incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r739850 [1/2] - in /incubator/sling/trunk/extensions/openidauth: ./ src/ src/main/ src/main/java/ src/main/java/org/ src/main/java/org/apache/ src/main/java/org/apache/sling/ src/main/java/org/apache/sling/openidauth/ src/main/java/org/apac...
Date Sun, 01 Feb 2009 21:40:49 GMT
Author: fmeschbe
Date: Sun Feb  1 21:40:48 2009
New Revision: 739850

URL: http://svn.apache.org/viewvc?rev=739850&view=rev
Log:
SLING-839 Addition of an OpenID authentication handler (thanks to Rory Douglas)

Added:
    incubator/sling/trunk/extensions/openidauth/   (with props)
    incubator/sling/trunk/extensions/openidauth/LICENSE
    incubator/sling/trunk/extensions/openidauth/NOTICE
    incubator/sling/trunk/extensions/openidauth/README.txt   (with props)
    incubator/sling/trunk/extensions/openidauth/pom.xml   (with props)
    incubator/sling/trunk/extensions/openidauth/src/
    incubator/sling/trunk/extensions/openidauth/src/main/
    incubator/sling/trunk/extensions/openidauth/src/main/java/
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/
    incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/DISCLAIMER
    incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/LICENSE
    incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/NOTICE
    incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/system/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/system/sling/
    incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/system/sling/openid.json   (with props)
    incubator/sling/trunk/extensions/openidauth/src/main/resources/openid.properties   (with props)

Propchange: incubator/sling/trunk/extensions/openidauth/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Sun Feb  1 21:40:48 2009
@@ -0,0 +1,4 @@
+.classpath
+.project
+target
+.settings

Added: incubator/sling/trunk/extensions/openidauth/LICENSE
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/LICENSE?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/LICENSE (added)
+++ incubator/sling/trunk/extensions/openidauth/LICENSE Sun Feb  1 21:40:48 2009
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Added: incubator/sling/trunk/extensions/openidauth/NOTICE
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/NOTICE?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/NOTICE (added)
+++ incubator/sling/trunk/extensions/openidauth/NOTICE Sun Feb  1 21:40:48 2009
@@ -0,0 +1,17 @@
+Apache Sling OpenID Authentication
+Copyright 2008-2009 The Apache Software Foundation
+
+Apache Sling is based on source code originally developed 
+by Day Software (http://www.day.com/).
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+
+
+This module includes modules from
+
+dyuproject (http://code.google.com/p/dyuproject/) and
+jetty (http://jetty.mortbay.org)
+
+both of which are licensed under Apache License v2.0
+

Added: incubator/sling/trunk/extensions/openidauth/README.txt
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/README.txt?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/README.txt (added)
+++ incubator/sling/trunk/extensions/openidauth/README.txt Sun Feb  1 21:40:48 2009
@@ -0,0 +1,38 @@
+Apache Sling OpenID Authentication
+
+Bundle implementing OpenID authentication with login
+and logout support
+
+Disclaimer
+==========
+Apache Sling is an effort undergoing incubation at The Apache Software Foundation (ASF),
+sponsored by the Apache Jackrabbit PMC. Incubation is required of all newly accepted
+projects until a further review indicates that the infrastructure, communications,
+and decision making process have stabilized in a manner consistent with other
+successful ASF projects. While incubation status is not necessarily a reflection of
+the completeness or stability of the code, it does indicate that the project has yet
+to be fully endorsed by the ASF.
+
+Getting Started
+===============
+
+This component uses a Maven 2 (http://maven.apache.org/) build
+environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
+2.0.7 or later. We recommend to use the latest Maven version.
+
+If you have Maven 2 installed, you can compile and
+package the jar using the following command:
+
+    mvn package
+
+See the Maven 2 documentation for other build features.
+
+The latest source code for this component is available in the
+Subversion (http://subversion.tigris.org/) source repository of
+the Apache Software Foundation. If you have Subversion installed,
+you can checkout the latest source using the following command:
+
+    svn checkout http://svn.apache.org/repos/asf/incubator/sling/trunk/extensions/openidauth
+
+See the Subversion documentation for other source control features.
+

