incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r956515 [2/2] - in /sling/trunk/bundles/extensions/openidauth: ./ src/main/java/org/apache/sling/openidauth/ src/main/java/org/apache/sling/openidauth/impl/ src/main/resources/ src/main/resources/OSGI-INF/metatype/ src/main/resources/SLING-...
Date Mon, 21 Jun 2010 09:36:00 GMT
Modified: sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=956515&r1=956514&r2=956515&view=diff
==============================================================================
--- sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
(original)
+++ sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties
Mon Jun 21 09:35:58 2010
@@ -25,92 +25,71 @@
 
 #
 # Open ID Authentication handler 
-auth.openid.name = Apache Sling OpenID Authenticator
-auth.openid.description = The OpenID Authenticator authenticates Sling users via OpenID.
\
-The login sequence is triggered automatically for a resource if 'Allow Anonymous Access'
\
-is false in the Request Authenticator.  You can manually show the login form by accessing
\
-the Login Request path (/system/sling/openid/login).  You can logout by accessing the \
-Logout Request path (/system/sling/openid/logout).  The various displayed pages \
-(login, auth success, auth fail & logout) are customizable. 
-
-path.name = URL path prefixes
-path.description = URL path prefixes handled by this Authenticator. If no \
-path is configured, it is regarded as inactive. If the handler should be \
-used for all requests, the path should be '/'.
-
-openid.use.cookie.name = Use cookie 
-openid.use.cookie.description = Use a cookie to persist the authentication.  If this is \
-false, uses an HTTP session attribute.
+auth.openid.name = Apache Sling OpenID Authentication Handler
+auth.openid.description = The OpenID Authentication Handler authenticates \
+ users via OpenID. A default login form is provided by the handler, while \
+ custom forms can be provided by configuring the URL (or path) to the \
+ login form. To map OpenID identifiers to Repository users it is expected that \
+ the Repository users have a property "open.id.identifier" set to the OpenID \
+ identifier of the user. This property may be a multi-value 
+
+path.name = Path
+path.description = Repository path for which this authentication handler \
+ should be used by Sling. If this is empty, the authentication handler will \
+ be disabled.
+
+openid.use.cookie.name = Use Cookie 
+openid.use.cookie.description = Whether to use a regular Cookie or an HTTP \
+ Session to cache the OpenID authentication details. By default a regular \
+ cookie is used to prevent use of HTTP Sessions.
 
 openid.cookie.name.name = Cookie name 
-openid.cookie.name.description = Name of cookie used to persist authentication. Only \
-used if 'Use Cookie' is true.
+openid.cookie.name.description = Name of cookie used to persist authentication. \
+ Only used if 'Use Cookie' is checked.
 
 openid.cookie.domain.name = Cookie domain 
-openid.cookie.domain.description = Domain of cookie used to persist authentication. Only
\
-used if 'Use Cookie' is true.
-
-openid.cookie.path.name = Cookie path
-openid.cookie.path.description = Path of cookie used to persist authentication. Only \
-used if 'Use Cookie' is true.
+openid.cookie.domain.description = Domain of cookie used to persist \
+ authentication. This defaults to the host name of the Sling server but may \
+ be set to a different value to share the cookie amongst a server farm or \
+ if the server is running behind a proxy. Only used if 'Use Cookie' is checked.
 
 openid.cookie.secret.key.name = Cookie Secret Key
-openid.cookie.secret.key.description = Secret key used to encrypt cookie contents.  Must
\
-be less than 24 characters long. Only used if 'Use Cookie' is true.
+openid.cookie.secret.key.description = Secret key used to create a signature \
+ of the cookie value to prevent tampering. Only used if 'Use Cookie' is true.
 
