You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by cz...@apache.org on 2020/04/09 09:13:11 UTC
[sling-org-apache-sling-auth-core] branch master updated:
SLING-9345 : Update to parent 38 and OSGi DS annotations
This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-core.git
The following commit(s) were added to refs/heads/master by this push:
new c20aac6 SLING-9345 : Update to parent 38 and OSGi DS annotations
c20aac6 is described below
commit c20aac62dfc1566bf24b8d6e24628f5650df836b
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Thu Apr 9 11:12:56 2020 +0200
SLING-9345 : Update to parent 38 and OSGi DS annotations
---
bnd.bnd | 3 +
pom.xml | 76 +++----
.../apache/sling/auth/core/impl/LoginServlet.java | 31 ++-
.../apache/sling/auth/core/impl/LogoutServlet.java | 45 ++--
.../sling/auth/core/impl/PathBasedHolder.java | 2 +-
.../sling/auth/core/impl/SlingAuthenticator.java | 249 ++++++++++++---------
.../core/impl/engine/EngineSlingAuthenticator.java | 19 +-
.../resources/OSGI-INF/l10n/metatype.properties | 116 ----------
8 files changed, 219 insertions(+), 322 deletions(-)
diff --git a/bnd.bnd b/bnd.bnd
new file mode 100644
index 0000000..c910ed7
--- /dev/null
+++ b/bnd.bnd
@@ -0,0 +1,3 @@
+Import-Package: !javax.jcr,*
+DynamicImport-Package: javax.jcr
+Bundle-DocURL: http://sling.apache.org/site/authentication.html
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index d3b814f..bc80b59 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,13 +22,12 @@
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.sling</groupId>
- <artifactId>sling</artifactId>
- <version>28</version>
+ <artifactId>sling-bundle-parent</artifactId>
+ <version>38</version>
<relativePath />
</parent>
<artifactId>org.apache.sling.auth.core</artifactId>
- <packaging>bundle</packaging>
<version>1.4.5-SNAPSHOT</version>
<name>Apache Sling Authentication Service</name>
@@ -52,57 +51,40 @@
<tag>HEAD</tag>
</scm>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-scr-plugin</artifactId>
- <version>1.26.2</version>
- </plugin>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- <Bundle-DocURL>
- http://sling.apache.org/site/authentication.html
- </Bundle-DocURL>
- <Import-Package>
- !javax.jcr,
- org.apache.sling.api.auth;provide:=true,
- *
- </Import-Package>
- <Private-Package>
- org.apache.sling.auth.core.impl.*
- </Private-Package>
- <DynamicImport-Package>
- javax.jcr
- </DynamicImport-Package>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
+ <dependencies>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.annotation.versioning</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.metatype.annotations</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.service.component</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.api</artifactId>
- <version>2.1.0</version>
+ <version>2.18.0</version>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- </dependency>
- <dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.commons.osgi</artifactId>
<version>2.2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ </dependency>
+ <dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
</dependency>
@@ -112,12 +94,6 @@
</dependency>
<dependency>
<groupId>org.osgi</groupId>
- <artifactId>org.osgi.service.component</artifactId>
- <version>1.3.0</version>
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>org.osgi</groupId>
<artifactId>org.osgi.service.event</artifactId>
<version>1.3.1</version>
<scope>provided</scope>
@@ -125,7 +101,7 @@
<dependency>
<groupId>org.osgi</groupId>
<artifactId>org.osgi.service.http.whiteboard</artifactId>
- <version>1.0.0</version>
+ <version>1.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
@@ -151,7 +127,7 @@
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
- <version>1.10.19</version>
+ <version>3.3.3</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java b/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
index 37856e5..bbf7409 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
@@ -23,32 +23,32 @@ import java.io.IOException;
import javax.servlet.Servlet;
import javax.servlet.http.HttpServletResponse;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Properties;
-import org.apache.felix.scr.annotations.Property;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.ReferencePolicy;
-import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.auth.NoAuthenticationHandlerException;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.auth.core.AuthUtil;
-import org.osgi.framework.Constants;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.osgi.service.component.annotations.ReferencePolicy;
+import org.osgi.service.component.propertytypes.ServiceDescription;
+import org.osgi.service.component.propertytypes.ServiceVendor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The <code>LoginServlet</code> lets the Authenticator do the login.
