incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache Sling Website > Form Based AuthenticationHandler
Date Sun, 07 Feb 2010 19:17:00 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=SLINGxSITE&amp;forWysiwyg=true"
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="">Form
Based AuthenticationHandler</a></h2>
    <h4>Page  <b>added</b> by             <a href="">Felix
    <div class="notificationGreySide">
         <h1><a name="FormBasedAuthenticationHandler-FormBasedAuthenticationHandler"></a>Form
Based AuthenticationHandler</h1>

<div class="panel" style="border-width: 1px;"><div class="panelContent">
<p>DRAFT - describing the implementation of the Form Based AuthenticationHandler of

<div><a href='#FormBasedAuthenticationHandler-AuthenticationHandlerimplementation'>AuthenticationHandler
implementation</a> | <a href='#FormBasedAuthenticationHandler-AuthenticationHandlerFeedbackimplementation'>AuthenticationHandlerFeedback
implementation</a> | <a href='#FormBasedAuthenticationHandler-RequestParameters'>Request
Parameters</a> | <a href='#FormBasedAuthenticationHandler-CredentialsTransport'>Credentials
Transport</a> | <a href='#FormBasedAuthenticationHandler-Configuration'>Configuration</a></div>

<p>The Form Based AuthenticationHandler has two authentication phases: The first phase
is presenting a login form to the user and passing the entered user name and password to the
server. The second phase is storing successful authentication in a Cookie or an HTTP Session.</p>

<h3><a name="FormBasedAuthenticationHandler-AuthenticationHandlerimplementation"></a>AuthenticationHandler

	<li><tt>extractCredentials</tt> &#8211; Prepares credentials for the
form entered data or from the Cookie or HTTP Session attribute. Returns <tt>null</tt>
if neither data is provided in the request</li>
	<li><tt>requestCredentials</tt> &#8211; Redirects the client (browser)
to the login form</li>
	<li><tt>dropCredentials</tt> &#8211; Remove the Cookie or remove the
HTTP Session attribute</li>

<h3><a name="FormBasedAuthenticationHandler-AuthenticationHandlerFeedbackimplementation"></a>AuthenticationHandlerFeedback

	<li><tt>authenticationFailed</tt> &#8211; Remove the Cookie or remove
the HTTP Session attribute</li>
	<li><tt>authenticationSucceeded</tt> &#8211; Set (or update) the Cookie
or HTTP Session attribute</li>

<h3><a name="FormBasedAuthenticationHandler-RequestParameters"></a>Request

<p>The Form Based Authentication handlers supports the following request parameters
which may be submitted by the HTML form. The form must be submitted as an HTTP <tt>POST</tt>
request for the parameters to be accepted.</p>

	<li><tt>j_username</tt> &#8211; Name of the user to authenticate</li>
	<li><tt>j_password</tt> &#8211; Password to authenticate the user</li>
	<li><tt>j_validate</tt> &#8211; Flag indicating whether to just validate
the credentials</li>
	<li><tt>resource</tt> &#8211; The location to go to on successful login</li>
	<li><tt>sling.auth.redirect</tt> &#8211; The location to redirect to
on successful login</li>

<p>The <tt>j_username</tt> and <tt>j_password</tt> parameters
are used to create a JCR <tt>SimpleCredentials</tt> object to log into the JCR

<p>The <tt>j_validate</tt> parameter may be used to implement login form
submission using AJAX. If this parameter is set to <tt>true</tt> (case-insensitive)
the credentials are used to login and after success or failure to return a status code:</p>

<table class='confluenceTable'><tbody>
<th class='confluenceTh'> Status </th>
<th class='confluenceTh'> Description </th>
<td class='confluenceTd'> <tt>200 OK</tt> </td>
<td class='confluenceTd'> Authentication succeeded; credentials are valid for login;
the Cookie or HTTP Session attribute is now set </td>
<td class='confluenceTd'> <tt>403 FORBIDDEN</tt> </td>
<td class='confluenceTd'> Authentication failed; credentials are invalid for login;
the Cookie or HTTP Session attribute is not set (if it was set, it is now cleared) </td>

<p>If the <tt>j_invalidate</tt> parameter is not set or is set to any value
other than <tt>true</tt>, the request processing depends on authentication success
or failure:</p>

<table class='confluenceTable'><tbody>
<th class='confluenceTh'> Authentication </th>
<th class='confluenceTh'> Description </th>
<td class='confluenceTd'> Success </td>
<td class='confluenceTd'> Request is processed; the Cookie or HTTP Session attribute
is now set; If login was initiated by a call to the login servlet (<tt>/system/sling/login</tt>)
the request is redirected either to the root of the servlet context or to the location indicated
with the <tt>resource</tt> request parameter. </td>
<td class='confluenceTd'> Failure </td>
<td class='confluenceTd'> The request is redirected to the login form again; the Cookie
or HTTP Session attribute is not set (if it was set, it is now cleared) </td>

<h3><a name="FormBasedAuthenticationHandler-CredentialsTransport"></a>Credentials

<h3><a name="FormBasedAuthenticationHandler-Configuration"></a>Configuration</h3>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href=""
class="grey">Change Notification Preferences</a>
       <a href="">View
       <a href=";showCommentArea=true#addcomment">Add

View raw message