You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2011/11/07 15:43:59 UTC
svn commit: r1198757 - in
/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core: ./
impl/ spi/
Author: fmeschbe
Date: Mon Nov 7 14:43:58 2011
New Revision: 1198757
URL: http://svn.apache.org/viewvc?rev=1198757&view=rev
Log:
SLING-2080 Apply slightly modified patch by Angela Schreiber (thank you very much)
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java Mon Nov 7 14:43:58 2011
@@ -110,7 +110,7 @@ public interface AuthenticationSupport {
* @param response The HTTP response to send any response to in case of
* problems.
* @return <code>true</code> if authentication succeeded and the request
- * attribtues are set. If <code>false</code> is returned the request
+ * attributes are set. If <code>false</code> is returned the request
* is immediately terminated and no request attributes are set.
*/
boolean handleSecurity(HttpServletRequest request,
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java Mon Nov 7 14:43:58 2011
@@ -74,7 +74,7 @@ public abstract class AbstractAuthentica
* @param response the current response
* @returns the result of calling
* {@link #doRequestCredentials(HttpServletRequest, HttpServletResponse)}
- * @throws IOException if an error occurrs interacting with the client
+ * @throws IOException if an error occurs interacting with the client
*/
public final boolean requestCredentials(HttpServletRequest request,
HttpServletResponse response) throws IOException {
@@ -94,7 +94,7 @@ public abstract class AbstractAuthentica
*
* @param request the current request
* @param response the current response
- * @throws IOException if an error occurrs interacting with the client
+ * @throws IOException if an error occurs interacting with the client
*/
public final void dropCredentials(HttpServletRequest request,
HttpServletResponse response) throws IOException {
@@ -133,7 +133,7 @@ public abstract class AbstractAuthentica
* @param request The current request
* @param response The current response
* @return as returned from the called authentication handler
- * @throws IOException if an error occurrs sending back any response to the
+ * @throws IOException if an error occurs sending back any response to the
* client.
* @see #requestCredentials(HttpServletRequest, HttpServletResponse)
*/
@@ -146,7 +146,7 @@ public abstract class AbstractAuthentica
*
* @param request The current request
* @param response The current response
- * @throws IOException if an error occurrs sending back any response to the
+ * @throws IOException if an error occurs sending back any response to the
* client.
* @see #dropCredentials(HttpServletRequest, HttpServletResponse)
*/
@@ -180,7 +180,7 @@ public abstract class AbstractAuthentica
* @param request The request object whose attribute is to be set.
* @param name The name of the attribute to be set.
* @param value The new value of the attribute. If this is <code>null</code>
- * the attribte is actually removed from the request.
+ * the attribute is actually removed from the request.
* @return The previous value of the named request attribute or
* <code>null</code> if it was not set.
*/
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java Mon Nov 7 14:43:58 2011
@@ -93,7 +93,7 @@ class HttpBasicAuthenticationHandler ext
* @param response The response object which may be used to send the
* information on the request failure to the user.
* @return A valid Credentials instance identifying the request user,
- * DOING_AUTH if the handler is in an authentication trasaction with
+ * DOING_AUTH if the handler is in an authentication transaction with
* the client or null if the request does not contain authentication
* information. In case of DOING_AUTH, the method has sent back a
* 401 requesting the client to provide credentials.
@@ -137,7 +137,7 @@ class HttpBasicAuthenticationHandler ext
}
/**
- * Sends a 401/UNATUHORIZED response if the request has an Authorization
+ * Sends a 401/UNAUTHORIZED response if the request has an Authorization
* header and if this handler is configured to actually send this response
* in response to a request to drop the credentials; that is if full support
* has been enabled in the
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java Mon Nov 7 14:43:58 2011
@@ -29,7 +29,7 @@ import org.osgi.framework.ServiceReferen
* <ul>
* <li>Provide location of control through its path fields</li>
* <li>Support orderability of instances by being <code>Comparable</code> and
- * odering according to the {@link #fullPath} and the
+ * ordering according to the {@link #fullPath} and the
* <code>ServiceReference</code> of the provider service</li>
* <li>Support {@link #equals(Object)} and {@link #hashCode()} compatible with
* the <code>Comparable</code> implementation.</li>
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Mon Nov 7 14:43:58 2011
@@ -400,7 +400,7 @@ public class SlingAuthenticator implemen
* @param response The response object which may be used to send the
* information on the request failure to the user.
* @return <code>true</code> if request processing should continue assuming
- * successfull authentication. If <code>false</code> is returned it
+ * successful authentication. If <code>false</code> is returned it
* is assumed a response has been sent to the client and the request
* is terminated.
