Modified: sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=956515&r1=956514&r2=956515&view=diff ============================================================================== --- sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties (original) +++ sling/trunk/bundles/extensions/openidauth/src/main/resources/OSGI-INF/metatype/metatype.properties Mon Jun 21 09:35:58 2010 @@ -25,92 +25,71 @@ # # Open ID Authentication handler -auth.openid.name = Apache Sling OpenID Authenticator -auth.openid.description = The OpenID Authenticator authenticates Sling users via OpenID. \ -The login sequence is triggered automatically for a resource if 'Allow Anonymous Access' \ -is false in the Request Authenticator. You can manually show the login form by accessing \ -the Login Request path (/system/sling/openid/login). You can logout by accessing the \ -Logout Request path (/system/sling/openid/logout). The various displayed pages \ -(login, auth success, auth fail & logout) are customizable. - -path.name = URL path prefixes -path.description = URL path prefixes handled by this Authenticator. If no \ -path is configured, it is regarded as inactive. If the handler should be \ -used for all requests, the path should be '/'. - -openid.use.cookie.name = Use cookie -openid.use.cookie.description = Use a cookie to persist the authentication. If this is \ -false, uses an HTTP session attribute. +auth.openid.name = Apache Sling OpenID Authentication Handler +auth.openid.description = The OpenID Authentication Handler authenticates \ + users via OpenID. A default login form is provided by the handler, while \ + custom forms can be provided by configuring the URL (or path) to the \ + login form. To map OpenID identifiers to Repository users it is expected that \ + the Repository users have a property "open.id.identifier" set to the OpenID \ + identifier of the user. This property may be a multi-value + +path.name = Path +path.description = Repository path for which this authentication handler \ + should be used by Sling. If this is empty, the authentication handler will \ + be disabled. + +openid.use.cookie.name = Use Cookie +openid.use.cookie.description = Whether to use a regular Cookie or an HTTP \ + Session to cache the OpenID authentication details. By default a regular \ + cookie is used to prevent use of HTTP Sessions. openid.cookie.name.name = Cookie name -openid.cookie.name.description = Name of cookie used to persist authentication. Only \ -used if 'Use Cookie' is true. +openid.cookie.name.description = Name of cookie used to persist authentication. \ + Only used if 'Use Cookie' is checked. openid.cookie.domain.name = Cookie domain -openid.cookie.domain.description = Domain of cookie used to persist authentication. Only \ -used if 'Use Cookie' is true. - -openid.cookie.path.name = Cookie path -openid.cookie.path.description = Path of cookie used to persist authentication. Only \ -used if 'Use Cookie' is true. +openid.cookie.domain.description = Domain of cookie used to persist \ + authentication. This defaults to the host name of the Sling server but may \ + be set to a different value to share the cookie amongst a server farm or \ + if the server is running behind a proxy. Only used if 'Use Cookie' is checked. openid.cookie.secret.key.name = Cookie Secret Key -openid.cookie.secret.key.description = Secret key used to encrypt cookie contents. Must \ -be less than 24 characters long. Only used if 'Use Cookie' is true. +openid.cookie.secret.key.description = Secret key used to create a signature \ + of the cookie value to prevent tampering. Only used if 'Use Cookie' is true. openid.login.form.name = URL of Open ID login form -openid.login.form.description = This should provide a way to capture the user's \ -OpenID identifier. This is not the OpenID Provider's login page, however, it does \ -not have to be a local URL. If it is a local Sling URL, it must be readable by \ -the anonymous user AND either 'Allow Anonymous Access' must be on in the Request \ -Authenticator OR 'Access auth resources anonymously' must be checked here. \ -The user is HTTP Redirect'ed to this URL. This page \ -should POST back the user's OpenID identifier (as named by the form field parameter) \ -to the originally requested URL (obtainable from HTTP Session attribute \ -OpenIDConstants.ORIGINAL_URL_ATTRIBUTE). If this form is accessed directly, \ -an optional request parameter 'OpenID.redirect' can set the \ -redirect URL that will be used after successful authentication (if 'Redirect to \ -original URL' is true). +openid.login.form.description = This should provide a way to capture the \ + user's OpenID identifier. This is not the OpenID Provider's login page, \ + however, it does not have to be a local URL. If it is a local Sling URL, it \ + must be accessible by the anonymous user. The user is HTTP Redirect'ed to this \ + URL. This page should POST back the user's OpenID identifier (as named by \ + the "OpenID identifier form field" property) to the originally requested URL \ + set in the "resource" request parameter. openid.login.identifier.name = OpenID identifier form field -openid.login.identifier.description = The name of the form parameter that contains \ -the user's OpenID identifier. By convention this is 'openid_identifier'. +openid.login.identifier.description = The name of the form parameter that \ + provides the user's OpenID identifier. By convention