incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r907990 - in /sling/trunk/bundles/extensions/formauth/src: main/java/org/apache/sling/formauth/ main/resources/ main/resources/org/ main/resources/org/apache/ main/resources/org/apache/sling/ main/resources/org/apache/sling/formauth/ test/j...
Date Tue, 09 Feb 2010 10:24:13 GMT
Author: fmeschbe
Date: Tue Feb  9 10:24:13 2010
New Revision: 907990

URL: http://svn.apache.org/viewvc?rev=907990&view=rev
Log:
SLING-1116 Implement support for the j_validate login form parameter and add support to convey
a reason to render the login form using the j_reason request parameter for the login form
request

Added:
    sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java
  (with props)
    sling/trunk/bundles/extensions/formauth/src/main/resources/org/
    sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/
    sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/
    sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/formauth/
    sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/formauth/login.html
      - copied, changed from r907677, sling/trunk/bundles/extensions/formauth/src/main/resources/login.html
    sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java
  (with props)
Removed:
    sling/trunk/bundles/extensions/formauth/src/main/resources/login.html
Modified:
    sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/AuthenticationFormServlet.java
    sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormAuthenticationHandler.java

Modified: sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/AuthenticationFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/AuthenticationFormServlet.java?rev=907990&r1=907989&r2=907990&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/AuthenticationFormServlet.java
(original)
+++ sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/AuthenticationFormServlet.java
Tue Feb  9 10:24:13 2010
@@ -23,13 +23,10 @@
 import java.io.InputStreamReader;
 import java.io.Reader;
 
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.sling.commons.auth.Authenticator;
-
 /**
  * The <code>AuthenticationFormServlet</code> provides the default login form
  * used for Form Based Authentication.
@@ -44,27 +41,54 @@
 public class AuthenticationFormServlet extends HttpServlet {
 
     /**
+     * The constant is sued to provide the service registration path
+     *
      * @scr.property name="sling.servlet.paths"
      */
     static final String SERVLET_PATH = "/system/sling/form/login";
 
     /**
+     * This constant is used to provide the service registration property
+     * indicating to pass requests to this servlet unauthenticated.
+     *
      * @scr.property name="sling.auth.requirements"
      */
     @SuppressWarnings("unused")
     private static final String AUTH_REQUIREMENT = "-" + SERVLET_PATH;
 
+    /**
+     * The raw form used by the {@link #getForm(HttpServletRequest)} method to
+     * fill in with per-request data. This field is set by the
+     * {@link #getRawForm()} method when first loading the form.
+     */
     private volatile String rawForm;
 
+    /**
+     * Prepares and returns the login form. The response is sent as an UTF-8
+     * encoded <code>text/html</code> page with all known cache control headers
+     * set to prevent all caching.
+     * <p>
+     * This servlet is to be called to handle the request directly, that is it
+     * expected to not be included and for the response to not be committed yet
+     * because it first resets the response.
+     *
+     * @throws IOException if an error occurrs preparing or sending back the
+     *             login form
+     * @throws IllegalStateException if the response has already been committed
+     *             and thus response reset is not possible.
+     */
     @Override
     protected void doGet(HttpServletRequest request,
             HttpServletResponse response) throws IOException {
 
+        // reset the response first
+        response.reset();
+
         // setup the response for HTML and cache prevention
         response.setContentType("text/html");
         response.setCharacterEncoding("UTF-8");
-        response.setHeader("Cache-control", "no-cache");
-        response.addHeader("Cache-control", "no-store");
+        response.setHeader("Cache-Control", "no-cache");
+        response.addHeader("Cache-Control", "no-store");
         response.setHeader("Pragma", "no-cache");
         response.setHeader("Expires", "0");
 