*/
@@ -532,7 +532,7 @@ public class SlingAuthenticator implemen
// no handler could send an authentication request, throw
if (!done) {
int size = 0;
- for(int m = 0; !done && m < holderListArray.length; m++) {
+ for (int m = 0; m < holderListArray.length; m++) {
if ( holderListArray[m] != null ) {
size += holderListArray[m].size();
}
@@ -556,9 +556,9 @@ public class SlingAuthenticator implemen
final String path = getHandlerSelectionPath(request);
final List<AbstractAuthenticationHandlerHolder>[] holderListArray = this.authHandlerCache.findApplicableHolder(request);
- for(int m = 0; m < holderListArray.length; m++) {
+ for (int m = 0; m < holderListArray.length; m++) {
final List<AbstractAuthenticationHandlerHolder> holderList = holderListArray[m];
- if ( holderList != null ) {
+ if (holderList != null) {
for (int i = 0; i < holderList.size(); i++) {
AbstractAuthenticationHandlerHolder holder = holderList.get(i);
if (path.startsWith(holder.path)) {
@@ -643,9 +643,9 @@ public class SlingAuthenticator implemen
}
final List<AbstractAuthenticationHandlerHolder>[] localArray = this.authHandlerCache.findApplicableHolder(request);
- for(int m = 0; m < localArray.length; m++) {
+ for (int m = 0; m < localArray.length; m++) {
final List<AbstractAuthenticationHandlerHolder> local = localArray[m];
- if ( local != null ) {
+ if (local != null) {
for (int i = 0; i < local.size(); i++) {
AbstractAuthenticationHandlerHolder holder = local.get(i);
if (pathInfo.startsWith(holder.path)) {
@@ -697,7 +697,7 @@ public class SlingAuthenticator implemen
* Try to acquire a ResourceResolver as indicated by authInfo
*
* @return <code>true</code> if request processing should continue assuming
- * successfull authentication. If <code>false</code> is returned it
+ * successful authentication. If <code>false</code> is returned it
* is assumed a response has been sent to the client and the request
* is terminated.
*/
@@ -937,7 +937,7 @@ public class SlingAuthenticator implemen
* Basic Authentication is completely switched of a 403/FORBIDDEN response
* is sent back instead.</li>
* <li>If the request is considered an
- * {@link #isAjaxRequest(HttpServletRequest) Ajax request} a 403/FORBIDDIN
+ * {@link #isAjaxRequest(HttpServletRequest) Ajax request} a 403/FORBIDDEN
* response is simply sent back because we assume an Ajax requestor cannot
* properly handle any request for credentials graciously.</li>
* <li>Otherwise the {@link #login(HttpServletRequest, HttpServletResponse)}
@@ -947,7 +947,7 @@ public class SlingAuthenticator implemen
* client.</li>
* </ul>
* <p>
- * If a 403/FORBIDDEN response is sent back the {@link #X_REASON} header is
+ * If a 403/FORBIDDEN response is sent back the {@link AbstractAuthenticationHandler#X_REASON} header is
* set to a either the value of the
* {@link AuthenticationHandler#FAILURE_REASON} request attribute or to some
* generic description describing the reason. To actually send the response
@@ -1124,7 +1124,7 @@ public class SlingAuthenticator implemen
* Sends the session cookie for the name session with the given age in
* seconds. This sends a Version 1 cookie.
*
- * @param response The {@link DeliveryHttpServletResponse} on which to send
+ * @param response The {@link HttpServletResponse} on which to send
* back the cookie.
* @param user The name of the user to impersonate as. This will be quoted
* and used as the cookie value.
@@ -1185,7 +1185,7 @@ public class SlingAuthenticator implemen
* place for this request. Else the parameter is assumed to contain the name
* of a user to impersonate as.
*
- * @param req The {@link DeliveryHttpServletRequest} optionally containing
+ * @param req The {@link HttpServletRequest} optionally containing
* the sudo parameter.
* @param authInfo The authentication info into which the
* <code>sudo.user.id</code> property is set to the impersonator
@@ -1197,7 +1197,7 @@ public class SlingAuthenticator implemen
/**
* sudo parameter : empty or missing to continue to use the setting
- * already stored in the session; or "-" to remove impersonationa
+ * already stored in the session; or "-" to remove impersonation
* altogether (also from the session); or the handle of a user page to
* impersonate as that user (if possible)
*/
@@ -1292,7 +1292,7 @@ public class SlingAuthenticator implemen
* is set to a non-null string, the request is redirected to the context
* root.
* <p>
- * The response is not reset though, since the hanlder may have set states
+ * The response is not reset though, since the handler may have set states
* such as an updated HTTP session or some Cookie
*
* @param request The request providing the redirect target
@@ -1307,7 +1307,7 @@ public class SlingAuthenticator implemen
}
// find the redirect target from the resource attribute or parameter
- // falling back to the reuest context path (or /) if not set
+ // falling back to the request context path (or /) if not set
String target = AbstractAuthenticationHandler.getLoginResource(request,
request.getContextPath());
if (target.length() == 0) {
@@ -1564,7 +1564,7 @@ public class SlingAuthenticator implemen
}
}
- // register the hodlers
+ // register the holders
AbstractAuthenticationHandlerHolder[] holders = holderList.toArray(new AbstractAuthenticationHandlerHolder[holderList.size()]);
for (AbstractAuthenticationHandlerHolder holder : holders) {
authHandlerCache.addHolder(holder);
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java Mon Nov 7 14:43:58 2011
@@ -65,7 +65,7 @@ public abstract class AbstractAuthentica
* expected to not be included and for the response to not be committed yet
* because it first resets the response.
