Return-Path: 
 <commits-return-6678-apmail-sling-commits-archive=sling.apache.org@sling.apache.org>
Delivered-To: apmail-sling-commits-archive@www.apache.org
Received: (qmail 22921 invoked from network); 6 Jan 2010 09:50:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 6 Jan 2010 09:50:14 -0000
Received: (qmail 20737 invoked by uid 500); 6 Jan 2010 09:50:14 -0000
Delivered-To: apmail-sling-commits-archive@sling.apache.org
Received: (qmail 20680 invoked by uid 500); 6 Jan 2010 09:50:14 -0000
Mailing-List: contact commits-help@sling.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@sling.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@sling.apache.org>
List-Post: <mailto:commits@sling.apache.org>
List-Id: <commits.sling.apache.org>
Reply-To: dev@sling.apache.org
Delivered-To: mailing list commits@sling.apache.org
Received: (qmail 20671 invoked by uid 99); 6 Jan 2010 09:50:14 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jan 2010 09:50:14 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jan 2010 09:50:11 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id CF6A723889C5; Wed,  6 Jan 2010 09:49:49 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r896362 - in /sling/trunk/bundles/extensions/httpauth:
 pom.xml
 src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
Date: Wed, 06 Jan 2010 09:49:48 -0000
To: commits@sling.apache.org
From: fmeschbe@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20100106094949.CF6A723889C5@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: fmeschbe
Date: Wed Jan  6 09:49:44 2010
New Revision: 896362

URL: http://svn.apache.org/viewvc?rev=896362&view=rev
Log:
SLING-1264 Use new AuthenticationHandler API from the Commons Auth bundle

Modified:
    sling/trunk/bundles/extensions/httpauth/pom.xml
    sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java

Modified: sling/trunk/bundles/extensions/httpauth/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/httpauth/pom.xml?rev=896362&r1=896361&r2=896362&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/httpauth/pom.xml (original)
+++ sling/trunk/bundles/extensions/httpauth/pom.xml Wed Jan  6 09:49:44 2010
@@ -86,8 +86,8 @@
         </dependency>
         <dependency>
             <groupId>org.apache.sling</groupId>
-            <artifactId>org.apache.sling.engine</artifactId>
-            <version>2.0.6</version>
+            <artifactId>org.apache.sling.commons.auth</artifactId>
+            <version>0.9.0-SNAPSHOT</version>
         </dependency>
 
         <dependency>

Modified: sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java?rev=896362&r1=896361&r2=896362&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java (original)
+++ sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java Wed Jan  6 09:49:44 2010
@@ -24,14 +24,13 @@
 import java.io.UnsupportedEncodingException;
 import java.util.Dictionary;
 
-import javax.jcr.SimpleCredentials;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.codec.binary.Base64;
-import org.apache.sling.engine.auth.AuthenticationHandler;
-import org.apache.sling.engine.auth.AuthenticationInfo;
+import org.apache.sling.commons.auth.spi.AuthenticationHandler;
+import org.apache.sling.commons.auth.spi.AuthenticationInfo;
 import org.osgi.service.component.ComponentContext;
 import org.osgi.service.http.HttpContext;
 import org.slf4j.Logger;
@@ -249,6 +248,16 @@
     }
 
     /**
+     * Poor man's implementation of dropping the authentication: Simply send
+     * a 401/UNAUTHORIZED response causing the client to immediately drop any
+     * cached credentials.
+     */
+    public void dropAuthentication(HttpServletRequest request,
+            HttpServletResponse response) {
+        sendUnauthorized(response);
+    }
+
+    /**
      * Returns true if the {@link #REQUEST_LOGIN_PARAMETER} parameter is set in
      * the request.
      */
@@ -413,20 +422,22 @@
             return null;
         }
 
-        SimpleCredentials creds;
-        int colIdx = decoded.indexOf(':');
+        final int colIdx = decoded.indexOf(':');
+        final String userId;
+        final char[] password;
         if (colIdx < 0) {
-            creds = new SimpleCredentials(decoded, new char[0]);
+            userId = decoded;
+            password = new char[0];
         } else {
-            creds = new SimpleCredentials(decoded.substring(0, colIdx),
-                decoded.substring(colIdx + 1).toCharArray());
+            userId = decoded.substring(0, colIdx);
+            password = decoded.substring(colIdx + 1).toCharArray();
         }
 
-        if (NOT_LOGGED_IN_USER.equals(creds.getUserID())) {
+        if (NOT_LOGGED_IN_USER.equals(userId)) {
             return null;
         }
 
-        return new AuthenticationInfo(HttpServletRequest.BASIC_AUTH, creds);
+        return new AuthenticationInfo(HttpServletRequest.BASIC_AUTH, userId, password);
     }
 
     /**