incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r767854 - in /incubator/sling/trunk/bundles/extensions/httpauth: ./ src/main/java/org/apache/sling/httpauth/impl/ src/main/resources/org/ src/main/resources/org/apache/ src/main/resources/org/apache/sling/ src/main/resources/org/apache/slin...
Date Thu, 23 Apr 2009 08:44:31 GMT
Author: fmeschbe
Date: Thu Apr 23 08:44:30 2009
New Revision: 767854

URL: http://svn.apache.org/viewvc?rev=767854&view=rev
Log:
SLING-939 Adapt HTTP Header Authentication to the new Authentication.login service method

Added:
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
  (with props)
Modified:
    incubator/sling/trunk/bundles/extensions/httpauth/pom.xml
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
    incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java

Modified: incubator/sling/trunk/bundles/extensions/httpauth/pom.xml
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/pom.xml?rev=767854&r1=767853&r2=767854&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/extensions/httpauth/pom.xml (original)
+++ incubator/sling/trunk/bundles/extensions/httpauth/pom.xml Thu Apr 23 08:44:30 2009
@@ -87,7 +87,7 @@
         <dependency>
             <groupId>org.apache.sling</groupId>
             <artifactId>org.apache.sling.engine</artifactId>
-            <version>2.0.2-incubator</version>
+            <version>2.0.3-incubator-SNAPSHOT</version>
         </dependency>
 
         <dependency>

Modified: incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java?rev=767854&r1=767853&r2=767854&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
(original)
+++ incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
Thu Apr 23 08:44:30 2009
@@ -18,8 +18,15 @@
  */
 package org.apache.sling.httpauth.impl;
 
+import java.awt.image.ImagingOpException;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
 import java.io.UnsupportedEncodingException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.jcr.SimpleCredentials;
 import javax.servlet.http.Cookie;
@@ -38,10 +45,11 @@
  * the authorization steps based on the Authorization header of the HTTP
  * request. This authenticator should eventually support both BASIC and DIGEST
  * authentication methods.
- *
+ * 
  * @scr.component immediate="false" label="%auth.http.name"
  *                description="%auth.http.description"
- * @scr.property name="service.description" value="HTTP Header Authentication Handler"
+ * @scr.property name="service.description"
+ *               value="HTTP Header Authentication Handler"
  * @scr.property name="service.vendor" value="The Apache Software Foundation"
  * @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" value="/"
  * @scr.service
@@ -59,7 +67,7 @@
      * in the {@link #authenticate(HttpServletRequest, HttpServletResponse)}
      * method if no credentials are present in the request (value is
      * "sling:authRequestLogin").
-     *
+     * 
      * @see #authenticate(HttpServletRequest, HttpServletResponse)
      */
     static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
@@ -80,11 +88,15 @@
 
     private static final String DEFAULT_REALM = "Sling (Development)";
 
+    private static final String LOGIN_FORM_TEMPLATE = "LoginFormTemplate.html";
+
     /** default log */
     private final Logger log = LoggerFactory.getLogger(getClass());
 
     private String realm = DEFAULT_REALM;
 
+    private String loginFormTemplate;
+
     public AuthorizationHeaderAuthenticationHandler() {
         log.info("AuthorizationHeaderAuthenticationHandler created");
     }
@@ -96,21 +108,25 @@
      * is only based on the original request object, no URI translation has
      * taken place yet.
      * <p>
-     * The method returns any of the following values : <table>
+     * The method returns any of the following values :
+     * <table>
      * <tr>
      * <th>value
-     * <th>description</tr>
+     * <th>description
+     * </tr>
      * <tr>
      * <td><code>null</code>
-     * <td>no user details were contained in the request </tr>
+     * <td>no user details were contained in the request
+     * </tr>
      * <tr>
      * <td>{@link AuthenticationInfo#DOING_AUTH}
-     * <td>the handler is in an ongoing authentication exchange with the
-     * client. The request handling is terminated.
+     * <td>the handler is in an ongoing authentication exchange with the client.
+     * The request handling is terminated.
      * <tr>
      * <tr>
      * <td>valid credentials
-     * <td>The user sent credentials.</tr>
+     * <td>The user sent credentials.
+     * </tr>
      * </table>
      * <p>
      * The method must not request credential information from the client, if
@@ -120,7 +136,7 @@
      * the request may be for an included servlet, in which case the values for
      * some URI specific values are contained in javax.servlet.include.* request
      * attributes.
-     *
+     * 
      * @param request The request object containing the information for the
      *            authentication.
      * @param response The response object which may be used to send the
@@ -141,13 +157,8 @@
         }
 