Propchange: incubator/sling/trunk/extensions/openidauth/README.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/sling/trunk/extensions/openidauth/pom.xml
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/pom.xml?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/pom.xml (added)
+++ incubator/sling/trunk/extensions/openidauth/pom.xml Sun Feb  1 21:40:48 2009
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.sling</groupId>
+        <artifactId>sling</artifactId>
+        <version>5-incubator-SNAPSHOT</version>
+        <relativePath>../../parent/pom.xml</relativePath>
+    </parent>
+
+    <artifactId>org.apache.sling.openidauth</artifactId>
+    <packaging>bundle</packaging>
+    <version>0.9.0-incubator-SNAPSHOT</version>
+
+    <name>Apache Sling OpenID Authentication</name>
+    <description>
+        Bundle implementing OpenID authentication with login
+        and logout support
+    </description>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Private-Package>
+                            org.apache.sling.openidauth.impl.*,
+                            org.apache.commons.codec,
+                            org.apache.commons.codec.binary,
+                            org.apache.commons.codec.net
+                        </Private-Package>
+                        <!-- initial content to be loaded on bundle installation -->
+                        <Sling-Initial-Content>SLING-INF/content</Sling-Initial-Content>
+
+                        <!-- Bundle supplied resource prefixes -->
+                        <Include-Resource>{maven-resources}</Include-Resource>
+
+                        <Export-Package>
+	                        org.apache.sling.openidauth,
+                        	!org.apache.sling.openidauth.impl
+                        </Export-Package>
+                        <_exportcontents>
+                        	com.dyuproject.openid
+                        </_exportcontents>
+                        <Import-Package>
+                        	*;resolution:=optional
+                        </Import-Package>
+                        <DynamicImport-Package>*</DynamicImport-Package>
+						<Embed-Transitive>true</Embed-Transitive>
+                        <!-- Embed OpenID completely -->
+                        <Embed-Dependency>
+                            dyuproject-openid,dyuproject-util,jetty-util
+                        </Embed-Dependency>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <reporting>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <configuration>
+                    <excludePackageNames>
+                        org.apache.sling.openidauth
+                    </excludePackageNames>
+                </configuration>
+            </plugin>
+        </plugins>
+    </reporting>
+    <repositories>
+	    <repository>
+	      <releases>
+	        <enabled>true</enabled>
+	      </releases>
+	      <id>dyuproject-repo</id>
+	      <name>dyuproject-repo</name>      
+	      <url>http://dyuproject.googlecode.com/svn/repos/maven2</url>
+	    </repository>
+    </repositories>
+    <dependencies>
+		<dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.api</artifactId>
+            <version>2.0.2-incubator</version>
+        </dependency>
+		<dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.engine</artifactId>
+            <version>2.0.3-incubator-SNAPSHOT</version>
+        </dependency>
+		<dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.3</version>
+            <scope>compile</scope>
+        </dependency>
+		<dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.osgi.core</artifactId>
+        </dependency>
+		<dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.osgi.compendium</artifactId>
+        </dependency>
+		<dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+        </dependency>
+		<dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+		<dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+		<dependency>
+			<groupId>com.dyuproject</groupId>
+			<artifactId>dyuproject-openid</artifactId>
+			<version>1.1.1</version>
+	    </dependency>
+	    <dependency>
+			<groupId>com.dyuproject</groupId>
+			<artifactId>dyuproject-util</artifactId>
+			<version>1.1.1</version>
+	    </dependency>
+	    <dependency>
+	    	<groupId>org.mortbay.jetty</groupId>
+	    	<artifactId>jetty-util</artifactId>
+	    	<version>7.0.0.pre5</version>
+	    </dependency>
+    </dependencies>
+</project>

Propchange: incubator/sling/trunk/extensions/openidauth/pom.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java Sun Feb  1 21:40:48 2009
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth;
+
+public class OpenIDConstants {
+	public static final String LOGOUT_REQUEST_PATH = "/system/sling/openid/logout";
+	
+    public static final String OPEN_ID_AUTH_TYPE = "OpenID";
+
+    public static final String OPEN_ID_USER_ATTRIBUTE = "openid_user";
+
+    public static final String ORIGINAL_URL_ATTRIBUTE = OPEN_ID_AUTH_TYPE + ".original.url";
+    
+    public static final String REDIRECT_URL_PARAMETER = OPEN_ID_AUTH_TYPE + ".redirect";
+    
+    public static final String OPENID_FAILURE_REASON_ATTRIBUTE = OPEN_ID_AUTH_TYPE + ".failure";
+    
+    public enum OpenIDFailure {
+    	DISCOVERY, ASSOCIATION, COMMUNICATION, AUTHENTICATION, VERIFICATION, REPOSITORY, OTHER
+    }
+}

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDConstants.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java Sun Feb  1 21:40:48 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth;
+
+public class OpenIDUserUtil {
+	public static String getPrinicpalName(String openIdIdentifier) {
+		if(openIdIdentifier.endsWith("/")) {
+			openIdIdentifier = openIdIdentifier.substring(0,openIdIdentifier.length()-1);
+		}
+		return openIdIdentifier.replaceAll("://",".").replaceAll(":",".").replaceAll("/","_");
+	}
+}