*/
-@Component()
-@Service(value = Servlet.class)
-@Properties( {
- @Property(name = Constants.SERVICE_DESCRIPTION, value = "Authenticator Login Servlet"),
- @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation"),
- @Property(name = "sling.servlet.methods", value = { "GET", "POST" }) })
+@Component(service = Servlet.class,
+ property = {
+ "sling.servlet.methods=GET",
+ "sling.servlet.methods=POST",
+ "sling.servlet.paths=" + LoginServlet.SERVLET_PATH
+ })
+@ServiceDescription("Authenticator Login Servlet")
+@ServiceVendor("The Apache Software Foundation")
public class LoginServlet extends SlingAllMethodsServlet {
/** serialization UID */
@@ -57,14 +57,13 @@ public class LoginServlet extends SlingAllMethodsServlet {
/** default log */
private final Logger log = LoggerFactory.getLogger(getClass());
- @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)
+ @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
private volatile Authenticator authenticator;
/**
* The servlet is registered on this path, and the authenticator allows any
* requests to that path, without authentication
*/
- @Property(name = "sling.servlet.paths")
public static final String SERVLET_PATH = "/system/sling/login";
@Override
diff --git a/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java b/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
index fd84345..a2de3fe 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
@@ -21,20 +21,20 @@ package org.apache.sling.auth.core.impl;
import javax.servlet.Servlet;
import javax.servlet.http.HttpServletResponse;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Properties;
-import org.apache.felix.scr.annotations.Property;
-import org.apache.felix.scr.annotations.PropertyUnbounded;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferenceCardinality;
-import org.apache.felix.scr.annotations.ReferencePolicy;
-import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.apache.sling.auth.core.AuthUtil;
-import org.osgi.framework.Constants;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.osgi.service.component.annotations.ReferencePolicy;
+import org.osgi.service.component.propertytypes.ServiceDescription;
+import org.osgi.service.component.propertytypes.ServiceVendor;
+import org.osgi.service.metatype.annotations.AttributeDefinition;
+import org.osgi.service.metatype.annotations.Designate;
+import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,30 +42,35 @@ import org.slf4j.LoggerFactory;
* The <code>LogoutServlet</code> lets the Authenticator
* do the logout.
*/
-@Component(metatype=true, label="Apache Sling Authentication Logout Servlet",
- description="Servlet for logging out users through the authenticator service.")
-@Service(value = Servlet.class)
-@Properties( {
- @Property(name = Constants.SERVICE_DESCRIPTION, value = "Authenticator Logout Servlet"),
- @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation"),
- @Property(name = "sling.servlet.methods", value = { "GET", "POST" } ,
- label = "Method", description = "Supported Methdos", unbounded=PropertyUnbounded.ARRAY)
-})
+@Component(service = Servlet.class,
+ property = {
+ "sling.servlet.paths=" + LogoutServlet.SERVLET_PATH
+ })
+@ServiceDescription("Authenticator Logout Servlet")
+@ServiceVendor("The Apache Software Foundation")
+@Designate(ocd = LogoutServlet.Config.class)
public class LogoutServlet extends SlingAllMethodsServlet {
+ @ObjectClassDefinition(name = "Apache Sling Authentication Logout Servlet",
+ description = "Servlet for logging out users through the authenticator service.")
+ public @interface Config {
+
+ @AttributeDefinition(name = "Method", description = "Supported Methods")
+ String[] sling_servlet_methods() default {"GET", "POST"};
+ }
+
/** serialization UID */
private static final long serialVersionUID = -1L;
/** default log */
private final Logger log = LoggerFactory.getLogger(getClass());
- @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY, policy = ReferencePolicy.DYNAMIC)
+ @Reference(policy = ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
private volatile Authenticator authenticator;
/**
* The servlet is registered on this path.