this is \ + 'openid_identifier'. Only change this if you have a very good reason to do so. -openid.original.url.onsuccess.name = Redirect to original URL -openid.original.url.onsuccess.description = Whether to redirect to the originally \ -requested URL after successful authentication. - -openid.login.success.name = Authentication Success URL -openid.login.success.description = URL to redirect user to after successful \ -authentication. Only respected if 'Redirect to original URL' is false. - -openid.login.fail.name = Authentication Failure URL -openid.login.fail.description = URL to redirect user to after failed \ -OpenID authentication. It does not have to be a local URL. If it is a local \ -Sling URL, it must be readable by the anonymous user AND either \ -'Allow Anonymous Access' must be on in the Request Authenticator OR 'Access auth \ -resources anonymously' must be checked here. The user is HTTP Redirect'ed to this URL. \ -NOTE: this redirect is NOT called for a failed Repository login (in that case, \ -the login form will be re-displayed) - -openid.logout.name = Post-Logout URL -openid.logout.description = URL to redirect user to after logging out. Logout \ -is triggered by accessing Logout Request Path (/system/sling/openid/logout). An \ -optional request parameter 'OpenID.redirect' can override this URL for a single \ -logout request. - openid.external.url.prefix.name = External URL prefix -openid.external.url.prefix.description = The prefix of URLs generated for OpenID \ -authentication requests. This URL must be resolvable from the client browser. \ -This is usually necessary when running Sling behind a proxy (like Apache) since proxy \ -mapping is not performed on the OpenID ReturnTo and TrustRoot URLs as they \ -are sent to the Provider as form parameters. If this is empty, the URLs are generated \ -using the hostname found in the original request. - -openid.anon.auth.resources.name = Access auth resources anonymously -openid.anon.auth.resources.description = Causes the authenticator to authenticate the \ -request as the anonymous user for the local login, auth failure & logout pages. \ -This is an explicit authentication as anonymous, and so circumvents the Request Authenticator's \ -'Allow Anonymous' setting (which operates as a fallback). Setting this to true enables \ -Sling to serve the authentication resources to unauthenticated users even if 'Allow Anonymous' \ -is false (assuming the ACLs on the resources allow the anonymous user read access). \ No newline at end of file +openid.external.url.prefix.description = The prefix of URLs generated for the \ + ReturnTo and TrustRoot properties of the OpenID request to the OpenID \ + provider. Thus this URL prefix should bring back the authenticated user to \ + this Sling instance. Configuring this property is usually necessary when \ + running Sling behind a proxy (like Apache) since proxy mapping is not \ + performed on the OpenID ReturnTo and TrustRoot URLs as they are sent to the \ + OpenID Provider as form parameters. If this property is empty, the URLs are \ + generated using the hostname found in the original request. + +openid.property.identity.name = OpenID Identity Property +openid.property.identity.description = The name of the JCR User attribute \ + listing one or more OpenID Identity URLs with which a user is associated. \ + The property may be a multi- or single-valued. To resolve a JCR user ID from \ + an OpenID identity a user is searched who lists the identity in this property. \ + The default value is "openid.identity". + +openid.user.attr.name = Credentials Attribute +openid.user.attr.description = Name of the JCR SimpleCredentials attribute to \ + to set with the OpenID User data. This attribute is used by the OpenID \ + LoginModule to validate the OpenID user authentication data. Default is \ + "openid.user". \ No newline at end of file
Added: sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html?rev=956515&view=auto ============================================================================== --- sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html (added) +++ sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html Mon Jun 21 09:35:58 2010 @@ -0,0 +1,113 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> +<html xml:lang="en" lang="en" + xmlns="http://www.w3.org/1999/xhtml"; +> +<head> + <meta http-equiv="content-type" content="text/html; charset=utf-8" /> + <title>Login</title> + + <style type="text/css"> + body { + font-family: Verdana, Arial, Helvetica, sans-serif; + font-size: 10px; + color: black; + background-color: white; + } + + #main { + border: 1px solid gray; + margin-top: 25%; + margin-left: 25%; + width: 400px; + padding: 10px; + } + + #loginform { + padding: 0px; + margin: 0px; + } + + #openid_identifier { + background-image:url('http://wiki.openid.net/f/openid-16x16.gif'); + background-repeat: no-repeat; + background-position: center left; + padding-left: 18px; + width: 378px; + } + + #err { + color: red; + } + </style> + + <script> + function selectProvider( /* Button */ provider, /* String */ url ) { + provider.form.openid_identifier.value = url; + return true; + } + </script> +</head> + +<body> + +<div id="main"><!