@@ -73,30 +97,73 @@
         response.flushBuffer();
     }
 
-    @Override
-    protected void doPost(HttpServletRequest request,
-            HttpServletResponse response) throws ServletException, IOException {
-        super.doPost(request, response);
+    /**
+     * Returns the form to be sent back to the client for login providing an
+     * optional informational message and the optional target to redirect to
+     * after successfully logging in.
+     *
+     * @param request The request providing parameters indicating the
+     *            informational message and redirection target.
+     * @return The login form to be returned to the client
+     * @throws IOException If the login form cannot be loaded
+     */
+    private String getForm(final HttpServletRequest request) throws IOException {
+        String form = getRawForm();
+
+        form = form.replace("${resource}", getResource(request));
+        form = form.replace("${j_reason}", getReason(request));
+
+        return form;
     }
 
-    private String getForm(final HttpServletRequest request) throws IOException {
+    /**
+     * Returns the path to the resource to which the request should be
+     * redirected after successfully completing the form or an empty string if
+     * there is no <code>resource</code> request parameter.
+     *
+     * @param request The request providing the <code>resource</code> parameter.
+     * @return The target to redirect after sucessfully login or an empty string
+     *         if no specific target has been requested.
+     */
+    private String getResource(final HttpServletRequest request) {
+        final String resource = FormAuthenticationHandler.getLoginResource(request);
+        return (resource == null) ? "" : resource;
+    }
 
-        String resource = (String) request.getAttribute(Authenticator.LOGIN_RESOURCE);
-        if (resource == null) {
-            resource = request.getParameter(Authenticator.LOGIN_RESOURCE);
-            if (resource == null) {
-                resource = "/";
+    /**
+     * Returns an informational message according to the value provided in the
+     * <code>j_reason</code> request parameter. Supported reasons are invalid
+     * credentials and session timeout.
+     *
+     * @param request The request providing the parameter
+     * @return The "translated" reason to render the login form or an empty
+     *         string if there is no specific reason
+     */
+    private String getReason(final HttpServletRequest request) {
+        final String reason = request.getParameter(FormAuthenticationHandler.PAR_J_REASON);
+        if (reason != null) {
+            try {
+                return FormReason.valueOf(reason).getMessage();
+            } catch (IllegalArgumentException iae) {
+                // thrown if the reason is not an expected value, assume none
             }
         }
 
-        return getRawForm().replace("${resource}", resource);
+        return "";
     }
 
+    /**
+     * Load the raw unmodified form from the bundle (through the class loader).
+     *
+     * @return The raw form as a string
+     * @throws IOException If an error occurrs reading the "file" or if the
+     *             class loader cannot provide the form data.
+     */
     private String getRawForm() throws IOException {
         if (rawForm == null) {
             InputStream ins = null;
             try {
-                ins = getClass().getResourceAsStream("/login.html");
+                ins = getClass().getResourceAsStream("login.html");
                 if (ins != null) {
                     StringBuilder builder = new StringBuilder();
                     Reader r = new InputStreamReader(ins, "UTF-8");

Modified: sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormAuthenticationHandler.java?rev=907990&r1=907989&r2=907990&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormAuthenticationHandler.java
(original)
+++ sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormAuthenticationHandler.java
Tue Feb  9 10:24:13 2010
@@ -190,11 +190,26 @@
     private static final String PAR_J_PASSWORD = "j_password";
 
     /**
+     * The name of the form submission parameter indicating that the submitted
+     * username and password should just be checked and a status code be set for
+     * success (200/OK) or failure (403/FORBIDDEN).
+     */
+    private static final String PAR_J_VALIDATE = "j_validate";
+
+    /**
+     * The name of the request parameter indicating to the login form why the
+     * form is being rendered. If this parameter is not set the form is called
+     * for the first time and the implied reason is that the authenticator just
+     * requests credentials. Otherwise the parameter is set to a
+     * {@link FormReason} value.
+     */
+    static final String PAR_J_REASON = "j_reason";
+
+    /**
      * The factor to convert minute numbers into milliseconds used internally
      */
     private static final long MINUTES = 60L * 1000L;
 
-
     /** default log */
     private final Logger log = LoggerFactory.getLogger(getClass());
 