*/
- @Property(name = "sling.servlet.paths")
public static final String SERVLET_PATH = "/system/sling/logout";
@Override
diff --git a/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java b/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java
index e4b7dda..2fc09eb 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolder.java
@@ -132,7 +132,7 @@ public abstract class PathBasedHolder implements Comparable<PathBasedHolder> {
String getProvider() {
// assume the commons/auth SlingAuthenticator provides the entry
if (serviceReference == null) {
- return SlingAuthenticator.DESCRIPTION;
+ return "Apache Sling Request Authenticator";
}
final String descr = PropertiesUtil.toString(
diff --git a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
index 12d1b34..0ee22b3 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
@@ -35,6 +35,7 @@ import javax.jcr.SimpleCredentials;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.CredentialExpiredException;
+import javax.servlet.Servlet;
import javax.servlet.ServletRequest;
import javax.servlet.ServletRequestEvent;
import javax.servlet.ServletRequestListener;
@@ -42,17 +43,6 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.felix.scr.annotations.Activate;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Deactivate;
-import org.apache.felix.scr.annotations.Modified;
-import org.apache.felix.scr.annotations.Properties;
-import org.apache.felix.scr.annotations.Property;
-import org.apache.felix.scr.annotations.PropertyOption;
-import org.apache.felix.scr.annotations.PropertyUnbounded;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.ReferencePolicy;
-import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingConstants;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.auth.NoAuthenticationHandlerException;
@@ -74,10 +64,26 @@ import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Modified;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.osgi.service.component.annotations.ReferencePolicy;
+import org.osgi.service.component.propertytypes.ServiceDescription;
+import org.osgi.service.component.propertytypes.ServiceVendor;
import org.osgi.service.event.Event;
import org.osgi.service.event.EventAdmin;
import org.osgi.service.http.context.ServletContextHelper;
import org.osgi.service.http.whiteboard.HttpWhiteboardConstants;
+import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardContextSelect;
+import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardListener;
+import org.osgi.service.metatype.annotations.AttributeDefinition;
+import org.osgi.service.metatype.annotations.AttributeType;
+import org.osgi.service.metatype.annotations.Designate;
+import org.osgi.service.metatype.annotations.ObjectClassDefinition;
+import org.osgi.service.metatype.annotations.Option;
import org.osgi.util.tracker.ServiceTracker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -96,50 +102,117 @@ import org.slf4j.LoggerFactory;
* URL.
*/
@Component(name = "org.apache.sling.engine.impl.auth.SlingAuthenticator",
- label = "%auth.name",
- description = "%auth.description", metatype = true)
-@Service(value = { Authenticator.class, AuthenticationSupport.class, ServletRequestListener.class })
-@Properties({
- @Property(name = HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_SELECT, value = "(" + HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_NAME + "=*)"),
- @Property(name = HttpWhiteboardConstants.HTTP_WHITEBOARD_LISTENER, value = "true"),
- @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
-
-})
+ service = {Authenticator.class, AuthenticationSupport.class, ServletRequestListener.class })
+@HttpWhiteboardContextSelect("(" + HttpWhiteboardConstants.HTTP_WHITEBOARD_CONTEXT_NAME + "=*)")
+@HttpWhiteboardListener
+@ServiceDescription("Apache Sling Request Authenticator")
+@ServiceVendor("The Apache Software Foundation")
+@Designate(ocd = SlingAuthenticator.Config.class)
public class SlingAuthenticator implements Authenticator,
AuthenticationSupport, ServletRequestListener {
+ @ObjectClassDefinition(name = "Apache Sling Authentication Service",
+ description = "Extracts user authentication details from the request with" +
+ " the help of authentication handlers registered as separate services. One" +
+ " example of such an authentication handler is the handler HTTP Authorization" +
+ " header contained authentication.")
+ public @interface Config {
+
+ @AttributeDefinition(name = "Impersonation Cookie",
+ description = "The name the HTTP Cookie to set with the value" +
+ " of the user which is to be impersonated. This cookie will always be a session" +
+ " cookie.")
+ String auth_sudo_cookie() default "sling.sudo";
+
+ @AttributeDefinition(name = "Impersonation Parameter",
+ description = "The name of the request parameter initiating" +
+ " impersonation. Setting this parameter to a user id will result in using an" +
+ " impersonated session (instead of the actually authenticated session) and set" +
+ " a session cookie of the name defined in the Impersonation Cookie setting.")