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/OpenIDUserUtil.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java Sun Feb  1 21:40:48 2009
@@ -0,0 +1,568 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth.impl;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import javax.jcr.Credentials;
+import javax.jcr.SimpleCredentials;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.sling.commons.osgi.OsgiUtil;
+import org.apache.sling.engine.auth.AuthenticationHandler;
+import org.apache.sling.engine.auth.AuthenticationInfo;
+import org.apache.sling.openidauth.OpenIDConstants;
+import org.apache.sling.openidauth.OpenIDUserUtil;
+import org.apache.sling.openidauth.OpenIDConstants.OpenIDFailure;
+import org.osgi.service.component.ComponentContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.dyuproject.openid.OpenIdUser;
+import com.dyuproject.openid.RelyingParty;
+import com.dyuproject.openid.manager.CookieBasedUserManager;
+
+/**
+ * The <code>AuthorizationHeaderAuthenticationHandler</code> class implements
+ * the authorization steps based on the Authorization header of the HTTP
+ * request. This authenticator should eventually support both BASIC and DIGEST
+ * authentication methods.
+ *
+ * @scr.component immediate="false" label="%auth.openid.name"
+ *                description="%auth.openid.description"
+ * @scr.property name="service.description" value="Apache Sling OpenID Authentication Handler"
+ * @scr.property name="service.vendor" value="The Apache Software Foundation"
+ * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" values.0="/" 
+ * @scr.service
+ */
+public class OpenIDAuthenticationHandler implements
+        AuthenticationHandler {
+
+    /** default log */
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    /**
+     * @scr.property valueRef="DEFAULT_LOGIN_FORM"
+     */
+    public static final String PROP_LOGIN_FORM = "openid.login.form";
+    
+    public static final String DEFAULT_LOGIN_FORM = "/system/sling/openid/loginform.html";
+
+    
+    /**
+     * @scr.property valueRef="DEFAULT_LOGIN_IDENTIFIER_FORM_FIELD"
+     */
+    public static final String PROP_LOGIN_IDENTIFIER_FORM_FIELD = "openid.login.identifier";
+    
+    public static final String DEFAULT_LOGIN_IDENTIFIER_FORM_FIELD = RelyingParty.DEFAULT_IDENTIFIER_PARAMETER;
+
+    
+    /**
+     * @scr.property valueRef="DEFAULT_ORIGINAL_URL_ON_SUCCESS" type="Boolean"
+     */
+    public static final String PROP_ORIGINAL_URL_ON_SUCCESS = "openid.original.url.onsuccess";
+    
+    public static final boolean DEFAULT_ORIGINAL_URL_ON_SUCCESS = true;
+
+    
+    /**
+     * @scr.property valueRef="DEFAULT_AUTH_SUCCESS_URL"
+     */
+    public static final String PROP_AUTH_SUCCESS_URL = "openid.login.success";
+    
+    public static final String DEFAULT_AUTH_SUCCESS_URL = "/system/sling/openid/authsuccess.html";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_AUTH_FAIL_URL"
+     */
+    public static final String PROP_AUTH_FAIL_URL = "openid.login.fail";
+    
+    public static final String DEFAULT_AUTH_FAIL_URL = "/system/sling/openid/authfail.html";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_LOGOUT_URL"
+     */
+    public static final String PROP_LOGOUT_URL = "openid.logout";
+    
+    public static final String DEFAULT_LOGOUT_URL = "/system/sling/openid/logout.html";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_EXTERNAL_URL_PREFIX"
+     */
+    public static final String PROP_EXTERNAL_URL_PREFIX = "openid.external.url.prefix";
+    
+    public static final String DEFAULT_EXTERNAL_URL_PREFIX = "http://my.external.sling.com";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_OPENID_USERS_PASSWORD"
+     */
+    public static final String PROP_OPENID_USERS_PASSWORD = "openid.users.password";
+    
+    public static final String DEFAULT_OPENID_USERS_PASSWORD = "changeme";
+    
+
+    /**
+     * @scr.property valueRef="DEFAULT_ANONYMOUS_AUTH_RESOURCES" type="Boolean"
+     */
+    public static final String PROP_ANONYMOUS_AUTH_RESOURCES = "openid.anon.auth.resources";
+    
+    public static final boolean DEFAULT_ANONYMOUS_AUTH_RESOURCES = true;
+
+    
+    /**
+     * @scr.property valueRef="DEFAULT_USE_COOKIE" type="Boolean"
+     */
+    public static final String PROP_USE_COOKIE = "openid.use.cookie";
+    
+    public static final boolean DEFAULT_USE_COOKIE = false;
+
+    
+    /**
+     * @scr.property valueRef="DEFAULT_COOKIE_DOMAIN"
+     */
+    public static final String PROP_COOKIE_DOMAIN = "openid.cookie.domain";
+    
+    public static final String DEFAULT_COOKIE_DOMAIN = ".sling.com";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_COOKIE_NAME"
+     */
+    public static final String PROP_COOKIE_NAME = "openid.cookie.name";
+    
+    public static final String DEFAULT_COOKIE_NAME = "sling.openid";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_COOKIE_PATH"
+     */
+    public static final String PROP_COOKIE_PATH = "openid.cookie.path";
+    
+    public static final String DEFAULT_COOKIE_PATH = "/";
+    
+    
+    /**
+     * @scr.property valueRef="DEFAULT_COOKIE_SECRET_KEY"
+     */
+    public static final String PROP_COOKIE_SECRET_KEY = "openid.cookie.secret.key";
+    
+    public static final String DEFAULT_COOKIE_SECRET_KEY = "secret";
+    
+        
+    static final String SLASH = "/";
+    
+    private ComponentContext context;
+    private String openIdUserPassword;
+    
+    private String loginForm;
+    private String authSuccessUrl;
+    private String authFailUrl;
+    private String logoutUrl;
+    private boolean accessAuthPageAnon;
+    
+    private boolean redirectToOriginalUrl;
+    private String externalUrlPrefix;
+    private boolean useCookie;
+    private String cookieDomain;
+    private String cookieName;
+    private String cookiePath;
+    private String identifierParam;
+	
+	private RelyingParty relyingParty;
+	
+	
+    public OpenIDAuthenticationHandler() {
+        log.info("OpenIDAuthenticationHandler created");
+    }
+
+    // ----------- AuthenticationHandler interface ----------------------------
+
+    /**
+     * Extracts credential data from the request if at all contained. This check
+     * is only based on the original request object, no URI translation has
+     * taken place yet.
+     * <p>
+     * The method returns any of the following values : <table>
+     * <tr>
+     * <th>value
+     * <th>description</tr>
+     * <tr>
+     * <td><code>null</code>
+     * <td>no user details were contained in the request </tr>
+     * <tr>
+     * <td>{@link AuthenticationInfo#DOING_AUTH}
+     * <td>the handler is in an ongoing authentication exchange with the
+     * client. The request handling is terminated.
+     * <tr>
+     * <tr>
+     * <td>valid credentials
+     * <td>The user sent credentials.</tr>
+     * </table>
+     * <p>
+     * The method must not request credential information from the client, if
+     * they are not found in the request.
+     * <p>