 openid.login.form.name = URL of Open ID login form
-openid.login.form.description = This should provide a way to capture the user's \
-OpenID identifier.  This is not the OpenID Provider's login page, however, it does \
-not have to be a local URL.  If it is a local Sling URL, it must be readable by \
-the anonymous user AND either 'Allow Anonymous Access' must be on in the Request \
-Authenticator OR 'Access auth resources anonymously' must be checked here. \
-The user is HTTP Redirect'ed to this URL.  This page \
-should POST back the user's OpenID identifier (as named by the form field parameter) \
-to the originally requested URL (obtainable from HTTP Session attribute \
-OpenIDConstants.ORIGINAL_URL_ATTRIBUTE).  If this form is accessed directly, \
-an optional request parameter 'OpenID.redirect' can set the \
-redirect URL that will be used after successful authentication (if 'Redirect to \
-original URL' is true).
+openid.login.form.description = This should provide a way to capture the \
+ user's OpenID identifier.  This is not the OpenID Provider's login page, \
+ however, it does not have to be a local URL. If it is a local Sling URL, it \
+ must be accessible by the anonymous user. The user is HTTP Redirect'ed to this \
+ URL.  This page should POST back the user's OpenID identifier (as named by \
+ the "OpenID identifier form field" property) to the originally requested URL \ 
+ set in the "resource" request parameter.
 
 openid.login.identifier.name =  OpenID identifier form field
-openid.login.identifier.description = The name of the form parameter that contains \
-the user's OpenID identifier.  By convention this is 'openid_identifier'.
+openid.login.identifier.description = The name of the form parameter that \
+ provides the user's OpenID identifier. By convention this is \
+ 'openid_identifier'. Only change this if you have a very good reason to do so.
 
-openid.original.url.onsuccess.name = Redirect to original URL 
-openid.original.url.onsuccess.description = Whether to redirect to the originally \
-requested URL after successful authentication.
-
-openid.login.success.name = Authentication Success URL 
-openid.login.success.description = URL to redirect user to after successful \
-authentication. Only respected if 'Redirect to original URL' is false.
-
-openid.login.fail.name = Authentication Failure URL 
-openid.login.fail.description = URL to redirect user to after failed \
-OpenID authentication. It does not have to be a local URL.  If it is a local \
-Sling URL, it must be readable by the anonymous user AND either \
-'Allow Anonymous Access' must be on in the Request Authenticator OR 'Access auth \
-resources anonymously' must be checked here.  The user is HTTP Redirect'ed to this URL. \
-NOTE: this redirect is NOT called for a failed Repository login (in that case, \
-the login form will be re-displayed)
-
-openid.logout.name = Post-Logout URL
-openid.logout.description = URL to redirect user to after logging out. Logout \
-is triggered by accessing Logout Request Path (/system/sling/openid/logout). An \
-optional request parameter 'OpenID.redirect' can override this URL for a single \
-logout request.
- 
 openid.external.url.prefix.name = External URL prefix 
-openid.external.url.prefix.description = The prefix of URLs generated for OpenID \
-authentication requests.  This URL must be resolvable from the client browser.  \
-This is usually necessary when running Sling behind a proxy (like Apache) since proxy \
-mapping is not performed on the OpenID ReturnTo and TrustRoot URLs as they \
-are sent to the Provider as form parameters.  If this is empty, the URLs are generated \
-using the hostname found in the original request.
-
-openid.anon.auth.resources.name = Access auth resources anonymously
-openid.anon.auth.resources.description = Causes the authenticator to authenticate the \
-request as the anonymous user for the local login, auth failure & logout pages. \
-This is an explicit authentication as anonymous, and so circumvents the Request Authenticator's
\
-'Allow Anonymous' setting (which operates as a fallback).  Setting this to true enables \
-Sling to serve the authentication resources to unauthenticated users even if 'Allow Anonymous'
\
-is false (assuming the ACLs on the resources allow the anonymous user read access).
\ No newline at end of file
+openid.external.url.prefix.description = The prefix of URLs generated for the \
+ ReturnTo and TrustRoot properties of the OpenID request to the OpenID \
+ provider. Thus this URL prefix should bring back the authenticated user to \
+ this Sling instance. Configuring this property is usually necessary when \
+ running Sling behind a proxy (like Apache) since proxy mapping is not \
+ performed on the OpenID ReturnTo and TrustRoot URLs as they are sent to the \
+ OpenID Provider as form parameters.  If this property is empty, the URLs are \
+ generated using the hostname found in the original request.
+
+openid.property.identity.name = OpenID Identity Property 
+openid.property.identity.description = The name of the JCR User attribute \
+ listing one or more OpenID Identity URLs with which a user is associated. \
+ The property may be a multi- or single-valued. To resolve a JCR user ID from \
+ an OpenID identity a user is searched who lists the identity in this property. \
+ The default value is "openid.identity".
+
+openid.user.attr.name = Credentials Attribute
+openid.user.attr.description = Name of the JCR SimpleCredentials attribute to \
+ to set with the OpenID User data. This attribute is used by the OpenID \
+ LoginModule to validate the OpenID user authentication data. Default is \
+ "openid.user".
\ No newline at end of file

