You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2010/02/16 14:10:56 UTC
svn commit: r910509 - in
/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth:
impl/AuthenticationHandlerHolder.java spi/AuthenticationHandler.java
Author: fmeschbe
Date: Tue Feb 16 13:10:55 2010
New Revision: 910509
URL: http://svn.apache.org/viewvc?rev=910509&view=rev
Log:
SLING-1382 Define new AuthenticationHandler constants for authentication type definition and requiring and implement support
Modified:
sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java
sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java
Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java?rev=910509&r1=910508&r2=910509&view=diff
==============================================================================
--- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java (original)
+++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java Tue Feb 16 13:10:55 2010
@@ -26,13 +26,13 @@
import org.apache.sling.commons.auth.spi.AuthenticationFeedbackHandler;
import org.apache.sling.commons.auth.spi.AuthenticationHandler;
import org.apache.sling.commons.auth.spi.AuthenticationInfo;
+import org.apache.sling.commons.osgi.OsgiUtil;
import org.osgi.framework.ServiceReference;
/**
* The <code>AuthenticationHandlerHolder</code> class represents an
* authentication handler service in the internal data structure of the
* {@link SlingAuthenticator}.
- *
*/
final class AuthenticationHandlerHolder extends
AbstractAuthenticationHandlerHolder {
@@ -40,6 +40,9 @@
// the actual authentication handler
private final AuthenticationHandler handler;
+ // the supported authentication type of the handler
+ private final String authType;
+
AuthenticationHandlerHolder(final String fullPath,
final AuthenticationHandler handler,
final ServiceReference serviceReference) {
@@ -47,6 +50,8 @@
// assign the fields
this.handler = handler;
+ this.authType = OsgiUtil.toString(
+ serviceReference.getProperty(TYPE_PROPERTY), null);
}
@Override
@@ -59,14 +64,19 @@
public AuthenticationInfo doExtractCredentials(HttpServletRequest request,
HttpServletResponse response) {
-
return handler.extractCredentials(request, response);
-
}
public boolean doRequestCredentials(HttpServletRequest request,
HttpServletResponse response) throws IOException {
- return handler.requestCredentials(request, response);
+
+ // call handler if ok by its authentication type
+ if (doesRequestCredentials(request)) {
+ return handler.requestCredentials(request, response);
+ }
+
+ // no credentials have been requested
+ return false;
}
public void doDropCredentials(HttpServletRequest request,
@@ -94,4 +104,34 @@
public String toString() {
return handler.toString();
}
+
+ /**
+ * Returns <code>true</code> if the <code>requestCredentials</code> method
+ * of the held authentication handler should be called or not:
+ * <ul>
+ * <li>If the authentication handler is registered without an authentication
+ * type</li>
+ * <li>If the <code>sling:authRequestLogin</code> request parameter is not
+ * set</li>
+ * <li>If the <code>sling:authRequestLogin</code> is set to the same value
+ * as the authentication type of the held authentication handler.</li>
+ * <ul>
+ * <p>
+ * Otherwise <code>false</code> is returned and the
+ * <code>requestCredentials</code> method is not called.
+ *
+ * @param request The request object providing the <code>
+ * sling:authRequestLogin</code> parameter
+ * @return <code>true</code> if the <code>requestCredentials</code> method
+ * should be called.
+ */
+ private boolean doesRequestCredentials(final HttpServletRequest request) {
+ // no configured authentication type, always request credentials
+ if (authType == null) {
+ return true;
+ }
+
+ final String requestLogin = request.getParameter(REQUEST_LOGIN_PARAMETER);
+ return requestLogin == null || authType.equals(requestLogin);
+ }
}
\ No newline at end of file
Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java?rev=910509&r1=910508&r2=910509&view=diff
==============================================================================
--- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java (original)
+++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java Tue Feb 16 13:10:55 2010
@@ -52,6 +52,35 @@
static final String PATH_PROPERTY = "path";
/**
+ * The name of the service registration property (single string) providing
+ * the authentication type of authentication handler. This is the same value
+ * as will be returned as the {@link AuthenticationInfo#getAuthType()
+ * authentication type} returned by the
+ * {@link #extractCredentials(HttpServletRequest, HttpServletResponse)}
+ * method.
+ * <p>
+ * <p>
+ * This property is optional but allows the client to optionally select the
+ * authentication handler which will actually request credentials upon the
+ * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}
+ * method.
+ *
+ * @see #REQUEST_LOGIN_PARAMETER
+ */
+ static final String TYPE_PROPERTY = "authtype";
+
+ /**
+ * The request parameter which may be used to explicitly select an
+ * authentication handler by its {@link #TYPE_PROPERTY type} if
+ * authentication will be requested through
+ * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}.
+ *
+ * @see #requestCredentials(HttpServletRequest, HttpServletResponse)
+ * @see #TYPE_PROPERTY
+ */
+ static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
+
+ /**
* Extracts credential data from the request if at all contained.
* <p>
* The method returns any of the following values :
@@ -73,9 +102,9 @@
* <tr>
* <td>{@link AuthenticationInfo#FAIL_AUTH}
* <td>the handler failed extracting the credentials from the request for
- * any reason. An example of this result is that credentials are present
- * in the request but they could not be validated and thus not be used
- * for request processing.
+ * any reason. An example of this result is that credentials are present in
+ * the request but they could not be validated and thus not be used for
+ * request processing.
* </tr>
* <tr>
* <td><code>AuthenticationInfo</code> object
@@ -125,10 +154,20 @@
* attribute. If the service is registered with multiple path values, the
* value of the <code>path</code> request attribute may be used to implement
* specific handling.
+ * <p>
+ * If the {@link #REQUEST_LOGIN_PARAMETER} request parameter is set only
+ * those authentication handlers registered with an {@link #TYPE_PROPERTY
+ * authentication type} matching the parameter will be considered for
+ * requesting credentials through this method.
+ * <p>
+ * A handler not registered with an {@link #TYPE_PROPERTY authentication
+ * type} will, for backwards compatibility reasons, always be called
+ * ignoring the actual value of the {@link #REQUEST_LOGIN_PARAMETER}
+ * parameter.
*
* @param request The request object.
* @param response The response object to which to send the request.
- * @return <code>true</code> if the handler is able to end an authentication
+ * @return <code>true</code> if the handler is able to send an authentication
* inquiry for the given request. <code>false</code> otherwise.
* @throws IOException If an error occurrs sending the authentication
* inquiry to the client.