incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r1203901 - in /sling/trunk/bundles/auth/core/src/main: java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java java/org/apache/sling/auth/core/impl/SlingAuthenticator.java resources/OSGI-INF/metatype/metatype.properties
Date Fri, 18 Nov 2011 23:40:24 GMT
Author: fmeschbe
Date: Fri Nov 18 23:40:23 2011
New Revision: 1203901

URL: http://svn.apache.org/viewvc?rev=1203901&view=rev
Log:
SLING-2276 Provide functionality to configure a user to be used for anonymous requests

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
    sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java?rev=1203901&r1=1203900&r2=1203901&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
Fri Nov 18 23:40:23 2011
@@ -69,6 +69,10 @@ public class AuthenticatorWebConsolePlug
 
         printAuthenticationRequirements(pw);
 
+        pw.println("<tr><td colspan='2'>&nbsp;</td></tr>");
+
+        printAuthenticationConfiguration(pw);
+
         pw.println("</table>");
     }
 
@@ -114,7 +118,28 @@ public class AuthenticatorWebConsolePlug
             pw.println("</tr>");
 
         }
-
     }
 
+    private void printAuthenticationConfiguration(PrintWriter pw) {
+        final String anonUser = slingAuthenticator.getAnonUserName();
+        final String sudoCookie = slingAuthenticator.getSudoCookieName();
+        final String sudoParam = slingAuthenticator.getSudoParameterName();
+
+        pw.println("<tr>");
+        pw.println("<th class='content container' colspan='3'>Miscellaneous Configuration</td>");
+        pw.println("</tr>");
+        pw.println("</tr>");
+        pw.println("<tr>");
+        pw.println("<td class='content'>Impersonation Cookie</td>");
+        pw.printf("<td class='content' colspan='2'>%s</td>%n", sudoCookie);
+        pw.println("</tr>");
+        pw.println("<tr>");
+        pw.println("<td class='content'>Impersonation Parameter</td>");
+        pw.printf("<td class='content' colspan='2'>%s</td>%n", sudoParam);
+        pw.println("</tr>");
+        pw.println("<tr>");
+        pw.println("<td class='content'>Anonymous User Name</td>");
+        pw.printf("<td class='content' colspan='2'>%s</td>%n", (anonUser == null)
? "(default)" : anonUser);
+        pw.println("</tr>");
+    }
 }

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=1203901&r1=1203900&r2=1203901&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Fri Nov 18 23:40:23 2011
@@ -25,7 +25,6 @@ import java.util.Hashtable;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
-
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletRequestEvent;
 import javax.servlet.ServletRequestListener;
@@ -114,6 +113,12 @@ public class SlingAuthenticator implemen
     @Property(cardinality = 2147483647)
     private static final String PAR_AUTH_REQ = "sling.auth.requirements";
 
+    @Property()
+    private static final String PAR_ANONYMOUS_USER = "sling.auth.anonymous.user";
+
+    @Property() // TODO: This should be a PASSWORD type
+    private static final String PAR_ANONYMOUS_PASSWORD = "sling.auth.anonymous.password";
+
     /**
      * Value of the {@link #PAR_HTTP_AUTH} property to fully enable the built-in
      * HTTP Authentication Handler (value is "enabled").
@@ -230,6 +235,23 @@ public class SlingAuthenticator implemen
      */
     private String[] authUriSuffices;
 
+    /**
+     * The name of the user to assume for anonymous access. By default this is
+     * <code>null</code> to use <code>null</code> credentials and
thus use the
+     * system provided identification.
+     *
+     * @see #getAnonymousCredentials()
+     */
+    private String anonUser;
+
+    /**
+     * The password to use for anonymous access. This property is only used if
+     * the {@link #anonUser} field is not <code>null</code>.
+     *
+     * @see #getAnonymousCredentials()
+     */
+    private char[] anonPassword;
+
     /** HTTP Basic authentication handler */
     private HttpBasicAuthenticationHandler httpBasicHandler;
 
@@ -332,6 +354,15 @@ public class SlingAuthenticator implemen
             }
         }
 