         // no credentials, check whether the client wants to login
-        if (request.getParameter(REQUEST_LOGIN_PARAMETER) != null) {
-            try {
-                requestAuthentication(request, response);
-                return AuthenticationInfo.DOING_AUTH;
-            } catch (IOException ioe) {
-                log.error("authenticate: Failed requesting authentication", ioe);
-            }
+        if (forceAuthentication(request, response)) {
+            return AuthenticationInfo.DOING_AUTH;
         }
 
         // no special header, so we will not authenticate here
@@ -155,16 +166,12 @@
     }
 
     /**
-     * Sends status <code>401</code> (Unauthorized) with a
-     * <code>WWW-Authenticate</code> requesting standard HTTP header
-     * authentication with the <code>Basic</code> scheme and the configured
-     * realm name. If the response is already committed, an error message is
-     * logged but the 401 status is not sent.
-     *
+     * Sends back the form to log into the system.
+     * 
      * @param request The request object
      * @param response The response object to which to send the request
      * @return <code>true</code> is always returned by this handler
-     * @throws IOException if an error occurrs sending back the response.
+     * @throws IOException if an error occurrs sending back the form.
      */
     public boolean requestAuthentication(HttpServletRequest request,
             HttpServletResponse response) throws IOException {
@@ -172,11 +179,32 @@
         // if the response is already committed, we have a problem !!
         if (!response.isCommitted()) {
 
-            response.setHeader(HEADER_WWW_AUTHENTICATE,
-                AUTHENTICATION_SCHEME_BASIC + " realm=\"" + this.realm + "\"");
-
-            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
+            // reset the response
+            response.reset();
+            response.setStatus(HttpServletResponse.SC_OK);
+
+            String form = getLoginForm();
+
+            if (form != null) {
+
+                form = replaceVariables(form, "@@contextPath@@",
+                    request.getContextPath(), "/");
+                form = replaceVariables(form, "@@authType@@",
+                    request.getAuthType(), "");
+                form = replaceVariables(form, "@@user@@",
+                    request.getRemoteUser(), "");
+
+                response.setContentType("text/html");
+                response.setCharacterEncoding("UTF-8");
+                response.getWriter().print(form);
+
+            } else {
+                
+                // have no form, so just send 401/UNATHORIZED for simple login
+                sendUnauthorized(response);
+                
+            }
+            
         } else {
 
             log.error("requestAuthentication: Response is committed, cannot request authentication");
@@ -186,6 +214,78 @@
         return true;
     }
 