@@ -231,43 +246,75 @@
         // 2. try credentials from the cookie or session
         if (info == null) {
             String authData = authStorage.extractAuthenticationInfo(request);
-            if (authData != null && tokenStore.isValid(authData)) {
-                info = createAuthInfo(authData);
+            if (authData != null) {
+                if (tokenStore.isValid(authData)) {
+                    info = createAuthInfo(authData);
+                } else {
+                    // signal the requestCredentials method a previous login failure
+                    request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT);
+                }
             }
         }
 
         return info;
     }
 
-    /*
-     * (non-Javadoc)
-     * @see
-     * org.apache.sling.commons.auth.spi.AuthenticationHandler#requestCredentials
-     * (javax.servlet.http.HttpServletRequest,
-     * javax.servlet.http.HttpServletResponse)
+    /**
+     * Unless the <code>sling:authRequestLogin</code> to anything other than
+     * <code>Form</code> this method either sends back a 403/FORBIDDEN response
+     * if the <code>j_verify</code> parameter is set to <code>true</code>
or
+     * redirects to the login form to ask for credentials.
+     * <p>
+     * This method assumes the <code>j_verify</code> request parameter to only
+     * be set in the initial username/password submission through the login
+     * form. No further checks are applied, though, before sending back the
+     * 403/FORBIDDEN response.
      */
     public boolean requestCredentials(HttpServletRequest request,
             HttpServletResponse response) throws IOException {
 
         // 0. ignore this handler if an authentication handler is requested
         if (ignoreRequestCredentials(request)) {
+            // consider this handler is not used
             return false;
         }
 
-        String resource = (String) request.getAttribute(Authenticator.LOGIN_RESOURCE);
-        if (resource == null || resource.length() == 0) {
-            resource = request.getParameter(Authenticator.LOGIN_RESOURCE);
-            if (resource == null || resource.length() == 0) {
-                resource = request.getRequestURI();
+        // 1. check whether we short cut for a failed log in with validation
+        if (isValidateRequest(request)) {
+            try {
+                response.setStatus(403);
+                response.flushBuffer();
+            } catch (IOException ioe) {
+                log.error("Failed to send 403/FORBIDDEN response", ioe);
             }
+
+            // consider credentials requested
+            return true;
         }
 
+        // prepare the login form redirection target
         final StringBuilder targetBuilder = new StringBuilder();
         targetBuilder.append(request.getContextPath());
         targetBuilder.append(loginForm);
-        targetBuilder.append('?').append(Authenticator.LOGIN_RESOURCE);
-        targetBuilder.append("=").append(URLEncoder.encode(resource, "UTF-8"));
 
+        // append originally requested resource (for redirect after login)
+        char parSep = '?';
+        final String resource = getLoginResource(request);
+        if (resource != null) {
+            targetBuilder.append(parSep).append(Authenticator.LOGIN_RESOURCE);
+            targetBuilder.append("=").append(
+                URLEncoder.encode(resource, "UTF-8"));
+            parSep = '&';
+        }
+
+        // append indication of previous login failure
+        if (request.getAttribute(PAR_J_REASON) != null) {
+            final String reason = String.valueOf(request.getAttribute(PAR_J_REASON));
+            targetBuilder.append(parSep).append(PAR_J_REASON);
+            targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
+        }
+
+        // finally redirect to the login form
         final String target = targetBuilder.toString();
         try {
             response.sendRedirect(target);
@@ -278,30 +325,13 @@
         return true;
     }
 
-    /*
-     * (non-Javadoc)
-     * @see
-     * org.apache.sling.commons.auth.spi.AuthenticationHandler#dropCredentials
-     * (javax.servlet.http.HttpServletRequest,
-     * javax.servlet.http.HttpServletResponse)
+    /**
+     * Clears all authentication state which might have been prepared by this
+     * authentication handler.
      */
     public void dropCredentials(HttpServletRequest request,
             HttpServletResponse response) {
-
         authStorage.clear(request, response);
-
-        // if there is a referer header, redirect back there
-        // with an anonymous session
-        String referer = request.getHeader("referer");
-        if (referer == null) {
-            referer = request.getContextPath() + "/";
-        }
-
-        try {
-            response.sendRedirect(referer);
-        } catch (IOException e) {
-            log.error("Failed to redirect to the page: " + referer, e);
-        }
     }
 
