You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bu...@apache.org on 2013/05/03 22:30:30 UTC

svn commit: r860744 - in /websites/staging/sling/trunk/content: ./ documentation/the-sling-engine/authentication/authentication-framework.html

Author: buildbot
Date: Fri May  3 20:30:29 2013
New Revision: 860744

Log:
Staging update by buildbot for sling

Modified:
    websites/staging/sling/trunk/content/   (props changed)
    websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html

Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri May  3 20:30:29 2013
@@ -1 +1 @@
-1478710
+1478959

Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html (original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html Fri May  3 20:30:29 2013
@@ -110,13 +110,39 @@
 <li>Set request attributes listed below.</li>
 </ol>
 <p>Extracting the credentials and trying to login to the repository may yield the following results:</p>
-<p>| Credentials | Login | Consequence |
-| present | successfull | Continue with an authenticated request |
-| present | failed | Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code> method |
-| missing | anonymous allowed | Continue with a non authenticated request using anonymous access to the repository |
-| missing | anonymous forbidden | Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code> method |</p>
+<table>
+<thead>
+<tr>
+<th>Credentials</th>
+<th>Login</th>
+<th>Consequence</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>present</td>
+<td>successful</td>
+<td>Continue with an authenticated request</td>
+</tr>
+<tr>
+<td>present</td>
+<td>failed</td>
+<td>Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code> method</td>
+</tr>
+<tr>
+<td>missing</td>
+<td>anonymous allowed</td>
+<td>Continue with a non authenticated request using anonymous access to the repository</td>
+</tr>
+<tr>
+<td>missing</td>
+<td>anonymous forbidden</td>
+<td>Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code> method</td>
+</tr>
+</tbody>
+</table>
 <div class="note">
-Only one `AuthenticationHandler` is able to provide credentials for a given request. If the credentials provided by the handler cannot be used to login to the repository, authentication fails and no further `AuthenticationHandler` is consulted.
+    Only one <code>AuthenticationHandler</code> is able to provide credentials for a given request. If the credentials provided by the handler cannot be used to login to the repository, authentication fails and no further <code>AuthenticationHandler</code> is consulted.
 </div>
 
 <h4 id="request-attributes-on-successful-login">Request Attributes on Successful Login</h4>
@@ -151,7 +177,7 @@ Only one `AuthenticationHandler` is able
 </tr>
 </tbody>
 </table>
-<p><em>NOTE</em>: Do <em>NOT</em> use the <code>javax.jcr.Session</code> request attribute in your Sling applications. This attribute must be considered implementation specific to convey the JCR Session to the <code>SlingMainServlet</code>. In future versions of the Sling Commons Auth bundle, this request attribute will not be present anymore. To get the JCR Session for the current request adapt the request's resource resolver to a JCR Session:</p>
+<p><strong>NOTE</strong>: Do <em>NOT</em> use the <code>javax.jcr.Session</code> request attribute in your Sling applications. This attribute must be considered implementation specific to convey the JCR Session to the <code>SlingMainServlet</code>. In future versions of the Sling Commons Auth bundle, this request attribute will not be present anymore. To get the JCR Session for the current request adapt the request's resource resolver to a JCR Session:</p>
 <div class="codehilite"><pre><span class="n">Session</span> <span class="n">session</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">getResourceResolver</span><span class="p">()</span><span class="o">.</span><span class="n">adaptTo</span><span class="p">(</span><span class="n">Session</span><span class="o">.</span><span class="n">class</span><span class="p">);</span>
 </pre></div>
 
@@ -164,7 +190,7 @@ Only one `AuthenticationHandler` is able
 <li>Any OSGi service may provide a <code>sling.auth.requirements</code> registration property which is used to dynamically extend the authentication requirements from the <em>Authentication Requirements</em> configuration. This may for example be set by <code>AuthenticationHandler</code> implementations providing a login form to ensure access to the login form does not require authentication. The value of this property is a single string, an array of strings or a Collection of strings and is formatted in the same way as the <em>Authentication Requirements</em> configuration property.</li>
 </ul>
 <p>The URLs set on the <em>Authentication Requirements</em> configuration property or the <code>sling.auth.requirements</code> service registration property can be absolute paths or URLs like the <code>path</code> service registration property of <code>AuthenticationHandler</code> services. This allows the limitation of this setup to certain requests by scheme and/or virtual host address.</p>
-<p><em>Examples</em></p>
+<p><strong>Examples</strong></p>
 <ul>
 <li>
 <p>The <code>LoginServlet</code> contained in the Commons Auth bundle registers itself with the service registration property <code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the servlet can be accessed without requiring authentication.</p>
@@ -175,7 +201,7 @@ Only one `AuthenticationHandler` is able
 </ul>
 <h2 id="authenticator-implementation">Authenticator implementation</h2>
 <p>The implementation of the <code>Authenticator</code> interface is similar for both methods:</p>
-<p><em><code>login</code></em></p>
+<p><strong><code>login</code></strong></p>
 <ol>
 <li>Select one or more <code>AuthenticationHandler</code> for the request according to the request URL's scheme and authorization part.</li>
 <li>Call the <code>requestCredentials</code> method of each authentication handler, where the order of handler call is defined by the length of the registered path: handlers registered with longer paths are called before handlers with shorter paths. The goal is to call the handlers in order from longest request path match to shortest match. Handlers not matching the request path at all are not called.</li>
@@ -204,12 +230,14 @@ Only one `AuthenticationHandler` is able
 </tr>
 </tbody>
 </table>
-<p><em><code>logout</code></em>
-1. Select one or more <code>AuthenticationHandler</code> for the request according to the request URL's scheme and authorization part.
-1. Call the <code>dropCredentials</code> method of each authentication handler, where the order of handler call is defined by the length of the registered path: handlers registered with longer paths are called before handlers with shorter paths. The goal is to call the handlers in order from longest request path match to shortest match. Handlers not matching the request path at all are not called.</p>
+<p><strong><code>logout</code></strong></p>
+<ol>
+<li>Select one or more <code>AuthenticationHandler</code> for the request according to the request URL's scheme and authorization part.</li>
+<li>Call the <code>dropCredentials</code> method of each authentication handler, where the order of handler call is defined by the length of the registered path: handlers registered with longer paths are called before handlers with shorter paths. The goal is to call the handlers in order from longest request path match to shortest match. Handlers not matching the request path at all are not called.</li>
+</ol>
 <p>Unlike for the <code>login</code> method in the <code>logout</code> method case all <code>AuthenticationHandler</code> services selected in the first step are called. If none can be selected or none can actually handle the <code>dropCredentials</code> request, the <code>logout</code> silently returns.</p>
       <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
-        Rev. 1464512 by bdelacretaz on Thu, 4 Apr 2013 13:03:31 +0000
+        Rev. 1478959 by dklco on Fri, 3 May 2013 20:29:53 +0000
       </div>
       <div class="trademarkFooter"> 
         Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project