Author: fmeschbe
Date: Wed Jan 6 08:42:57 2010
New Revision: 896351
URL: http://svn.apache.org/viewvc?rev=896351&view=rev
Log:
SLING-966 Remove old authentication support code from engine and use the new
AuthenticationSupport service from the Commons Auth bundle.
Removed:
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/auth/
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/auth/
Modified:
sling/trunk/bundles/engine/pom.xml
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/EngineConstants.java
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
sling/trunk/bundles/engine/src/main/resources/OSGI-INF/metatype/metatype.properties
Modified: sling/trunk/bundles/engine/pom.xml
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/engine/pom.xml?rev=896351&r1=896350&r2=896351&view=diff
==============================================================================
--- sling/trunk/bundles/engine/pom.xml (original)
+++ sling/trunk/bundles/engine/pom.xml Wed Jan 6 08:42:57 2010
@@ -56,7 +56,6 @@
<instructions>
<Export-Package>
org.apache.sling.engine;version=2.0.6,
- org.apache.sling.engine.auth;version=2.1,
org.apache.sling.engine.servlets;version=2.0.6
</Export-Package>
<Private-Package>
@@ -103,18 +102,19 @@
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.commons.mime</artifactId>
- <version>2.0.2-incubator</version>
+ <artifactId>org.apache.sling.commons.auth</artifactId>
+ <version>0.9.0-SNAPSHOT</version>
+ <scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.jcr.api</artifactId>
+ <artifactId>org.apache.sling.commons.mime</artifactId>
<version>2.0.2-incubator</version>
</dependency>
<dependency>
<groupId>org.apache.sling</groupId>
- <artifactId>org.apache.sling.jcr.resource</artifactId>
- <version>2.0.6</version>
+ <artifactId>org.apache.sling.commons.osgi</artifactId>
+ <version>2.0.2-incubator</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
Modified:
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/EngineConstants.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/EngineConstants.java?rev=896351&r1=896350&r2=896351&view=diff
==============================================================================
---
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/EngineConstants.java
(original)
+++
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/EngineConstants.java
Wed Jan 6 08:42:57 2010
@@ -74,12 +74,17 @@
public static final String SLING_SERLVET_NAME = "sling.core.servletName";
/**
- * The name of the request attribute set by the
- * {...@link org.apache.sling.engine.impl.auth.SlingAuthenticator}
- * when authenticating the request user (value is "javax.jcr.Session").
- * Existence of this attribute in the request, provided it is a JCR
Session,
- * signals that authentication has already taken place. This may be used
- * when including through the servlet container.
+ * The <code>javax.jcr.Session</code> request attribute used to be set by
+ * the <i>SlingAuthenticator</i> upon successfull authentication. With
+ * the implementation of a separate Commons Authentication bundle, this
+ * request attribute is not supported any longer (though it may currently
+ * still be provided for backwards compatibility).
+ * <p>
+ * Applications using this request attribute have to be modified to call
+ * the <code>SlingHttpServletRequest.getResourceResolver()</code> method
+ * to get the request's resource resolver.