+    /**
+     * If the {@link #REQUEST_LOGIN_PARAMETER} parameter is set this method
+     * sends status <code>401</code> (Unauthorized) with a
+     * <code>WWW-Authenticate</code> requesting standard HTTP header
+     * authentication with the <code>Basic</code> scheme and the configured
+     * realm name. If the response is already committed, an error message is
+     * logged but the 401 status is not sent.
+     * <p>
+     * <code>false</code> is returned if the request parameter is not set, if
+     * the response is already committed or if an error occurred sending the
+     * status response. The latter two situations are logged as errors.
+     * 
+     * @param request The request object
+     * @param response The response object to which to send the request
+     * @return <code>true</code> if the 401/UNAUTHORIZED method has successfully
+     *         been sent.
+     */
+    private boolean forceAuthentication(HttpServletRequest request,
+            HttpServletResponse response) {
+
+        // presume 401/UNAUTHORIZED has not been sent
+        boolean authenticationForced = false;
+
+        if (request.getParameter(REQUEST_LOGIN_PARAMETER) != null) {
+
+            if (!response.isCommitted()) {
+
+                authenticationForced = sendUnauthorized(response);
+
+            } else {
+
+                log.error("forceAuthentication: Response is committed, cannot request authentication");
+
+            }
+            
+        } else {
+            
+            log.debug(
+                "forceAuthentication: Not forcing authentication because request parameter
{} is not set",
+                REQUEST_LOGIN_PARAMETER);
+            
+        }
+
+        // true if 401/UNAUTHORIZED has been sent, false otherwise
+        return authenticationForced;
+    }
+    
+    /**
+     * Sends status <code>401</code> (Unauthorized) with a
+     * <code>WWW-Authenticate</code> requesting standard HTTP header
+     * authentication with the <code>Basic</code> scheme and the configured
+     * realm name.
+     * 
+     * @param response The response object to which to send the request
+     * @return <code>true</code> if the 401/UNAUTHORIZED method has successfully
+     *         been sent.
+     */
+    private boolean sendUnauthorized(HttpServletResponse response) {
+        response.setHeader(HEADER_WWW_AUTHENTICATE, AUTHENTICATION_SCHEME_BASIC
+            + " realm=\"" + this.realm + "\"");
+
+        try {
+            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            return true;
+        } catch (IOException ioe) {
+            log.error("sendUnauthorized: Failed requesting authentication",
+                ioe);
+        }
+
+        return false;
+    }
+
     // ---------- SCR Integration ----------------------------------------------
 
     protected void activate(ComponentContext componentContext) {
@@ -276,4 +376,70 @@
 
         return new AuthenticationInfo(HttpServletRequest.BASIC_AUTH, creds);
     }
+
+    /**
+     * Returns the login form template as a string or <code>null</code> if it
+     * cannot be read. Failure to read the template is logged.
+     */
+    private String getLoginForm() {
+        if (loginFormTemplate == null) {
+            InputStream ins = getClass().getResourceAsStream(
+                LOGIN_FORM_TEMPLATE);
+            if (ins != null) {
+                try {
+
+                    ByteArrayOutputStream out = new ByteArrayOutputStream();
+                    byte[] buf = new byte[3000];
+                    int bytes = 0;
+                    while ((bytes = ins.read(buf)) >= 0) {
+                        out.write(buf, 0, bytes);
+                    }
+                    out.close();
+                    loginFormTemplate = new String(out.toByteArray(), "UTF-8");
+
+                } catch (IOException ioe) {
+
+                    log.error(
+                        "getLoginForm: Failure reading login form template",
+                        ioe);
+
+                } finally {
+
+                    try {
+                        ins.close();
+                    } catch (IOException ignore) {
+                    }
+
+                }
+                
+            } else {
+                
+                log.error("getLoginForm: Cannot access login form template at "
+                    + LOGIN_FORM_TEMPLATE);
+                
+            }
+        }
+
+        return loginFormTemplate;
+    }
+
+    /**
+     * Replaces all occurrences in the <code>template</code> of the
+     * <code>key</code> (a regular expression) by the <code>value</code>
or
+     * <code>defaultValue</code>.
+     * 
+     * @param template The template to replace occurences of key
+     * @param key The regular expression of the key to replace
+     * @param value The replacement value
+     * @param defaultValue The replacement value to use if the value is null or
+     *            an empty string.
+     * @return the template with the key values replaced.
+     */
+    private String replaceVariables(String template, String key, String value,
+            String defaultValue) {
+        if (value == null || value.length() == 0) {
+            value = defaultValue;
+        }
+        return template.replaceAll(key, value);
+    }
 }
\ No newline at end of file