+ String auth_sudo_parameter() default "sudo";
+
+ @AttributeDefinition(name = "Allow Anonymous Access",
+ description = "Whether default access as anonymous when no" +
+ " credentials are present in the request is allowed. The default value is" +
+ " \"true\" to allow access without credentials. When set to \"false\" access to the" +
+ " repository is only allowed if valid credentials are presented. The value of" +
+ " this configuration option is added to list of Authentication Requirements" +
+ " and needs not be explicitly listed. If anonymous access is allowed the entry" +
+ " added is \"-/\". Otherwise anonymous access is denied and \"+/\" is added to the" +
+ " list.")
+ boolean auth_annonymous() default true;
+
+ @AttributeDefinition(name = "Authentication Requirements",
+ description = "Defines URL space subtrees which require" +
+ " or don't require authentication. For any request the best matching path" +
+ " configured applies and defines whether authentication is actually required" +
+ " for the request or not. Each entry in this list can be an absolute path (such" +
+ " as /content) or and absolute URI (such as http://thehost/content). Optionally" +
+ " each entry may be prefixed by a plus (+) or minus (-) sign indicating that" +
+ " authentication is required (plus) or not required (minus). Example entries are" +
+ " \"/content\" or \"+/content\" to require authentication at and below \"/content\" and" +
+ " \"-/system/sling/login\" to not require authentication at and below" +
+ " \"/system/sling/login\". By default this list is empty. This list is extended at" +
+ " run time with additional entries: One entry is added for the \"Allow Anonymous" +
+ " Access\" configuration. Other entries are added for any services setting the" +
+ " \"sling.auth.requirements\" service registration property.")
+ String[] sling_auth_requirements();
+
+ @AttributeDefinition(name = "Anonymous User Name",
+ description = "Defines which user name to assume" +
+ " for anonymous requests, that is requests not providing credentials" +
+ " supported by any of the registered authentication handlers. If this" +
+ " property is missing or empty, the default is assumed which depends on" +
+ " the resource provider(s). Otherwise anonymous requests are handled with" +
+ " this user name. If the configured user name does not exist or is not" +
+ " allowed to access the resource data, anonymous requests may still be" +
+ " blocked. If anonymous access is not allowed, this property is ignored.")
+ String sling_auth_anonymous_user();
+
+ @AttributeDefinition(name = "Anonymous User Password",
+ description = "Password for the anonymous" +
+ " user defined in the Anonymous User Name field. This property is only" +
+ " used if a non-empty anonymous user name is configured. If this property" +
+ " is not defined but a password is required, an empty password would be" +
+ " assumed.", type = AttributeType.PASSWORD)
+ String sling_auth_anonymous_password();
+
+ @AttributeDefinition(name = "HTTP Basic Authentication",
+ description = "Level of support for HTTP Basic Authentication. Such" +
+ " support can be provided in three levels: (1) no support at all, that is" +
+ " disabled, (2) preemptive support, that is HTTP Basic Authentication is" +
+ " supported if the authentication header is set in the request, (3) full" +
+ " support. The default is preemptive support unless Anonymous Access is" +
+ " not allowed. In this case HTTP Basic Authentication is always enabled" +
+ " to ensure clients can authenticate at least with basic authentication.",
+ options = {
+ @Option(label = "Enabled", value = HTTP_AUTH_ENABLED),
+ @Option(label = "Enabled (Preemptive)", value = HTTP_AUTH_PREEMPTIVE),
+ @Option(label = "Disabled", value = HTTP_AUTH_DISABLED)
+ })
+ String auth_http() default HTTP_AUTH_PREEMPTIVE;
+
+ @AttributeDefinition(name = "Realm",
+ description = "HTTP BASIC authentication realm. This property" +
+ " is only used if the HTTP Basic Authentication support is not disabled. The" +
+ " default value is \"Sling (Development)\".")
+ String auth_http_realm() default "Sling (Development)";
+
+ @AttributeDefinition(name = "Authentication URI Suffices",
+ description = "A list of request URI suffixes intended to" +
+ " be handled by Authentication Handlers. Any request whose request URI" +
+ " ends with any one of the listed suffices is intended to be handled by" +
+ " an Authentication Handler causing the request to either be rejected or" +
+ " the client being redirected to another location and thus the request not" +
+ " being further processed after the authentication phase. The default is" +
+ " just \"/j_security_check\" which is the suffix defined by the Servlet API" +
+ " specification used for FORM based authentication.")
