You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2011/11/19 00:40:24 UTC
svn commit: r1203901 - in /sling/trunk/bundles/auth/core/src/main:
java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
resources/OSGI-INF/metatype/metatype.properties
Author: fmeschbe
Date: Fri Nov 18 23:40:23 2011
New Revision: 1203901
URL: http://svn.apache.org/viewvc?rev=1203901&view=rev
Log:
SLING-2276 Provide functionality to configure a user to be used for anonymous requests
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java?rev=1203901&r1=1203900&r2=1203901&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java Fri Nov 18 23:40:23 2011
@@ -69,6 +69,10 @@ public class AuthenticatorWebConsolePlug
printAuthenticationRequirements(pw);
+ pw.println("<tr><td colspan='2'> </td></tr>");
+
+ printAuthenticationConfiguration(pw);
+
pw.println("</table>");
}
@@ -114,7 +118,28 @@ public class AuthenticatorWebConsolePlug
pw.println("</tr>");
}
-
}
+ private void printAuthenticationConfiguration(PrintWriter pw) {
+ final String anonUser = slingAuthenticator.getAnonUserName();
+ final String sudoCookie = slingAuthenticator.getSudoCookieName();
+ final String sudoParam = slingAuthenticator.getSudoParameterName();
+
+ pw.println("<tr>");
+ pw.println("<th class='content container' colspan='3'>Miscellaneous Configuration</td>");
+ pw.println("</tr>");
+ pw.println("</tr>");
+ pw.println("<tr>");
+ pw.println("<td class='content'>Impersonation Cookie</td>");
+ pw.printf("<td class='content' colspan='2'>%s</td>%n", sudoCookie);
+ pw.println("</tr>");
+ pw.println("<tr>");
+ pw.println("<td class='content'>Impersonation Parameter</td>");
+ pw.printf("<td class='content' colspan='2'>%s</td>%n", sudoParam);
+ pw.println("</tr>");
+ pw.println("<tr>");
+ pw.println("<td class='content'>Anonymous User Name</td>");
+ pw.printf("<td class='content' colspan='2'>%s</td>%n", (anonUser == null) ? "(default)" : anonUser);
+ pw.println("</tr>");
+ }
}
Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1203901&r1=1203900&r2=1203901&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java (original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java Fri Nov 18 23:40:23 2011
@@ -25,7 +25,6 @@ import java.util.Hashtable;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestEvent;
import javax.servlet.ServletRequestListener;
@@ -114,6 +113,12 @@ public class SlingAuthenticator implemen
@Property(cardinality = 2147483647)
private static final String PAR_AUTH_REQ = "sling.auth.requirements";
+ @Property()
+ private static final String PAR_ANONYMOUS_USER = "sling.auth.anonymous.user";
+
+ @Property() // TODO: This should be a PASSWORD type
+ private static final String PAR_ANONYMOUS_PASSWORD = "sling.auth.anonymous.password";
+
/**
* Value of the {@link #PAR_HTTP_AUTH} property to fully enable the built-in
* HTTP Authentication Handler (value is "enabled").
@@ -230,6 +235,23 @@ public class SlingAuthenticator implemen
*/
private String[] authUriSuffices;
+ /**
+ * The name of the user to assume for anonymous access. By default this is
+ * <code>null</code> to use <code>null</code> credentials and thus use the
+ * system provided identification.
+ *
+ * @see #getAnonymousCredentials()
+ */
+ private String anonUser;
+
+ /**
+ * The password to use for anonymous access. This property is only used if
+ * the {@link #anonUser} field is not <code>null</code>.
