sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdelacre...@apache.org
Subject [38/53] sling-site git commit: asf-site branch created for published content
Date Mon, 19 Jun 2017 12:41:44 GMT
http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/authentication/authentication-actors.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/authentication/authentication-actors.html b/documentation/the-sling-engine/authentication/authentication-actors.html
new file mode 100644
index 0000000..cec16a4
--- /dev/null
+++ b/documentation/the-sling-engine/authentication/authentication-actors.html
@@ -0,0 +1,73 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>Authentication - Actors</h1></header><p>Excerpt: The authentication process involves a number of actors contributing to the concepts, the API and the particular implementations.</p>
+<p>The authentication process involves a number of actors contributing to the concepts, the API and the particular implementations.</p>
+<h2>OSGi Http Service Specification</h2>
+<p>The main support for authentication is defined by the OSGi Http Service specification. This specification defines how an OSGi application can register servlets and resources to build web applications. As part of the servlet and/or resource registration a <code>HttpContext</code> may be provided, which allows for additional support.</p>
+<p>The main method of interest to the authentication process is the <code>handleSecurity</code> method. This is called by the OSGi Http Service implementation before the registered servlet is called. Its intent is to authenticate the request and to provide authentication information for the request object: the authentication type and the remote user name.</p>
+<p>The Sling Auth Core bundle provides the <code>AuthenticationSupport</code> service which may be used to the implement the <code>HttpContext.handleSecurity</code> method.</p>
+<h2>Sling Engine</h2>
+<p>The Sling Engine implements the main entry point into the Sling system by means of the <code>SlingMainServlet</code>. This servlet is registered with the OSGi Http Service and provides a custom <code>HttpContext</code> whose <code>handleSecurity</code> method is implemented by the <code>AuthenticationSupport</code> service.</p>
+<p>When the request hits the <code>service</code> method of the Sling Main Servlet, the resource resolver provided by the <code>AuthenticationSupport</code> service is retrieved from the request attributes and used as the resource resolver for the request.</p>
+<p>That's all there is for the Sling Engine to do with respect to authentication.</p>
+<h2>Sling Auth Core</h2>
+<p>The support for authenticating client requests is implemented in the Sling Auth Core bundle. As such this bundle provides three areas of support</p>
+<ul>
+  <li><code>AuthenticationHandler</code> service interface. This is implemented by services providing functionality to extract credentials from HTTP requests.</li>
+  <li><code>Authenticator</code> service interface. This is implemented by the <code>SlingAuthenticator</code> class in the Sling Auth Core bundle and provides applications with entry points to login and logout.</li>
+  <li><code>AuthenticationSupport</code> service interface. This is implemented by the <code>SlingAuthenticator</code> class in the Sling Auth Core bundle and allows applications registering with the OSGi HTTP Service to make use of the Sling authentication infrastructure.</li>
+</ul>
+<h2>JCR Repository</h2>
+<p>The actual process of logging into the repository and provided a <code>Session</code> is implementation dependent. In the case of Jackrabbit extensibility is provided by configuration of the Jackrabbit repository by means of an interface and two helper classes:</p>
+<ul>
+  <li><code>LoginModule</code> -- The interface to be implemented to provide login processing plugins</li>
+  <li><code>AbstractLoginModule</code> -- A an abstract base class implementation of the <code>LoginModule</code> interface.</li>
+  <li><code>DefaultLoginModule</code> -- The default implementation of the <code>AbstractLoginModule</code> provided by Jackabbit. This login module takes <code>SimpleCredentials</code> and uses the repository to lookup the users, validate the credentials and providing the <code>Principal</code> representing the user towards the repository.</li>
+</ul>
+<p>The Sling Jackrabbit Embedded Repository bundle provides additional plugin interfaces to extend the login process dynamically using OSGi services. To this avail the bundle configures a <code>LoginModule</code> with the provided default Jackrabbit configuration supporting these plugins:</p>
+<ul>
+  <li><code>LoginModulePlugin</code> -- The main service interface. Plugins must implement this interface to be able to extend the login process. See for example the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/">Sling OpenID authentication handler</a>, which implements this interface to support OpenID authentication.</li>
+  <li><code>AuthenticationPlugin</code> -- Helper interface for the <code>LoginModulePlugin</code>.</li>
+</ul>
+<h2>Sling Applications</h2>
+<p>Sling Applications requiring authenticated requests should not care about how authentication is implemented. To support such functionality the <code>Authenticator</code> service is provided with two methods:</p>
+<ul>
+  <li>
+  <p><code>login</code> -- allows the application to ensure requests are authenticated. This involves selecting an <code>AuthenticationHandler</code> to request credentials for authentication.</p></li>
+  <li>
+  <p><code>logout</code> -- allows the application to forget about any authentication. This involves selecting an <code>AuthenticationHandler</code> to forget about credentials in the request.</p></li>
+</ul>
+<p>Sling Applications should never directly use any knowledge of any authentication handler or directly call into an authentication handler. This will certainly break the application and cause unexpected behaviour.</p>
+<div class="info">
+If you want to know whether a request is authenticated or not, you can inspect the result of the <code>HttpServletRequest.getAuthType</code> method: If this method returns <code>null</code> the request is not authenticated.