+     * Note : The implementation should pay special attention to the fact, that
+     * the request may be for an included servlet, in which case the values for
+     * some URI specific values are contained in javax.servlet.include.* request
+     * attributes.
+     *
+     * @param request The request object containing the information for the
+     *            authentication.
+     * @param response The response object which may be used to send the
+     *            information on the request failure to the user.
+     * @return A valid Credentials instance identifying the request user,
+     *         DOING_AUTH if the handler is in an authentication transaction with
+     *         the client or null if the request does not contain authentication
+     *         information. In case of DOING_AUTH, the method must have sent a
+     *         response indicating that fact to the client.
+     */
+    public AuthenticationInfo authenticate(HttpServletRequest request,
+            HttpServletResponse response) {
+
+        // extract credentials and return
+        AuthenticationInfo info = this.extractAuthentication(request, response);
+        if (info != null) {
+            return info;
+        }
+
+        return null;
+    }
+
+    /**
+     * Sends status <code>401</code> (Unauthorized) with a
+     * <code>WWW-Authenticate</code> requesting standard HTTP header
+     * authentication with the <code>Basic</code> scheme and the configured
+     * realm name. If the response is already committed, an error message is
+     * logged but the 401 status is not sent.
+     *
+     * @param request The request object
+     * @param response The response object to which to send the request
+     * @return <code>true</code> is always returned by this handler
+     * @throws IOException if an error occurrs sending back the response.
+     */
+    public boolean requestAuthentication(HttpServletRequest request,
+            HttpServletResponse response) throws IOException {
+
+        // if the response is already committed, we have a problem !!
+        if (!response.isCommitted()) {
+        	
+        	// requestAuthentication is only called after a failed authentication
+        	// so it makes sense to remove any existing login
+        	// original URL is set only if it doesn't already exist
+        	relyingParty.invalidate(request, response);
+        	
+        	if(request.getSession().getAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE) == null) {
+        		String originalUrl = request.getRequestURI() +
+        			(request.getQueryString() != null ? "?" + request.getQueryString() : "");
+        		
+        		// handle corner case where login form requested directly
+        		if(!originalUrl.equals(loginForm)) {
+        			request.getSession().setAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE, originalUrl);
+        		}
+        	}
+        	response.sendRedirect(loginForm);
+        } else {
+            log.error("requestAuthentication: Response is committed, cannot request authentication");
+        }
+
+        return true;
+    }
+
+    protected AuthenticationInfo handleAuthFailure(OpenIDFailure failure, HttpServletRequest request, HttpServletResponse response) 
+    	throws IOException {
+
+    	request.getSession().setAttribute(OpenIDConstants.OPENID_FAILURE_REASON_ATTRIBUTE, failure);
+		
+		if(authFailUrl != null && !"".equals(authFailUrl)) {
+			response.sendRedirect(authFailUrl);
+			return AuthenticationInfo.DOING_AUTH;
+		} else {
+			return null;
+		}
+    }
+    
+    protected AuthenticationInfo handleLogout(HttpServletRequest request, HttpServletResponse response) 
+    	throws IOException {
+		String redirectUrl = null;
+		
+		if(request.getParameter(OpenIDConstants.REDIRECT_URL_PARAMETER) != null) {
+			redirectUrl = request.getParameter(OpenIDConstants.REDIRECT_URL_PARAMETER);
+		} else {
+			redirectUrl = logoutUrl;
+		}
+		
+		// fallback
+		if(redirectUrl == null) {
+			redirectUrl = "/";
+		}
+		
+		response.sendRedirect(redirectUrl);
+		return AuthenticationInfo.DOING_AUTH;
+    }
+
+    // ---------- SCR Integration ----------------------------------------------
+
+    protected void activate(ComponentContext componentContext) {
+    	context = componentContext;
+    	
+    	openIdUserPassword = OsgiUtil.toString(
+         		context.getProperties().get(PROP_OPENID_USERS_PASSWORD), 
+         		DEFAULT_OPENID_USERS_PASSWORD);
+    	
+    	loginForm = OsgiUtil.toString(
+         		context.getProperties().get(PROP_LOGIN_FORM), 
+         		DEFAULT_LOGIN_FORM);
+    	
+    	authSuccessUrl = OsgiUtil.toString(
+         		context.getProperties().get(PROP_AUTH_SUCCESS_URL), 
+         		DEFAULT_AUTH_SUCCESS_URL);
+    	
+    	authFailUrl = OsgiUtil.toString(
+         		context.getProperties().get(PROP_AUTH_FAIL_URL), 
+         		DEFAULT_AUTH_FAIL_URL);
+    	
+    	logoutUrl = OsgiUtil.toString(
+         		context.getProperties().get(PROP_LOGOUT_URL), 
+         		DEFAULT_LOGOUT_URL);
+    	
+    	redirectToOriginalUrl = OsgiUtil.toBoolean(
+         		context.getProperties().get(PROP_ORIGINAL_URL_ON_SUCCESS), 
+         		DEFAULT_ORIGINAL_URL_ON_SUCCESS);
+    	
+    	accessAuthPageAnon = OsgiUtil.toBoolean(
+         		context.getProperties().get(PROP_ANONYMOUS_AUTH_RESOURCES), 
+         		DEFAULT_ANONYMOUS_AUTH_RESOURCES);
+    	
+    	externalUrlPrefix = OsgiUtil.toString(
+    			context.getProperties().get(PROP_EXTERNAL_URL_PREFIX),
+    			DEFAULT_EXTERNAL_URL_PREFIX);
+    	
+    	// DYU OpenID properties
+    	useCookie = OsgiUtil.toBoolean(
+         		context.getProperties().get(PROP_USE_COOKIE), 
+         		DEFAULT_USE_COOKIE);
+    	
+    	cookieDomain = OsgiUtil.toString(
+    			context.getProperties().get(PROP_COOKIE_DOMAIN),
+    			DEFAULT_COOKIE_DOMAIN);
+    	
+    	cookieName = OsgiUtil.toString(
+    			context.getProperties().get(PROP_COOKIE_NAME),
+    			DEFAULT_COOKIE_NAME);
+    	
+    	cookiePath = OsgiUtil.toString(
+    			context.getProperties().get(PROP_COOKIE_PATH),
+    			DEFAULT_COOKIE_PATH);
+    	
+    	identifierParam = OsgiUtil.toString(
+        		context.getProperties().get(PROP_LOGIN_IDENTIFIER_FORM_FIELD), 
+        		DEFAULT_LOGIN_IDENTIFIER_FORM_FIELD);
+        
+    	String cookieSecret = OsgiUtil.toString(
+    			context.getProperties().get(PROP_COOKIE_SECRET_KEY),
+    			DEFAULT_COOKIE_SECRET_KEY);
+    	
+        Properties openIdProps = new Properties();
+        
+        openIdProps.setProperty("openid.identifier.parameter", identifierParam);
+        
+        if(useCookie) {
+        	openIdProps.setProperty("openid.user.manager", CookieBasedUserManager.class.getName());
+        	openIdProps.setProperty("openid.user.manager.cookie.name", cookieName);
+        	openIdProps.setProperty("openid.user.manager.cookie.path", cookiePath);
+        	openIdProps.setProperty("openid.user.manager.cookie.domain", cookieDomain);
+        	openIdProps.setProperty("openid.user.manager.cookie.security.secret_key", cookieSecret);