+ String[] auth_uri_suffix() default DEFAULT_AUTH_URI_SUFFIX;
+ }
+
/** default log */
private final Logger log = LoggerFactory.getLogger(SlingAuthenticator.class);
- @Property(name = Constants.SERVICE_DESCRIPTION)
- static final String DESCRIPTION = "Apache Sling Request Authenticator";
-
- /** The default impersonation cookie name */
- private static final String DEFAULT_IMPERSONATION_COOKIE = "sling.sudo";
-
- @Property(value = DEFAULT_IMPERSONATION_COOKIE)
- public static final String PAR_IMPERSONATION_COOKIE_NAME = "auth.sudo.cookie";
-
- /** The default impersonation parameter name */
- private static final String DEFAULT_IMPERSONATION_PARAMETER = "sudo";
-
- @Property(value = DEFAULT_IMPERSONATION_PARAMETER)
- public static final String PAR_IMPERSONATION_PAR_NAME = "auth.sudo.parameter";
-
- /** The default value for allowing anonymous access */
- private static final boolean DEFAULT_ANONYMOUS_ALLOWED = true;
-
- @Property(boolValue = DEFAULT_ANONYMOUS_ALLOWED)
- public static final String PAR_ANONYMOUS_ALLOWED = "auth.annonymous";
-
- @Property(cardinality = 2147483647)
- private static final String PAR_AUTH_REQ = AuthConstants.AUTH_REQUIREMENTS;
-
- @Property()
- private static final String PAR_ANONYMOUS_USER = "sling.auth.anonymous.user";
-
- @Property() // TODO: This should be a PASSWORD type
- private static final String PAR_ANONYMOUS_PASSWORD = "sling.auth.anonymous.password";
/**
* Value of the {@link #PAR_HTTP_AUTH} property to fully enable the built-in
@@ -162,24 +235,6 @@ public class SlingAuthenticator implements Authenticator,
*/
private static final String HTTP_AUTH_PREEMPTIVE = "preemptive";
- @Property(value = HTTP_AUTH_PREEMPTIVE, options = {
- @PropertyOption(name = HTTP_AUTH_ENABLED, value = "Enabled"),
- @PropertyOption(name = HTTP_AUTH_PREEMPTIVE, value = "Enabled (Preemptive)"),
- @PropertyOption(name = HTTP_AUTH_DISABLED, value = "Disabled") })
- private static final String PAR_HTTP_AUTH = "auth.http";
-
- /**
- * The default realm for the built-in HTTP Basic authentication handler.
- */
- private static final String DEFAULT_REALM = "Sling (Development)";
-
- /**
- * The name of the configuration property used to set the Realm of the
- * built-in HTTP Basic authentication handler.
- */
- @Property(value = DEFAULT_REALM)
- public static final String PAR_REALM_NAME = "auth.http.realm";
-
/**
* Default request URI suffix to expect to be handled by authentication
* handlers and not expecting to cause
@@ -195,14 +250,6 @@ public class SlingAuthenticator implements Authenticator,
private static final String PAR_NEW_PASSWORD = "j_newpassword";
/**
- * The name of the configuration property used to set a (potentially
- * empty) list of request URI suffixes intended to be handled by
- * authentication handlers.
- */
- @Property(value = DEFAULT_AUTH_URI_SUFFIX, unbounded = PropertyUnbounded.ARRAY)
- public static final String PAR_AUTH_URI_SUFFIX = "auth.uri.suffix";
-
- /**
* The name of the {@link AuthenticationInfo} property providing the option
* {@link org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler}
* handler to be called back on login failure or success.
@@ -256,7 +303,7 @@ public class SlingAuthenticator implements Authenticator,
private HttpBasicAuthenticationHandler httpBasicHandler;
/** Web Console Plugin service registration */
- private ServiceRegistration webConsolePlugin;
+ private ServiceRegistration<Servlet> webConsolePlugin;
/**
* The listener for services registered with "sling.auth.requirements" to
@@ -277,21 +324,20 @@ public class SlingAuthenticator implements Authenticator,
/**
* ServiceTracker tracking AuthenticationInfoPostProcessor services
*/
- private ServiceTracker authInfoPostProcessorTracker;
+ private ServiceTracker<AuthenticationInfoPostProcessor, AuthenticationInfoPostProcessor> authInfoPostProcessorTracker;
/**
* The event admin service.
