sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r910509 - in /sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth: impl/AuthenticationHandlerHolder.java spi/AuthenticationHandler.java
Date Tue, 16 Feb 2010 13:10:56 GMT
Author: fmeschbe
Date: Tue Feb 16 13:10:55 2010
New Revision: 910509

URL: http://svn.apache.org/viewvc?rev=910509&view=rev
Log:
SLING-1382 Define new AuthenticationHandler constants for authentication type definition and
requiring and implement support

Modified:
    sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java
    sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java

Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java?rev=910509&r1=910508&r2=910509&view=diff
==============================================================================
--- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java
(original)
+++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java
Tue Feb 16 13:10:55 2010
@@ -26,13 +26,13 @@
 import org.apache.sling.commons.auth.spi.AuthenticationFeedbackHandler;
 import org.apache.sling.commons.auth.spi.AuthenticationHandler;
 import org.apache.sling.commons.auth.spi.AuthenticationInfo;
+import org.apache.sling.commons.osgi.OsgiUtil;
 import org.osgi.framework.ServiceReference;
 
 /**
  * The <code>AuthenticationHandlerHolder</code> class represents an
  * authentication handler service in the internal data structure of the
  * {@link SlingAuthenticator}.
- *
  */
 final class AuthenticationHandlerHolder extends
         AbstractAuthenticationHandlerHolder {
@@ -40,6 +40,9 @@
     // the actual authentication handler
     private final AuthenticationHandler handler;
 
+    // the supported authentication type of the handler
+    private final String authType;
+
     AuthenticationHandlerHolder(final String fullPath,
             final AuthenticationHandler handler,
             final ServiceReference serviceReference) {
@@ -47,6 +50,8 @@
 
         // assign the fields
         this.handler = handler;
+        this.authType = OsgiUtil.toString(
+            serviceReference.getProperty(TYPE_PROPERTY), null);
     }
 
     @Override
@@ -59,14 +64,19 @@
 
     public AuthenticationInfo doExtractCredentials(HttpServletRequest request,
             HttpServletResponse response) {
-
         return handler.extractCredentials(request, response);
-
     }
 
     public boolean doRequestCredentials(HttpServletRequest request,
             HttpServletResponse response) throws IOException {
-        return handler.requestCredentials(request, response);
+
+        // call handler if ok by its authentication type
+        if (doesRequestCredentials(request)) {
+            return handler.requestCredentials(request, response);
+        }
+
+        // no credentials have been requested
+        return false;
     }
 
     public void doDropCredentials(HttpServletRequest request,
@@ -94,4 +104,34 @@
     public String toString() {
         return handler.toString();
     }
+
+    /**
+     * Returns <code>true</code> if the <code>requestCredentials</code>
method
+     * of the held authentication handler should be called or not:
+     * <ul>
+     * <li>If the authentication handler is registered without an authentication
+     * type</li>
+     * <li>If the <code>sling:authRequestLogin</code> request parameter
is not
+     * set</li>
+     * <li>If the <code>sling:authRequestLogin</code> is set to the same
value
+     * as the authentication type of the held authentication handler.</li>
+     * <ul>
+     * <p>
+     * Otherwise <code>false</code> is returned and the
+     * <code>requestCredentials</code> method is not called.
+     *
+     * @param request The request object providing the <code>
+     *            sling:authRequestLogin</code> parameter
+     * @return <code>true</code> if the <code>requestCredentials</code>
method
+     *         should be called.
+     */
+    private boolean doesRequestCredentials(final HttpServletRequest request) {
+        // no configured authentication type, always request credentials
+        if (authType == null) {
+            return true;
+        }
+
+        final String requestLogin = request.getParameter(REQUEST_LOGIN_PARAMETER);
+        return requestLogin == null || authType.equals(requestLogin);
+    }
 }
\ No newline at end of file

Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java?rev=910509&r1=910508&r2=910509&view=diff
==============================================================================
--- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java
(original)
+++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java
Tue Feb 16 13:10:55 2010
@@ -52,6 +52,35 @@
     static final String PATH_PROPERTY = "path";
 
     /**
+     * The name of the service registration property (single string) providing
+     * the authentication type of authentication handler. This is the same value
+     * as will be returned as the {@link AuthenticationInfo#getAuthType()
+     * authentication type} returned by the
+     * {@link #extractCredentials(HttpServletRequest, HttpServletResponse)}
+     * method.
+     * <p>
+     * <p>
+     * This property is optional but allows the client to optionally select the
+     * authentication handler which will actually request credentials upon the
+     * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}
+     * method.
+     *
+     * @see #REQUEST_LOGIN_PARAMETER
+     */
+    static final String TYPE_PROPERTY = "authtype";
+
+    /**
+     * The request parameter which may be used to explicitly select an
+     * authentication handler by its {@link #TYPE_PROPERTY type} if
+     * authentication will be requested through
+     * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}.
+     *
+     * @see #requestCredentials(HttpServletRequest, HttpServletResponse)
+     * @see #TYPE_PROPERTY
+     */
+    static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
+
+    /**
      * Extracts credential data from the request if at all contained.
      * <p>
      * The method returns any of the following values :
@@ -73,9 +102,9 @@
      * <tr>
      * <td>{@link AuthenticationInfo#FAIL_AUTH}
      * <td>the handler failed extracting the credentials from the request for
-     * any reason. An example of this result is that credentials are present
-     * in the request but they could not be validated and thus not be used
-     * for request processing.
+     * any reason. An example of this result is that credentials are present in
+     * the request but they could not be validated and thus not be used for
+     * request processing.
      * </tr>
      * <tr>
      * <td><code>AuthenticationInfo</code> object
@@ -125,10 +154,20 @@
      * attribute. If the service is registered with multiple path values, the
      * value of the <code>path</code> request attribute may be used to implement
      * specific handling.
+     * <p>
+     * If the {@link #REQUEST_LOGIN_PARAMETER} request parameter is set only
+     * those authentication handlers registered with an {@link #TYPE_PROPERTY
+     * authentication type} matching the parameter will be considered for
+     * requesting credentials through this method.
+     * <p>
+     * A handler not registered with an {@link #TYPE_PROPERTY authentication
+     * type} will, for backwards compatibility reasons, always be called
+     * ignoring the actual value of the {@link #REQUEST_LOGIN_PARAMETER}
+     * parameter.
      *
      * @param request The request object.
      * @param response The response object to which to send the request.
-     * @return <code>true</code> if the handler is able to end an authentication
+     * @return <code>true</code> if the handler is able to send an authentication
      *         inquiry for the given request. <code>false</code> otherwise.
      * @throws IOException If an error occurrs sending the authentication
      *             inquiry to the client.



Mime
View raw message