     // ---------- AuthenticationFeedbackHandler
@@ -313,7 +343,17 @@
      */
     public void authenticationFailed(HttpServletRequest request,
             HttpServletResponse response, AuthenticationInfo authInfo) {
+
+        /*
+         * Note: This method is called if this handler provided credentials
+         * which cause a login failure
+         */
+
+        // clear authentication data from Cookie or Http Session
         authStorage.clear(request, response);
+
+        // signal the requestCredentials method a previous login failure
+        request.setAttribute(PAR_J_REASON, FormReason.INVALID_CREDENTIALS);
     }
 
     /**
@@ -332,55 +372,56 @@
     public boolean authenticationSucceeded(HttpServletRequest request,
             HttpServletResponse response, AuthenticationInfo authInfo) {
 
-        // get current authentication data, may be missing after first login
-        String authData = getCookieAuthData(authInfo.getCredentials());
+        /*
+         * Note: This method is called if this handler provided credentials
+         * which succeeded loging into the repository
+         */
 
-        // check whether we have to "store" or create the data
-        final boolean refreshCookie = needsRefresh(authData,
-            this.sessionTimeout);
+        // ensure fresh authentication data
+        refreshAuthData(request, response, authInfo);
+
+        final boolean result;
+        if (isValidateRequest(request)) {
 
-        // add or refresh the stored auth hash
-        if (refreshCookie) {
-            long expires = System.currentTimeMillis() + this.sessionTimeout;
             try {
-                authData = null;
-                authData = tokenStore.encode(expires, authInfo.getUser());
-            } catch (InvalidKeyException e) {
-                log.error(e.getMessage(), e);
-            } catch (IllegalStateException e) {
-                log.error(e.getMessage(), e);
-            } catch (UnsupportedEncodingException e) {
-                log.error(e.getMessage(), e);
-            } catch (NoSuchAlgorithmException e) {
-                log.error(e.getMessage(), e);
+                response.setStatus(200);
+                response.flushBuffer();
+            } catch (IOException ioe) {
+                log.error("Failed to send 200/OK response", ioe);
             }
 
-            if (authData != null) {
-                authStorage.set(request, response, authData);
-            } else {
-                authStorage.clear(request, response);
-            }
-        }
+            // terminate request, all done
+            result = true;
 
-        if (!DefaultAuthenticationFeedbackHandler.handleRedirect(request,
-            response)) {
+        } else if (DefaultAuthenticationFeedbackHandler.handleRedirect(
+            request, response)) {
 
-            String resource = (String) request.getAttribute(Authenticator.LOGIN_RESOURCE);
-            if (resource == null || resource.length() == 0) {
-                resource = request.getParameter(Authenticator.LOGIN_RESOURCE);
-            }
-            if (resource != null && resource.length() > 0) {
+            // terminate request, all done in the default handler
+            result = false;
+
+        } else {
+
+            // check whether redirect is requested by the resource parameter
+
+            final String resource = getLoginResource(request);
+            if (resource != null) {
                 try {
                     response.sendRedirect(resource);
                 } catch (IOException ioe) {
+                    log.error("Failed to send redirect to: " + resource, ioe);
                 }
-                return true;
+
+                // terminate request, all done
+                result = true;
+            } else {
+                // no redirect, hence continue processing
+                result = false;
             }
 
         }
 
         // no redirect
-        return false;
+        return result;
     }
 
     @Override
@@ -399,12 +440,103 @@
      * {@link #REQUEST_LOGIN_PARAMETER} is set to any value other than "Form"
      * (HttpServletRequest.FORM_AUTH).
      */
-    private boolean ignoreRequestCredentials(HttpServletRequest request) {
+    private boolean ignoreRequestCredentials(final HttpServletRequest request) {
         final String requestLogin = request.getParameter(REQUEST_LOGIN_PARAMETER);
         return requestLogin != null
             && !HttpServletRequest.FORM_AUTH.equals(requestLogin);
     }
 
