cookie' is checked. </td></tr>
+<tr><td> *openid.cookie.secret.key* </td><td> *secret* </td><td> Secret key used to create a
+signature of the cookie value to prevent tampering. Only used if 'Use
+Cookie' is true. </td></tr>
+<tr><td> *openid.user.attr* </td><td> *openid.user* </td><td> Name of the JCR
+SimpleCredentials attribute to to set with the OpenID User data. This
+attribute is used by the OpenID LoginModule to validate the OpenID user
+authentication data. </td></tr>
+<tr><td> *openid.property.identity* </td><td> *openid.identity* </td><td> The name of the JCR
+User attribute listing one or more OpenID Identity URLs with which a user
+is associated. The property may be a multi- or single-valued. To resolve a
+JCR user ID from an OpenID identity a user is searched who lists the
+identity in this property. </td></tr>
+</table>
+
+<p><a name="OpenIDAuthenticationHandler-AuthenticationHandlerimplementation"></a></p>
+<h3 id="authenticationhandler-implementation">AuthenticationHandler implementation</h3>
+<p><a name="OpenIDAuthenticationHandler-extractCredentials"></a></p>
+<h4 id="extractcredentials">extractCredentials</h4>
+<p>To extract authentication information from the request, the Sling OpenID
+Authentication handler considers the following information in order:</p>
+<ol>
+<li>The OpenID credentials cookie or OpenID User data in the HTTP Session
+(depending on the <em>openid.use.cookie</em> configuration)</li>
+<li>Otherwise the <em>openid_identifier</em> request parameter (or a different
+request parameter depending on the <em>openid.login.identifier</em>
+configuration)</li>
+</ol>
+<p>If the OpenID credentials already exist in the request, they are validated
+and returned if valid</p>
+<p>If the existing credentials fail to validate, authentication failure is
+assumed and the credentials are removed from the request, either by
+clearing the OpenID cookie or by removing the OpenID User data from the
+HTTP Session.</p>
+<p>If no OpenID credentials are found in the request, the request parameter is
+considered and if set is used to resolve the actual OpenID identity of the
+user. This involves redirecting the client to the OpenID provider resolved
+from the OpenID identifier supplied.</p>
+<p>If the supplied OpenID identifier fails to resolve to an OpenID provider or
+if the identifier fails to be resolved to a validated OpenID identity,
+authentication fails.</p>
+<p><a name="OpenIDAuthenticationHandler-requestCredentials"></a></p>
+<h4 id="requestcredentials">requestCredentials</h4>
+<p>If the <em>sling:authRequestLogin</em> parameter is set to a value other than
+<em>OpenID</em> this method immediately returns <em>false</em>.</p>
+<p>If the parameter is not set or is set to <em>OpenID</em> this method continues
+with first invalidating any cached OpenID credentials (same as
+<em>dropCredentials</em> does) and then redirecting the client to the login form
+configured with the <em>openid.login.form</em> configuration property. The
+redirect is provided with up to three request parameters:</p>
+<table>
+<tr><th> Request Parameter </th><th> Description </th></tr>
+<tr><td> *resource* </td><td> The location to which the user initially requested access
+and that caused the *requestCredentials* method to be called. </td></tr>
+<tr><td> *j_reason* </td><td> The reason why an earlier attempt at authentication with
+the OpenID authentication handler failed. This request parameter is only
+set if the same named request attribute has been set by the
+*extractCredentials* or the *authenticationFailed* method. The value of
+the parameter is the name of one of the *OpenIDFailure* constants. </td></tr>
+<tr><td> *j_openid_identity* </td><td> The OpenID identity which could not successfully
+be associated with an existing JCR user. This request parameter is only set
+if the *authenticationFailed* method has been called due to inability to
+associate an existing and validated OpenID identity with an existing JCR
+user. </td></tr>
+</table>
+
+<p><a name="OpenIDAuthenticationHandler-dropCredentials"></a></p>
+<h4 id="dropcredentials">dropCredentials</h4>
+<p>Invalidates the OpenID identity currently stored with the request. This
+means to either remove the OpenID cookie or to remove the OpenID
+information from the HTTP Session. This method does not write to the