*/
- @Reference(policy=ReferencePolicy.DYNAMIC)
+ @Reference(policy=ReferencePolicy.DYNAMIC, cardinality = ReferenceCardinality.OPTIONAL)
private volatile EventAdmin eventAdmin;
// ---------- SCR integration
- @SuppressWarnings("unused")
@Activate
private void activate(final BundleContext bundleContext,
- final Map<String, Object> properties) {
- modified(properties);
+ final Config config) {
+ modified(config);
AuthenticatorWebConsolePlugin plugin = new AuthenticatorWebConsolePlugin(
this);
@@ -302,10 +348,10 @@ public class SlingAuthenticator implements Authenticator,
props.put(Constants.SERVICE_DESCRIPTION,
"Sling Request Authenticator WebConsole Plugin");
props.put(Constants.SERVICE_VENDOR,
- properties.get(Constants.SERVICE_VENDOR));
+ "The Apache Software Foundation");
webConsolePlugin = bundleContext.registerService(
- "javax.servlet.Servlet", plugin, props);
+ Servlet.class, plugin, props);
serviceListener = SlingAuthenticatorServiceListener.createListener(
bundleContext, this.authRequiredCache);
@@ -314,20 +360,13 @@ public class SlingAuthenticator implements Authenticator,
authHandlerCache);
engineAuthHandlerTracker = new EngineAuthenticationHandlerTracker(
bundleContext, authHandlerCache);
- authInfoPostProcessorTracker = new ServiceTracker(bundleContext, AuthenticationInfoPostProcessor.SERVICE_NAME, null);
+ authInfoPostProcessorTracker = new ServiceTracker(bundleContext, AuthenticationInfoPostProcessor.class, null);
authInfoPostProcessorTracker.open();
}
@Modified
- private void modified(Map<String, Object> properties) {
- if (properties == null) {
- properties = new HashMap<String, Object>();
- }
-
- String newCookie = (String) properties.get(PAR_IMPERSONATION_COOKIE_NAME);
- if (newCookie == null || newCookie.length() == 0) {
- newCookie = DEFAULT_IMPERSONATION_COOKIE;
- }
+ private void modified(Config config) {
+ String newCookie = config.auth_sudo_cookie();
if (!newCookie.equals(this.sudoCookieName)) {
log.info(
"modified: Setting new cookie name for impersonation {} (was {})",
@@ -335,10 +374,7 @@ public class SlingAuthenticator implements Authenticator,
this.sudoCookieName = newCookie;
}
- String newPar = (String) properties.get(PAR_IMPERSONATION_PAR_NAME);
- if (newPar == null || newPar.length() == 0) {
- newPar = DEFAULT_IMPERSONATION_PARAMETER;
- }
+ String newPar = config.auth_sudo_parameter();
if (!newPar.equals(this.sudoParameterName)) {
log.info(
"modified: Setting new parameter name for impersonation {} (was {})",
@@ -348,10 +384,10 @@ public class SlingAuthenticator implements Authenticator,
authRequiredCache.clear();
- final boolean anonAllowed = PropertiesUtil.toBoolean(properties.get(PAR_ANONYMOUS_ALLOWED), DEFAULT_ANONYMOUS_ALLOWED);
+ final boolean anonAllowed = config.auth_annonymous();
authRequiredCache.addHolder(new AuthenticationRequirementHolder("/", !anonAllowed, null));
- String[] authReqs = PropertiesUtil.toStringArray(properties.get(PAR_AUTH_REQ));
+ String[] authReqs = config.sling_auth_requirements();
if (authReqs != null) {
for (String authReq : authReqs) {
if (authReq != null && authReq.length() > 0) {
@@ -361,18 +397,16 @@ public class SlingAuthenticator implements Authenticator,
}
}
- final String anonUser = PropertiesUtil.toString(properties.get(PAR_ANONYMOUS_USER), "");
- if (anonUser.length() > 0) {
+ final String anonUser = config.sling_auth_anonymous_user();
+ if (anonUser != null && anonUser.length() > 0) {
this.anonUser = anonUser;
- this.anonPassword = PropertiesUtil.toString(properties.get(PAR_ANONYMOUS_PASSWORD), "").toCharArray();
+ this.anonPassword = config.sling_auth_anonymous_password() == null ? "".toCharArray() : config.sling_auth_anonymous_password().toCharArray();
} else {
this.anonUser = null;
this.anonPassword = null;
}
- authUriSuffices = PropertiesUtil.toStringArray(properties.get(PAR_AUTH_URI_SUFFIX),
- new String[] { DEFAULT_AUTH_URI_SUFFIX });
-
+ authUriSuffices = config.auth_uri_suffix();