-- Login Form --> +<h3>Login:</h3> +<form id="loginform" method="POST" action="j_security_check" + enctype="multipart/form-data" accept-charset="UTF-8"> + + <input type="hidden" name="_charset_" value="UTF-8" /> + <input type="hidden" name="resource" value="${resource}" /> + <input type="hidden" name="sling:authRequestLogin" value="OpenID" /> + + <div id="err"> + <p>${j_reason}</p> + + </div> + + <div> + <p> + Please click your account provider:<br/> + <button id="google" accesskey="g" class="form-button" onClick="return selectProvider(this, 'https://www.google.com/accounts/o8/id');"><u>G</u>oogle</button> + <button id="yahoo" accesskey="y" class="form-button" onClick="return selectProvider(this, 'https://me.yahoo.com/');"><u>Y</u>ahoo</button> + <button id="myopenid" accesskey="m" class="form-button" onClick="return selectProvider(this, 'https://www.myopenid.com/');"><u>M</u>yOpenID</button> + </p> + </div> + + <div> + <label for="openid_identifier">or enter your OpenID <u>I</u>dentifier</label> + </div> + + <div> + <input id="openid_identifier" accesskey="i" name="openid_identifier"/> + </div> + + <div class="buttongroup"> + <button id="login" accesskey="l" class="form-button" type="submit"><u>L</u>ogin</button> + <button id="login" accesskey="c" class="form-button" onClick="document.location='${resource}'; return false;"><u>C</u>ancel</button> + </div> + +</form> +</div> + +</body> +</html> Propchange: sling/trunk/bundles/extensions/openidauth/src/main/resources/org/apache/sling/openidauth/impl/login.html ------------------------------------------------------------------------------ svn:eol-style = native Added: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java URL: http://svn.apache.org/viewvc/sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java?rev=956515&view=auto ============================================================================== --- sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java (added) +++ sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java Mon Jun 21 09:35:58 2010 @@ -0,0 +1,149 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sling.openidauth.impl; + +import javax.servlet.http.HttpServletRequest; + +import junit.framework.TestCase; + +import org.jmock.Expectations; +import org.jmock.Mockery; + +public class OpenIDAuthenticationHandlerTest extends TestCase { + + private static final String NAME = "the.server.com"; + + private final String HTTP = "http"; + + private final String HTTPS = "https"; + + private final String ANY = "any"; + + private final int port80 = 80; + + private final int port443 = 443; + + private final int port999 = 999; + + private final int port_1 = -1; + + private static final String CTX = ""; + + public void test_getBaseUrl() { + + final Mockery ctx = new Mockery(); + final HttpServletRequest request = ctx.mock(HttpServletRequest.class); + ctx.checking(new Expectations() { + { + // general setup on each calls + allowing(request).getServerName(); + will(returnValue(NAME)); + allowing(request).getContextPath(); + will(returnValue(CTX)); + + // http/80 + one(request).getScheme(); + will(returnValue(HTTP)); + one(request).getServerPort(); + will(returnValue(port80)); + + // https/443 + one(request).getScheme(); + will(returnValue(HTTPS)); + one(request).getServerPort(); + will(returnValue(port443)); + + // http/999 + one(request).getScheme(); + will(returnValue(HTTP)); + one(request).getServerPort(); + will(returnValue(port999)); + + // https/999 + one(request).getScheme(); + will(returnValue(HTTPS)); + one(request).getServerPort(); + will(returnValue(port999)); + + // any/80 + one(request).getScheme(); + will(returnValue(ANY)); + one(request).getServerPort(); + will(returnValue(port80)); + + // any/443 + one(request).getScheme(); + will(returnValue(ANY)); + one(request).getServerPort(); + will(returnValue(port443)); + + // any/999 + one(request).getScheme(); + will(returnValue(ANY)); + one(request).getServerPort(); + will(returnValue(port999)); + + // http/-1 + one(request).getScheme(); + will(returnValue(HTTP)); + one(request).getServerPort(); + will(returnValue(port_1)); + + // https/-1 + one(request).getScheme(); + will(returnValue(HTTPS)); + one(request).getServerPort(); + will(returnValue(port_1)); + + // any/-1 + one(request).getScheme(); + will(returnValue(ANY)); + one(request).getServerPort(); + will(returnValue(port_1)); + } + }); + + final OpenIDAuthenticationHandler handler1 = new OpenIDAuthenticationHandler(); + // http/80 + assertEquals(HTTP + "://" + NAME, handler1.getBaseUrl(request)); + // https/443 + assertEquals(HTTPS + "://" + NAME, handler1.getBaseUrl(request)); + // http/999 + assertEquals(HTTP + "://" + NAME + ":" + port999, + handler1.getBaseUrl(request)); + // https/999 + assertEquals(HTTPS + "://" + NAME + ":" + port999, + handler1.getBaseUrl(request)); + // any/80 + assertEquals(ANY + "://" + NAME + ":" + port80, + handler1.getBaseUrl(request)); + // any/443 + assertEquals(ANY + "://" + NAME + ":" + port443, + handler1.getBaseUrl(request)); + // any/999 + assertEquals(ANY + "://" + NAME + ":" + port999, + handler1.getBaseUrl(request)); + // http/-1 + assertEquals(HTTP + "://" + NAME, handler1.getBaseUrl(request)); + // https/-1 + assertEquals(HTTPS + "://" + NAME, handler1.getBaseUrl(request)); + // any/-1 + assertEquals(ANY+ "://" + NAME, handler1.getBaseUrl(request)); + } +} Propchange: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: sling/trunk/bundles/extensions/openidauth/src/test/java/org/apache/sling/openidauth/impl/OpenIDAuthenticationHandlerTest.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Rev Url