+response (except setting the <em>Set-Cookie</em> header to remove the OpenID
+cookie if required) and does not commit the response.</p>
+<p><a name="OpenIDAuthenticationHandler-AuthenticationFeedbackHandlerimplementation"></a></p>
+<h3 id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler implementation</h3>
+<p><a name="OpenIDAuthenticationHandler-authenticationFailed"></a></p>
+<h4 id="authenticationfailed">authenticationFailed</h4>
+<p>This method is called, if the Credentials provided by the Authentication
+Handler could not be validated by the Jackrabbit authentication
+infrastructure. One cause may be that the integration with Jackrabbit has
+not been completed (see <em>Integration with Jackrabbit</em> below). Another, more
+probably cause, is that the validated OpenID identifier cannot be
+associated with an existing JCR user.</p>
+<p>The OpenID Authentication Handler implementation of the
+<em>authenticationFailed</em> method sets the <em>j_reason</em> request attribute to
+<em>OpenIDFailure.REPOSITORY</em> and sets the <em>j_openid_identity</em> request
+attribute to the OpenID identity of the authenticated user.</p>
+<p>A login form provider may wish to act upon this situation and provide a
+login form to the user to allow to his OpenID identity with an existing JCR
+user.</p>
+<p>In addition, the current OpenID identity is invalidated thus the cached
+OpenID information is removed from the HTTP Session or the OpenID cookie is
+cleaned. This will allow the user to present a different OpenID identifier
+to retry or it will require the OpenID identity to be revalidated with the
+OpenID provider if the identity is associated with a JCR user.</p>
+<p><a name="OpenIDAuthenticationHandler-authenticationSucceeded"></a></p>
+<h4 id="authenticationsucceeded">authenticationSucceeded</h4>
+<p>The OpenID Authentication Handler implementation of the
+<em>authenticationSucceeded</em> method just calls the
+<em>DefaultAuthenticationFeedbackHandler.handleRedirect</em> method to redirect
+the user to the initially requested location.</p>
+<p><a name="OpenIDAuthenticationHandler-IntegrationwithJackrabbit"></a></p>
+<h3 id="integration-with-jackrabbit">Integration with Jackrabbit</h3>
+<p>The OpenID authentication handler can be integrated in two ways into the
+Jackrabbit authentication mechanism which is based on JAAS <em>LoginModule</em>.
+One integration is by means of a <em>LoginModulePlugin</em> which plugs into the
+extensible <em>LoginModule</em> architecture supported by the Sling Jackrabbit
+Embedded Repository bundle.</p>
+<p>The other integration option is the <em>trusted_credentials_attribute</em>
+mechanism supported by the Jackrabbit <em>DefaultLoginModule</em>. By setting
+the <em>trusted_credentials_attribute</em> parameter of the Jackrabbit
+<em>DefaultLoginModule</em> and the <em>openid.user.attr</em> configuration property
+of the OpenID Authentication Handler to the same value, the existence of an
+attribute of that name in the <em>SimpleCredentials</em> instance provided to
+the <em>Repository.login</em> method signals pre-authenticated credentials,
+which need not be further checked by the <em>DefaultLoginModule</em>.</p>
+<p><a name="OpenIDAuthenticationHandler-SecurityConsiderations"></a></p>
+<h3 id="security-considerations">Security Considerations</h3>
+<p>OpenIDAuthentication has some limitations in terms of security:</p>
+<ol>
+<li>User name and password are transmitted in plain text in the initial form
+submission.</li>
+<li>The Cookie used to provide the authentication state or the HTTP Session
+ID may be stolen.</li>
+<li>When using the <em>trusted_credentials_attribute</em> mechanism, any intruder
+knowing the attribute name may log into the repository as any existing JCR
+user. The better option is to be based on the <em>LoginModulePlugin</em>
+mechanism.</li>
+</ol>
+<p>To prevent eavesdroppers from sniffing the credentials or stealing the
+Cookie a secure transport layer should be used such as TLS/SSL, VPN or
+IPSec.</p>
+ </div>
+ </div>
+
+ <div class="trademarkFooter">
+ Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ </body>
+</html>
Added: websites/staging/sling/trunk/content/osgi-installer.html
==============================================================================
--- websites/staging/sling/trunk/content/osgi-installer.html (added)