+        }
+        
+		relyingParty = RelyingParty.newInstance(openIdProps);
+    }
+
+    // ---------- internal -----------------------------------------------------
+
+    protected AuthenticationInfo extractAuthentication(
+            HttpServletRequest request, HttpServletResponse response) {
+
+    	
+    	OpenIdUser user = null;
+    	
+        try
+        {
+            user = relyingParty.discover(request);
+            
+            // Authentication timeout
+            if(user == null && RelyingParty.isAuthResponse(request))
+            {
+            	log.debug("OpenID authentication timeout");
+                response.sendRedirect(request.getRequestURI());
+                return AuthenticationInfo.DOING_AUTH;
+            }
+            
+	    	if(request.getPathInfo() != null) {
+	    		String requestPath = request.getPathInfo();
+	    		if(requestPath != null) {
+	    			if(OpenIDConstants.LOGOUT_REQUEST_PATH.equals(requestPath)) {
+	    				relyingParty.invalidate(request, response);
+    					user = null;
+    					return handleLogout(request, response);
+	    			} 
+	    			// handle (possibly)anon auth resources
+	    			else if (loginForm.equals(requestPath) || 
+	    					authFailUrl.equals(requestPath) ||
+	    					logoutUrl.equals(requestPath)) {
+	    				
+	    				if (loginForm.equals(requestPath)) {
+		    				// can force a login with Allow Anonymous enabled, by requesting
+		    				// login form directly.  Checking this parameter allows us
+		    				// to redirect user somewhere useful if login is successful
+		    				if(request.getParameter(OpenIDConstants.REDIRECT_URL_PARAMETER) != null) {
+		    					request.getSession().setAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE, 
+		    							request.getParameter(OpenIDConstants.REDIRECT_URL_PARAMETER));
+		    				}
+		    				
+		    				moveAttributeFromSessionToRequest(
+		    						OpenIDConstants.OPENID_FAILURE_REASON_ATTRIBUTE, 
+		    						OpenIDConstants.OpenIDFailure.class,
+		    						request);
+		    				
+		    				moveAttributeFromSessionToRequest(
+		    						OpenIDConstants.ORIGINAL_URL_ATTRIBUTE, 
+		    						String.class,
+		    						request);
+		    				
+	    				} else if (authFailUrl.equals(requestPath)) {
+	    					// move the failure reason attribute from session to request
+	    					moveAttributeFromSessionToRequest(
+		    						OpenIDConstants.OPENID_FAILURE_REASON_ATTRIBUTE, 
+		    						OpenIDConstants.OpenIDFailure.class,
+		    						request);
+	    					
+	    					moveAttributeFromSessionToRequest(
+		    						OpenIDConstants.ORIGINAL_URL_ATTRIBUTE, 
+		    						String.class,
+		    						request);
+	    				}
+	    				
+	    				if(accessAuthPageAnon) {
+	    					// Causes anonymous login
+	    					// but does not respect SlingAuthenticator allowAnonymous
+	    					return new AuthenticationInfo(OpenIDConstants.OPEN_ID_AUTH_TYPE, null);
+	    				}
+	    			}
+	    		}
+	    	}
+        	
+            if(user != null) {
+	            if(user.isAuthenticated()) {
+	                // user already authenticated
+	                request.setAttribute(OpenIdUser.ATTR_NAME, user);
+	                return getAuthInfoFromIdentifier(user.getIdentity());
+	            } else if(user.isAssociated()) {
+	            	if(RelyingParty.isAuthResponse(request)) {
+		            	if(relyingParty.verifyAuth(user, request, response)) {
+		                    // authenticated                    
+		                    response.sendRedirect(request.getRequestURI());
+		                    return AuthenticationInfo.DOING_AUTH;
+		                } else {
+		                    // failed verification
+		                	AuthenticationInfo authInfo = handleAuthFailure(OpenIDFailure.VERIFICATION, request, response);
+		    				if(authInfo != null) {
+		    					return authInfo;
+		    				}
+		                }
+		            } else {
+		            	// Assume a cancel or some other non-successful response from provider
+		            	// failed verification
+		            	relyingParty.invalidate(request, response);
+		            	user = null;
+		            	
+	                	AuthenticationInfo authInfo = handleAuthFailure(OpenIDFailure.AUTHENTICATION, request, response);
+	    				if(authInfo != null) {
+	    					return authInfo;
+	    				}
+		            }
+	            } else {
+		            // associate and authenticate user
+		            StringBuffer url = null; 
+		            String trustRoot = null;
+		            String returnTo = null;
+		            
+		            if(externalUrlPrefix != null && !"".equals(externalUrlPrefix.trim())) {
+		            	url = new StringBuffer(externalUrlPrefix).append(request.getRequestURI());
+		            	trustRoot = externalUrlPrefix;
+		            } else {
+		            	url = request.getRequestURL();
+		            	trustRoot = url.substring(0, url.indexOf(SLASH, 9));
+		            }
+		            
+	            	String realm = url.substring(0, url.lastIndexOf(SLASH));
+	            	
+		            if(redirectToOriginalUrl) {
+		            	returnTo = url.toString();        
+		            } else {
+		            	request.setAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE, request.getRequestURI());
+		            	returnTo =  authSuccessUrl;
+		    		}
+		            
+		            if(relyingParty.associateAndAuthenticate(user, request, response, trustRoot, realm, 
+		                    returnTo)) {
+		                // user is associated and then redirected to his openid provider for authentication                
+		                return AuthenticationInfo.DOING_AUTH;
+		            } else {
+		            	// failed association or auth request generation
+	                	AuthenticationInfo authInfo = handleAuthFailure(OpenIDFailure.ASSOCIATION, request, response);
+	    				if(authInfo != null) {
+	    					return authInfo;
+	    				}
+		            }
+	            }
+            }
+        } catch(Exception e) {
+        	log.error("Error processing OpenID request", e);
+        }
+    	
+    	return null;
+    }
+    
+    private <T> T removeAttributeFromSession(String attrName, Class<T> type, HttpServletRequest request) {
+    	T attr = (T)request.getSession().getAttribute(attrName);
+		request.getSession().removeAttribute(attrName);
+		return attr;
+    }
+    
+    private <T> T moveAttributeFromSessionToRequest(String attrName, Class<T> type, HttpServletRequest request) {
+		T attr = removeAttributeFromSession(attrName, type, request);
+		request.setAttribute(attrName, attr);
+		return attr;
+    }
+    
+    private AuthenticationInfo getAuthInfoFromIdentifier(String id) {
+    	String jcrId = OpenIDUserUtil.getPrinicpalName(id);
+
+    	Credentials creds = new SimpleCredentials(jcrId,openIdUserPassword.toCharArray());
+        return new AuthenticationInfo(OpenIDConstants.OPEN_ID_AUTH_TYPE, creds);
+    }
+
+}
\ No newline at end of file