+</div></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>

http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html b/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
new file mode 100644
index 0000000..8ab1b7d
--- /dev/null
+++ b/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
@@ -0,0 +1,107 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>Authentication - AuthenticationHandler</h1></header><p>Excerpt: The <code>AuthenticationHandler</code> interface defines the service API which may be implemented by authentication handlers registered as OSGi services.</p>
+<p>The <code>AuthenticationHandler</code> interface defines the service API which may be implemented by authentication handlers registered as OSGi services.</p>
+<p><code>AuthenticationHandler</code> services have a single required service registration property which is used to identify requests to which the <code>AuthenticationHandler</code> service is applicable:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Property </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>path</code> </td>
+      <td>One or more (array or vector) string values indicating the request URLs to which the <code>AuthenticationHandler</code> is applicable. </td>
+    </tr>
+    <tr>
+      <td><code>authtype</code> </td>
+      <td>The authentication type implemented by this handler. This is a string value property and should be the same as will be used as the authentication type of the <code>AuthenticationInfo</code> object provided by the <code>extractCredentials</code> method. If this property is set, the <code>requestCredentials</code> method of the authentication handler is only called if the <code>sling:authRequestLogin</code> request parameter is either not set or is set to the same value as the <code>authtype</code> of the handler. This property is optional. If not set, the <code>requestCredentials</code> method is always called regardless of the value of the <code>sling:authRequestLogin</code> request parameter. </td>
+    </tr>
+  </tbody>
+</table>
+<p>Each path may be an absolute URL, an URL with just the host/port and path or just a plain absolute path:</p>
+<table>
+  <thead>
+    <tr>
+      <th>URL part </th>
+      <th>Scheme </th>
+      <th>Host/Port </th>
+      <th>Path </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Absolute URL </td>
+      <td>must match </td>
+      <td>must match </td>
+      <td>request URL path is prefixed with the path </td>
+    </tr>
+    <tr>
+      <td>Host/Port with Path </td>
+      <td>ignored </td>
+      <td>must match </td>
+      <td>request URL path is prefixed with the path </td>
+    </tr>
+    <tr>
+      <td>Path </td>
+      <td>ignored </td>
+      <td>ignored </td>
+      <td>request URL path is prefixed with the path </td>
+    </tr>
+  </tbody>
+</table>
+<p>When looking for an <code>AuthenticationHandler</code> the authentication handler is selected whose path is the longest match on the request URL. If the service is registered with Scheme and Host/Port, these must exactly match for the service to be eligible. If multiple <code>AuthenticationHandler</code> services are registered with the same length matching path, the handler with the higher service ranking is selected[^ranking].</p>
+<p>[^ranking]: Service ranking is defined by the OSGi Core Specification as follows: <em>If multiple qualifying service interfaces exist, a service with the highest <code>service.ranking</code> number, or when equal to the lowest <code>service.id</code>, determines which service object is returned by the Framework</em>.</p>
+<p>The value of <code>path</code> service registration property value triggering the call to any of the <code>AuthenticationHandler</code> methods is available as the <code>path</code> request attribute (for the time of the method call only). If the service is registered with multiple path values, the value of the <code>path</code> request attribute may be used to implement specific handling.</p>
+<h3>Implementations provided by Sling</h3>
+<ul>
+  <li><a href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html">Form Based AuthenticationHandler</a></li>
+  <li><a href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html">OpenID AuthenticationHandler</a></li>
+</ul>
+<h3>Sample implementations</h3>
+<h4>HTTP Basic Authentication Handler</h4>
+<ul>
+  <li><code>extractCredentials</code> -- Get user name and password from the <code>Authorization</code> HTTP header</li>
+  <li><code>requestCredentials</code> -- Send a 401/UNAUTHORIZED status with <code>WWW-Authenticate</code> response header setting the Realm</li>
+  <li><code>dropCredentials</code> -- Send a 401/UNAUTHORIZED status with <code>WWW-Authenticate</code> response header setting the Realm</li>
+</ul>
+<p>Interestingly the <code>dropCredentials</code> method is implemented in the same way as the <code>requestCredentials</code> method. The reason for this is, that HTTP Basic authentication does not have a notion of login and logout. Rather the request is accompanied with an <code>Authorization</code> header or not. The contents of this header is usually cached by the client browser. So logout is actually simulated by sending a 401/UNAUTHORIZED status thus causing the client browser to clear the cache and ask for user name and password.</p>
+<h4>Form Based Authentication Handler</h4>
+<ul>
+  <li><code>extractCredentials</code> -- Get user name and password with the help of a special cookie (note, that of course the cookie should not contain this data, but refer to it in an internal store of the authentication handler). If the cookie is not set, check for specific login parameters to setup the cookie.</li>
+  <li><code>requestCredentials</code> -- Send the login form for the user to provide the login parameters.</li>
+  <li><code>dropCredentials</code> -- Clear the authentication cookie and internal store.</li>
+</ul>
+<p>///Footnotes Go Here///</p></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>

http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html b/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
new file mode 100644
index 0000000..64092aa
--- /dev/null
+++ b/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
@@ -0,0 +1,180 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>Form Based AuthenticationHandler</h1></header><p>[TOC]</p>
+<p>The Form Based AuthenticationHandler has two authentication phases: The first phase is presenting a login form to the user and passing the entered user name and password to the server. The second phase is storing successful authentication in a Cookie or an HTTP Session.</p>
+<p>The implementation of the Form Based Authentication Handler follows the guidelines of the Servlet API 2.4 specification for <em>Form Based Authentication</em> in section SRV.12.5.3. Specifically the following requirements are implemented:</p>
+<ul>
+  <li>For the initial form submission, the request URL must end with <code>/j_security_check</code> and the user name and password names must be <code>j_username</code> and <code>j_password</code>, resp.</li>
+  <li>The authentication type as returned by <code>HttpServletRequest.getAuthType()</code> is set to <code>HttpServletRequest.FORM_AUTH</code>.</li>
+</ul>
+<p>The Form Based Authentication Handler is maintained in the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form">Sling SVN</a></p>
+<h3>AuthenticationHandler implementation</h3>
+<ul>
+  <li><code>extractCredentials</code> -- Prepares credentials for the form entered data or from the Cookie or HTTP Session attribute. Returns <code>null</code> if neither data is provided in the request</li>
+  <li><code>requestCredentials</code> -- Redirects the client (browser) to the login form</li>