+++ websites/staging/sling/trunk/content/osgi-installer.html Sun Apr 22 16:52:28 2012
@@ -0,0 +1,177 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+ <head>
+ <title>Apache Sling - OSGi Installer</title>
+ <link rel="stylesheet" href="http://sling.apache.org/site/media.data/site.css" type="text/css" media="all">
+ <link rel="icon" href="http://sling.apache.org/site/media.data/favicon.ico">
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+ </head>
+ <body>
+ <div class="title">
+ <div class="logo">
+ <a href="http://sling.apache.org/site/index.html">
+ <img border="0" alt="Apache Sling" src="http://sling.apache.org/site/media.data/logo.png">
+ </a>
+ </div>
+ <div class="header">
+ <a href="http://www.apache.org/">
+ <img border="0" alt="Apache" src="http://sling.apache.org/site/media.data/apache.png">
+ </a>
+ </div>
+ </div>
+
+ <div class="menu">
+ <h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="getting-started.html">Getting Started</a></li>
+<li><a href="the-sling-engine.html">The Sling Engine</a></li>
+<li><a href="development.html">Development</a></li>
+<li><a href="bundles.html">Bundles</a></li>
+<li><a href="tutorials-&-how-tos.html">Tutorials & How-Tos</a></li>
+<li><a href="configuration.html">Configuration</a></li>
+<li><a href="http://sling.apache.org/apidocs/sling5/index.html">API docs</a></li>
+<li><a href="http://s.apache.org/sling.wiki">Wiki</a></li>
+<li><a href="http://s.apache.org/sling.faq">FAQ</a></li>
+</ul>
+<h1 id="project-info">Project info</h1>
+<ul>
+<li><a href="http://sling.apache.org/site/downloads.cgi">Downloads</a></li>
+<li><a href="http://www.apache.org/licenses/">License</a></li>
+<li><a href="contributing.html">Contributing</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="links.html">Links</a></li>
+<li><a href="project-information.html">Project Information</a></li>
+<li><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a></li>
+<li><a href="http://svn.apache.org/viewvc/sling/trunk">Browse Source Repository</a></li>
+<li><a href="http://www.apache.org/security/">Security</a></li>
+</ul>
+<h1 id="sponsorship">Sponsorship</h1>
+<ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+<li><a href="http://www.apache.org/foundation/buy_stuff.html">Buy Stuff</a></li>
+</ul>
+<iframe
+ src="http://www.apache.org/ads/button.html"
+ style="border-width:0; float: left" frameborder="0"
+ scrolling="no"
+ width="135"
+ height="135">
+</iframe>
+ </div>
+
+ <div class="main">
+ <div class="breadcrump" style="font-size: 80%;">
+ (TODO: breadcrumb here)
+ </div>
+ <h1 class="title">OSGi Installer</h1>
+ <div>
+ <p><a name="OSGiInstaller-Overview"></a></p>
+<h1 id="overview">Overview</h1>
+<p>The OSGi installer is a central service for handling installs, updates and
+uninstall of "artifacts". By default, the installer supports bundles and
+has an extension for handling configurations for the OSGi configuration
+admin.</p>
+<p>!Slide14.jpg|border=1!</p>
+<p>The OSGi installer itself is "just" the central service managing the tasks
+and states of the artifacts. The artifacts can be provided through various
+providers, e.g. through a file system provider reading artifacts from
+configured directories or the jcr provider reading artifacts from a JCR
+repository.</p>
+<p>A provider is just scanning for artifacts and their removal. It informs the
+OSGi installer about new artifacts and removed artifacts. The provider
+itself has usually no knowledge about the contents of an artifact. It does
+not know about bundles, configurations etc.</p>
+<p>As the OSGi installer itself is not performing the actual install, update
+or removal of an artifact, its possible to install transformers and
+installer factories. A transformer inspects the artifacts and tries to
+detect its type. By default, detecting of bundles and configurations is
+supported. The final service is an installer factory creating the actual
+task, like install this bundle, update that bundle etc.</p>
+<p>It's possible to add own providers, transformers and installer factories to
+support custom scenarios.</p>
+<p><a name="OSGiInstaller-ArtifactHandling"></a></p>
+<h2 id="artifact-handling">Artifact Handling</h2>
+<p>Once an artifact is detected by a transformer, it gets a unique id. By
+default a bundle gets the symbolic name as the unique identifier and a
+configuration the PID.
