sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fmesc...@apache.org
Subject svn commit: r998105 - in /sling/trunk/bundles/auth: core/src/main/java/org/apache/sling/auth/core/spi/ form/src/main/java/org/apache/sling/auth/form/impl/ openid/src/main/java/org/apache/sling/auth/openid/ selector/src/main/java/org/apache/sling/auth/s...
Date Fri, 17 Sep 2010 12:55:50 GMT
Author: fmeschbe
Date: Fri Sep 17 12:55:49 2010
New Revision: 998105

URL: http://svn.apache.org/viewvc?rev=998105&view=rev
Log:
SLING-1783 Make the use of the j_reason request attribute to inform about failures for authentication
official

Modified:
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
    sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
    sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
    sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
    sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java
    sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java
    sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
Fri Sep 17 12:55:49 2010
@@ -40,6 +40,12 @@ public interface AuthenticationFeedbackH
      * authentication handler whose
      * {@link AuthenticationHandler#requestCredentials(HttpServletRequest, HttpServletResponse)
      * requestCredentials} method will be called.
+     * <p>
+     * Implementations may also wish to set the
+     * {@link AuthenticationHandler#FAILURE_REASON} request attribute to inform
+     * interested parties (including its any
+     * {@link AuthenticationHandler#requestCredentials(HttpServletRequest, HttpServletResponse)}
+     * method about the reasons of failure to to authenticate.
      *
      * @param request The current request
      * @param response The current response

Modified: sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
(original)
+++ sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
Fri Sep 17 12:55:49 2010
@@ -81,6 +81,16 @@ public interface AuthenticationHandler {
     static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
 
     /**
+     * Name of the request attribute which may be set by the
+     * {@link #extractCredentials(HttpServletRequest, HttpServletResponse)}
+     * method if {@link AuthenticationInfo#FAIL_AUTH} is returned.
+     * <p>
+     * This result may be used by authentication handlers to inform the user
+     * of any failures.
+     */
+    static final String FAILURE_REASON = "j_reason";
+
+    /**
      * Extracts credential data from the request if at all contained.
      * <p>
      * The method returns any of the following values :
@@ -104,7 +114,11 @@ public interface AuthenticationHandler {
      * <td>the handler failed extracting the credentials from the request for
      * any reason. An example of this result is that credentials are present in
      * the request but they could not be validated and thus not be used for
-     * request processing.
+     * request processing. When returning this value, the authentication handler
+     * may also set the {@link #FAILURE_REASON} request attribute to inform
+     * interested parties (including its own
+     * {@link #requestCredentials(HttpServletRequest, HttpServletResponse)}
+     * method for the reasons of failure to extract the credentials.
      * </tr>
      * <tr>
      * <td><code>AuthenticationInfo</code> object

Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
(original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java
Fri Sep 17 12:55:49 2010
@@ -26,6 +26,7 @@ import org.apache.felix.scr.annotations.
 import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Service;
 import org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
 import org.apache.sling.auth.form.FormReason;
 
 /**
@@ -65,12 +66,12 @@ public class AuthenticationFormServlet e
      */
     protected String getReason(final HttpServletRequest request) {
         // return the resource attribute if set to a non-empty string
-        Object resObj = request.getAttribute(FormAuthenticationHandler.PAR_J_REASON);
+        Object resObj = request.getAttribute(AuthenticationHandler.FAILURE_REASON);
         if (resObj instanceof FormReason) {
             return ((FormReason) resObj).toString();
         }
 
-        final String reason = request.getParameter(FormAuthenticationHandler.PAR_J_REASON);
+        final String reason = request.getParameter(AuthenticationHandler.FAILURE_REASON);
         if (reason != null) {
             try {
                 return FormReason.valueOf(reason).toString();

Modified: sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
(original)
+++ sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
Fri Sep 17 12:55:49 2010
@@ -241,15 +241,6 @@ public class FormAuthenticationHandler e
     private static final String PAR_J_VALIDATE = "j_validate";
 