+    /**
+     * Returns <code>true</code> if the the client just asks for validation of
+     * submitted username/password credentials.
+     * <p>
+     * This implementation returns <code>true</code> if the request parameter
+     * {@link #PAR_J_VALIDATE} is set to <code>true</code> (case-insensitve).
If
+     * the request parameter is not set or to any value other than
+     * <code>true</code> this method returns <code>false</code>.
+     *
+     * @param request The request to provide the parameter to check
+     * @return <code>true</code> if the {@link #PAR_J_VALIDATE} parameter is
set
+     *         to <code>true</code>.
+     */
+    private boolean isValidateRequest(final HttpServletRequest request) {
+        return "true".equalsIgnoreCase(request.getParameter(PAR_J_VALIDATE));
+    }
+
+    /**
+     * Ensures the authentication data is set (if not set yet) and the expiry
+     * time is prolonged (if auth data already existed).
+     * <p>
+     * This method is intended to be called in case authentication succeeded.
+     *
+     * @param request The curent request
+     * @param response The current response
+     * @param authInfo The authentication info used to successfull log in
+     */
+    private void refreshAuthData(final HttpServletRequest request,
+            final HttpServletResponse response,
+            final AuthenticationInfo authInfo) {
+
+        // get current authentication data, may be missing after first login
+        String authData = getCookieAuthData(authInfo.getCredentials());
+
+        // check whether we have to "store" or create the data
+        final boolean refreshCookie = needsRefresh(authData,
+            this.sessionTimeout);
+
+        // add or refresh the stored auth hash
+        if (refreshCookie) {
+            long expires = System.currentTimeMillis() + this.sessionTimeout;
+            try {
+                authData = null;
+                authData = tokenStore.encode(expires, authInfo.getUser());
+            } catch (InvalidKeyException e) {
+                log.error(e.getMessage(), e);
+            } catch (IllegalStateException e) {
+                log.error(e.getMessage(), e);
+            } catch (UnsupportedEncodingException e) {
+                log.error(e.getMessage(), e);
+            } catch (NoSuchAlgorithmException e) {
+                log.error(e.getMessage(), e);
+            }
+
+            if (authData != null) {
+                authStorage.set(request, response, authData);
+            } else {
+                authStorage.clear(request, response);
+            }
+        }
+    }
+
+    /**
+     * Returns any resource target to redirect to after successful
+     * authentication. This method either returns a non-empty string or
+     * <code>null</code>. First the <code>resource</code> request
attribute is
+     * checked. If it is a non-empty string, it is returned. Second the
+     * <code>resource</code> request parameter is checked and returned if it
is
+     * a non-empty string.
+     *
+     * @param request The request providing the attribute or parameter
+     * @return The non-empty redirection target or <code>null</code>.
+     */
+    static String getLoginResource(final HttpServletRequest request) {
+
+        // return the resource attribute if set to a non-empty string
+        Object resObj = request.getAttribute(Authenticator.LOGIN_RESOURCE);
+        if ((resObj instanceof String) && ((String) resObj).length() > 0) {
+            return (String) resObj;
+        }
+
+        // return the resource parameter if not set or set to a non-empty value
+        final String resource = request.getParameter(Authenticator.LOGIN_RESOURCE);
+        if (resource == null || resource.length() > 0) {
+            return resource;
+        }
+
+        // normalize empty resource string to null
+        return null;
+    }
+
     // --------- Request Parameter Auth ---------
 
     private AuthenticationInfo extractRequestParameterAuthentication(
@@ -419,7 +551,7 @@
             String user = request.getParameter(PAR_J_USERNAME);
             String pwd = request.getParameter(PAR_J_PASSWORD);
 
-            if (user != null && user.length() > 0 && pwd != null) {
+            if (user != null && pwd != null) {
                 info = new AuthenticationInfo(HttpServletRequest.FORM_AUTH,
                     user, pwd.toCharArray());
             }