+ *
+ * @deprecated as of bundle version 2.1
*/
public static final String SESSION = "javax.jcr.Session";
Modified:
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java?rev=896351&r1=896350&r2=896351&view=diff
==============================================================================
---
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
(original)
+++
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
Wed Jan 6 08:42:57 2010
@@ -20,8 +20,6 @@
import static org.apache.sling.api.SlingConstants.ERROR_REQUEST_URI;
import static org.apache.sling.api.SlingConstants.ERROR_SERVLET_NAME;
-import static org.apache.sling.engine.EngineConstants.SESSION;
-
import java.io.IOException;
import java.io.PrintWriter;
import java.net.SocketException;
@@ -34,7 +32,6 @@
import java.util.List;
import java.util.Map;
-import javax.jcr.Session;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
@@ -58,12 +55,11 @@
import org.apache.sling.api.resource.ResourceNotFoundException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.servlets.ServletResolver;
+import org.apache.sling.commons.auth.AuthenticationSupport;
import org.apache.sling.commons.mime.MimeTypeService;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.engine.ResponseUtil;
import org.apache.sling.engine.SystemStatus;
-import org.apache.sling.engine.impl.auth.MissingRepositoryException;
-import org.apache.sling.engine.impl.auth.SlingAuthenticator;
import org.apache.sling.engine.impl.filter.RequestSlingFilterChain;
import org.apache.sling.engine.impl.filter.SlingComponentFilterChain;
import org.apache.sling.engine.impl.filter.SlingFilterChainHelper;
@@ -75,7 +71,6 @@
import org.apache.sling.engine.impl.request.RequestData;
import org.apache.sling.engine.servlets.AbstractServiceReferenceConfig;
import org.apache.sling.engine.servlets.ErrorHandler;
-import org.apache.sling.jcr.resource.JcrResourceResolverFactory;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceReference;
@@ -149,9 +144,6 @@
private HttpService httpService;
/** @scr.reference cardinality="0..1" policy="dynamic" */
- private JcrResourceResolverFactory resourceResolverFactory;
-
- /** @scr.reference cardinality="0..1" policy="dynamic" */
private MimeTypeService mimeTypeService;
/** @scr.reference cardinality="0..1" policy="dynamic" */
@@ -169,12 +161,13 @@
/** @scr.reference cardinality="0..1" policy="dynamic" */
private SystemStatus systemStatus;
+ /** @scr.reference cardinality="0..1" policy="dynamic" */
+ private AuthenticationSupport authenticationSupport;
+
private SlingFilterChainHelper requestFilterChain = new
SlingFilterChainHelper();
private SlingFilterChainHelper innerFilterChain = new
SlingFilterChainHelper();
- private SlingAuthenticator slingAuthenticator;
-
// ---------- Servlet API -------------------------------------------------
public void service(ServletRequest req, ServletResponse res)
@@ -259,23 +252,20 @@
requestLogger.logRequestEntry(request, response);
}
- Session session = null;
try {
// check that we have all required services
String errorMessage = null;
final String serviceMissingSuffix = " service missing, cannot
service requests";
- if (getResourceResolverFactory() == null) {
- errorMessage = "ResourceResolverFactory" +
serviceMissingSuffix;
- } else if (getServletResolver() == null) {
+ if (getServletResolver() == null) {
errorMessage = "ServletResolver" + serviceMissingSuffix;
} else if (mimeTypeService == null) {
errorMessage = "MimeTypeService" + serviceMissingSuffix;
}
- // get JCR Session
- session = (Session) servletRequest.getAttribute(SESSION);
- if (session == null) {
- errorMessage = "Missing JCR Session";
+ // get ResourceResolver (set by AuthenticationSupport)
+ final ResourceResolver resolver = (ResourceResolver)
servletRequest.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
+ if (resolver == null) {
+ errorMessage = "Missing ResourceResolver";
}
// system ready?
@@ -301,8 +291,6 @@
}
// initialize the request data - resolve resource and servlet
- ResourceResolver resolver =
getResourceResolverFactory().getResourceResolver(
- session);
Resource resource = requestData.initResource(resolver);
requestData.initServlet(resource);
@@ -376,11 +364,6 @@
// dispose any request data
requestData.dispose();
-
- // logout the session we have got for this request
- if (session != null) {
- session.logout();
- }
}
}
@@ -530,14 +513,6 @@
return osgiComponentContext.getBundleContext();
}
- public SlingAuthenticator getSlingAuthenticator() {
- return slingAuthenticator;
- }
-
- public JcrResourceResolverFactory getResourceResolverFactory() {
- return resourceResolverFactory;
- }
-
public ServletResolver getServletResolver() {
return servletResolver;
}
@@ -596,9 +571,6 @@
componentConfig.get(PROP_MAX_CALL_COUNTER),
RequestData.DEFAULT_MAX_CALL_COUNTER));
- // setup servlet request processing helpers
- slingAuthenticator = new SlingAuthenticator(bundleContext);
-
// register the servlet and resources
try {
Dictionary<String, String> servletConfig =
toStringConfig(configuration);
@@ -658,12 +630,6 @@
// third unregister and destroy the sling main servlet