Modified: incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java?rev=767854&r1=767853&r2=767854&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
(original)
+++ incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
Thu Apr 23 08:44:30 2009
@@ -19,15 +19,19 @@
 package org.apache.sling.httpauth.impl;
 
 import java.io.IOException;
-import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletResponse;
 
 import org.apache.sling.api.SlingHttpServletRequest;
 import org.apache.sling.api.SlingHttpServletResponse;
 import org.apache.sling.api.servlets.SlingAllMethodsServlet;
+import org.apache.sling.engine.auth.Authenticator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * The <code>LoginServlet</code> TODO
- *
+ * 
  * @scr.component metatype="no"
  * @scr.service interface="javax.servlet.Servlet"
  * @scr.property name="service.description" value="HTTP Header Login Servlet"
@@ -37,28 +41,24 @@
  */
 public class LoginServlet extends SlingAllMethodsServlet {
 
+    /** default log */
+    private final Logger log = LoggerFactory.getLogger(getClass());
+
+    /** @scr.reference cardinality="0..1" policy="dynamic" */
+    private Authenticator authenticator;
+
     @Override
     protected void doGet(SlingHttpServletRequest request,
             SlingHttpServletResponse response) throws IOException {
 
-        response.setContentType("text/html");
-        response.setCharacterEncoding("UTF-8");
-
-        PrintWriter pw = response.getWriter();
-
-        prolog(pw);
-
-        final String contexPath = request.getContextPath();
-        String authType = request.getAuthType();
-        String user = request.getRemoteUser();
-
-        if (authType == null) {
-            login(pw, contexPath);
+        Authenticator authenticator = this.authenticator;
+        if (authenticator != null) {
+            authenticator.login(request, response);
         } else {
-            logout(pw, contexPath, user);
+            log.error("doGet: Authenticator service missing, cannot request authentication");
+            response.sendError(HttpServletResponse.SC_FORBIDDEN,
+                "Cannot request Authentication");
         }
-
-        epilog(pw);
     }
 
     @Override
@@ -67,142 +67,4 @@
         response.sendRedirect(request.getRequestURI());
     }
 