+ *
+ * @see #getAnonymousCredentials()
+ */
+ private char[] anonPassword;
+
/** HTTP Basic authentication handler */
private HttpBasicAuthenticationHandler httpBasicHandler;
@@ -332,6 +354,15 @@ public class SlingAuthenticator implemen
}
}
+ final String anonUser = OsgiUtil.toString(properties.get(PAR_ANONYMOUS_USER), "");
+ if (anonUser.length() > 0) {
+ this.anonUser = anonUser;
+ this.anonPassword = OsgiUtil.toString(properties.get(PAR_ANONYMOUS_PASSWORD), "").toCharArray();
+ } else {
+ this.anonUser = null;
+ this.anonPassword = null;
+ }
+
authUriSuffices = OsgiUtil.toStringArray(properties.get(PAR_AUTH_URI_SUFFIX),
new String[] { DEFAULT_AUTH_URI_SUFFIX });
@@ -629,6 +660,25 @@ public class SlingAuthenticator implemen
return authRequiredCache.getHolders();
}
+ /**
+ * Returns the name of the user to assume for requests without credentials.
+ * This may be <code>null</code> if not configured and the default anonymous
+ * user is to be used.
+ * <p>
+ * The configured password cannot be requested.
+ */
+ String getAnonUserName() {
+ return anonUser;
+ }
+
+ String getSudoCookieName() {
+ return sudoCookieName;
+ }
+
+ String getSudoParameterName() {
+ return sudoParameterName;
+ }
+
// ---------- internal
private AuthenticationInfo getAuthenticationInfo(HttpServletRequest request, HttpServletResponse response) {
@@ -805,7 +855,8 @@ public class SlingAuthenticator implemen
try {
- ResourceResolver resolver = resourceResolverFactory.getResourceResolver(null);
+ Map<String, Object> credentials = getAnonymousCredentials();
+ ResourceResolver resolver = resourceResolverFactory.getResourceResolver(credentials);
// check whether the client asked for redirect after
// authentication and/or impersonation
@@ -870,6 +921,25 @@ public class SlingAuthenticator implemen
return false;
}
+ /**
+ * Returns credentials to use for anonymous resource access. If an anonymous
+ * user is configued, this returns an {@link AuthenticationInfo} instance
+ * whose authentication type is <code>null</code> and the user name and
+ * password are set according to the {@link #PAR_ANONYMOUS_USER} and
+ * {@link #PAR_ANONYMOUS_PASSWORD} configurations. Otherwise
+ * <code>null</code> is returned.
+ */
+ private Map<String, Object> getAnonymousCredentials() {
+ if (this.anonUser != null) {
+ AuthenticationInfo info = new AuthenticationInfo(null);
+ info.setUser(this.anonUser);
+ info.setPassword(this.anonPassword);
+ return info;
+ }
+
+ return null;
+ }
+
private void handleLoginFailure(final HttpServletRequest request,
final HttpServletResponse response, final String user,
final Exception reason) {
Modified: sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1203901&r1=1203900&r2=1203901&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties Fri Nov 18 23:40:23 2011
@@ -42,6 +42,24 @@ auth.annonymous.description = Whether de
added is "-/". Otherwise anonymous access is denied and "+/" is added to the \
list.
+sling.auth.anonymous.user.name = Anonymous User Name
+sling.auth.anonymous.user.description = Defines which user name to assume \
+ for anonymous requests, that is requests not providing credentials \
+ supported by any of the registered authentication handlers. If this \
+ property is missing or empty, the default is assumed which depends on \
+ the resource provider(s). Otherwise anonymous requests are handled with \
+ this user name. If the configured user name does not exist or is not \
+ allowed to access the resource data, anonymous requests may still be \
+ blocked. If anonymous access is not allowed, this property is ignored.
+
+sling.auth.anonymous.password.name = Anonymous User Password
+sling.auth.anonymous.password.description = Password for the anonymous \
+ user defined in the Anonymous User Name field. This property is only \
+ used if a non-empty anonymous user name is configured. If this property \
+ is not defined but a password is required, an empty password would be \
+ assumed.
+
+
sling.auth.requirements.name = Authentication Requirements
sling.auth.requirements.description = Defines URL space subtrees which require \
or don't require authentication. For any request the best matching path \