You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:34:32 UTC
[sling-org-apache-sling-extensions-webconsolesecurityprovider]
04/08: SLING-3273 : Switch to login page if user is not allowed to access
the web console
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.extensions.webconsolesecurityprovider-1.1.2
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-extensions-webconsolesecurityprovider.git
commit f56c18c6a1a4d7ef1dbb95e22ed708e5a927a6ad
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Tue Dec 10 05:23:38 2013 +0000
SLING-3273 : Switch to login page if user is not allowed to access the web console
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/webconsolesecurityprovider@1549759 13f79535-47bb-0310-9956-ffa450edef68
---
.../internal/ServicesListener.java | 25 ++++++---
.../internal/SlingWebConsoleSecurityProvider2.java | 59 ++++++++++++----------
2 files changed, 50 insertions(+), 34 deletions(-)
diff --git a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java
index 99d93d3..cb8663b 100644
--- a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java
+++ b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java
@@ -26,6 +26,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
import javax.jcr.Repository;
import org.apache.felix.webconsole.WebConsoleSecurityProvider;
+import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.auth.core.AuthenticationSupport;
import org.apache.sling.launchpad.api.StartupListener;
import org.apache.sling.launchpad.api.StartupMode;
@@ -45,6 +46,7 @@ import org.osgi.service.cm.ManagedService;
public class ServicesListener implements StartupListener {
private static final String AUTH_SUPPORT_CLASS = AuthenticationSupport.class.getName();
+ private static final String AUTHENTICATOR_CLASS = Authenticator.class.getName();
private static final String REPO_CLASS = Repository.class.getName();
/** The bundle context. */
@@ -56,6 +58,9 @@ public class ServicesListener implements StartupListener {
/** The listener for the authentication support. */
private final Listener authSupportListener;
+ /** The listener for the authenticator. */
+ private final Listener authListener;
+
private enum State {
NONE,
PROVIDER,
@@ -81,8 +86,10 @@ public class ServicesListener implements StartupListener {
this.bundleContext = bundleContext;
this.authSupportListener = new Listener(AUTH_SUPPORT_CLASS);
this.repositoryListener = new Listener(REPO_CLASS);
+ this.authListener = new Listener(AUTHENTICATOR_CLASS);
this.authSupportListener.start();
this.repositoryListener.start();
+ this.authListener.start();
}
/**
@@ -106,7 +113,7 @@ public class ServicesListener implements StartupListener {
/**
* @see org.apache.sling.launchpad.api.StartupListener#startupProgress(float)
*/
- public void startupProgress(float arg0) {
+ public void startupProgress(final float progress) {
// nothing to do
}
@@ -116,16 +123,18 @@ public class ServicesListener implements StartupListener {
public synchronized void notifyChange() {
// check if all services are available
final Object authSupport = this.startupFinished.get() ? this.authSupportListener.getService() : null;
+ final Object authenticator = this.startupFinished.get() ? this.authListener.getService() : null;
+ final boolean hasAuthServices = authSupport != null && authenticator != null;
final Object repository = this.repositoryListener.getService();
if ( registrationState == State.NONE ) {
- if ( authSupport != null ) {
- registerProvider2(authSupport);
+ if ( hasAuthServices ) {
+ registerProvider2(authSupport, authenticator);
} else if ( repository != null ) {
registerProvider(repository);
}
} else if ( registrationState == State.PROVIDER ) {
- if ( authSupport != null ) {
- registerProvider2(authSupport);
+ if ( hasAuthServices ) {
+ registerProvider2(authSupport, authenticator);
unregisterProvider();
} else if ( repository == null ) {
unregisterProvider();
@@ -157,13 +166,14 @@ public class ServicesListener implements StartupListener {
}
}
- private void registerProvider2(final Object authSupport) {
+ private void registerProvider2(final Object authSupport, final Object authenticator) {
final Dictionary<String, Object> props = new Hashtable<String, Object>();
props.put(Constants.SERVICE_PID, SlingWebConsoleSecurityProvider.class.getName());
props.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Web Console Security Provider 2");
props.put(Constants.SERVICE_VENDOR, "The Apache Software Foundation");
this.provider2Reg = this.bundleContext.registerService(
- new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName()}, new SlingWebConsoleSecurityProvider2(authSupport), props);
+ new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName()},
+ new SlingWebConsoleSecurityProvider2(authSupport, authenticator), props);
this.registrationState = State.PROVIDER2;
}
@@ -183,6 +193,7 @@ public class ServicesListener implements StartupListener {
public void deactivate() {
this.repositoryListener.deactivate();
this.authSupportListener.deactivate();
+ this.authListener.deactivate();
this.unregisterProvider();
this.unregisterProvider2();
}
diff --git a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java
index 7521fc9..8762a58 100644
--- a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java
+++ b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.auth.core.AuthenticationSupport;
@@ -50,17 +51,19 @@ public class SlingWebConsoleSecurityProvider2
extends AbstractWebConsoleSecurityProvider
implements WebConsoleSecurityProvider2 {
- private final AuthenticationSupport authenticator;
+ private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
- public SlingWebConsoleSecurityProvider2(final Object support) {
- this.authenticator = (AuthenticationSupport)support;
- }
+ private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
- private void invokeAuthenticator(final HttpServletRequest request, final HttpServletResponse response) {
- final AuthenticationSupport localAuthenticator = this.authenticator;
- if (localAuthenticator != null) {
- localAuthenticator.handleSecurity(request, response);
- }
+ private static final String DEFAULT_REALM = "OSGi Management Console"; //$NON-NLS-1$
+
+ private final AuthenticationSupport authentiationSupport;
+
+ private final Authenticator authenticator;
+
+ public SlingWebConsoleSecurityProvider2(final Object support, final Object authenticator) {
+ this.authentiationSupport = (AuthenticationSupport)support;
+ this.authenticator = (Authenticator)authenticator;
}
/**
@@ -68,27 +71,29 @@ public class SlingWebConsoleSecurityProvider2
*/
public boolean authenticate(final HttpServletRequest request,
final HttpServletResponse response) {
- invokeAuthenticator(request, response);
- // get ResourceResolver (set by AuthenticationSupport)
- Object resolverObject = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
- final ResourceResolver resolver = (resolverObject instanceof ResourceResolver)
- ? (ResourceResolver) resolverObject
- : null;
- if ( resolver != null ) {
- final Session session = resolver.adaptTo(Session.class);
- if ( session != null ) {
- try {
- final User u = this.authenticate(session);
- if ( u != null ) {
- request.setAttribute(USER_ATTRIBUTE, u);
- return true;
+ if ( this.authentiationSupport.handleSecurity(request, response) ) {
+ // get ResourceResolver (set by AuthenticationSupport)
+ Object resolverObject = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
+ final ResourceResolver resolver = (resolverObject instanceof ResourceResolver)
+ ? (ResourceResolver) resolverObject
+ : null;
+ if ( resolver != null ) {
+ final Session session = resolver.adaptTo(Session.class);
+ if ( session != null ) {
+ try {
+ final User u = this.authenticate(session);
+ if ( u != null ) {
+ request.setAttribute(USER_ATTRIBUTE, u);
+ return true;
+ }
+ } catch (final Exception re) {
+ logger.info("authenticate: Generic problem trying grant User "
+ + " access to the Web Console", re);
}
- return false;
- } catch (final Exception re) {
- logger.info("authenticate: Generic problem trying grant User "
- + " access to the Web Console", re);
}
}
+
+ this.authenticator.login(request, response);
}
return false;
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.