+  <li><code>dropCredentials</code> -- Remove the Cookie or remove the HTTP Session attribute</li>
+</ul>
+<h3>AuthenticationFeedbackHandler implementation</h3>
+<ul>
+  <li><code>authenticationFailed</code> -- Remove the Cookie or remove the HTTP Session attribute</li>
+  <li><code>authenticationSucceeded</code> -- Set (or update) the Cookie or HTTP Session attribute</li>
+</ul>
+<h3>Phase 1: Form Submission</h3>
+<p>The login form submitted in phase 1 to validate the user name and password must be provided in an HTTP <code>POST</code> request to an URL whose last segment is <code>j_security_check</code>. The request is ignored as a form submission if either the method is not <code>POST</code> or the last segment is no <code>j_security_check</code>.</p>
+<p>The form is rendered by redirecting the client to the URL indicated by the <code>form.login.form</code> configuration parameter. This redirection request may accompanyied by the following parameters:</p>
+<ul>
+  <li><code>resource</code> -- The resource to which the user should be redirected after successful login. This request parameter should be submitted back to the server as the <code>resource</code> parameter.</li>
+  <li><code>j_reason</code> -- This parameter indicates the reason for rendering the login form. If this parameter is set, it is set to <code>INVALID_CREDENTIALS</code> indicating a previous form submission presented invalid username and password or <code>TIMEOUT</code> indicating a login session has timed out. The login form servlet/script can present the user with an appropriate message.</li>
+</ul>
+<p>The Form Based Authentication Handlers supports the following request parameters submitted by the HTML form:</p>
+<ul>
+  <li><code>j_username</code> -- Name of the user to authenticate</li>
+  <li><code>j_password</code> -- Password to authenticate the user</li>
+  <li><code>j_validate</code> -- Flag indicating whether to just validate the credentials</li>
+  <li><code>resource</code> -- The location to go to on successful login</li>
+  <li><code>sling.auth.redirect</code> -- The location to redirect to on successful login</li>
+</ul>
+<p>The <code>j_username</code> and <code>j_password</code> parameters are used to create a JCR <code>SimpleCredentials</code> object to log into the JCR Repository.</p>
+<p>The <code>j_validate</code> parameter may be used to implement login form submission using AJAX. If this parameter is set to <code>true</code> (case-insensitive) the credentials are used to login and after success or failure to return a status code:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Status </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>200 OK</code> </td>
+      <td>Authentication succeeded; credentials are valid for login; the Cookie or HTTP Session attribute is now set </td>
+    </tr>
+    <tr>
+      <td><code>403 FORBIDDEN</code> </td>
+      <td>Authentication failed; credentials are invalid for login; the Cookie or HTTP Session attribute is not set (if it was set, it is now cleared) </td>
+    </tr>
+  </tbody>
+</table>
+<p>If the <code>j_validate</code> parameter is not set or is set to any value other than <code>true</code>, the request processing depends on authentication success or failure:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Authentication </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Success </td>
+      <td>Client is redirected to the authenticated resource; the Cookie or HTTP Session attribute is now set. </td>
+    </tr>
+    <tr>
+      <td>Failure </td>
+      <td>The request is redirected to the login form again; the Cookie or HTTP Session attribute is not set (if it was set, it is now cleared) </td>
+    </tr>
+  </tbody>
+</table>
+<p>The <code>resource</code> and <code>sling.auth.redirect</code> parameters provide similar functionality but with differing historical backgrounds. The <code>resource</code> parameter is based on the <code>resource</code> request attribute which is set by the login servlet to indicate the original target resource the client desired when it was forced to authenticate. The <code>sling.auth.redirect</code> parameter can be used by clients (applications like cURL or plain HTML forms) to request being redirected after successful login. If both parameters are set, the <code>sling.auth.redirect</code> parameter takes precedence.</p>
+<p>The Form Based Authentication Handler contains a <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java">default form servlet</a> and <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html">HTML form template</a>.</p>
+<h3>Phase 2: Authenticated Requests</h3>
+<p>After the successful authentication of the user in phase 1, the authentication state is stored in a Cookie or an HTTP Session. The stored value is a security token with the following contents:</p>
+<p>HmacSHA1(securetoken, <securetokennumber><expirytime>@<userID>)@<securetokennumber><expirytime>@<userID></p>
+<p>The <code>securetoken</code> and <code>securetokennumber</code> are related in that an table of secure tokens is maintained where the <code>securetoken</code> is an entry in the table and the <code>securetokennumber</code> is the index in of the token in the table.</p>
+<p>The secure tokens are refreshed periodically causing the authentication state stored in the Cookie or the HTTP Session to be updated peridocally. This periodic update has two advantages:</p>
+<ul>
+  <li>Login sessions time out after some period of inactivity: If a request is handled for an authentication state whose expiry time has passed, the request is considered unauthenticated.</li>
+  <li>If a Cookie would be stolen or an HTTP Session be hijacked, the authentication state expires within a reasonable amount of time to try to prevent stealing the authentication.</li>
+</ul>
+<p>The authentication state may be transmitted with a Cookie which is configured as follows:</p>
+<ul>
+  <li><em>Cookie Path</em> -- Set to the servlet context path</li>
+  <li><em>Domain</em> -- See below</li>
+  <li><em>Age</em> -- Set to -1 to indicate a session Cookie</li>
+  <li><em>Secure</em> -- Set to the value returned by the <code>ServletRequest.isSecure()</code> method</li>
+</ul>
+<p>If the authentication state is kept in an HTTP Session the setup of the session ID cookie is maintained by the servlet container and is outside of the control of the Form Based AuthenticationHandler.</p>
+<h3>Configuration</h3>
+<p>The Form Based Authentication Handler is configured with configuration provided by the OSGi Configuration Admin Service using the <code>org.apache.sling.formauth.FormAuthenticationHandler</code> service PID.</p>
+<table>
+  <thead>
+    <tr>
+      <th>Parameter </th>
+      <th>Default </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>form.login.form</code> </td>
+      <td><code>/system/sling/form/login</code> </td>
+      <td>The URL (without any context path prefix) to redirect the client to to present the login form. </td>
+    </tr>
+    <tr>
+      <td><code>form.auth.storage</code> </td>
+      <td><code>cookie</code> </td>
+      <td>The type of storage used to provide the authentication state. Valid values are <code>cookie</code> and <code>session</code>. The default value also applies if any setting other than the supported values is configured. </td>
+    </tr>
+    <tr>
+      <td><code>form.auth.name</code> </td>
+      <td><code>sling.formauth</code> </td>
+      <td>The name of the Cookie or HTTP Session attribute providing the authentication state. </td>
+    </tr>
+    <tr>
+      <td><code>form.auth.timeout</code> </td>
+      <td><code>30</code> </td>
+      <td>The number of minutes after which a login session times out. This value is used as the expiry time set in the authentication data. </td>
+    </tr>
+    <tr>
+      <td><code>form.credentials.name</code> </td>
+      <td><code>sling.formauth</code> </td>
+      <td>The name of the <code>SimpleCredentials</code> attribute used to provide the authentication data to the <code>LoginModulePlugin</code>. </td>
+    </tr>
+    <tr>
+      <td><code>form.token.file</code> </td>
+      <td><code>cookie-tokens.bin</code> </td>
+      <td>The name of the file used to persist the security tokens. </td>
+    </tr>
+    <tr>
+      <td><code>form.default.cookie.domain</code> </td>
+      <td> </td>
+      <td>The domain on which cookies will be set, unless overridden in the <code>AuthenticationInfo</code> object. </td>
+    </tr>
+  </tbody>
+</table>
+<p><em>Note:</em> The <code>form.token.file</code> parameter currently refers to a file stored in the file system. If the path is a relative path, the file is either stored in the Authentication Handler bundle private data area or -- if not possible -- below the location indicated by the <code>sling.home</code> framework property or -- if <code>sling.home</code> is not set -- the current working directory. In the future this file may be store in the JCR Repository to support clustering scenarios.</p>
+<h3>Security Considerations</h3>
+<p>Form Based Authentication has some limitations in terms of security:</p>
+<ol>
+  <li>User name and password are transmitted in plain text in the initial form submission.</li>
+  <li>The Cookie used to provide the authentication state or the HTTP Session ID may be stolen.</li>
+</ol>
+<p>To prevent eavesdroppers from sniffing the credentials or stealing the Cookie a secure transport layer should be used such as TLS/SSL, VPN or IPSec.</p></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>

http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html b/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
new file mode 100644
index 0000000..936b49d
--- /dev/null
+++ b/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
@@ -0,0 +1,141 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>OpenID AuthenticationHandler</h1></header><p>[TOC]</p>
+<p>The OpenID Authentication Handler supports authentication of request users using the <a href="http://www.openid.net">OpenID</a> authentication protocol. If the user has successfully authenticated with his OpenID provider a signed OpenID identity is further used to identify the user.</p>
+<p>Since generally an OpenID identity is an URL and URLs may not be used as JCR user names, an association mechanism is used by the OpenID authentication handler to associate an OpenID identity with an existing JCR user: The OpenID identity URL is set as the value of a JCR user property. When a user authenticates with his OpenID identity the matching user searched for by looking for a match in this property.</p>
+<p><em>NOTE:</em> This association currently only works with Jackrabbit (or Jackrabbit based repositories) because user management is not part of the JCR 2 specification and the OpenID authentication handler uses the Jackrabbit <code>UserManager</code> to find users by a user property value.</p>
+<p>The OpenID Authentication Handler is maintained in the <a href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/">Sling SVN</a></p>
+<h3>Credentials Extraction</h3>
+<p>Theoretically each request with the <code>openid_identifier</code> request parameter set may initiate an OpenID authentication process which involves resolving the OpenID provider for the identifier and subsequently authentication with the provider authorizing the Sling instance to use the OpenID identity.</p>
+<p>This initiation, though, is not possible if the request already contains a valid and validated OpenID identifier either set as a request attribute or set in the HTTP Session or the OpenID cookie. In these situations, the current association of a client with an OpenID identity must first be removed by logging out, e.g. by requesting <code>/system/sling/logout.html</code> which causes the current OpenID user data to be removed by either removing it from the HTTP Session or by clearing the OpenID cookie.</p>
+<h3>Phase 1: Form Submission</h3>
+<p>Requesting an OpenID identifier is initiated by the Sling Authenticator deciding, that authentication is actually required to process a request and the OpenID Authentication Handler being selected to request credentials with.</p>
+<p>In this case the OpenID authenticator causes a form to be rendered by redirecting the client to the URL indicated by the <code>form.login.form</code> configuration parameter. This redirection request may accompanied by the following parameters:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Request Parameter </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>resource</code> </td>
+      <td>The location to which the user initially requested access and that caused the <code>requestCredentials</code> method to be called. This may not be set (or be set to an empty string). </td>
+    </tr>
+    <tr>
+      <td><code>j_reason</code> </td>
+      <td>The reason why an earlier attempt at authentication with the OpenID authentication handler failed. This request parameter is only set if the same named request attribute has been set by the <code>extractCredentials</code> or the <code>authenticationFailed</code> method. The value of the parameter is the name of one of the <code>OpenIDFailure</code> constants. </td>
+    </tr>
+    <tr>
+      <td><code>j_openid_identity</code> </td>
+      <td>The OpenID identity which could not successfully be associated with an existing JCR user. This request parameter is only set if the <code>authenticationFailed</code> method has been called due to inability to associate an existing and validated OpenID identity with an existing JCR user. </td>
+    </tr>
+  </tbody>
+</table>
+<p>The OpenID Authentication handlers supports the following request parameters submitted by the HTML form:</p>
+<ul>
+  <li><code>openid_identifier</code> -- OpenID Claimed Identifier. This may be any actual OpenID identity URL or the URL of OpenID Provider such as https://www.google.com/accounts/o8/id, https://me.yahoo.com, or https://www.myopenid.com.</li>
+  <li><code>sling:authRequestLogin</code> -- This request parameter is recommended to be set with a hidden field to the value <em>OpenID</em> to ensure the request is handled by the OpenID Authentication Handler.</li>
+  <li><code>resource</code> -- The <code>resource</code> request parameter should be sent back to ensure the user is finally redirected to requested target resource after successful authentication. If this request parameter is not set, or is set to an empty string, it is assumed to be the request context root path.</li>
+</ul>
+<p>The OpenID Authentication Handler provides a default login form registered at <code>/system/sling/openid/login</code>.</p>
+<h3>Configuration</h3>
+<p>The OpenID AuthenticationHandler is configured with configuration provided by the OSGi Configuration Admin Service using the <code>org.apache.sling.openidauth.OpenIdAuthenticationHandler</code> service PID.</p>
+<table>
+  <thead>
+    <tr>
+      <th>Parameter </th>
+      <th>Default </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+</table>
