incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r860744 - in /websites/staging/sling/trunk/content: ./ documentation/the-sling-engine/authentication/authentication-framework.html
Date Fri, 03 May 2013 20:30:30 GMT
Author: buildbot
Date: Fri May  3 20:30:29 2013
New Revision: 860744

Log:
Staging update by buildbot for sling

Modified:
    websites/staging/sling/trunk/content/   (props changed)
    websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html

Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri May  3 20:30:29 2013
@@ -1 +1 @@
-1478710
+1478959

Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
(original)
+++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Fri May  3 20:30:29 2013
@@ -110,13 +110,39 @@
 <li>Set request attributes listed below.</li>
 </ol>
 <p>Extracting the credentials and trying to login to the repository may yield the following
results:</p>
-<p>| Credentials | Login | Consequence |
-| present | successfull | Continue with an authenticated request |
-| present | failed | Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code>
method |
-| missing | anonymous allowed | Continue with a non authenticated request using anonymous
access to the repository |
-| missing | anonymous forbidden | Select <code>AuthenticationHandler</code> and
call <code>requestCredentials</code> method |</p>
+<table>
+<thead>
+<tr>
+<th>Credentials</th>
+<th>Login</th>
+<th>Consequence</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>present</td>
+<td>successful</td>
+<td>Continue with an authenticated request</td>
+</tr>
+<tr>
+<td>present</td>
+<td>failed</td>
+<td>Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code>
method</td>
+</tr>
+<tr>
+<td>missing</td>
+<td>anonymous allowed</td>
+<td>Continue with a non authenticated request using anonymous access to the repository</td>
+</tr>
+<tr>
+<td>missing</td>
+<td>anonymous forbidden</td>
+<td>Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code>
method</td>
+</tr>
+</tbody>
+</table>
 <div class="note">
-Only one `AuthenticationHandler` is able to provide credentials for a given request. If the
credentials provided by the handler cannot be used to login to the repository, authentication
fails and no further `AuthenticationHandler` is consulted.
+    Only one <code>AuthenticationHandler</code> is able to provide credentials
for a given request. If the credentials provided by the handler cannot be used to login to
the repository, authentication fails and no further <code>AuthenticationHandler</code>
is consulted.
 </div>
 
 <h4 id="request-attributes-on-successful-login">Request Attributes on Successful Login</h4>
@@ -151,7 +177,7 @@ Only one `AuthenticationHandler` is able
 </tr>
 </tbody>
 </table>
-<p><em>NOTE</em>: Do <em>NOT</em> use the <code>javax.jcr.Session</code>
request attribute in your Sling applications. This attribute must be considered implementation
specific to convey the JCR Session to the <code>SlingMainServlet</code>. In future
versions of the Sling Commons Auth bundle, this request attribute will not be present anymore.
To get the JCR Session for the current request adapt the request's resource resolver to a
JCR Session:</p>
+<p><strong>NOTE</strong>: Do <em>NOT</em> use the <code>javax.jcr.Session</code>
request attribute in your Sling applications. This attribute must be considered implementation
specific to convey the JCR Session to the <code>SlingMainServlet</code>. In future
versions of the Sling Commons Auth bundle, this request attribute will not be present anymore.
To get the JCR Session for the current request adapt the request's resource resolver to a
JCR Session:</p>
 <div class="codehilite"><pre><span class="n">Session</span> <span
class="n">session</span> <span class="o">=</span> <span class="n">request</span><span
class="o">.</span><span class="n">getResourceResolver</span><span
class="p">()</span><span class="o">.</span><span class="n">adaptTo</span><span
class="p">(</span><span class="n">Session</span><span class="o">.</span><span
class="n">class</span><span class="p">);</span>
 </pre></div>
 
@@ -164,7 +190,7 @@ Only one `AuthenticationHandler` is able
 <li>Any OSGi service may provide a <code>sling.auth.requirements</code>
registration property which is used to dynamically extend the authentication requirements
from the <em>Authentication Requirements</em> configuration. This may for example
be set by <code>AuthenticationHandler</code> implementations providing a login
form to ensure access to the login form does not require authentication. The value of this
property is a single string, an array of strings or a Collection of strings and is formatted
in the same way as the <em>Authentication Requirements</em> configuration property.</li>
 </ul>
 <p>The URLs set on the <em>Authentication Requirements</em> configuration
property or the <code>sling.auth.requirements</code> service registration property
can be absolute paths or URLs like the <code>path</code> service registration
property of <code>AuthenticationHandler</code> services. This allows the limitation
of this setup to certain requests by scheme and/or virtual host address.</p>
-<p><em>Examples</em></p>
+<p><strong>Examples</strong></p>
 <ul>
 <li>
 <p>The <code>LoginServlet</code> contained in the Commons Auth bundle registers
itself with the service registration property <code>sling.auth.requirements = "-/system/sling/login"</code>
to ensure the servlet can be accessed without requiring authentication.</p>
@@ -175,7 +201,7 @@ Only one `AuthenticationHandler` is able
 </ul>
 <h2 id="authenticator-implementation">Authenticator implementation</h2>
 <p>The implementation of the <code>Authenticator</code> interface is similar
for both methods:</p>
-<p><em><code>login</code></em></p>
+<p><strong><code>login</code></strong></p>
 <ol>
 <li>Select one or more <code>AuthenticationHandler</code> for the request
according to the request URL's scheme and authorization part.</li>
 <li>Call the <code>requestCredentials</code> method of each authentication
handler, where the order of handler call is defined by the length of the registered path:
handlers registered with longer paths are called before handlers with shorter paths. The goal
is to call the handlers in order from longest request path match to shortest match. Handlers
not matching the request path at all are not called.</li>
@@ -204,12 +230,14 @@ Only one `AuthenticationHandler` is able
 </tr>
 </tbody>
 </table>
-<p><em><code>logout</code></em>
-1. Select one or more <code>AuthenticationHandler</code> for the request according
to the request URL's scheme and authorization part.
-1. Call the <code>dropCredentials</code> method of each authentication handler,
where the order of handler call is defined by the length of the registered path: handlers
registered with longer paths are called before handlers with shorter paths. The goal is to
call the handlers in order from longest request path match to shortest match. Handlers not
matching the request path at all are not called.</p>
+<p><strong><code>logout</code></strong></p>
+<ol>
+<li>Select one or more <code>AuthenticationHandler</code> for the request
according to the request URL's scheme and authorization part.</li>
+<li>Call the <code>dropCredentials</code> method of each authentication
handler, where the order of handler call is defined by the length of the registered path:
handlers registered with longer paths are called before handlers with shorter paths. The goal
is to call the handlers in order from longest request path match to shortest match. Handlers
not matching the request path at all are not called.</li>
+</ol>
 <p>Unlike for the <code>login</code> method in the <code>logout</code>
method case all <code>AuthenticationHandler</code> services selected in the first
step are called. If none can be selected or none can actually handle the <code>dropCredentials</code>
request, the <code>logout</code> silently returns.</p>
       <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
-        Rev. 1464512 by bdelacretaz on Thu, 4 Apr 2013 13:03:31 +0000
+        Rev. 1478959 by dklco on Fri, 3 May 2013 20:29:53 +0000
       </div>
       <div class="trademarkFooter"> 
         Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project



Mime
View raw message