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandler.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/DISCLAIMER
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/DISCLAIMER?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/DISCLAIMER (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/DISCLAIMER Sun Feb  1 21:40:48 2009
@@ -0,0 +1,7 @@
+Apache Sling is an effort undergoing incubation at The Apache Software Foundation (ASF),
+sponsored by the Apache Jackrabbit PMC. Incubation is required of all newly accepted
+projects until a further review indicates that the infrastructure, communications,
+and decision making process have stabilized in a manner consistent with other
+successful ASF projects. While incubation status is not necessarily a reflection of
+the completeness or stability of the code, it does indicate that the project has yet
+to be fully endorsed by the ASF.
\ No newline at end of file

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/LICENSE
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/LICENSE?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/LICENSE (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/LICENSE Sun Feb  1 21:40:48 2009
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/NOTICE
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/NOTICE?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/NOTICE (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/META-INF/NOTICE Sun Feb  1 21:40:48 2009
@@ -0,0 +1,17 @@
+Apache Sling OpenID Authentication
+Copyright 2008-2009 The Apache Software Foundation
+
+Apache Sling is based on source code originally developed 
+by Day Software (http://www.day.com/).
+
+This product includes software developed at
+The Apache Software Foundation (http://www.apache.org/).
+
+
+This module includes modules from
+
+dyuproject (http://code.google.com/p/dyuproject/) and
+jetty (http://jetty.mortbay.org)
+
+both of which are licensed under Apache License v2.0
+

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties Sun Feb  1 21:40:48 2009
@@ -0,0 +1,129 @@
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License.
+#
+
+
+#
+# This file contains localization strings for configuration labels and
+# descriptions as used in the metatype.xml descriptor generated by the
+# the Sling SCR plugin
+
+#
+# Open ID Authentication handler 
+auth.openid.name = Apache Sling OpenID Authenticator
+auth.openid.description = The OpenID Authenticator authenticates Sling users via OpenID. \
+The login sequence is triggered automatically for a resource if 'Allow Anonymous Access' \
+is false in the Request Authenticator.  You can manually show the login form by accessing \
+the Login Request path (/system/sling/openid/login).  You can logout by accessing the \
+Logout Request path (/system/sling/openid/logout).  The various displayed pages \
+(login, auth success, auth fail & logout) are customizable. 
+
+path.name = URL path prefixes
+path.description = URL path prefixes handled by this Authenticator. If no \
+path is configured, it is regarded as inactive. If the handler should be \
+used for all requests, the path should be '/'.
+
+auth.priority.name = Authentication priority
+auth.priority.description = This handler's priority for attempting to authenticate a request
+
+request.auth.priority.name = Authentication Challenge priority
+request.auth.priority.description = This handler's priority for issuing an authentication challenge
+
+openid.use.cookie.name = Use cookie 
+openid.use.cookie.description = Use a cookie to persist the authentication.  If this is \
+false, uses an HTTP session attribute.
+
+openid.cookie.name.name = Cookie name 
+openid.cookie.name.description = Name of cookie used to persist authentication. Only \
+used if 'Use Cookie' is true.
+
+openid.cookie.domain.name = Cookie domain 
+openid.cookie.domain.description = Domain of cookie used to persist authentication. Only \
+used if 'Use Cookie' is true.
+
+openid.cookie.path.name = Cookie path
+openid.cookie.path.description = Path of cookie used to persist authentication. Only \
+used if 'Use Cookie' is true.
+
+openid.cookie.secret.key.name = Cookie Secret Key
+openid.cookie.secret.key.description = Secret key used to encrypt cookie contents.  Must \
+be less than 24 characters long. Only used if 'Use Cookie' is true.
+
+openid.login.form.name = URL of Open ID login form
+openid.login.form.description = This should provide a way to capture the user's \
+OpenID identifier.  This is not the OpenID Provider's login page, however, it does \
+not have to be a local URL.  If it is a local Sling URL, it must be readable by \
+the anonymous user AND either 'Allow Anonymous Access' must be on in the Request \
+Authenticator OR 'Access auth resources anonymously' must be checked here. \
+The user is HTTP Redirect'ed to this URL.  This page \
+should POST back the user's OpenID identifier (as named by the form field parameter) \
+to the originally requested URL (obtainable from HTTP Session attribute \
+OpenIDConstants.ORIGINAL_URL_ATTRIBUTE).  If this form is accessed directly, \
+an optional request parameter 'OpenID.redirect' can set the \
+redirect URL that will be used after successful authentication (if 'Redirect to \
+original URL' is true).
+
+openid.login.identifier.name =  OpenID identifier form field
+openid.login.identifier.description = The name of the form parameter that contains \
+the user's OpenID identifier.  By convention this is 'openid_identifier'.
+
+openid.original.url.onsuccess.name = Redirect to original URL 
+openid.original.url.onsuccess.description = Whether to redirect to the originally \
+requested URL after successful authentication.
+
+openid.login.success.name = Authentication Success URL 
+openid.login.success.description = URL to redirect user to after successful \
+authentication. Only respected if 'Redirect to original URL' is false.
+
+openid.login.fail.name = Authentication Failure URL 
+openid.login.fail.description = URL to redirect user to after failed \
+OpenID authentication. It does not have to be a local URL.  If it is a local \
+Sling URL, it must be readable by the anonymous user AND either \
+'Allow Anonymous Access' must be on in the Request Authenticator OR 'Access auth \
+resources anonymously' must be checked here.  The user is HTTP Redirect'ed to this URL. \
+NOTE: this redirect is NOT called for a failed Repository login (in that case, \
+the login form will be re-displayed)
+
+openid.logout.name = Post-Logout URL
+openid.logout.description = URL to redirect user to after logging out. Logout \
+is triggered by accessing Logout Request Path (/system/sling/openid/logout). An \
+optional request parameter 'OpenID.redirect' can override this URL for a single \
+logout request.
+ 
+openid.external.url.prefix.name = External URL prefix 
+openid.external.url.prefix.description = The prefix of URLs generated for OpenID \
+authentication requests.  This URL must be resolvable from the client browser.  \
+This is usually necessary when running Sling behind a proxy (like Apache) since proxy \
+mapping is not performed on the OpenID ReturnTo and TrustRoot URLs as they \
+are sent to the Provider as form parameters.  If this is empty, the URLs are generated \
+using the hostname found in the original request.
+
+openid.users.password.name = OpenID users repository password 
+openid.users.password.description = The password for an OpenID user repository \
+login.  Since OpenID Providers do not share the user's password with \
+the Relaying Party, all OpenID-authenticated users must use a configured \
+repository password.  This pasword is currently stored in the bundle config \
+so is as secure the repository admin password (!).
+
+openid.anon.auth.resources.name = Access auth resources anonymously
+openid.anon.auth.resources.description = Causes the authenticator to authenticate the \
+request as the anonymous user for the local login, auth failure & logout pages. \
+This is an explicit authentication as anonymous, and so circumvents the Request Authenticator's \
+'Allow Anonymous' setting (which operates as a fallback).  Setting this to true enables \
+Sling to serve the authentication resources to unauthenticated users even if 'Allow Anonymous' \
+is false (assuming the ACLs on the resources allow the anonymous user read access).
\ No newline at end of file