+<p>| <code>path</code> | -- | Repository path for which this authentication handler should be used by Sling. If this is empty, the authentication handler will be disabled. | | <code>openid.login.form</code> | <code>/system/sling/openid/login</code> | This should provide a way to capture the user's OpenID identifier. This is not the OpenID Provider's login page, however, it does not have to be a local URL. If it is a local Sling URL, it must be accessible by the anonymous user. The user is HTTP Redirect'ed to this URL. This page should POST back the user's OpenID identifier (as named by the "OpenID identifier form field" property) to the originally requested URL set in the "resource" request parameter. | | <code>openid.login.identifier</code> | <code>openid_identifier</code> | The name of the form parameter that provides the user's OpenID identifier. By convention this is <code>openid_identifier</code>. Only change this if you have a very good reason to do so. | | <code>openid.extern
 al.url.prefix</code> | -- | The prefix of URLs generated for the <code>ReturnTo</code> and <code>TrustRoot</code> properties of the OpenID request to the OpenID provider. Thus this URL prefix should bring back the authenticated user to this Sling instance. Configuring this property is usually necessary when running Sling behind a proxy (like Apache) since proxy mapping is not performed on the OpenID ReturnTo and TrustRoot URLs as they are sent to the OpenID Provider as form parameters. If this property is empty, the URLs are generated using the hostname found in the original request.| | <code>openid.use.cookie</code> | <code>true</code> | Whether to use a regular Cookie or an HTTP Session to cache the OpenID authentication details. By default a regular cookie is used to prevent use of HTTP Sessions. | | <code>openid.cookie.domain</code> | -- | Domain of cookie used to persist authentication. This defaults to the host name of the Sling server but may be set to a different value to sh
 are the cookie amongst a server farm or if the server is running behind a proxy. Only used if 'Use Cookie' is checked. | | <code>openid.cookie.name</code> | <code>sling.openid</code> | Name of cookie used to persist authentication. Only used if 'Use Cookie' is checked. | | <code>openid.cookie.secret.key</code> | <code>secret</code> | Secret key used to create a signature of the cookie value to prevent tampering. Only used if 'Use Cookie' is true. | | <code>openid.user.attr</code> | <code>openid.user</code> | Name of the JCR SimpleCredentials attribute to to set with the OpenID User data. This attribute is used by the OpenID LoginModule to validate the OpenID user authentication data. | | <code>openid.property.identity</code> | <code>openid.identity</code> | The name of the JCR User attribute listing one or more OpenID Identity URLs with which a user is associated. The property may be a multi- or single-valued. To resolve a JCR user ID from an OpenID identity a user is searched who l
 ists the identity in this property. |</p>
+<h3>AuthenticationHandler implementation</h3>
+<h4>extractCredentials</h4>
+<p>To extract authentication information from the request, the Sling OpenID Authentication handler considers the following information in order:</p>
+<ol>
+  <li>The OpenID credentials cookie or OpenID User data in the HTTP Session (depending on the <code>openid.use.cookie</code> configuration)</li>
+  <li>Otherwise the <code>openid_identifier</code> request parameter (or a different request parameter depending on the <code>openid.login.identifier</code> configuration)</li>
+</ol>
+<p>If the OpenID credentials already exist in the request, they are validated and returned if valid</p>
+<p>If the existing credentials fail to validate, authentication failure is assumed and the credentials are removed from the request, either by clearing the OpenID cookie or by removing the OpenID User data from the HTTP Session.</p>
+<p>If no OpenID credentials are found in the request, the request parameter is considered and if set is used to resolve the actual OpenID identity of the user. This involves redirecting the client to the OpenID provider resolved from the OpenID identifier supplied.</p>
+<p>If the supplied OpenID identifier fails to resolve to an OpenID provider or if the identifier fails to be resolved to a validated OpenID identity, authentication fails.</p>
+<h4>requestCredentials</h4>
+<p>If the <code>sling:authRequestLogin</code> parameter is set to a value other than <code>OpenID</code> this method immediately returns <code>false</code>.</p>
+<p>If the parameter is not set or is set to <code>OpenID</code> this method continues with first invalidating any cached OpenID credentials (same as <code>dropCredentials</code> does) and then redirecting the client to the login form configured with the <code>openid.login.form</code> configuration property. The redirect is provided with up to three request parameters:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Request Parameter </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>resource</code> </td>
+      <td>The location to which the user initially requested access and that caused the <code>requestCredentials</code> method to be called. </td>
+    </tr>
+    <tr>
+      <td><code>j_reason</code> </td>
+      <td>The reason why an earlier attempt at authentication with the OpenID authentication handler failed. This request parameter is only set if the same named request attribute has been set by the <code>extractCredentials</code> or the <code>authenticationFailed</code> method. The value of the parameter is the name of one of the <code>OpenIDFailure</code> constants. </td>
+    </tr>
+    <tr>
+      <td><code>j_openid_identity</code> </td>
+      <td>The OpenID identity which could not successfully be associated with an existing JCR user. This request parameter is only set if the <code>authenticationFailed</code> method has been called due to inability to associate an existing and validated OpenID identity with an existing JCR user. </td>
+    </tr>
+  </tbody>
+</table>
+<h4>dropCredentials</h4>
+<p>Invalidates the OpenID identity currently stored with the request. This means to either remove the OpenID cookie or to remove the OpenID information from the HTTP Session. This method does not write to the response (except setting the <code>Set-Cookie</code> header to remove the OpenID cookie if required) and does not commit the response.</p>
+<h3>AuthenticationFeedbackHandler implementation</h3>
+<h4>authenticationFailed</h4>
+<p>This method is called, if the Credentials provided by the Authentication Handler could not be validated by the Jackrabbit authentication infrastructure. One cause may be that the integration with Jackrabbit has not been completed (see <em>Integration with Jackrabbit</em> below). Another, more probably cause, is that the validated OpenID identifier cannot be associated with an existing JCR user.</p>
+<p>The OpenID Authentication Handler implementation of the <code>authenticationFailed</code> method sets the <code>j_reason</code> request attribute to <code>OpenIDFailure.REPOSITORY</code> and sets the <code>j_openid_identity</code> request attribute to the OpenID identity of the authenticated user.</p>
+<p>A login form provider may wish to act upon this situation and provide a login form to the user to allow to his OpenID identity with an existing JCR user.</p>
+<p>In addition, the current OpenID identity is invalidated thus the cached OpenID information is removed from the HTTP Session or the OpenID cookie is cleaned. This will allow the user to present a different OpenID identifier to retry or it will require the OpenID identity to be revalidated with the OpenID provider if the identity is associated with a JCR user.</p>
+<h4>authenticationSucceeded</h4>
+<p>The OpenID Authentication Handler implementation of the <code>authenticationSucceeded</code> method just calls the <code>DefaultAuthenticationFeedbackHandler.handleRedirect</code> method to redirect the user to the initially requested location.</p>
+<h3>Integration with Jackrabbit</h3>
