All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.sling.commons.auth.AuthenticationSupport Maven / Gradle / Ivy

There is a newer version: 2024.11.18751.20241128T090041Z-241100
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sling.commons.auth;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 *  The AuthenticationSupport provides the service API used to
 *  implement the HttpContext.handleSecurity method as defined in
 *  the OSGi Http Service specification.
 *  

* Bundles registering servlets and/or resources with custom * HttpContext implementations may implement the * handleSecurity method using this service. The * {@link #handleSecurity(HttpServletRequest, HttpServletResponse)} method * implemented by this service exactly implements the specification of the * HttpContext.handleSecurity method. *

* A simple implementation of the HttpContext interface based on * this could be (using SCR JavaDoc tags of the Maven SCR Plugin) : * *

 *  /** @scr.component */
 *  public class MyHttpContext implements HttpContext {
 *      /** @scr.reference */
 *      private AuthenticationSupport authSupport;
 *
 *      /** @scr.reference */
 *      private MimeTypeService mimeTypes;
 *
 *      public boolean handleSecurity(HttpServletRequest request,
 *              HttpServletResponse response) {
 *          return authSupport.handleSecurity(request, response);
 *      }
 *
 *      public URL getResource(String name) {
 *          return null;
 *      }
 *
 *      public String getMimeType(String name) {
 *          return mimeTypes.getMimeType(name);
 *      }
 *  }
 *  
*

* This interface is implemented by this bundle and is not intended to be * implemented by client bundles. * * @deprecated Use Apache Sling's org.apache.sling.auth.core package instead. */ @Deprecated(since = "2015") public interface AuthenticationSupport { /** * The name under which this service is registered. */ static final String SERVICE_NAME = "org.apache.sling.commons.auth.AuthenticationSupport"; /** * The name of the request attribute set by the * {@link #handleSecurity(HttpServletRequest, HttpServletResponse)} method * if authentication succeeds and true is returned. *

* The request attribute is set to a Sling ResourceResolver * attached to the JCR repository using the credentials provided by the * request. */ static final String REQUEST_ATTRIBUTE_RESOLVER = "org.apache.sling.commons.auth.ResourceResolver"; /** * The name of the request parameter indicating where to redirect to after * successful authentication (and optional impersonation). This parameter is * respected if either anonymous authentication or regular authentication * succeed. *

* If authentication fails, either because the credentials are wrong or * because anonymous authentication fails or because anonymous * authentication is not allowed for the request, the parameter is ignored * and the * {@link org.apache.sling.commons.auth.spi.AuthenticationHandler#requestCredentials(HttpServletRequest, HttpServletResponse)} * method is called to request authentication. */ static final String REDIRECT_PARAMETER = "sling.auth.redirect"; /** * Handles security on behalf of a custom OSGi Http Service * HttpContext instance extracting credentials from the request * using any registered * {@link org.apache.sling.commons.auth.spi.AuthenticationHandler} services. * If the credentials can be extracted and used to log into the JCR * repository this method sets the request attributes required by the OSGi * Http Service specification plus the {@link #REQUEST_ATTRIBUTE_RESOLVER} * attribute. * * @param request The HTTP request to be authenticated * @param response The HTTP response to send any response to in case of * problems. * @return true if authentication succeeded and the request * attribtues are set. If false is returned the request * is immediately terminated and no request attributes are set. */ boolean handleSecurity(HttpServletRequest request, HttpServletResponse response); }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy