incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r1203871 - in /sling/trunk/bundles/auth/core/src/main: java/org/apache/sling/auth/core/impl/SlingAuthenticator.java resources/OSGI-INF/metatype/metatype.properties
Date Fri, 18 Nov 2011 21:55:09 GMT
Author: fmeschbe
Date: Fri Nov 18 21:55:09 2011
New Revision: 1203871

URL: http://svn.apache.org/viewvc?rev=1203871&view=rev
Log:
SLING-2280 Implement Option 4: HTTP Basic Handler is fully enabled ignoring any conflicting
configuration if anonymous access is disabled. This causes the HTTP Basic Handler to operate
as a proper fallback for authentication. If anonymous access is allowed the HTTP Basic enablement
configuration is still followed.

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1203871&r1=1203870&r2=1203871&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Fri Nov 18 21:55:09 2011
@@ -42,7 +42,6 @@ import org.apache.felix.scr.annotations.
 import org.apache.felix.scr.annotations.PropertyUnbounded;
 import org.apache.felix.scr.annotations.Reference;
 import org.apache.felix.scr.annotations.Service;
-import org.apache.felix.scr.annotations.Services;
 import org.apache.sling.api.auth.Authenticator;
 import org.apache.sling.api.auth.NoAuthenticationHandlerException;
 import org.apache.sling.api.resource.LoginException;
@@ -83,9 +82,7 @@ import org.slf4j.LoggerFactory;
  * URL.
  */
 @Component(name = "org.apache.sling.engine.impl.auth.SlingAuthenticator", label = "%auth.name",
description = "%auth.description", metatype = true)
-@Services( { @Service(value = Authenticator.class),
-    @Service(value = AuthenticationSupport.class),
-    @Service(value = ServletRequestListener.class) })
+@Service(value = { Authenticator.class, AuthenticationSupport.class, ServletRequestListener.class
})
 @Property(name = Constants.SERVICE_VENDOR, value = "The Apache Software Foundation")
 public class SlingAuthenticator implements Authenticator,
         AuthenticationSupport, ServletRequestListener {
@@ -322,10 +319,8 @@ public class SlingAuthenticator implemen
 
         authRequiredCache.clear();
 
-        boolean flag = OsgiUtil.toBoolean(
-            properties.get(PAR_ANONYMOUS_ALLOWED), DEFAULT_ANONYMOUS_ALLOWED);
-        authRequiredCache.addHolder(new AuthenticationRequirementHolder("/",
-            !flag, null));
+        final boolean anonAllowed = OsgiUtil.toBoolean(properties.get(PAR_ANONYMOUS_ALLOWED),
DEFAULT_ANONYMOUS_ALLOWED);
+        authRequiredCache.addHolder(new AuthenticationRequirementHolder("/", !anonAllowed,
null));
 
         String[] authReqs = OsgiUtil.toStringArray(properties.get(PAR_AUTH_REQ));
         if (authReqs != null) {
@@ -351,16 +346,19 @@ public class SlingAuthenticator implemen
             serviceListener.registerServices();
         }
 
-        // register as a service !
-        final String realm = OsgiUtil.toString(properties.get(PAR_REALM_NAME),
-            DEFAULT_REALM);
-        final String http = OsgiUtil.toString(properties.get(PAR_HTTP_AUTH),
-            HTTP_AUTH_PREEMPTIVE);
+        final String http;
+        if (anonAllowed) {
+            http = OsgiUtil.toString(properties.get(PAR_HTTP_AUTH), HTTP_AUTH_PREEMPTIVE);
+        } else {
+            http = HTTP_AUTH_ENABLED;
+            log.debug("modified: Anonymous Access is denied thus HTTP Basic Authentication
is fully enabled");
+        }
+
         if (HTTP_AUTH_DISABLED.equals(http)) {
             httpBasicHandler = null;
         } else {
-            httpBasicHandler = new HttpBasicAuthenticationHandler(realm,
-                HTTP_AUTH_ENABLED.equals(http));
+            final String realm = OsgiUtil.toString(properties.get(PAR_REALM_NAME), DEFAULT_REALM);
+            httpBasicHandler = new HttpBasicAuthenticationHandler(realm, HTTP_AUTH_ENABLED.equals(http));
         }
     }
 

Modified: sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1203871&r1=1203870&r2=1203871&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
(original)
+++ sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
Fri Nov 18 21:55:09 2011
@@ -83,7 +83,9 @@ auth.http.description = Level of support
  support can be provided in three levels: (1) no support at all, that is \
  disabled, (2) preemptive support, that is HTTP Basic Authentication is \
  supported if the authentication header is set in the request, (3) full \
- support. The default is preemptive support.
+ support. The default is preemptive support unless Anonymous Access is \
+ not allowed. In this case HTTP Basic Authentication is always enabled \
+ to ensure clients can authenticate at least with basic authentication.
 
 auth.http.realm.name = Realm
 auth.http.realm.description = HTTP BASIC authentication realm. This property \



Mime
View raw message