+<p>The OpenID authentication handler can be integrated in two ways into the Jackrabbit authentication mechanism which is based on JAAS <code>LoginModule</code>. One integration is by means of a <code>LoginModulePlugin</code> which plugs into the extensible <code>LoginModule</code> architecture supported by the Sling Jackrabbit Embedded Repository bundle.</p>
+<p>The other integration option is the <code>trusted_credentials_attribute</code> mechanism supported by the Jackrabbit <code>DefaultLoginModule</code>. By setting the <code>trusted_credentials_attribute</code> parameter of the Jackrabbit <code>DefaultLoginModule</code> and the <code>openid.user.attr</code> configuration property of the OpenID Authentication Handler to the same value, the existence of an attribute of that name in the <code>SimpleCredentials</code> instance provided to the <code>Repository.login</code> method signals pre-authenticated credentials, which need not be further checked by the <code>DefaultLoginModule</code>.</p>
+<h3>Security Considerations</h3>
+<p>OpenIDAuthentication has some limitations in terms of security:</p>
+<ol>
+  <li>User name and password are transmitted in plain text in the initial form submission.</li>
+  <li>The Cookie used to provide the authentication state or the HTTP Session ID may be stolen.</li>
+  <li>When using the <code>trusted_credentials_attribute</code> mechanism, any intruder knowing the attribute name may log into the repository as any existing JCR user. The better option is to be based on the <code>LoginModulePlugin</code> mechanism.</li>
+</ol>
+<p>To prevent eavesdroppers from sniffing the credentials or stealing the Cookie a secure transport layer should be used such as TLS/SSL, VPN or IPSec.</p></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>

http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/authentication/authentication-framework.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/authentication/authentication-framework.html b/documentation/the-sling-engine/authentication/authentication-framework.html
new file mode 100644
index 0000000..e5d3ea1
--- /dev/null
+++ b/documentation/the-sling-engine/authentication/authentication-framework.html
@@ -0,0 +1,184 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>Authentication - Framework</h1></header><p>Excerpt: The core piece of functionality with respect to authentication in Sling is contained in the Sling Auth Core bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.</p>
+<p>The core piece of functionality with respect to authentication in Sling is contained in the Sling Auth Core bundle. This bundle provides the API for Sling and Sling applications to make use of authentication.</p>
+<p>This support encompasses three parts:</p>
+<ul>
+  <li>The <code>AuthenticationSupport</code> service provided by the <code>SlingAuthenticator</code> class. This service can be used by implementations of the OSGi <code>HttpContext</code> interface to delegate authentication.</li>
+  <li>The <code>Authenticator</code> service also provided by the <code>SlingAuthenticator</code> class. This service may be used by Sling applications to help clients login and logout.</li>
+  <li>The <code>AuthenticationHandler</code> service interface. These services may be implemented by extensions to support various ways for transporting credentials from clients to the Sling server.</li>
+</ul>
+<p>This page describes how the <code>SlingAuthenticator</code> class provides the <code>AuthenticationSupport</code> and <code>Authenticator</code> services. For a description of the <code>AuthenticationHandler</code> service interface and the interaction between the <code>SlingAuthenticator</code> and the <code>AuthenticationHandler</code> services refer to the <a href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html">AuthenticationHandler</a> page.</p>
+<p>The <code>SlingAuthenticator</code> class is an internal class of the <code>org.apache.sling.auth.core</code> bundle and implements the <code>Authenticator</code> and <code>AuthenticationSupport</code> services.</p>
+<h2>AuthenticationSupport</h2>
+<p>The <code>AuthenticationSupport</code> service interface defines a single method: <code>handleSecurity</code>. This method is intended to be called by the <code>handleSecurity</code> method of any <code>HttpContext</code> implementation wishing to make use of the Sling Authentication Framework.</p>
+<p>The Sling Authenticator implementation selects an <code>AuthenticationHandler</code> service appropriate for the request and calls the <code>AuthenticationHandler.extractCredentials</code> method to extract the credentials from the request. If no credentials could be extracted, the Sling Authenticator either admits the request as an anonymous request or requests authentication from the client by calling its own <code>login</code> method.</p>
+<p>The implementation follows this algorithm:</p>
+<ol>
+  <li>Select one or more <code>AuthenticationHandler</code> for the request according to the request URL's scheme and authorization part.</li>
+  <li>Call the <code>extractCredentials</code> method of each authentication handler, where the order of handler call is defined by the length of the registered path: handlers registered with longer paths are called before handlers with shorter paths. The goal is to call the handlers in order from longest request path match to shortest match. Handlers not matching the request path at all are not called.</li>
+  <li>The first handler returning a non-<code>null</code> <code>AuthenticationInfo</code> result "wins" and the result is used for authentication.</li>
+  <li>If any <code>AuthenticationInfoPostProcessor</code> services are registered, the <code>AuthenticationInfo</code> object is passed to their <code>postProcess()</code> method.</li>
+  <li>If no handler returns a non-<code>null</code> result, the request may be handled anonymously. In these cases, an empty <code>AuthenticationInfo</code> object is passed to any <code>AuthenticationInfoPostProcessor</code> services.</li>
+  <li>(Try to) log into the repository either with the provided credentials or anonymously.</li>
+  <li>If there were credentials provided and the login was successful, a login event is posted <em>if</em> the <code>AuthenticationInfo</code> object contains a non-null object with the key <code>$$auth.info.login$$</code> (<code>AuthConstants.AUTH_INFO_LOGIN</code>). This event is posted with the topic <code>org/apache/sling/auth/core/Authenticator/LOGIN</code>. (added in Sling Auth Core 1.1.0)</li>
+  <li>Set request attributes listed below.</li>
+</ol>
+<p>Extracting the credentials and trying to login to the repository may yield the following results:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Credentials </th>
+      <th>Login </th>
+      <th>Consequence </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>present </td>
+      <td>successful </td>
+      <td>Continue with an authenticated request </td>
+    </tr>
+    <tr>
+      <td>present </td>
+      <td>failed </td>
+      <td>Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code> method </td>
+    </tr>
+    <tr>
+      <td>missing </td>
+      <td>anonymous allowed </td>
+      <td>Continue with a non authenticated request using anonymous access to the repository </td>
+    </tr>
+    <tr>
+      <td>missing </td>
+      <td>anonymous forbidden </td>
+      <td>Select <code>AuthenticationHandler</code> and call <code>requestCredentials</code> method </td>
+    </tr>
+  </tbody>
+</table>
+<div class="note">
+Only one <code>AuthenticationHandler</code> is able to provide credentials for a given request. If the credentials provided by the handler cannot be used to login to the repository, authentication fails and no further <code>AuthenticationHandler</code> is consulted.