// don't require authentication for login/logout servlets
authRequiredCache.addHolder(new AuthenticationRequirementHolder(
LoginServlet.SERVLET_PATH, false, null));
@@ -386,7 +420,7 @@ public class SlingAuthenticator implements Authenticator,
final String http;
if (anonAllowed) {
- http = PropertiesUtil.toString(properties.get(PAR_HTTP_AUTH), HTTP_AUTH_PREEMPTIVE);
+ http = config.auth_http();
} else {
http = HTTP_AUTH_ENABLED;
log.debug("modified: Anonymous Access is denied thus HTTP Basic Authentication is fully enabled");
@@ -395,12 +429,11 @@ public class SlingAuthenticator implements Authenticator,
if (HTTP_AUTH_DISABLED.equals(http)) {
httpBasicHandler = null;
} else {
- final String realm = PropertiesUtil.toString(properties.get(PAR_REALM_NAME), DEFAULT_REALM);
+ final String realm = config.auth_http_realm();
httpBasicHandler = new HttpBasicAuthenticationHandler(realm, HTTP_AUTH_ENABLED.equals(http));
}
}
- @SuppressWarnings("unused")
@Deactivate
private void deactivate(final BundleContext bundleContext) {
this.authRequiredCache.clear();
diff --git a/src/main/java/org/apache/sling/auth/core/impl/engine/EngineSlingAuthenticator.java b/src/main/java/org/apache/sling/auth/core/impl/engine/EngineSlingAuthenticator.java
index d27eee6..6680dc3 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/engine/EngineSlingAuthenticator.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/engine/EngineSlingAuthenticator.java
@@ -21,14 +21,12 @@ package org.apache.sling.auth.core.impl.engine;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.Properties;
-import org.apache.felix.scr.annotations.Property;
-import org.apache.felix.scr.annotations.Reference;
-import org.apache.felix.scr.annotations.Service;
import org.apache.sling.engine.auth.Authenticator;
import org.apache.sling.engine.auth.NoAuthenticationHandlerException;
-import org.osgi.framework.Constants;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.propertytypes.ServiceDescription;
+import org.osgi.service.component.propertytypes.ServiceVendor;
/**
* The <code>EngineSlingAuthenticator</code> class is a simple proxy service
@@ -36,17 +34,16 @@ import org.osgi.framework.Constants;
* new standalone Apache Sling
* {@link org.apache.sling.auth.core.AuthenticationSupport} service.
*/
-@Component()
-@Service(value = Authenticator.class)
-@Properties( {
- @Property(name = Constants.SERVICE_DESCRIPTION, value = "Apache Sling Request Authenticator (Legacy Bridge)"),
- @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation") })
+@Component(service = Authenticator.class)
+@ServiceDescription("Apache Sling Request Authenticator (Legacy Bridge)")
+@ServiceVendor("The Apache Software Foundation")
@SuppressWarnings("deprecation")
public class EngineSlingAuthenticator implements Authenticator {
@Reference
private org.apache.sling.api.auth.Authenticator slingAuthenticator;
+ @Override
public void login(HttpServletRequest request, HttpServletResponse response) {
try {
slingAuthenticator.login(request, response);
diff --git a/src/main/resources/OSGI-INF/l10n/metatype.properties b/src/main/resources/OSGI-INF/l10n/metatype.properties
deleted file mode 100644
index 2f06991..0000000
--- a/src/main/resources/OSGI-INF/l10n/metatype.properties
+++ /dev/null
@@ -1,116 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-
-#
-# This file contains localization strings for configuration labels and
-# descriptions as used in the metatype.xml descriptor generated by the
-# the Sling SCR plugin
-
-#
-# Request Authenticator. Uses AuthenticationHandlers for the
-# actual work of extracting user details from the request.
-auth.name = Apache Sling Authentication Service
-auth.description = Extracts user authentication details from the request with \
- the help of authentication handlers registered as separate services. One \
- example of such an authentication handler is the handler HTTP Authorization \
- header contained authentication.
