You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2009/04/23 09:33:47 UTC

[jira] Created: (SLING-938) Refine initiaition of the authentication process

Refine initiaition of the authentication process
------------------------------------------------

                 Key: SLING-938
                 URL: https://issues.apache.org/jira/browse/SLING-938
             Project: Sling
          Issue Type: Improvement
          Components: Engine
    Affects Versions: Engine 2.0.2
            Reporter: Felix Meschberger
            Assignee: Felix Meschberger
             Fix For: Engine 2.0.4


Currently the authentication process can only be initiated by explicitly calling a login page provided by some AuthenticationHandler implementation bundle. There is no way to initiate the authentication process from within a servlet or script (e.g. to have the user log in a 404/NOT FOUND error handler).

To support this kind of functionality the existing SlingAuthenticator.requestAuthentcation method should be publicly accessible through Service interface. Servlets or scripts which want to request authentication from the client for the current request may then call this service method.

This method applies the same authentication handler selection algorithm for the given HttpServletRequest object as it does for finding the authentication handler in the authenticate process. This ensures, that for a given request, the appropriate authentication handler is called which is then able to initiate authentication appropriately, for example by drawing a form.

For full details refer to http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (SLING-938) Refine initiaition of the authentication process

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/SLING-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger closed SLING-938.
-----------------------------------

    Resolution: Fixed

This looks good now and seems to work fine. Therefore closing this issue.

> Refine initiaition of the authentication process
> ------------------------------------------------
>
>                 Key: SLING-938
>                 URL: https://issues.apache.org/jira/browse/SLING-938
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>    Affects Versions: Engine 2.0.2
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Engine 2.0.4
>
>
> Currently the authentication process can only be initiated by explicitly calling a login page provided by some AuthenticationHandler implementation bundle. There is no way to initiate the authentication process from within a servlet or script (e.g. to have the user log in a 404/NOT FOUND error handler).
> To support this kind of functionality the existing SlingAuthenticator.requestAuthentcation method should be publicly accessible through Service interface. Servlets or scripts which want to request authentication from the client for the current request may then call this service method.
> This method applies the same authentication handler selection algorithm for the given HttpServletRequest object as it does for finding the authentication handler in the authenticate process. This ensures, that for a given request, the appropriate authentication handler is called which is then able to initiate authentication appropriately, for example by drawing a form.
> For full details refer to http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Reopened: (SLING-938) Refine initiaition of the authentication process

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/SLING-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger reopened SLING-938:
-------------------------------------


Need a slight extension to the login method: There may be the situation that no AuthenticationHandler is registered to actually be able to authenticate a given request. In this situation, the login method can of course not login.

So the login method throws a (new) NoAuthenticationHandlerException which indicates, that login failed becauses there was no AuthenticationHandler. The caller of the Authenticator.login method may then act appropriately.

For example a 404 handler, which might want to try to login to enable Closed User Group style access, might fall back to sending back the 404/NOT FOUND response if no authentication handler is willing to authenticate, that is if the request is not for a page inside the Closed User Group.

> Refine initiaition of the authentication process
> ------------------------------------------------
>
>                 Key: SLING-938
>                 URL: https://issues.apache.org/jira/browse/SLING-938
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>    Affects Versions: Engine 2.0.2
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Engine 2.0.4
>
>
> Currently the authentication process can only be initiated by explicitly calling a login page provided by some AuthenticationHandler implementation bundle. There is no way to initiate the authentication process from within a servlet or script (e.g. to have the user log in a 404/NOT FOUND error handler).
> To support this kind of functionality the existing SlingAuthenticator.requestAuthentcation method should be publicly accessible through Service interface. Servlets or scripts which want to request authentication from the client for the current request may then call this service method.
> This method applies the same authentication handler selection algorithm for the given HttpServletRequest object as it does for finding the authentication handler in the authenticate process. This ensures, that for a given request, the appropriate authentication handler is called which is then able to initiate authentication appropriately, for example by drawing a form.
> For full details refer to http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (SLING-938) Refine initiaition of the authentication process

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/SLING-938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12702486#action_12702486 ] 

Felix Meschberger commented on SLING-938:
-----------------------------------------

Added the NoAuthenticationHandlerException as explained above in Rev. 768396.

> Refine initiaition of the authentication process
> ------------------------------------------------
>
>                 Key: SLING-938
>                 URL: https://issues.apache.org/jira/browse/SLING-938
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>    Affects Versions: Engine 2.0.2
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Engine 2.0.4
>
>
> Currently the authentication process can only be initiated by explicitly calling a login page provided by some AuthenticationHandler implementation bundle. There is no way to initiate the authentication process from within a servlet or script (e.g. to have the user log in a 404/NOT FOUND error handler).
> To support this kind of functionality the existing SlingAuthenticator.requestAuthentcation method should be publicly accessible through Service interface. Servlets or scripts which want to request authentication from the client for the current request may then call this service method.
> This method applies the same authentication handler selection algorithm for the given HttpServletRequest object as it does for finding the authentication handler in the authenticate process. This ensures, that for a given request, the appropriate authentication handler is called which is then able to initiate authentication appropriately, for example by drawing a form.
> For full details refer to http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (SLING-938) Refine initiaition of the authentication process

Posted by "Felix Meschberger (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/SLING-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved SLING-938.
-------------------------------------

    Resolution: Fixed

Implemented a new Authenticator interface with (currently) a single method:

   login(HttpServletRequest, HttpServletResponse)

which may called to ask the client to login.

Note: I renamed the method from the initial proposal "requestAuthentication" to login, since it sounds more appropriate and any future extension to also support logging out would then just add a logout method.

> Refine initiaition of the authentication process
> ------------------------------------------------
>
>                 Key: SLING-938
>                 URL: https://issues.apache.org/jira/browse/SLING-938
>             Project: Sling
>          Issue Type: Improvement
>          Components: Engine
>    Affects Versions: Engine 2.0.2
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>             Fix For: Engine 2.0.4
>
>
> Currently the authentication process can only be initiated by explicitly calling a login page provided by some AuthenticationHandler implementation bundle. There is no way to initiate the authentication process from within a servlet or script (e.g. to have the user log in a 404/NOT FOUND error handler).
> To support this kind of functionality the existing SlingAuthenticator.requestAuthentcation method should be publicly accessible through Service interface. Servlets or scripts which want to request authentication from the client for the current request may then call this service method.
> This method applies the same authentication handler selection algorithm for the given HttpServletRequest object as it does for finding the authentication handler in the authenticate process. This ensures, that for a given request, the appropriate authentication handler is called which is then able to initiate authentication appropriately, for example by drawing a form.
> For full details refer to http://cwiki.apache.org/SLING/authentication-initiation.html

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.