+In addition to this id, an artifact gets a priority information from the
+provider. The priority is used if an artifact with the same id is provided
+several times from different locations. For example if a file system
+provider is scanning two directories and an artifact with the same id (like
+a configuration) is added to both directories, one should have precedence
+over the other. This is handled by the priority.</p>
+<p>Artifacts with the same unique id are grouped and then sorted by priority
+and maybe other artifact dependent metadata like the bundle version. Only
+the first artifact in this sorted group is tried to be applied!</p>
+<p><a name="OSGiInstaller-BundleHandling"></a></p>
+<h2 id="bundle-handling">Bundle Handling</h2>
+<p>In general, the OSGi installer always tries to install the highest version
+of a bundle if several bundles with the same symbolic name are provided. In
+this case higher version wins over priority.
+If an installed bundle is removed by a provider, for example deleted in the
+repository, the OSGi installer uninstall the bundle.
+If a bundle is removed from a provider which is currently not installed,
+this has no effect at all.
+If an installed bundle is removed and another version of this bundle is
+provided (a lower version), than this one is installed instead. This is
+basically a downgrade of the bundle.
+If a bundle is installed and a higher version is provided, an upgrade is
+performed.
+If an installed bundle is managed via any other OSGi tooling, like
+uninstalling it through the web console, the OSGi installer does no action
+at all!</p>
+<p>If a failure occurs during bundle installation or update, the OSGi
+installer will retry this as soon as another bundle has been installed. The
+common use case is an application installation with several bundles where
+one bundle depends on another. As they are installed in arbitrary order,
+this mechanism ensures that in the end all bundles are properly wired and
+installed.</p>
+<p>When all artifacts have been processed (either install, update or delete),
+a package refresh is automatically called.</p>
+<p><a name="OSGiInstaller-VersionsandSnapshots"></a></p>
+<h3 id="versions-and-snapshots">Versions and Snapshots</h3>
+<p>The OSGi installer asumes that a symbolic name and version (not a snapshot
+version) uniquely identifies a bundle. Obviously this is a common
+development requirement that a released version of an artifact never
+changes over time. Therefore, once a bundle with a specific version is
+installed, it will not be reinstalled if the corresponding artifact
+changes. For example, if bundle A with version 1.0 is put into the JCR
+repository, it gets installed. If now this jar in the repository is
+overwritten either with the same contents or with a different one, and this
+new artifact has again A as the symbolic name and version set to 1.0,
+nothing will happen as this exact bundle is already installed.</p>
+<p>During development, SNAPSHOT versions should be used, like 1.0.0-SNAPSHOT
+(using the Maven convention). If a bundle with a snapshot version is
+changed, it gets updated by the OSGI installer.</p>
+<p><a name="OSGiInstaller-ConfigurationHandling"></a></p>
+<h2 id="configuration-handling">Configuration Handling</h2>
+<p>In general the OSGi installer installs the configuration with the highes
+priority. For example in combination with the JCR installer provider, a
+configuration from <em>/apps</em> is preferred over a configuration for the same
+service from <em>/libs</em>.</p>
+ </div>
+ </div>
+
+ <div class="trademarkFooter">
+ Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ </body>
+</html>
Added: websites/staging/sling/trunk/content/plugins.html
==============================================================================
--- websites/staging/sling/trunk/content/plugins.html (added)
+++ websites/staging/sling/trunk/content/plugins.html Sun Apr 22 16:52:28 2012
@@ -0,0 +1,95 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+ <head>
+ <title>Apache Sling - Plugins</title>
+ <link rel="stylesheet" href="http://sling.apache.org/site/media.data/site.css" type="text/css" media="all">
+ <link rel="icon" href="http://sling.apache.org/site/media.data/favicon.ico">
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+ </head>
+ <body>