-
-auth.annonymous.name = Allow Anonymous Access
-auth.annonymous.description = Whether default access as anonymous when no \
- credentials are present in the request is allowed. The default value is \
- "true" to allow access without credentials. When set to "false" access to the \
- repository is only allowed if valid credentials are presented. The value of \
- this configuration option is added to list of Authentication Requirements \
- and needs not be explicitly listed. If anonymous access is allowed the entry \
- added is "-/". Otherwise anonymous access is denied and "+/" is added to the \
- list.
-
-sling.auth.anonymous.user.name = Anonymous User Name
-sling.auth.anonymous.user.description = Defines which user name to assume \
- for anonymous requests, that is requests not providing credentials \
- supported by any of the registered authentication handlers. If this \
- property is missing or empty, the default is assumed which depends on \
- the resource provider(s). Otherwise anonymous requests are handled with \
- this user name. If the configured user name does not exist or is not \
- allowed to access the resource data, anonymous requests may still be \
- blocked. If anonymous access is not allowed, this property is ignored.
-
-sling.auth.anonymous.password.name = Anonymous User Password
-sling.auth.anonymous.password.description = Password for the anonymous \
- user defined in the Anonymous User Name field. This property is only \
- used if a non-empty anonymous user name is configured. If this property \
- is not defined but a password is required, an empty password would be \
- assumed.
-
-
-sling.auth.requirements.name = Authentication Requirements
-sling.auth.requirements.description = Defines URL space subtrees which require \
- or don't require authentication. For any request the best matching path \
- configured applies and defines whether authentication is actually required \
- for the request or not. Each entry in this list can be an absolute path (such \
- as /content) or and absolute URI (such as http://thehost/content). Optionally \
- each entry may be prefixed by a plus (+) or minus (-) sign indicating that \
- authentication is required (plus) or not required (minus). Example entries are \
- "/content" or "+/content" to require authentication at and below "/content" and \
- "-/system/sling/login" to not require authentication at and below \
- "/system/sling/login". By default this list is empty. This list is extended at \
- run time with additional entries: One entry is added for the "Allow Anonymous \
- Access" configuration. Other entries are added for any services setting the \
- "sling.auth.requirements" service registration property.
-
-auth.uri.suffix.name = Authentication URI Suffices
-auth.uri.suffix.description = A list of request URI suffixes intended to \
- be handled by Authentication Handlers. Any request whose request URI \
- ends with any one of the listed suffices is intended to be handled by \
- an Authentication Handler causing the request to either be rejected or \
- the client being redirected to another location and thus the request not \
- being further processed after the authentication phase. The default is \
- just "/j_security_check" which is the suffix defined by the Servlet API \
- specification used for FORM based authentication.
-
-auth.sudo.cookie.name = Impersonation Cookie
-auth.sudo.cookie.description = The name the HTTP Cookie to set with the value \
- of the user which is to be impersonated. This cookie will always be a session \
- cookie.
-
-auth.sudo.parameter.name = Impersonation Parameter
-auth.sudo.parameter.description = The name of the request parameter initiating \
- impersonation. Setting this parameter to a user id will result in using an \
- impersonated session (instead of the actually authenticated session) and set \
- a session cookie of the name defined in the Impersonation Cookie setting.
-
-auth.newpassword.parameter.name = New Password Parameter
-auth.newpassword.parameter.description = The name of the request POST parameter \
- used for changing the password alongside a login request when the user's password \
- has expired.
-
-auth.http.name = HTTP Basic Authentication
-auth.http.description = Level of support for HTTP Basic Authentication. Such \
- support can be provided in three levels: (1) no support at all, that is \
- disabled, (2) preemptive support, that is HTTP Basic Authentication is \
- supported if the authentication header is set in the request, (3) full \
- support. The default is preemptive support unless Anonymous Access is \
- not allowed. In this case HTTP Basic Authentication is always enabled \
- to ensure clients can authenticate at least with basic authentication.
-
-auth.http.realm.name = Realm
-auth.http.realm.description = HTTP BASIC authentication realm. This property \
- is only used if the HTTP Basic Authentication support is not disabled. The \
- default value is "Sling (Development)".
\ No newline at end of file