incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache Sling Website > Authentication
Date Mon, 01 Feb 2010 11:56:00 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=SLINGxSITE&amp;forWysiwyg=true"
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="">Authentication</a></h2>
     <h4>Page <b>edited</b> by             <a href="">Felix
     <div class="notificationGreySide">
         <h1><a name="Authentication-Authentication"></a>Authentication</h1>

<p>This section describes the framework provided by Sling to authenticate HTTP requests.</p>

<p>Let's look at generic request processing of Sling: Sling is linked into the outside
world by registering the Sling Main Servlet &#8211; implemented by the <tt>SlingMainServlet</tt>
class in the Sling Engine bundle &#8211; with an OSGi <tt>HttpService</tt>.
This registration is accompanyied with an implementation instance of the OSGi <tt>HttpContext</tt>
interface, which defines a method to authenticate requests: <tt>handleSecurity</tt>.</p>

<p>This method is called by the OSGi HTTP Service implementation after the servlet has
been selected to handle the request but before actually calling the servlet's <tt>service</tt>

<table class="sectionMacro" border="0" cellpadding="5" cellspacing="0" width="100%"><tbody><tr>
<td class="confluenceTd" valign="top">
<p><a class="confluence-thumbnail-link 602x622" href=''><img
src="/confluence/download/thumbnails/115813/authentication.png" align="absmiddle" border="0"
title="Request Processing " /></a></p></td>
<td class="confluenceTd" valign="top">
	<li>First the OSGi HTTP Service implementation is analyzing the request URL to find
a match for a servlet or resource registered with the HTTP Service.</li>
	<li>Now the HTTP Service implementation has to call the <tt>handleSecurity</tt>
method of the <tt>HttpContext</tt> object with which the servlet or resource has
been registered. This method returns <tt>true</tt> if the request should be serviced.
If this method returns <tt>false</tt> the HTTP Service implementation terminates
the request sending back any response which has been prepared by the <tt>handleSecurity</tt>
method. Note, that the <tt>handleSecurity</tt> method must prepare the failure
response sent to the client, the HTTP Service adds nothing here. If the <tt>handleSecurity</tt>
method is successful, it must add two (or three) request attributes described below.</li>
	<li>When the <tt>handleSecurity</tt> method returns <tt>true</tt>
the HTTP Service either calls the <tt>Servlet.service</tt> method or sends back
the requested resource depending on whether a servlet or a resource has been selected in the
first step.</li>

<p>The important thing to note here is, that at the time the <tt>handleSecurity</tt>
method is called, the <tt>SlingMainServlet</tt> is not yet in control of the request.
So any functionality added by the <tt>SlingMainServlet</tt>, notably the <tt>SlingHttpServletRequest</tt>
and <tt>SlingHttpServletResponse</tt> objects are not available to the implementation
of the <tt>handleSecurity</tt> method.</p>

<p>The following pages describe the full details of request authentication in Sling
in full detail:</p>

	<li><a href="/confluence/display/SLINGxSITE/Authentication+-+Tasks" title="Authentication
- Tasks">Tasks</a>: </li>
	<li><a href="/confluence/display/SLINGxSITE/Authentication+-+Actors" title="Authentication
- Actors">Actors</a>: </li>
	<li><a href="/confluence/display/SLINGxSITE/Authentication+-+Framework" title="Authentication
- Framework">Framework</a>: </li>
	<li><a href="/confluence/display/SLINGxSITE/Authentication+-+AuthenticationHandler"
title="Authentication - AuthenticationHandler">AuthenticationHandler</a>: The <tt>AuthenticationHandler</tt>
interface defines the service API which may be implemented by authentication handlers registered
as OSGi services.</li>

     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href=""
class="grey">Change Notification Preferences</a>

       <a href="">View
       <a href="">View
       <a href=";showCommentArea=true#addcomment">Add

View raw message