     /**
-     * The name of the request parameter indicating to the login form why the
-     * form is being rendered. If this parameter is not set the form is called
-     * for the first time and the implied reason is that the authenticator just
-     * requests credentials. Otherwise the parameter is set to a
-     * {@link FormReason} value.
-     */
-    static final String PAR_J_REASON = "j_reason";
-
-    /**
      * Key in the AuthenticationInfo map which contains the domain on which the
      * auth cookie should be set.
      */
@@ -333,7 +324,7 @@ public class FormAuthenticationHandler e
                 } else {
                     if (this.loginAfterExpire) {
                       // signal the requestCredentials method a previous login failure
-                        request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT);
+                        request.setAttribute(FAILURE_REASON, FormReason.TIMEOUT);
                         info = AuthenticationInfo.FAIL_AUTH;
                     }
                     // clear the cookie, its invalid and we should get rid of it so that
the invalid cookie
@@ -421,13 +412,13 @@ public class FormAuthenticationHandler e
         }
 
         // append indication of previous login failure
-        if (request.getAttribute(PAR_J_REASON) != null) {
-            final Object jReason = request.getAttribute(PAR_J_REASON);
+        if (request.getAttribute(FAILURE_REASON) != null) {
+            final Object jReason = request.getAttribute(FAILURE_REASON);
             @SuppressWarnings("unchecked")
             final String reason = (jReason instanceof Enum)
                     ? ((Enum) jReason).name()
                     : jReason.toString();
-            targetBuilder.append(parSep).append(PAR_J_REASON);
+            targetBuilder.append(parSep).append(FAILURE_REASON);
             targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
         }
 
@@ -470,7 +461,7 @@ public class FormAuthenticationHandler e
         authStorage.clear(request, response);
 
         // signal the requestCredentials method a previous login failure
-        request.setAttribute(PAR_J_REASON, FormReason.INVALID_CREDENTIALS);
+        request.setAttribute(FAILURE_REASON, FormReason.INVALID_CREDENTIALS);
     }
 
     /**
@@ -1003,23 +994,23 @@ public class FormAuthenticationHandler e
             final StringBuilder header = new StringBuilder();
 
             // default setup with name, value, cookie path and HttpOnly
-            header.append(name).append('=').append(value);
-            header.append(";Path=").append(cookiePath);
-            header.append(";HttpOnly"); // don't allow JS access
+            header.append(name).append("=\"").append(value).append('"');
+            header.append("; Path=\"").append(cookiePath).append('"');
+            header.append("; HttpOnly"); // don't allow JS access
 
             // set the cookie domain if so configured
             if (domain != null) {
-                header.append(";Domain=").append(domain);
+                header.append("; Domain=\"").append(domain).append('"');
             }
 
             // Only set the Max-Age attribute to remove the cookie
-            if (age == 0) {
-                header.append(";Max-Age=").append(age);
+            if (age >= 0) {
+                header.append("; Max-Age=\"").append(age).append('"');
             }
 
             // ensure the cookie is secured if this is an https request
             if (request.isSecure()) {
-                header.append(";Secure");
+                header.append("; Secure");
             }
 
             response.addHeader(HEADER_SET_COOKIE, header.toString());

Modified: sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java
(original)
+++ sling/trunk/bundles/auth/openid/src/main/java/org/apache/sling/auth/openid/OpenIDConstants.java
Fri Sep 17 12:55:49 2010
@@ -18,6 +18,8 @@
  */
 package org.apache.sling.auth.openid;
 
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+
 /**
  * The <code>OpenIDConstants</code> class defines useful constants for
  * implementors of login forms for OpenID authentication.
@@ -56,7 +58,7 @@ public final class OpenIDConstants {
      * &lt;/div>
      * </pre>
      */
-    public static final String OPENID_FAILURE_REASON = "j_reason";
+    public static final String OPENID_FAILURE_REASON = AuthenticationHandler.FAILURE_REASON;
 
