svn commit: r886980 - in /sling/trunk/bundles/extensions/httpauth/src/main: java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java resources/OSGI-INF/metatype/metatype.properties

Thu, 03 Dec 2009 15:14:04 -0800 

Author: fmeschbe
Date: Thu Dec  3 23:13:36 2009
New Revision: 886980

URL: http://svn.apache.org/viewvc?rev=886980&view=rev
Log:
SLING-1134 flushBuffer() after sending the form to ensure it is delivered and 
not lost after authentication
SLING-1222 add configuration to disable form login and use regular HTTP 
authentication with the browser dialog

Modified:
    
sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
    
sling/trunk/bundles/extensions/httpauth/src/main/resources/OSGI-INF/metatype/metatype.properties

Modified: 
sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java?rev=886980&r1=886979&r2=886980&view=diff
==============================================================================
--- 
sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
 (original)
+++ 
sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
 Thu Dec  3 23:13:36 2009
@@ -22,6 +22,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
+import java.util.Dictionary;
 
 import javax.jcr.SimpleCredentials;
 import javax.servlet.http.Cookie;
@@ -59,6 +60,11 @@
     public static final String PAR_REALM_NAME = "auth.http.realm";
 
     /**
+     * @scr.property valueRef="DEFAULT_FORM_LOGIN" type="Boolean"
+     */
+    private static final String PAR_FORM_LOGIN = "auth.http.form";
+
+    /**
      * The request parameter causing a 401/UNAUTHORIZED status to be sent back
      * in the {...@link #authenticate(HttpServletRequest, HttpServletResponse)}
      * method if no credentials are present in the request (value is
@@ -84,6 +90,8 @@
 
     private static final String DEFAULT_REALM = "Sling (Development)";
 
+    private static final boolean DEFAULT_FORM_LOGIN = true;
+
     private static final String LOGIN_FORM_TEMPLATE = "LoginFormTemplate.html";
 
     /** default log */
@@ -91,6 +99,8 @@
 
     private String realm = DEFAULT_REALM;
 
+    private boolean isFormLogin = DEFAULT_FORM_LOGIN;
+
     private String loginFormTemplate;
 
     public AuthorizationHeaderAuthenticationHandler() {
@@ -195,12 +205,12 @@
 
             } else {
 
-                response.setStatus(HttpServletResponse.SC_OK);
-
                 String form = getLoginForm();
 
                 if (form != null) {
 
+                    response.setStatus(HttpServletResponse.SC_OK);
+
                     form = replaceVariables(
                         form,
                         "@@loggedIn@@",
@@ -226,6 +236,9 @@
 
             }
 
+            // ensure the response is sent to the client
+            response.flushBuffer();
+
         } else {
 
             log.error("requestAuthentication: Response is committed, cannot 
request authentication");
@@ -318,7 +331,8 @@
     // ---------- SCR Integration 
----------------------------------------------
 
     protected void activate(ComponentContext componentContext) {
-        String newRealm = (String) componentContext.getProperties().get(
+        Dictionary<?, ?> props = componentContext.getProperties();
+        String newRealm = (String) props.get(
             PAR_REALM_NAME);
         if (newRealm == null || newRealm.length() == 0) {
             newRealm = DEFAULT_REALM;
@@ -327,6 +341,15 @@
             log.info("Setting new realm name {} (was {})", newRealm, 
this.realm);
             this.realm = newRealm;
         }
+
+        Object doForm = props.get(PAR_FORM_LOGIN);
+        if (doForm == null) {
+            this.isFormLogin = DEFAULT_FORM_LOGIN;
+        } else if (doForm instanceof Boolean) {
+            this.isFormLogin = ((Boolean) doForm).booleanValue();
+        } else {
+            this.isFormLogin = Boolean.parseBoolean(String.valueOf(doForm));
+        }
     }
 
     // ---------- internal 
-----------------------------------------------------
@@ -411,6 +434,11 @@
      * cannot be read. Failure to read the template is logged.
      */
     private String getLoginForm() {
+        // login form is disabled, return nothing
+        if (!isFormLogin) {
+            return null;
+        }
+
         if (loginFormTemplate == null) {
             InputStream ins = getClass().getResourceAsStream(
                 LOGIN_FORM_TEMPLATE);

Modified: 
sling/trunk/bundles/extensions/httpauth/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/httpauth/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=886980&r1=886979&r2=886980&view=diff
==============================================================================
--- 
sling/trunk/bundles/extensions/httpauth/src/main/resources/OSGI-INF/metatype/metatype.properties
 (original)
+++ 
sling/trunk/bundles/extensions/httpauth/src/main/resources/OSGI-INF/metatype/metatype.properties
 Thu Dec  3 23:13:36 2009
@@ -30,3 +30,8 @@
  from the HTTP Authorization header
 auth.http.realm.name = Realm
 auth.http.realm.description = HTTP Authorization header realm
+auth.http.form.name = Login Form
+auth.http.form.description = Whether a login form is used to ask for the \
+ user name and password or not. If this is set to false, the regular HTTP \
+ Basic authentication is used presenting the browser login dialog instead \
+ of an HTML form to enter the credentials.
\ No newline at end of file

Reply via email to