+ <div class="title">
+ <div class="logo">
+ <a href="http://sling.apache.org/site/index.html">
+ <img border="0" alt="Apache Sling" src="http://sling.apache.org/site/media.data/logo.png">
+ </a>
+ </div>
+ <div class="header">
+ <a href="http://www.apache.org/">
+ <img border="0" alt="Apache" src="http://sling.apache.org/site/media.data/apache.png">
+ </a>
+ </div>
+ </div>
+
+ <div class="menu">
+ <h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="getting-started.html">Getting Started</a></li>
+<li><a href="the-sling-engine.html">The Sling Engine</a></li>
+<li><a href="development.html">Development</a></li>
+<li><a href="bundles.html">Bundles</a></li>
+<li><a href="tutorials-&-how-tos.html">Tutorials & How-Tos</a></li>
+<li><a href="configuration.html">Configuration</a></li>
+<li><a href="http://sling.apache.org/apidocs/sling5/index.html">API docs</a></li>
+<li><a href="http://s.apache.org/sling.wiki">Wiki</a></li>
+<li><a href="http://s.apache.org/sling.faq">FAQ</a></li>
+</ul>
+<h1 id="project-info">Project info</h1>
+<ul>
+<li><a href="http://sling.apache.org/site/downloads.cgi">Downloads</a></li>
+<li><a href="http://www.apache.org/licenses/">License</a></li>
+<li><a href="contributing.html">Contributing</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="links.html">Links</a></li>
+<li><a href="project-information.html">Project Information</a></li>
+<li><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a></li>
+<li><a href="http://svn.apache.org/viewvc/sling/trunk">Browse Source Repository</a></li>
+<li><a href="http://www.apache.org/security/">Security</a></li>
+</ul>
+<h1 id="sponsorship">Sponsorship</h1>
+<ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+<li><a href="http://www.apache.org/foundation/buy_stuff.html">Buy Stuff</a></li>
+</ul>
+<iframe
+ src="http://www.apache.org/ads/button.html"
+ style="border-width:0; float: left" frameborder="0"
+ scrolling="no"
+ width="135"
+ height="135">
+</iframe>
+ </div>
+
+ <div class="main">
+ <div class="breadcrump" style="font-size: 80%;">
+ (TODO: breadcrumb here)
+ </div>
+ <h1 class="title">Plugins</h1>
+ <div>
+ <p>These pages present the various Maven Plugins of Sling:</p>
+<p>{children:excerpt=true}</p>
+ </div>
+ </div>
+
+ <div class="trademarkFooter">
+ Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ </body>
+</html>
Added: websites/staging/sling/trunk/content/project-information.html
==============================================================================
--- websites/staging/sling/trunk/content/project-information.html (added)
+++ websites/staging/sling/trunk/content/project-information.html Sun Apr 22 16:52:28 2012
@@ -0,0 +1,209 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+ <head>
+ <title>Apache Sling - Project Information</title>
+ <link rel="stylesheet" href="http://sling.apache.org/site/media.data/site.css" type="text/css" media="all">
+ <link rel="icon" href="http://sling.apache.org/site/media.data/favicon.ico">
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+ </head>
+ <body>
+ <div class="title">
+ <div class="logo">
+ <a href="http://sling.apache.org/site/index.html">
+ <img border="0" alt="Apache Sling" src="http://sling.apache.org/site/media.data/logo.png">
+ </a>
+ </div>
+ <div class="header">
+ <a href="http://www.apache.org/">
+ <img border="0" alt="Apache" src="http://sling.apache.org/site/media.data/apache.png">
+ </a>
+ </div>
+ </div>
+
+ <div class="menu">
+ <h1 id="documentation">Documentation</h1>
+<ul>
+<li><a href="getting-started.html">Getting Started</a></li>
+<li><a href="the-sling-engine.html">The Sling Engine</a></li>
+<li><a href="development.html">Development</a></li>
+<li><a href="bundles.html">Bundles</a></li>
+<li><a href="tutorials-&-how-tos.html">Tutorials & How-Tos</a></li>
+<li><a href="configuration.html">Configuration</a></li>
+<li><a href="http://sling.apache.org/apidocs/sling5/index.html">API docs</a></li>
+<li><a href="http://s.apache.org/sling.wiki">Wiki</a></li>
+<li><a href="http://s.apache.org/sling.faq">FAQ</a></li>
+</ul>
+<h1 id="project-info">Project info</h1>
+<ul>
+<li><a href="http://sling.apache.org/site/downloads.cgi">Downloads</a></li>
+<li><a href="http://www.apache.org/licenses/">License</a></li>
+<li><a href="contributing.html">Contributing</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="links.html">Links</a></li>