Added: sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html?rev=956515&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html
(added)
+++ sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html
Mon Jun 21 09:35:58 2010
@@ -0,0 +1,113 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!--
+
+      Licensed to the Apache Software Foundation (ASF) under one
+      or more contributor license agreements.  See the NOTICE file
+      distributed with this work for additional information
+      regarding copyright ownership.  The ASF licenses this file
+      to you under the Apache License, Version 2.0 (the
+      "License"); you may not use this file except in compliance
+      with the License.  You may obtain a copy of the License at
+     
+        http://www.apache.org/licenses/LICENSE-2.0
+     
+      Unless required by applicable law or agreed to in writing,
+      software distributed under the License is distributed on an
+      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+      KIND, either express or implied.  See the License for the
+      specific language governing permissions and limitations
+      under the License.
+
+-->
+<html xml:lang="en" lang="en"
+      xmlns="http://www.w3.org/1999/xhtml"
+>
+<head>
+   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+   <title>Login</title>
+   
+   <style type="text/css">
+   body {
+       font-family: Verdana, Arial, Helvetica, sans-serif;
+       font-size: 10px;
+       color: black;
+       background-color: white;
+   }
+   
+   #main {
+       border: 1px solid gray;
+       margin-top: 25%;
+       margin-left: 25%;
+       width: 400px;
+       padding: 10px;
+   }
+   
+   #loginform {
+       padding: 0px;
+       margin: 0px;
+   }
+   
+    #openid_identifier {
+        background-image:url('http://wiki.openid.net/f/openid-16x16.gif');
+        background-repeat: no-repeat;
+        background-position: center left;
+        padding-left: 18px;
+        width: 378px;
+    }
+    
+   #err {
+       color: red;
+   }
+   </style>
+   
+   <script>
+      function selectProvider( /* Button */ provider, /* String */ url ) {
+        provider.form.openid_identifier.value = url;
+        return true;
+      }
+   </script>
+</head>
+
+<body>
+
+<div id="main"><!-- Login Form -->
+<h3>Login:</h3>
+<form id="loginform" method="POST" action="j_security_check"
+        enctype="multipart/form-data" accept-charset="UTF-8">
+
+   <input type="hidden" name="_charset_" value="UTF-8" />
+   <input type="hidden" name="resource" value="${resource}" />
+   <input type="hidden" name="sling:authRequestLogin" value="OpenID" />
+
+   <div id="err">
+      <p>${j_reason}</p>
+      
+   </div>
+
+   <div>
+      <p>
+         Please click your account provider:<br/>
+         <button id="google" accesskey="g" class="form-button" onClick="return selectProvider(this,
'https://www.google.com/accounts/o8/id');"><u>G</u>oogle</button>
+         <button id="yahoo" accesskey="y" class="form-button" onClick="return selectProvider(this,
'https://me.yahoo.com/');"><u>Y</u>ahoo</button>
+         <button id="myopenid" accesskey="m" class="form-button" onClick="return selectProvider(this,
'https://www.myopenid.com/');"><u>M</u>yOpenID</button>
+      </p>
+   </div>
+
+   <div>
+      <label for="openid_identifier">or enter your OpenID <u>I</u>dentifier</label>
+   </div>
+   
+   <div>
+      <input id="openid_identifier" accesskey="i" name="openid_identifier"/>
+   </div>
+   
+   <div class="buttongroup">
+      <button id="login" accesskey="l" class="form-button" type="submit"><u>L</u>ogin</button>
+      <button id="login" accesskey="c" class="form-button" onClick="document.location='${resource}';
return false;"><u>C</u>ancel</button>
+   </div>
+   
+</form>
+</div>
+
+</body>
+</html>