-    private void login(PrintWriter pw, String contextPath) {
-
-        pw.println("<script>");
-        ajax(pw, contextPath);
-        pw.println("function loginuser() {");
-        pw.println("    var user = document.forms['login'].usr.value;");
-        pw.println("    var pass = document.forms['login'].pwd.value;");
-        pw.println("    sendRequest(user, pass);");
-        pw.println("    document.location = document.location");
-        pw.println("    return false;");
-        pw.println("}");
-        pw.println("</script>");
-
-        pw.println("<form name='login' onsubmit='return loginuser()'>");
-        pw.println("<table align='center'>");
-        pw.println("<tr><td colspan='2' align='center'>You are not currently
logged in</td></tr>");
-        pw.println("<tr><td>Name</td><td><input type='text' name='usr'
/></td></tr>");
-        pw.println("<tr><td>Password</td><td><input type='text'
name='pwd' /></td></tr>");
-        pw.println("<tr><td colspan='2' align='center'><input type='submit'
value='Login' onClick='loginuser();'/></td></tr>");
-        pw.println("</table>");
-        pw.println("</form>");
-    }
-
-    private void logout(PrintWriter pw, String contextPath, String user) {
-        pw.println("<script>");
-        ajax(pw, contextPath);
-        pw.println("function logoutuser() {");
-
-        pw.println("    try {");
-        pw.println("        // 'ClearAuthenticationCache' is only available in some browsers");
-        pw.println("        // including the IE; for eg. Firefox, who cannot handle this
command,");
-        pw.println("        // we have the try-catch statement");
-
-        pw.println("        // works in IE");
-        pw.println("        document.execCommand('ClearAuthenticationCache');");
-
-        pw.println("    } catch (e) {");
-        pw.println("        sendRequest('"
-            + AuthorizationHeaderAuthenticationHandler.NOT_LOGGED_IN_USER
-            + "', 'null');");
-        pw.println("    }");
-
-        pw.println("    document.location = document.location");
-        pw.println("}");
-        pw.println("</script>");
-
-        pw.println("<table align='center'>");
-        pw.println("<tr><td align='center'>You are logged in as " + user
-            + "</td></tr>");
-        pw.println("<tr><td align='center'><input type='button' value='Logout'
 onClick='logoutuser();'/></td></tr>");
-        pw.println("</table>");
-    }
-
-    private void prolog(PrintWriter pw) {
-        pw.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">");
-        pw.println("<html>");
-        pw.println("<meta http-equiv=\"Content-Type\" content=\"text/html; utf-8\">");
-        pw.println("<title>Login/Logout</title>");
-        pw.println("<style type=\"text/css\">");
-        pw.println("body {");
-        pw.println("  font-family: Verdana, Arial, Helvetica, sans-serif;");
-        pw.println("  font-size: 10px;");
-        pw.println("  color: black;");
-        pw.println("  background-color: white;");
-        pw.println("}");
-        pw.println("#main {");
-        pw.println("  border: 1px solid black;");
-        pw.println("  margin-top: 25%;");
-        pw.println("  margin-left: 25%;");
-        pw.println("  width: 20em;");
-        pw.println("  padding: 10px;");
-        pw.println("}");
-        pw.println("#main table {");
-        pw.println("  width: 100%;");
-        pw.println("}");
-        pw.println("#main form {");
-        pw.println("  padding: 0px;");
-        pw.println("  margin: 0px;");
-        pw.println("}");
-        pw.println("</style>");
-        pw.println("</head>");
-        pw.println("<body>");
-
-        pw.println("<div id=\"main\">");
-    }
-
-    private void ajax(PrintWriter pw, final String contextPath) {
-        pw.println("//-----------------------------------------------------------------------------");
-        pw.println("// Ajax Support");
-
-        pw.println("// request object, do not access directly, use getXmlHttp instead");
-        pw.println("var xmlhttp = null;");
-        pw.println("function getXmlHttp() {");
-        pw.println("    if (xmlhttp) {");
-        pw.println("        return xmlhttp;");
-        pw.println("   }");
-
-        pw.println("         if (window.XMLHttpRequest) {");
-        pw.println("             xmlhttp = new XMLHttpRequest();");
-        pw.println("         } else if (window.ActiveXObject) {");
-        pw.println("             try {");
-        pw.println("                 xmlhttp = new ActiveXObject('Msxml2.XMLHTTP');");
-        pw.println("             } catch (ex) {");
-        pw.println("                 try {");
-        pw.println("                     xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');");
-        pw.println("                 } catch (ex) {");
-        pw.println("                 }");
-        pw.println("             }");
-        pw.println("         }");
-        pw.println("");
-        pw.println("         return xmlhttp;");
-        pw.println("     }");
-
-        pw.println("     function sendRequest(/* String */ user, /* String */ pass) {");
-        pw.println("         var xmlhttp = getXmlHttp();");
-        pw.println("         if (!xmlhttp) {");
-        pw.println("             return;");
-        pw.println("         }");
-
-        pw.println("         if (xmlhttp.readyState < 4) {");
-        pw.println("             xmlhttp.abort();");
-        pw.println("         }");
-
-        pw.println("         xmlhttp.open('POST', '" + contextPath + "?"
-            + AuthorizationHeaderAuthenticationHandler.REQUEST_LOGIN_PARAMETER
-            + "=1', false, user, pass);");
-
-        pw.println("         xmlhttp.send('');");
-        pw.println("     }");
-
-    }
-
-    private void epilog(PrintWriter pw) {
-        pw.println("</div>");
-        pw.println("</body>");
-        pw.println("</html>");
-    }
-
 }

