You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bu...@apache.org on 2015/11/03 13:55:21 UTC
svn commit: r971184 - in /websites/staging/sling/trunk/content: ./
documentation/the-sling-engine/authentication/authentication-framework.html
Author: buildbot
Date: Tue Nov 3 12:55:21 2015
New Revision: 971184
Log:
Staging update by buildbot for sling
Modified:
websites/staging/sling/trunk/content/ (props changed)
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Nov 3 12:55:21 2015
@@ -1 +1 @@
-1712247
+1712284
Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html Tue Nov 3 12:55:21 2015
@@ -213,15 +213,23 @@ h2:hover > .headerlink, h3:hover > .head
<h4 id="anonymous-login">Anonymous Login<a class="headerlink" href="#anonymous-login" title="Permanent link">¶</a></h4>
<p>The <code>SlingAuthenticator</code> provides high level of control with respect to allowing anonymous requests or requiring authentication up front:</p>
<ul>
-<li>Global setting of whether anonymous requests are allowed or not. This is the value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code> configuration. This property is supported for backwards compatibility and defaults to <code>true</code> (allowing anonymous access).</li>
-<li>Specific configuration per URL. The <em>Authentication Requirements</em> (<code>sling.auth.requirements</code>) property of the <code>SlingAuthenticator</code> configuration may provide a list of URLs for which authentication may be required or not: Any entry prefixed with a dash <code>-</code> defines a subtree for which authentication is not required. Any entry not prefixed with a dash or prefixed with a plus <code>+</code> defines a subtree for which authentication is required up front and thus anonymous access is not allowed. This list is empty by default.</li>
+<li>Global setting of whether anonymous requests are allowed or not. This is the boolean value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code> configuration. This property is supported for backwards compatibility and defaults to <code>true</code> (allowing anonymous access). Setting it to <code>true</code> is a shortcut for setting <code>sling.auth.requirements</code> to <code>-/</code>.</li>
+<li>Specific configuration per URL. The <em>Authentication Requirements</em> (<code>sling.auth.requirements</code>) property of the <code>SlingAuthenticator</code> configuration may provide a list of URLs for which authentication may be required or not: Any entry prefixed with a dash <code>-</code> defines a request path prefix for which authentication is not required. Any entry not prefixed with a dash or prefixed with a plus <code>+</code> defines a subtree for which authentication is required up front and thus anonymous access is not allowed. This list is empty by default.</li>
<li>Any OSGi service may provide a <code>sling.auth.requirements</code> registration property which is used to dynamically extend the authentication requirements from the <em>Authentication Requirements</em> configuration. This may for example be set by <code>AuthenticationHandler</code> implementations providing a login form to ensure access to the login form does not require authentication. The value of this property is a single string, an array of strings or a Collection of strings and is formatted in the same way as the <em>Authentication Requirements</em> configuration property.</li>
</ul>
-<p>The URLs set on the <em>Authentication Requirements</em> configuration property or the <code>sling.auth.requirements</code> service registration property can be absolute paths or URLs like the <code>path</code> service registration property of <code>AuthenticationHandler</code> services. This allows the limitation of this setup to certain requests by scheme and/or virtual host address.</p>
+<p>The values set on the <em>Authentication Requirements</em> configuration property or the <code>sling.auth.requirements</code> service registration property can be absolute paths or URLs like the <code>path</code> service registration property of <code>AuthenticationHandler</code> services. This allows the limitation of this setup to certain requests by scheme and/or virtual host address. The requests path (<code>HttpServletRequest.getServletPath()</code> + <code>HttpServletRequest.getPathInfo()</code>) is afterwards matched against the given paths. It matches if it starts with one of the given paths.</p>
<p><strong>Examples</strong></p>
<ul>
<li>
-<p>The <code>LoginServlet</code> contained in the Sling Auth Core bundle registers itself with the service registration property <code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the servlet can be accessed without requiring authentication.</p>
+<p>The <code>LoginServlet</code> contained in the Sling Auth Core bundle registers itself with the service registration property <code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the servlet can be accessed without requiring authentication. The following request urls would work then without authentication:</p>
+</li>
+<li>
+<p>/system/sling/login</p>
+</li>
+<li>/system/sling/login.html</li>
+<li>/system/sling/login/somesuffix</li>
+<li>
+<p>/system/sling/login-test (if this is not desired, you have to use a restriction like this: <code>sling.auth.requirements = "-/system/sling/login"</code>)</p>
</li>
<li>
<p>An authentication handler may register itself with the service registration property <code>sling.auth.requirements = "-/apps/sample/loginform"</code> to ensure the login form can be rendered without requiring authentication.</p>
@@ -265,7 +273,7 @@ h2:hover > .headerlink, h3:hover > .head
</ol>
<p>Unlike for the <code>login</code> method in the <code>logout</code> method case all <code>AuthenticationHandler</code> services selected in the first step are called. If none can be selected or none can actually handle the <code>dropCredentials</code> request, the <code>logout</code> silently returns.</p>
<div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
- Rev. 1593323 by olli on Thu, 8 May 2014 16:33:44 +0000
+ Rev. 1712284 by kwin on Tue, 3 Nov 2015 12:55:01 +0000
</div>
<div class="trademarkFooter">
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project