Added: sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java?rev=907990&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java
(added)
+++ sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java
Tue Feb  9 10:24:13 2010
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.formauth;
+
+enum FormReason {
+
+    /**
+     * The login form is request because the credentials previously entered very
+     * not valid to login to the repository.
+     */
+    INVALID_CREDENTIALS {
+        @Override
+        public String getMessage() {
+            return "Username and Password do not match";
+        }
+    },
+
+    /**
+     * The login form is requested because an existing session has timed out and
+     * the credentials have to be entered again.
+     */
+    TIMEOUT {
+        @Override
+        public String getMessage() {
+            return "Session timed out, please login again";
+        }
+    };
+
+    /**
+     * Returns an english indicative message of the reason to request the login
+     * form.
+     */
+    abstract String getMessage();
+}

Propchange: sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: sling/trunk/bundles/extensions/formauth/src/main/java/org/apache/sling/formauth/FormReason.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Copied: sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/formauth/login.html
(from r907677, sling/trunk/bundles/extensions/formauth/src/main/resources/login.html)
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/formauth/login.html?p2=sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/formauth/login.html&p1=sling/trunk/bundles/extensions/formauth/src/main/resources/login.html&r1=907677&r2=907990&rev=907990&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/formauth/src/main/resources/login.html (original)
+++ sling/trunk/bundles/extensions/formauth/src/main/resources/org/apache/sling/formauth/login.html
Tue Feb  9 10:24:13 2010
@@ -1,4 +1,24 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!--
+
+      Licensed to the Apache Software Foundation (ASF) under one
+      or more contributor license agreements.  See the NOTICE file
+      distributed with this work for additional information
+      regarding copyright ownership.  The ASF licenses this file
+      to you under the Apache License, Version 2.0 (the
+      "License"); you may not use this file except in compliance
+      with the License.  You may obtain a copy of the License at
+     
+        http://www.apache.org/licenses/LICENSE-2.0
+     
+      Unless required by applicable law or agreed to in writing,
+      software distributed under the License is distributed on an
+      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+      KIND, either express or implied.  See the License for the
+      specific language governing permissions and limitations
+      under the License.
+
+-->
 <html xml:lang="en" lang="en"
       xmlns="http://www.w3.org/1999/xhtml"
 >
@@ -26,6 +46,10 @@
        padding: 0px;
        margin: 0px;
    }
+   
+   #err {
+       color: red;
+   }
    </style>
    
 </head>
@@ -39,9 +63,13 @@
 
    <input type="hidden" name="_charset_" value="UTF-8" />
    <input type="hidden" name="resource" value="${resource}" />
-   
+
+   <div id="err">
+      <p>${j_reason}</p>
+   </div>
+      
    <div>
-      <label for="j_username" accesskey="u">User ID:</label>
+      <label for="j_username" accesskey="u">Username:</label>
    </div>
    <div>
       <input id="j_username" name="j_username" type="text" />

Added: sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java?rev=907990&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java
(added)
+++ sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java
Tue Feb  9 10:24:13 2010
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.formauth;
+
+import junit.framework.TestCase;
+
+public class FormReasonTest extends TestCase {
+
+    public void test_TIMEOUT() {
+        assertEquals(FormReason.TIMEOUT,
+            FormReason.valueOf(FormReason.TIMEOUT.toString()));
+    }
+
+    public void test_INVALID_CREDENTIALS() {
+        assertEquals(FormReason.INVALID_CREDENTIALS,
+            FormReason.valueOf(FormReason.INVALID_CREDENTIALS.toString()));
+    }
+
+    public void test_INVALID() {
+        try {
+            FormReason.valueOf("INVALID");
+            fail("unexpected result getting value of an invalid constant");
+        } catch (IllegalArgumentException iae) {
+            // expected
+        }
+    }
+}

Propchange: sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: sling/trunk/bundles/extensions/formauth/src/test/java/org/apache/sling/formauth/FormReasonTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url



Mime
View raw message