+        final String anonUser = OsgiUtil.toString(properties.get(PAR_ANONYMOUS_USER), "");
+        if (anonUser.length() > 0) {
+            this.anonUser = anonUser;
+            this.anonPassword = OsgiUtil.toString(properties.get(PAR_ANONYMOUS_PASSWORD),
"").toCharArray();
+        } else {
+            this.anonUser = null;
+            this.anonPassword = null;
+        }
+
         authUriSuffices = OsgiUtil.toStringArray(properties.get(PAR_AUTH_URI_SUFFIX),
             new String[] { DEFAULT_AUTH_URI_SUFFIX });
 
@@ -629,6 +660,25 @@ public class SlingAuthenticator implemen
         return authRequiredCache.getHolders();
     }
 
+    /**
+     * Returns the name of the user to assume for requests without credentials.
+     * This may be <code>null</code> if not configured and the default anonymous
+     * user is to be used.
+     * <p>
+     * The configured password cannot be requested.
+     */
+    String getAnonUserName() {
+        return anonUser;
+    }
+
+    String getSudoCookieName() {
+        return sudoCookieName;
+    }
+
+    String getSudoParameterName() {
+        return sudoParameterName;
+    }
+
     // ---------- internal
 
     private AuthenticationInfo getAuthenticationInfo(HttpServletRequest request, HttpServletResponse
response) {
@@ -805,7 +855,8 @@ public class SlingAuthenticator implemen
 
             try {
 
-                ResourceResolver resolver = resourceResolverFactory.getResourceResolver(null);
+                Map<String, Object> credentials = getAnonymousCredentials();
+                ResourceResolver resolver = resourceResolverFactory.getResourceResolver(credentials);
 
                 // check whether the client asked for redirect after
                 // authentication and/or impersonation
@@ -870,6 +921,25 @@ public class SlingAuthenticator implemen
         return false;
     }
 
+    /**
+     * Returns credentials to use for anonymous resource access. If an anonymous
+     * user is configued, this returns an {@link AuthenticationInfo} instance
+     * whose authentication type is <code>null</code> and the user name and
+     * password are set according to the {@link #PAR_ANONYMOUS_USER} and
+     * {@link #PAR_ANONYMOUS_PASSWORD} configurations. Otherwise
+     * <code>null</code> is returned.
+     */
+    private Map<String, Object> getAnonymousCredentials() {
+        if (this.anonUser != null) {
+            AuthenticationInfo info = new AuthenticationInfo(null);
+            info.setUser(this.anonUser);
+            info.setPassword(this.anonPassword);
+            return info;
+        }
+
+        return null;
+    }
+
     private void handleLoginFailure(final HttpServletRequest request,
             final HttpServletResponse response, final String user,
             final Exception reason) {

Modified: sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1203901&r1=1203900&r2=1203901&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
(original)
+++ sling/trunk/bundles/auth/core/src/main/resources/OSGI-INF/metatype/metatype.properties
Fri Nov 18 23:40:23 2011
@@ -42,6 +42,24 @@ auth.annonymous.description = Whether de
  added is "-/". Otherwise anonymous access is denied and "+/" is added to the \
  list.
  
+sling.auth.anonymous.user.name = Anonymous User Name
+sling.auth.anonymous.user.description = Defines which user name to assume \
+ for anonymous requests, that is requests not providing credentials \
+ supported by any of the registered authentication handlers. If this \
+ property is missing or empty, the default is assumed which depends on \
+ the resource provider(s). Otherwise anonymous requests are handled with \
+ this user name. If the configured user name does not exist or is not \
+ allowed to access the resource data, anonymous requests may still be \
+ blocked. If anonymous access is not allowed, this property is ignored.
+
+sling.auth.anonymous.password.name = Anonymous User Password
+sling.auth.anonymous.password.description = Password for the anonymous \
+ user defined in the Anonymous User Name field. This property is only \
+ used if a non-empty anonymous user name is configured. If this property \
+ is not defined but a password is required, an empty password would be \
+ assumed.
+    
+ 
 sling.auth.requirements.name = Authentication Requirements
 sling.auth.requirements.description = Defines URL space subtrees which require \
  or don't require authentication. For any request the best matching path \



Mime
View raw message