+<li><a href="project-information.html">Project Information</a></li>
+<li><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a></li>
+<li><a href="http://svn.apache.org/viewvc/sling/trunk">Browse Source Repository</a></li>
+<li><a href="http://www.apache.org/security/">Security</a></li>
+</ul>
+<h1 id="sponsorship">Sponsorship</h1>
+<ul>
+<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+<li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+<li><a href="http://www.apache.org/foundation/buy_stuff.html">Buy Stuff</a></li>
+</ul>
+<iframe
+ src="http://www.apache.org/ads/button.html"
+ style="border-width:0; float: left" frameborder="0"
+ scrolling="no"
+ width="135"
+ height="135">
+</iframe>
+ </div>
+
+ <div class="main">
+ <div class="breadcrump" style="font-size: 80%;">
+ (TODO: breadcrumb here)
+ </div>
+ <h1 class="title">Project Information</h1>
+ <div>
+ <p><a name="ProjectInformation-Slingprojectinformation"></a></p>
+<h1 id="sling-project-information">Sling project information</h1>
+<p>This document provides an overview of the various documents and links that
+are part of this project's general information:</p>
+<ul>
+<li><a href="apache-sling-community-roles-and-processes.html">Community Roles and Processes</a></li>
+<li><a href="project-team.html">Project Team</a></li>
+<li><a href="#lists.html">Mailing Lists</a></li>
+<li><a href="#issues.html">Issue Tracking</a></li>
+<li><a href="#source.html">Source Repository</a></li>
+<li><a href="#ci.html">Continuous Integration</a></li>
+<li><a href="project-license.html">Project License</a></li>
+</ul>
+<p>{anchor:lists}
+<a name="ProjectInformation-MailingLists"></a></p>
+<h2 id="mailing-lists">Mailing Lists</h2>
+<p>These are the mailing lists that have been established for this project.
+For each list, there is a subscribe, unsubscribe, and an archive link.
+<table>
+<tr><th> Name </th><th> Subscribe </th><th> Unsubscribe </th><th> Post </th><th> Archive </th><th> Other Archives </th></tr>
+<tr><td> Sling Users List </td><td> <a href="mailto:users-subscribe@sling.apache.org.html">Subscribe</a>
+ </td><td> [Unsubscribe</td><td>mailto:users-unsubscribe@sling.apache.org]
+ </td><td> users at sling.apache.org </td><td> [mail-archives.apache.org</td><td>http://mail-archives.apache.org/mod_mbox/sling-users/]
+ </td><td> [www.mail-archive.com</td><td>http://www.mail-archive.com/users@sling.apache.org/]
+ [MarkMail</td><td>http://sling.markmail.org]
+ [Nabble</td><td>http://n3.nabble.com/Sling-Users-f73968.html]
+ </td></tr>
+<tr><td> Sling Developers List </td><td> <a href="mailto:dev-subscribe@sling.apache.org.html">Subscribe</a>
+ </td><td> [Unsubscribe</td><td>mailto:dev-unsubscribe@sling.apache.org]
+ </td><td> dev at sling.apache.org </td><td> [mail-archives.apache.org</td><td>http://mail-archives.apache.org/mod_mbox/sling-dev/]
+ </td><td> [www.mail-archive.com</td><td>http://www.mail-archive.com/dev@sling.apache.org/]
+ [MarkMail</td><td>http://sling.markmail.org]
+ [Nabble</td><td>http://n3.nabble.com/Sling-Dev-f73966.html]
+ </td></tr>
+<tr><td> Sling Source Control List </td><td> <a href="mailto:commits-subscribe@sling.apache.org.html">Subscribe</a>
+ </td><td> [Unsubscribe</td><td>mailto:commits-unsubscribe@sling.apache.org]
+ </td><td> </td><td> [mail-archives.apache.org</td><td>http://mail-archives.apache.org/mod_mbox/incubator-sling-commits/]
+ </td><td> [www.mail-archive.com</td><td>http://www.mail-archive.com/commits@sling.apache.org/]
+ [MarkMail</td><td>http://sling.markmail.org]
+ </td></tr>
+</table></p>
+<p>{anchor:issues}
+<a name="ProjectInformation-IssueTracking"></a></p>
+<h2 id="issue-tracking">Issue Tracking</h2>
+<p>This project uses JIRA a J2EE-based, issue tracking and project management
+application. Issues, bugs, and feature requests should be submitted to the
+following issue tracking system for this project.</p>
+<p>The issue tracker can be found at <a href="http://issues.apache.org/jira/browse/SLING">http://issues.apache.org/jira/browse/SLING</a></p>
+<p>{anchor:source}
+<a name="ProjectInformation-SourceRepository"></a></p>
+<h2 id="source-repository">Source Repository</h2>
+<p>This project uses Subversion to manage its source code. Instructions on
+Subversion use can be found at <a href="http://svnbook.red-bean.com/">http://svnbook.red-bean.com/</a>