     /**
      * The name of the request parameter set by the

Modified: sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java
(original)
+++ sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorAuthenticationHandler.java
Fri Sep 17 12:55:49 2010
@@ -34,7 +34,6 @@ import org.apache.felix.scr.annotations.
 import org.apache.sling.api.auth.Authenticator;
 import org.apache.sling.auth.core.spi.AbstractAuthenticationHandler;
 import org.apache.sling.auth.core.spi.AuthenticationInfo;
-import org.apache.sling.auth.openid.OpenIDConstants;
 import org.apache.sling.commons.osgi.OsgiUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -60,15 +59,6 @@ public class SelectorAuthenticationHandl
         AbstractAuthenticationHandler {
 
     /**
-     * The name of the request parameter indicating to the login form why the
-     * form is being rendered. If this parameter is not set the form is called
-     * for the first time and the implied reason is that the authenticator just
-     * requests credentials. Otherwise the parameter is set to a
-     * {@link FormReason} value.
-     */
-    static final String PAR_J_REASON = "j_reason";
-
-    /**
      * Request parameter indicating which authentication type was selected by
      * the user. This is used to present the appropriate form if login fails.
      */
@@ -109,21 +99,13 @@ public class SelectorAuthenticationHandl
                 "UTF-8"));
 
         // append indication of previous login failure
-        if (request.getAttribute(PAR_J_REASON) != null) {
-            final Object jReason = request.getAttribute(PAR_J_REASON);
-            @SuppressWarnings("rawtypes")
-            final String reason = (jReason instanceof Enum)
-                    ? ((Enum) jReason).name()
-                    : jReason.toString();
-            targetBuilder.append('&').append(PAR_J_REASON);
-            targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
-        } else if (request.getAttribute(OpenIDConstants.OPENID_FAILURE_REASON) != null) {
-            final Object jReason = request.getAttribute(OpenIDConstants.OPENID_FAILURE_REASON);
+        if (request.getAttribute(FAILURE_REASON) != null) {
+            final Object jReason = request.getAttribute(FAILURE_REASON);
             @SuppressWarnings("rawtypes")
             final String reason = (jReason instanceof Enum)
                     ? ((Enum) jReason).name()
                     : jReason.toString();
-            targetBuilder.append('&').append(PAR_J_REASON);
+            targetBuilder.append('&').append(FAILURE_REASON);
             targetBuilder.append("=").append(URLEncoder.encode(reason, "UTF-8"));
         }
 

Modified: sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java?rev=998105&r1=998104&r2=998105&view=diff
==============================================================================
--- sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java
(original)
+++ sling/trunk/bundles/auth/selector/src/main/java/org/apache/sling/auth/selector/SelectorFormServlet.java
Fri Sep 17 12:55:49 2010
@@ -28,6 +28,7 @@ import org.apache.felix.scr.annotations.
 import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Service;
 import org.apache.sling.auth.core.spi.AbstractAuthenticationFormServlet;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
 import org.apache.sling.auth.form.FormReason;
 import org.apache.sling.auth.openid.OpenIDConstants;
 import org.apache.sling.auth.openid.OpenIDFailure;
@@ -87,12 +88,12 @@ public class SelectorFormServlet extends
 
         // 1. Check whether there is a reason from the Form Based Authentication
         // Handler
-        Object formResObj = request.getAttribute(SelectorAuthenticationHandler.PAR_J_REASON);
+        Object formResObj = request.getAttribute(AuthenticationHandler.FAILURE_REASON);
         if (formResObj instanceof Enum<?>) {
             return formResObj.toString();
         }
 
-        final String jReason = request.getParameter(SelectorAuthenticationHandler.PAR_J_REASON);
+        final String jReason = request.getParameter(AuthenticationHandler.FAILURE_REASON);
         if (jReason != null) {
             try {
                 return FormReason.valueOf(jReason).toString();



Mime
View raw message