Added: incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
URL: http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html?rev=767854&view=auto
==============================================================================
--- incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
(added)
+++ incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
Thu Apr 23 08:44:30 2009
@@ -0,0 +1,183 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; utf-8">
+<title>Login/Logout</title>
+<style type="text/css">
+body {
+    font-family: Verdana, Arial, Helvetica, sans-serif;
+    font-size: 10px;
+    color: black;
+    background-color: white;
+}
+
+#main {
+    border: 1px solid black;
+    margin-top: 25%;
+    margin-left: 25%;
+    width: 220px;
+    padding: 10px;
+}
+
+table {
+    width: ;
+}
+
+#login {
+    display: none;
+}
+
+#logout {
+    display: none;
+}
+
+#login form {
+    padding: 0px;
+    margin: 0px;
+}
+</style>
+
+<script>
+  // fix the display of login/logout
+  function onLoad() {
+      if ('@@authType@@') {
+          document.getElementById("logout").style.display = "block";
+      } else {
+          document.getElementById("login").style.display = "block";
+      }
+      document.getElementById("nojs").style.display = "none";
+  }
+   
+  // request object, do not access directly, use getXmlHttp instead
+  var xmlhttp = null;
+  function getXmlHttp() {
+     if (xmlhttp) {
+          return xmlhttp;
+     }
+      
+     if (window.XMLHttpRequest) {
+         xmlhttp = new XMLHttpRequest();
+     } else if (window.ActiveXObject) {
+         try {
+             xmlhttp = new ActiveXObject('Msxml2.XMLHTTP');
+         } catch (ex) {
+             try {
+                 xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
+             } catch (ex) {
+             }
+         }
+     }
+  
+     return xmlhttp;
+  }
+    
+  function sendRequest(/* String */ user, /* String */ pass) {
+      var xmlhttp = getXmlHttp();
+      if (!xmlhttp) {
+        return;
+      }
+
+      if (xmlhttp.readyState < 4) {
+        xmlhttp.abort();
+      }
+
+      xmlhttp.open('POST', '@@contextPath@@?sling:authRequestLogin=1', false, user, pass);
+      xmlhttp.send('');
+  }
+          
+  function loginuser() {
+    var user = document.forms['login'].usr.value;
+    var pass = document.forms['login'].pwd.value;
+    sendRequest(user, pass);
+    document.location = document.location
+    return false;
+  }
+
+  function logoutuser() {
+  
+      try {
+          // 'ClearAuthenticationCache' is only available in some browsers
+          // including the IE; for eg. Firefox, who cannot handle this command,
+          // we have the try-catch statement
+  
+          // works in IE
+          document.execCommand('ClearAuthenticationCache');
+  
+      } catch (e) {
+          sendRequest('__forced_logout_user__', 'null');
+      }
+  
+      document.location = document.location
+  }
+          
+</script>
+</head>
+<body onload="onLoad()">
+<div id="main"><!-- Login Form -->
+<div id="login">
+<form name='login' onsubmit='return loginuser()'>
+<table align='center'>
+  <tr>
+    <td colspan='2' align='center'>You are not currently logged in</td>
+  </tr>
+  <tr>
+    <td>Name</td>
+    <td><input type='text' name='usr' /></td>
+  </tr>
+  <tr>
+    <td>Password</td>
+    <td><input type='password' name='pwd' /></td>
+  </tr>
+  <tr>
+    <td colspan='2' align='center'><input type='submit'
+      value='Login' onClick='loginuser();' /></td>
+  </tr>
+</table>
+</form>
+</div>
+
+
+<!-- Logout Information -->
+<div id="logout">
+<table align='center'>
+  <tr>
+    <td align='center'>You are logged in as @@user@@</td>
+  </tr>
+  <tr>
+    <td align='center'><input type='button' value='Logout'
+      onClick='logoutuser();' /></td>
+  </tr>
+</table>
+</div>
+
+<!-- Warning in case JavaScript is disabled -->
+<div id="nojs">
+<table align='center'>
+  <tr>
+    <td align='center'>This Login/Logout form requires JavaScript
+    enabled.</td>
+  </tr>
+</table>
+</div>
+
+</div>
+</body>
+</html>

Propchange: incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message