*
- * @throws IOException if an error occurrs preparing or sending back the
+ * @throws IOException if an error occurs preparing or sending back the
* login form
* @throws IllegalStateException if the response has already been committed
* and thus response reset is not possible.
@@ -85,7 +85,7 @@ public abstract class AbstractAuthentica
* expected to not be included and for the response to not be committed yet
* because it first resets the response.
*
- * @throws IOException if an error occurrs preparing or sending back the
+ * @throws IOException if an error occurs preparing or sending back the
* login form
* @throws IllegalStateException if the response has already been committed
* and thus response reset is not possible.
@@ -142,7 +142,7 @@ public abstract class AbstractAuthentica
* there is no <code>resource</code> request parameter.
*
* @param request The request providing the <code>resource</code> parameter.
- * @return The target to redirect after sucessfully login or an empty string
+ * @return The target to redirect after successfully login or an empty string
* if no specific target has been requested.
*/
protected String getResource(final HttpServletRequest request) {
@@ -195,7 +195,7 @@ public abstract class AbstractAuthentica
* Load the raw unmodified form from the bundle (through the class loader).
*
* @return The raw form as a string
- * @throws IOException If an error occurrs reading the "file" or if the
+ * @throws IOException If an error occurs reading the "file" or if the
* class loader cannot provide the form data.
*/
private String getRawForm() throws IOException {
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java Mon Nov 7 14:43:58 2011
@@ -51,20 +51,20 @@ public abstract class AbstractAuthentica
*
* @see #isValidateRequest(HttpServletRequest)
* @see #sendValid(HttpServletResponse)
- * @see #sendInvalid(HttpServletResponse, Object)
+ * @see #sendInvalid(HttpServletRequest, HttpServletResponse)
* @since 1.0.2 (Bundle version 1.0.4)
*/
private static final String PAR_J_VALIDATE = "j_validate";
/**
* The name of the request header set by the
- * {@link #sendInvalid(HttpServletResponse, Object)} method if the provided
+ * {@link #sendInvalid(HttpServletRequest, HttpServletResponse)} method if the provided
* credentials cannot be used for login.
* <p>
* This header may be inspected by clients for a reason why the request
* failed.
*
- * @see #sendInvalid(HttpServletResponse, Object)
+ * @see #sendInvalid(HttpServletRequest, HttpServletResponse)
* @since 1.0.2 (Bundle version 1.0.4)
*/
private static final String X_REASON = "X-Reason";
@@ -194,7 +194,7 @@ public abstract class AbstractAuthentica
* the target is modified to be the root of the request's context.
* @param params The map of parameters to be added to the target path. This
* may be <code>null</code>.
- * @throws IOException If an error occurrs sending the redirect request
+ * @throws IOException If an error occurs sending the redirect request
* @throws IllegalStateException If the response was committed or if a
* partial URL is given and cannot be converted into a valid URL
* @throws InternalError If the UTF-8 character encoding is not supported by
@@ -373,7 +373,7 @@ public abstract class AbstractAuthentica
try {
response.setStatus(HttpServletResponse.SC_OK);
- // expressely tell we have no content but set content type
+ // explicitly tell we have no content but set content type
// to prevent firefox from trying to parse the response
// (SLING-1841)
response.setContentType("text/plain");
@@ -392,12 +392,14 @@ public abstract class AbstractAuthentica
}
/**
- * Sends a 403/FORBIDDEN response to a credential validation request
- * providing the given reason as the value of the {@link #X_REASON} header.
+ * Sends a 403/FORBIDDEN response optionally stating the reason for
+ * this response code in the {@link #X_REASON} header. The value for
+ * the {@link #X_REASON} header is taken from
+ * {@link AuthenticationHandler#FAILURE_REASON} request attribute if
+ * set.
*
+ * @param request The request object
* @param response The response object
- * @param reason The reason to set on the header; not expected to be
- * <code>null</code>
* @since 1.0.2 (Bundle version 1.0.4)
*/
public static void sendInvalid(final HttpServletRequest request,
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java?rev=1198757&r1=1198756&r2=1198757&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java Mon Nov 7 14:43:58 2011
@@ -186,7 +186,7 @@ public interface AuthenticationHandler {
* @param response The response object to which to send the request.
* @return <code>true</code> if the handler is able to send an authentication
* inquiry for the given request. <code>false</code> otherwise.
- * @throws IOException If an error occurrs sending the authentication
+ * @throws IOException If an error occurs sending the authentication
* inquiry to the client.
*/
boolean requestCredentials(HttpServletRequest request,
@@ -198,7 +198,7 @@ public interface AuthenticationHandler {
*
* @param request The request object.
* @param response The response object to which to send the request.
- * @throws IOException If an error occurrs asking the client to drop any
+ * @throws IOException If an error occurs asking the client to drop any
* authentication traces.
*/
void dropCredentials(HttpServletRequest request,