+</div>
+<h4>Request Attributes on Successful Login</h4>
+<p>The <code>handleSecurity</code> method gets credentials from the <code>AuthenticationHandler</code> and logs into the JCR repository using those credentials. If the login is successful, the <code>SlingAuthenticator</code> sets the following request attributes:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Attribute </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td><code>org.osgi.service.http.authentication.remote.user</code> </td>
+      <td>The user ID of the JCR Session. This attribute is used by the HTTP Service implementation to implement the <code>HttpServletRequest.getRemoteUser</code> method. </td>
+    </tr>
+    <tr>
+      <td><code>org.osgi.service.http.authentication.type</code> </td>
+      <td>The authentication type defined by the <code>AuthenticationHandler</code>. This attribute is used by the HTTP Service implementation to implement the <code>HttpServletRequest.getAuthType</code> method. </td>
+    </tr>
+    <tr>
+      <td><code>org.apache.sling.auth.core.ResourceResolver</code> </td>
+      <td>The <code>ResourceResolver</code> created from the credentials and the logged in JCR Session. This attribute may be used by servlets to access the repository. Namely the <code>SlingMainServlet</code> uses this request attribute to provide the <code>ResourceResolver</code> to handle the request. </td>
+    </tr>
+    <tr>
+      <td><code>javax.jcr.Session</code> </td>
+      <td>The JCR Session. This attribute is for backwards compatibility only. <em>Its use is deprecated and the attribute will be removed in future versions</em>. </td>
+    </tr>
+    <tr>
+      <td><code>org.apache.sling.auth.core.spi.AuthenticationInfo</code> </td>
+      <td>The <code>AuthenticationInfo</code> object produced from the <code>AuthenticationHandler</code>. </td>
+    </tr>
+  </tbody>
+</table>
+<p><strong>NOTE</strong>: Do <em>NOT</em> use the <code>javax.jcr.Session</code> request attribute in your Sling applications. This attribute must be considered implementation specific to convey the JCR Session to the <code>SlingMainServlet</code>. In future versions of the Sling Auth Core bundle, this request attribute will not be present anymore. To get the JCR Session for the current request adapt the request's resource resolver to a JCR Session:</p>
+<p>Session session = request.getResourceResolver().adaptTo(Session.class);</p>
+<h4>Anonymous Login</h4>
+<p>The <code>SlingAuthenticator</code> provides high level of control with respect to allowing anonymous requests or requiring authentication up front:</p>
+<ul>
+  <li>Global setting of whether anonymous requests are allowed or not. This is the boolean value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code> configuration. This property is supported for backwards compatibility and defaults to <code>true</code> (allowing anonymous access). Setting it to <code>true</code> is a shortcut for setting <code>sling.auth.requirements</code> to <code>-/</code>.</li>
+  <li>Specific configuration per URL. The <em>Authentication Requirements</em> (<code>sling.auth.requirements</code>) property of the <code>SlingAuthenticator</code> configuration may provide a list of URLs for which authentication may be required or not: Any entry prefixed with a dash <code>-</code> defines a request path prefix for which authentication is not required. Any entry not prefixed with a dash or prefixed with a plus <code>+</code> defines a subtree for which authentication is required up front and thus anonymous access is not allowed. This list is empty by default.</li>
+  <li>Any OSGi service may provide a <code>sling.auth.requirements</code> registration property which is used to dynamically extend the authentication requirements from the <em>Authentication Requirements</em> configuration. This may for example be set by <code>AuthenticationHandler</code> implementations providing a login form to ensure access to the login form does not require authentication. The value of this property is a single string, an array of strings or a Collection of strings and is formatted in the same way as the <em>Authentication Requirements</em> configuration property.</li>
+</ul>
+<p>The values set on the <em>Authentication Requirements</em> configuration property or the <code>sling.auth.requirements</code> service registration property can be absolute paths or URLs like the <code>path</code> service registration property of <code>AuthenticationHandler</code> services. This allows the limitation of this setup to certain requests by scheme and/or virtual host address. The requests path (<code>HttpServletRequest.getServletPath()</code> + <code>HttpServletRequest.getPathInfo()</code>) is afterwards matched against the given paths. It matches if it starts with one of the given paths.</p>
+<p><strong>Examples</strong></p>
+<ul>
+  <li>The <code>LoginServlet</code> contained in the Sling Auth Core bundle registers itself with the service registration property <code>sling.auth.requirements = &quot;-/system/sling/login&quot;</code> to ensure the servlet can be accessed without requiring authentication (checks for <code>slash</code> or <code>dot</code> or <code>end of string</code>). The following request urls would work then without authentication:</li>
+  <li>/system/sling/login</li>
+  <li>/system/sling/login.html</li>
+  <li>/system/sling/login/somesuffix</li>
+</ul>
+<p>While the following request will still require authentication</p>
+<ul>
+  <li>
+  <p>/system/sling/login-test</p></li>
+  <li>
+  <p>An authentication handler may register itself with the service registration property <code>sling.auth.requirements = &quot;-/apps/sample/loginform&quot;</code> to ensure the login form can be rendered without requiring authentication.</p></li>
+</ul>
+<h2>Authenticator implementation</h2>
+<p>The implementation of the <code>Authenticator</code> interface is similar for both methods:</p>
+<p><strong><code>login</code></strong></p>
+<ol>
+  <li>Select one or more <code>AuthenticationHandler</code> for the request according to the request URL's scheme and authorization part.</li>
+  <li>Call the <code>requestCredentials</code> method of each authentication handler, where the order of handler call is defined by the length of the registered path: handlers registered with longer paths are called before handlers with shorter paths. The goal is to call the handlers in order from longest request path match to shortest match. Handlers not matching the request path at all are not called.</li>
+  <li>As soon as the first handlers returns <code>true</code>, the process ends and it is assumed credentials have been requested from the client.</li>
+</ol>
+<p>The <code>login</code> method has three possible exit states:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Exit State </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>Normal </td>
+      <td>An <code>AuthenticationHandler</code> could be selected to which the login request could be forwarded. </td>
+    </tr>
+    <tr>
+      <td><code>NoAuthenticationHandlerException</code> </td>
+      <td>No <code>AuthenticationHandler</code> could be selected to forward the login request to. In this case, the caller can proceed as appropriate. For example a servlet, which should just login a user may send back a 403/FORBIDDEN status because login is not possible. Or a 404/NOT FOUND handler, which tried to login as a fallback, may continue and send back the regular 404/NOT FOUND response. </td>
+    </tr>
+    <tr>
+      <td><code>IllegalStateException</code> </td>
