Return-Path: Delivered-To: apmail-sling-commits-archive@www.apache.org Received: (qmail 12722 invoked from network); 16 Feb 2010 13:11:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 16 Feb 2010 13:11:17 -0000 Received: (qmail 92702 invoked by uid 500); 16 Feb 2010 13:11:17 -0000 Delivered-To: apmail-sling-commits-archive@sling.apache.org Received: (qmail 92644 invoked by uid 500); 16 Feb 2010 13:11:17 -0000 Mailing-List: contact commits-help@sling.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sling.apache.org Delivered-To: mailing list commits@sling.apache.org Received: (qmail 92635 invoked by uid 99); 16 Feb 2010 13:11:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 13:11:17 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 13:11:16 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 90A88238897D; Tue, 16 Feb 2010 13:10:56 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r910509 - in /sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth: impl/AuthenticationHandlerHolder.java spi/AuthenticationHandler.java Date: Tue, 16 Feb 2010 13:10:56 -0000 To: commits@sling.apache.org From: fmeschbe@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100216131056.90A88238897D@eris.apache.org> Author: fmeschbe Date: Tue Feb 16 13:10:55 2010 New Revision: 910509 URL: http://svn.apache.org/viewvc?rev=910509&view=rev Log: SLING-1382 Define new AuthenticationHandler constants for authentication type definition and requiring and implement support Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java?rev=910509&r1=910508&r2=910509&view=diff ============================================================================== --- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java (original) +++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/impl/AuthenticationHandlerHolder.java Tue Feb 16 13:10:55 2010 @@ -26,13 +26,13 @@ import org.apache.sling.commons.auth.spi.AuthenticationFeedbackHandler; import org.apache.sling.commons.auth.spi.AuthenticationHandler; import org.apache.sling.commons.auth.spi.AuthenticationInfo; +import org.apache.sling.commons.osgi.OsgiUtil; import org.osgi.framework.ServiceReference; /** * The AuthenticationHandlerHolder class represents an * authentication handler service in the internal data structure of the * {@link SlingAuthenticator}. - * */ final class AuthenticationHandlerHolder extends AbstractAuthenticationHandlerHolder { @@ -40,6 +40,9 @@ // the actual authentication handler private final AuthenticationHandler handler; + // the supported authentication type of the handler + private final String authType; + AuthenticationHandlerHolder(final String fullPath, final AuthenticationHandler handler, final ServiceReference serviceReference) { @@ -47,6 +50,8 @@ // assign the fields this.handler = handler; + this.authType = OsgiUtil.toString( + serviceReference.getProperty(TYPE_PROPERTY), null); } @Override @@ -59,14 +64,19 @@ public AuthenticationInfo doExtractCredentials(HttpServletRequest request, HttpServletResponse response) { - return handler.extractCredentials(request, response); - } public boolean doRequestCredentials(HttpServletRequest request, HttpServletResponse response) throws IOException { - return handler.requestCredentials(request, response); + + // call handler if ok by its authentication type + if (doesRequestCredentials(request)) { + return handler.requestCredentials(request, response); + } + + // no credentials have been requested + return false; } public void doDropCredentials(HttpServletRequest request, @@ -94,4 +104,34 @@ public String toString() { return handler.toString(); } + + /** + * Returns true if the requestCredentials method + * of the held authentication handler should be called or not: + *
    + *
  • If the authentication handler is registered without an authentication + * type
    • + *
  • If the sling:authRequestLogin request parameter is not + * set
    • + *
  • If the sling:authRequestLogin is set to the same value + * as the authentication type of the held authentication handler.
    • + *
      + *

      + * Otherwise false is returned and the + * requestCredentials method is not called. + * + * @param request The request object providing the + * sling:authRequestLogin parameter + * @return true if the requestCredentials method + * should be called. + */ + private boolean doesRequestCredentials(final HttpServletRequest request) { + // no configured authentication type, always request credentials + if (authType == null) { + return true; + } + + final String requestLogin = request.getParameter(REQUEST_LOGIN_PARAMETER); + return requestLogin == null || authType.equals(requestLogin); + } } \ No newline at end of file Modified: sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java?rev=910509&r1=910508&r2=910509&view=diff ============================================================================== --- sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java (original) +++ sling/trunk/bundles/commons/auth/src/main/java/org/apache/sling/commons/auth/spi/AuthenticationHandler.java Tue Feb 16 13:10:55 2010 @@ -52,6 +52,35 @@ static final String PATH_PROPERTY = "path"; /** + * The name of the service registration property (single string) providing + * the authentication type of authentication handler. This is the same value + * as will be returned as the {@link AuthenticationInfo#getAuthType() + * authentication type} returned by the + * {@link #extractCredentials(HttpServletRequest, HttpServletResponse)} + * method. + *

      + *

      + * This property is optional but allows the client to optionally select the + * authentication handler which will actually request credentials upon the + * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)} + * method. + * + * @see #REQUEST_LOGIN_PARAMETER + */ + static final String TYPE_PROPERTY = "authtype"; + + /** + * The request parameter which may be used to explicitly select an + * authentication handler by its {@link #TYPE_PROPERTY type} if + * authentication will be requested through + * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}. + * + * @see #requestCredentials(HttpServletRequest, HttpServletResponse) + * @see #TYPE_PROPERTY + */ + static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin"; + + /** * Extracts credential data from the request if at all contained. *

      * The method returns any of the following values : @@ -73,9 +102,9 @@ * * {@link AuthenticationInfo#FAIL_AUTH} * the handler failed extracting the credentials from the request for - * any reason. An example of this result is that credentials are present - * in the request but they could not be validated and thus not be used - * for request processing. + * any reason. An example of this result is that credentials are present in + * the request but they could not be validated and thus not be used for + * request processing. * * * AuthenticationInfo object @@ -125,10 +154,20 @@ * attribute. If the service is registered with multiple path values, the * value of the path request attribute may be used to implement * specific handling. + *

      + * If the {@link #REQUEST_LOGIN_PARAMETER} request parameter is set only + * those authentication handlers registered with an {@link #TYPE_PROPERTY + * authentication type} matching the parameter will be considered for + * requesting credentials through this method. + *

      + * A handler not registered with an {@link #TYPE_PROPERTY authentication + * type} will, for backwards compatibility reasons, always be called + * ignoring the actual value of the {@link #REQUEST_LOGIN_PARAMETER} + * parameter. * * @param request The request object. * @param response The response object to which to send the request. - * @return true if the handler is able to end an authentication + * @return true if the handler is able to send an authentication * inquiry for the given request. false otherwise. * @throws IOException If an error occurrs sending the authentication * inquiry to the client.