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp Sun Feb  1 21:40:48 2009
@@ -0,0 +1,38 @@
+<%--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+--%>
+<%@page import="org.apache.sling.openidauth.OpenIDConstants"%>
+<% 
+	OpenIDConstants.OpenIDFailure failureReason = 
+		(OpenIDConstants.OpenIDFailure)request.getAttribute(
+			OpenIDConstants.OPENID_FAILURE_REASON_ATTRIBUTE);
+	
+	// user could access auth fail page directly while authenticated
+	// in this case, we could redirect them to success page
+	// this is optional behaviour and is best left out of the
+	// authentication handler
+	if(failureReason == null) {
+		response.sendRedirect("authsuccess.html");
+	} else {
+		String origUrl = (String)
+			request.getAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE);
+%>
+The system was unable to authenticate you via OpenID<br/>
+Reason: <%= failureReason.toString() %><br/>
+Accessed URL: <%= (origUrl != null ? origUrl : "") %>
+<% } %>
\ No newline at end of file

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/fail/html.jsp
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp Sun Feb  1 21:40:48 2009
@@ -0,0 +1,115 @@
+<%--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+--%>
+<%@page import="com.dyuproject.openid.OpenIdUser"%>
+<%@page import="org.apache.sling.openidauth.OpenIDConstants"%>
+<%@page import="org.apache.sling.openidauth.OpenIDConstants.OpenIDFailure"%>
+<%
+	OpenIDConstants.OpenIDFailure failureReason = 
+		(OpenIDConstants.OpenIDFailure)request.getAttribute(
+			OpenIDConstants.OPENID_FAILURE_REASON_ATTRIBUTE);
+
+	String failureMessage = null;
+	if(failureReason == OpenIDConstants.OpenIDFailure.DISCOVERY) {
+		failureMessage = "Unable to find OpenID provider";
+	} else if (failureReason == OpenIDConstants.OpenIDFailure.ASSOCIATION) {
+		failureMessage = "Unable to associate with OpenID provider";
+	} else if (failureReason != null) {
+		failureMessage = "Unknown login error";
+	}
+	
+	String currentLogin = null;
+	if(request.getAttribute(OpenIDConstants.OPEN_ID_USER_ATTRIBUTE) != null) {
+		currentLogin = ((OpenIdUser)request.getAttribute(OpenIDConstants.OPEN_ID_USER_ATTRIBUTE)).getIdentity();
+	}
+	
+	String origRequestUrl = (String)request.getAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE);
+	if(origRequestUrl == null || "".equals(origRequestUrl.trim())) {
+		origRequestUrl = "/";
+	}
+%>
+
+<html>
+	<head>
+		<style>
+			#openid_identifier {
+				background-image:url('http://www.plaxo.com/images/openid/login-bg.gif');
+				background-repeat: no-repeat;
+				background-position: center left;
+				padding-left: 18px;
+			}
+			
+			body {
+				font-family: verdana;
+				font-size: 10pt;
+			}
+			
+			.login-box {
+				position: absolute;
+				left: 30%;
+				top: 10%;
+				border: thin outset grey;
+				padding: 30px;
+			}
+			
+			.login-header {
+				font-size: 14pt
+			}
+			
+			.login-form {
+				padding: 10px;
+			}
+			
+			.login-form label {
+				font-size: 10pt;
+			}
+			
+			.login-status {
+				font-style: italic;
+			}
+			
+			.login-status .username {
+				font-weight: bold;
+				color: orange;
+			}
+			
+			.login-status .error {
+				font-weight: bold;
+				color: red;
+			}
+		</style>
+	</head>
+	<body>
+	    <div class="login-box">
+			<div class="login-header">Sling OpenID Login</div>
+			<form class="login-form" action="<%= origRequestUrl %>">
+				<label for="openid_identifier">Identifier</label>
+				<input id="openid_identifier" name="openid_identifier" size="40" />
+				<input class="login-button" type="submit" value="Login" />
+			</form>
+			<div class="login-status">
+				<% if (failureReason != null) { %>
+					<div class="error"><%= failureMessage %></div>
+				<% } else if(currentLogin != null) { %>
+	            		Currently logged in as: 
+	            		<span class="username"><%= currentLogin %></span>
+	            <% } %>
+            </div>
+	    </div>
+	</body>
+</html>

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/login/html.jsp
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp Sun Feb  1 21:40:48 2009
@@ -0,0 +1,31 @@
+<%--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+--%>
+<%@page import="org.apache.sling.openidauth.OpenIDConstants"%>
+<% 
+	// user could access logout page directly while authenticated
+	// in this case, we could redirect them to success page
+	// this is optional behaviour and is best left out of the
+	// authentication handler
+	if(request.getSession().getAttribute(OpenIDConstants.OPEN_ID_USER_ATTRIBUTE) != null) {
+		response.sendRedirect("authsuccess.html");
+	} else {
+		String userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : "";
+%>
+You have been logged out, you are now browsing as: <%= userName %>
+<% } %>
\ No newline at end of file

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/logout/html.jsp
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Added: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp?rev=739850&view=auto
==============================================================================
--- incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp (added)
+++ incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp Sun Feb  1 21:40:48 2009
@@ -0,0 +1,44 @@
+<%--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+--%>
+<%@page import="com.dyuproject.openid.OpenIdUser"%>
+<%@page import="org.apache.sling.openidauth.OpenIDConstants"%>
+<%
+	// user could access success page directly when not authenticated
+	// this should be prevented by setting an ACL on success page nodes
+	// in this case, however, we simply redirect them to login
+	if(request.getSession().getAttribute(OpenIDConstants.OPEN_ID_USER_ATTRIBUTE) == null) {
+		response.sendRedirect("loginform.html");
+	} else {
+		String origUrl = (String)
+			request.getAttribute(OpenIDConstants.ORIGINAL_URL_ATTRIBUTE);
+		
+		// this shows anonymous even if logged in when 'Allow Anonymous Access' is true
+		// String userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : "";
+		// also note, Display ID is usually <> Principal Name
+		// however OpenIDUserUtil.getPrincipalName(Display ID) should = Principal Name
+		String userName = ((OpenIdUser) request.getSession().getAttribute(OpenIDConstants.OPEN_ID_USER_ATTRIBUTE)).getIdentity();
+%>
+You were successfully logged in via OpenID as: <%= userName %>
+
+<br/>
+<% if(origUrl != null) { %>
+You were trying to go <a href="<%= origUrl %>">here</a>
+<% 	}
+	}
+%> 
\ No newline at end of file

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/sling/trunk/extensions/openidauth/src/main/resources/SLING-INF/content/apps/openid/auth/success/html.jsp
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url



Mime
View raw message