+.</p>
+<p><a name="ProjectInformation-WebAccess"></a></p>
+<h3 id="web-access">Web Access</h3>
+<p>The following is a link to the online source repository.</p>
+<div class="codehilite"><pre><span class="n">http:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/viewvc/s</span><span class="n">ling</span><span class="o">/</span><span class="n">trunk</span>
+</pre></div>
+
+
+<p><a name="ProjectInformation-Anonymousaccess"></a></p>
+<h3 id="anonymous-access">Anonymous access</h3>
+<p>The source can be checked out anonymously from SVN with this command:</p>
+<div class="codehilite"><pre><span class="nv">$</span> <span class="nv">svn</span> <span class="n">checkout</span> <span class="n">http:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/repos/</span><span class="n">asf</span><span class="sr">/sling/</span><span class="n">trunk</span> <span class="n">sling</span>
+</pre></div>
+
+
+<p><a name="ProjectInformation-Developeraccess"></a></p>
+<h3 id="developer-access">Developer access</h3>
+<p>Everyone can access the Subversion repository via HTTPS, but Committers
+must checkout the Subversion repository via HTTPS.</p>
+<div class="codehilite"><pre><span class="nv">$</span> <span class="nv">svn</span> <span class="n">checkout</span> <span class="n">https:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/repos/</span><span class="n">asf</span><span class="sr">/sling/</span><span class="n">trunk</span> <span class="n">sling</span>
+</pre></div>
+
+
+<p>To commit changes to the repository, execute the following command to
+commit your changes (svn will prompt you for your password)</p>
+<div class="codehilite"><pre><span class="nv">$</span> <span class="nv">svn</span> <span class="n">commit</span> <span class="o">--</span><span class="n">username</span> <span class="n">your</span><span class="o">-</span><span class="n">username</span> <span class="o">-</span><span class="n">m</span> <span class="s">"A message"</span>
+</pre></div>
+
+
+<p><a name="ProjectInformation-Accessfrombehindafirewall"></a></p>
+<h3 id="access-from-behind-a-firewall">Access from behind a firewall</h3>
+<p>For those users who are stuck behind a corporate firewall which is blocking
+http access to the Subversion repository, you can try to access it via the
+developer connection:</p>
+<div class="codehilite"><pre><span class="nv">$</span> <span class="nv">svn</span> <span class="n">checkout</span> <span class="n">https:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/repos/</span><span class="n">asf</span><span class="sr">/sling/</span><span class="n">trunk</span> <span class="n">sling</span>
+</pre></div>
+
+
+<p><a name="ProjectInformation-Accessthroughaproxy"></a></p>
+<h3 id="access-through-a-proxy">Access through a proxy</h3>
+<p>The Subversion client can go through a proxy, if you configure it to do so.
+First, edit your "servers" configuration file to indicate which proxy to
+use. The files location depends on your operating system. On Linux or Unix
+it is located in the directory "~/.subversion". On Windows it is in
+"%APPDATA%\Subversion". (Try "echo %APPDATA%", note this is a hidden
+directory.)</p>
+<p>There are comments in the file explaining what to do. If you don't have
+that file, get the latest Subversion client and run any command; this will
+cause the configuration directory and template files to be created.</p>
+<p>Example : Edit the 'servers' file and add something like :</p>
+<div class="codehilite"><pre><span class="k">[global]</span>
+<span class="na">http-proxy-host</span> <span class="o">=</span> <span class="s">your.proxy.name</span>
+<span class="na">http-proxy-port</span> <span class="o">=</span> <span class="s">3128</span>
+</pre></div>
+
+
+<p>{anchor:ci}
+<a name="ProjectInformation-ContinuousIntegration"></a></p>
+<h2 id="continuous-integration">Continuous Integration</h2>
+<p>Sling builds run automatically on the ASF's <a href="https://builds.apache.org/view/S-Z/view/Sling/">Jenkins build server</a>
+, triggered by SVN changes and daily.</p>
+<p>See <a href="https://issues.apache.org/jira/browse/SLING-920">SLING-920</a>
+ for Hudson configuration information.</p>
+ </div>
+ </div>
+
+ <div class="trademarkFooter">
+ Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+ </div>
+ </body>
+</html>