+      <td>The response has already been committed and the login request cannot be processed. Normally to request login, the current response must be reset and a new response has to be prepared. This is only possible if the request has not yet been committed. </td>
+    </tr>
+  </tbody>
+</table>
+<p><strong><code>logout</code></strong></p>
+<ol>
+  <li>Select one or more <code>AuthenticationHandler</code> for the request according to the request URL's scheme and authorization part.</li>
+  <li>Call the <code>dropCredentials</code> method of each authentication handler, where the order of handler call is defined by the length of the registered path: handlers registered with longer paths are called before handlers with shorter paths. The goal is to call the handlers in order from longest request path match to shortest match. Handlers not matching the request path at all are not called.</li>
+</ol>
+<p>Unlike for the <code>login</code> method in the <code>logout</code> method case all <code>AuthenticationHandler</code> services selected in the first step are called. If none can be selected or none can actually handle the <code>dropCredentials</code> request, the <code>logout</code> silently returns.</p></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>

http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/authentication/authentication-tasks.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/authentication/authentication-tasks.html b/documentation/the-sling-engine/authentication/authentication-tasks.html
new file mode 100644
index 0000000..4475315
--- /dev/null
+++ b/documentation/the-sling-engine/authentication/authentication-tasks.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>Authentication - Tasks</h1></header><p>Excerpt: Authentication of HTTP Requests is generally a two-step process: First the credentials must be extracted from the request and second the credentials must be validated. In the case of Sling this means acquiring a JCR Session.</p>
+<p>Authentication of HTTP Requests is generally a two-step process: First the credentials must be extracted from the request and second the credentials must be validated. In the case of Sling this means acquiring a JCR Session.</p>
+<h2>Extract Credentials from the Request</h2>
+<ul>
+  <li>Implemented and controlled by the Sling Auth Core bundle</li>
+  <li>Takes <code>HttpServletRequest</code></li>
+  <li>Provides credentials for futher processing (basically JCR <code>Credentials</code> and Workspace name)</li>
+  <li>Extensible with the help of <code>AuthenticationHandler</code> services</li>
+</ul>
+<h2>Login to the JCR Repository</h2>
+<ul>
+  <li>Implemented and controlled by the JCR Repository</li>
+  <li>Takes JCR <code>Credentials</code> and Workspace name</li>
+  <li>Provides a JCR <code>Session</code></li>
+  <li>Implementation dependent process. Jackrabbit provides extensibility based on <code>LoginModules</code>; Sling's Embedded Jackrabbit Repository bundle provides extensibility with <code>LoginModulePlugin</code> services.</li>
+</ul>
+<p>Currently the credentials are always verified by trying to login to the JCR repository. Once an <a href="http://cwiki.apache.org/SLING/add-resourceresolverfactory-service-interface.html">ResourceResolverFactory</a> API has been added, the process of validating the credentials and logging in is actualy replaced by a process of requesting a <code>ResourceResolver</code> from the <code>ResourceResolverFactory</code>. Of course, the JCR Repository will still be the main underlying repository and as such be used to validate the credentials and get a JCR Session.</p></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>

http://git-wip-us.apache.org/repos/asf/sling-site/blob/a6129baf/documentation/the-sling-engine/default-mapping-and-rendering.html
----------------------------------------------------------------------
diff --git a/documentation/the-sling-engine/default-mapping-and-rendering.html b/documentation/the-sling-engine/default-mapping-and-rendering.html
new file mode 100644
index 0000000..529eb13
--- /dev/null
+++ b/documentation/the-sling-engine/default-mapping-and-rendering.html
@@ -0,0 +1,34 @@
+<!DOCTYPE html><html lang="en">
+    <head>
+<meta charset="utf-8"/>
+        <title>Apache Sling on JBake</title>
+        <link rel="stylesheet" href="/res/css/site.css"/>
+        <link rel="stylesheet" href="/res/css/codehilite.css"/>
+        <div class="title">
+            <div class="logo">
+                <a href="http://sling.apache.org">
+                    <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/>
+                </a>
+            </div><div class="header">
+                <a href="http://www.apache.org">
+                    <img border="0" alt="Apache" src="/res/logos/apache.png"/>
+                </a>
+            </div>
+        </div>        
+    </head><body>
+<div class="menu">
+            <strong><a href="/documentation.html">Documentation</a></strong><br/><a href="/documentation/getting-started.html">Getting Started</a><br/><a href="/documentation/the-sling-engine.html">The Sling Engine</a><br/><a href="/documentation/development.html">Development</a><br/><a href="/documentation/bundles.html">Bundles</a><br/><a href="/documentation/tutorials-how-tos.html">Tutorials &amp; How-Tos</a><br/><a href="/documentation/configuration.html">Configuration</a><p></p><a href="http://s.apache.org/sling.wiki">Wiki</a><br/><a href="http://s.apache.org/sling.faq">FAQ</a><br/><p></p><strong>API Docs</strong><br/><a href="/apidocs/sling9/index.html">Sling 9</a><br/><a href="/apidocs/sling8/index.html">Sling 8</a><br/><a href="/apidocs/sling7/index.html">Sling 7</a><br/><a href="/apidocs/sling6/index.html">Sling 6</a><br/><a href="/apidocs/sling5/index.html">Sling 5</a><br/><a href="/javadoc-io.html">Archive at javadoc.io</a><br/><p></p><strong>Project info</strong><br/><a h
 ref="/downloads.cgi">Downloads</a><br/><a href="http://www.apache.org/licenses/">License</a><br/><a href="/contributing.html">Contributing</a><br/><a href="/news.html">News</a><br/><a href="/links.html">Links</a><br/><a href="/project-information.html">Project Information</a><br/><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a><br/><a href="http://ci.apache.org/builders/sling-trunk">Build Server</a><br/><a href="/project-information/security.html">Security</a><br/><p></p><strong>Source</strong><br/><a href="http://svn.apache.org/viewvc/sling/trunk">Subversion</a><br/><a href="git://git.apache.org/sling.git">Git</a><br/><a href="https://github.com/apache/sling">Github Mirror</a><br/><p></p><strong>Sponsorship</strong><br/><a href="http://www.apache.org/foundation/thanks.html">Thanks</a><br/><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a><br/><a href="https://donate.apache.org/">Donate!</a><br/><a href="http://www.apache.org/foun
 dation/buy_stuff.html">Buy Stuff</a><br/><p></p><strong><a href="/sitemap.html">Site Map</a></strong>
+        </div>        <div class="main">
+<div class="row"><div class="small-12 columns"><section class="wrap"><header><h1>Default Mapping and Rendering</h1></header><p>translation_pending: true</p>
+<p>This page contained obsolete content, moved it to http://cwiki.apache.org/confluence/display/SLING/Default+Mapping+and+Rendering+%28OBSOLETE%29 in case it is useful to someone.</p></section></div></div>            
+<div class="footer">
+                <div class="timestamp">
+                    TODO display revision number here
+                </div><div class="trademarkFooter">
+                    Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
+                </div>
+            </div>            
+            
+        </div>
+    </body>
+</html>


Mime
View raw message