Propchange: sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java?rev=956515&view=auto
==============================================================================
--- sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
(added)
+++ sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
Mon Jun 21 09:35:58 2010
@@ -0,0 +1,149 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.openidauth.impl;
+
+import javax.servlet.http.HttpServletRequest;
+
+import junit.framework.TestCase;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+
+public class OpenIDAuthenticationHandlerTest extends TestCase {
+
+    private static final String NAME = "the.server.com";
+
+    private final String HTTP = "http";
+
+    private final String HTTPS = "https";
+
+    private final String ANY = "any";
+
+    private final int port80 = 80;
+
+    private final int port443 = 443;
+
+    private final int port999 = 999;
+
+    private final int port_1 = -1;
+
+    private static final String CTX = "";
+
+    public void test_getBaseUrl() {
+
+        final Mockery ctx = new Mockery();
+        final HttpServletRequest request = ctx.mock(HttpServletRequest.class);
+        ctx.checking(new Expectations() {
+            {
+                // general setup on each calls
+                allowing(request).getServerName();
+                will(returnValue(NAME));
+                allowing(request).getContextPath();
+                will(returnValue(CTX));
+
+                // http/80
+                one(request).getScheme();
+                will(returnValue(HTTP));
+                one(request).getServerPort();
+                will(returnValue(port80));
+
+                // https/443
+                one(request).getScheme();
+                will(returnValue(HTTPS));
+                one(request).getServerPort();
+                will(returnValue(port443));
+
+                // http/999
+                one(request).getScheme();
+                will(returnValue(HTTP));
+                one(request).getServerPort();
+                will(returnValue(port999));
+
+                // https/999
+                one(request).getScheme();
+                will(returnValue(HTTPS));
+                one(request).getServerPort();
+                will(returnValue(port999));
+
+                // any/80
+                one(request).getScheme();
+                will(returnValue(ANY));
+                one(request).getServerPort();
+                will(returnValue(port80));
+
+                // any/443
+                one(request).getScheme();
+                will(returnValue(ANY));
+                one(request).getServerPort();
+                will(returnValue(port443));
+
+                // any/999
+                one(request).getScheme();
+                will(returnValue(ANY));
+                one(request).getServerPort();
+                will(returnValue(port999));
+
+                // http/-1
+                one(request).getScheme();
+                will(returnValue(HTTP));
+                one(request).getServerPort();
+                will(returnValue(port_1));
+
+                // https/-1
+                one(request).getScheme();
+                will(returnValue(HTTPS));
+                one(request).getServerPort();
+                will(returnValue(port_1));
+
+                // any/-1
+                one(request).getScheme();
+                will(returnValue(ANY));
+                one(request).getServerPort();
+                will(returnValue(port_1));
+            }
+        });
+
+        final OpenIDAuthenticationHandler handler1 = new OpenIDAuthenticationHandler();
+        // http/80
+        assertEquals(HTTP + "://" + NAME, handler1.getBaseUrl(request));
+        // https/443
+        assertEquals(HTTPS + "://" + NAME, handler1.getBaseUrl(request));
+        // http/999
+        assertEquals(HTTP + "://" + NAME + ":" + port999,
+            handler1.getBaseUrl(request));
+        // https/999
+        assertEquals(HTTPS + "://" + NAME + ":" + port999,
+            handler1.getBaseUrl(request));
+        // any/80
+        assertEquals(ANY + "://" + NAME + ":" + port80,
+            handler1.getBaseUrl(request));
+        // any/443
+        assertEquals(ANY + "://" + NAME + ":" + port443,
+            handler1.getBaseUrl(request));
+        // any/999
+        assertEquals(ANY + "://" + NAME + ":" + port999,
+            handler1.getBaseUrl(request));
+        // http/-1
+        assertEquals(HTTP + "://" + NAME, handler1.getBaseUrl(request));
+        // https/-1
+        assertEquals(HTTPS + "://" + NAME, handler1.getBaseUrl(request));
+        // any/-1
+        assertEquals(ANY+ "://" + NAME, handler1.getBaseUrl(request));
+    }
+}

Propchange: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url



Mime
View raw message