httpService.unregister(SLING_ROOT);
- // fourth dispose off the authenticator
- if (slingAuthenticator != null) {
- slingAuthenticator.dispose();
- slingAuthenticator = null;
- }
-
this.osgiComponentContext = null;
log.info(this.getServerInfo() + " shut down");
@@ -797,58 +763,49 @@
public boolean handleSecurity(HttpServletRequest request,
HttpServletResponse response) throws IOException {
- SlingAuthenticator authenticator = slingAuthenticator;
+ final AuthenticationSupport authenticator = this.authenticationSupport;
if (authenticator != null) {
- try {
- // SLING-559: ensure correct parameter handling according to
- // ParameterSupport
- request = new HttpServletRequestWrapper(request) {
- @Override
- public String getParameter(String name) {
- return getParameterSupport().getParameter(name);
- }
-
- @Override
- public Map<String, String[]> getParameterMap() {
- return getParameterSupport().getParameterMap();
- }
-
- @Override
- public Enumeration<String> getParameterNames() {
- return getParameterSupport().getParameterNames();
- }
-
- @Override
- public String[] getParameterValues(String name) {
- return getParameterSupport().getParameterValues(name);
- }
-
- private ParameterSupport getParameterSupport() {
- return ParameterSupport.getInstance(getRequest());
- }
- };
-
- return authenticator.authenticate(request, response);
-
- } catch (MissingRepositoryException mre) {
-
- log.error("handleSecurity: Cannot authenticate request: "
- + mre.getMessage());
- log.debug("handleSecurity: Reason", mre);
+ // SLING-559: ensure correct parameter handling according to
+ // ParameterSupport
+ request = new HttpServletRequestWrapper(request) {
+ @Override
+ public String getParameter(String name) {
+ return getParameterSupport().getParameter(name);
+ }
- response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
- "Cannot handle requests due to missing Repository");
- }
+ @Override
+ public Map<String, String[]> getParameterMap() {
+ return getParameterSupport().getParameterMap();
+ }
- } else {
+ @Override
+ public Enumeration<String> getParameterNames() {
+ return getParameterSupport().getParameterNames();
+ }
- response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
- "Sling not ready to serve requests");
+ @Override
+ public String[] getParameterValues(String name) {
+ return getParameterSupport().getParameterValues(name);
+ }
+
+ private ParameterSupport getParameterSupport() {
+ return ParameterSupport.getInstance(getRequest());
+ }
+ };
+
+ return authenticator.handleSecurity(request, response);
}
- // fall back to security failure and request termination
+ log.error("handleSecurity: AuthenticationSupport service missing.
Cannot authenticate request.");
+
+ // send 503/SERVICE UNAVAILABLE, flush to ensure delivery
+ response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE,
+ "AuthenticationSupport service missing. Cannot authenticate
request.");
+ response.flushBuffer();
+
+ // terminate this request now
return false;
}
Modified:
sling/trunk/bundles/engine/src/main/resources/OSGI-INF/metatype/metatype.properties
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=896351&r1=896350&r2=896351&view=diff
==============================================================================
---
sling/trunk/bundles/engine/src/main/resources/OSGI-INF/metatype/metatype.properties
(original)
+++
sling/trunk/bundles/engine/src/main/resources/OSGI-INF/metatype/metatype.properties
Wed Jan 6 08:42:57 2010
@@ -43,30 +43,6 @@
scripts and servlets. The default value is 50.
#
-# Request Authenticator. Uses AuthenticationHandlers for the
-# actual work of extracting user details from the request.
-auth.name = Apache Sling Request Authenticator
-auth.description = Extracts user authentication details from the request with \
- the help of authentication handlers registered as separate services. One \
- example of such an authentication handler is the handler HTTP Authorization \
- header contained authentication.
-auth.sudo.cookie.name = Impersonation Cookie
-auth.sudo.cookie.description = The name the HTTP Cookie to set with the value \
- of the user which is to be impersonated. This cookie will always be a session
\
- cookie.
-auth.sudo.parameter.name = Impersonation Parameter
-auth.sudo.parameter.description = The name of the request parameter initiating
\
- impersonation. Setting this parameter to a user id will result in using an \
- impersonated session (instead of the actually authenticated session) and set \
- a session cookie of the name defined in the Impersonation Cookie setting.
-auth.annonymous.name = Allow Anonymous Access
-auth.annonymous.description = Whether default access as anonymous when no \
- credentials are present in the request is allowed. The default value is \
- "true" to allow access without credentials. When set to "false" access to the
\
- repository is only allowed if valid credentials are presented.
-
-
-#
# Request Loggger Filter
request.log.name = Apache Sling Request Logger
request.log.description = Configures the main loggers of the request logger, \
