Author: mykee
Date: Thu Aug 19 09:53:39 2010
New Revision: 987110
URL: http://svn.apache.org/viewvc?rev=987110&view=rev
Log:
SLING-1593 Decouple authentication mechanism from JCR
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java?rev=987110&r1=987109&r2=987110&view=diff
==============================================================================
---
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
(original)
+++
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
Thu Aug 19 09:53:39 2010
@@ -332,38 +332,53 @@ public class SlingAuthenticator implemen
request.removeAttribute(REQUEST_ATTRIBUTE_RESOLVER);
}
- // 1. Ask all authentication handlers to try to extract credentials
- AuthenticationInfo authInfo = getAuthenticationInfo(request, response);
-
- // 3. Check Credentials
- if (authInfo == AuthenticationInfo.DOING_AUTH) {
-
- log.debug("handleSecurity: ongoing authentication in the handler");
- return false;
-
- } else if (authInfo == AuthenticationInfo.FAIL_AUTH) {
-
- log.debug("handleSecurity: Credentials present but not valid,
request authentication again");
- // FIXME: ensure resource is not set !!!
- request.setAttribute(LOGIN_RESOURCE, request.getRequestURI());
- doLogin(request, response);
- return false;
-
- } else if (authInfo == null) {
- // create an empty authentication info object which can be used
with the post processors
- AuthenticationInfo anonInfo = new AuthenticationInfo("anonymous");
- postProcess(anonInfo, request, response);
-
- log.debug("handleSecurity: No credentials in the request,
anonymous");
- return getAnonymousResolver(request, response);
-
- } else {
-
- log.debug("handleSecurity: Trying to get a session for {}",
- authInfo.getUser());
- return getResolver(request, response, authInfo);
-
- }
+ AuthenticationInfo authInfo = null;
+
+ try
+ {
+ // 1. Ask all authentication handlers to try to extract
credentials
+ authInfo = getAuthenticationInfo(request, response);
+
+ // 2. Check Credentials
+ if (authInfo == AuthenticationInfo.DOING_AUTH) {
+
+ log.debug("handleSecurity: ongoing authentication in the
handler");
+ return false;
+
+ } else if (authInfo == AuthenticationInfo.FAIL_AUTH) {
+
+ log.debug("handleSecurity: Credentials present but not
valid, request authentication again");
+ // FIXME: ensure resource is not set !!!
+ request.setAttribute(LOGIN_RESOURCE,
request.getRequestURI());
+ doLogin(request, response);
+ return false;
+
+ } else if (authInfo == null) {
+ // create an empty authentication info object which can be
used with the post processors
+ AuthenticationInfo anonInfo = new
AuthenticationInfo("anonymous");
+ postProcess(anonInfo, request, response);
+
+ log.debug("handleSecurity: No credentials in the request,
anonymous");
+ return getAnonymousResolver(request, response);
+
+ } else {
+
+ log.debug("handleSecurity: Trying to get a session for {}",
+ authInfo.getUser());
+ return getResolver(request, response, authInfo);
+
+ }
+ }
+ catch ( LoginException e )
+ {
+ if ( authInfo != null ) {
+ handleLoginFailure(request, response,
authInfo.getUser(), e);
+ } else {
+ handleLoginFailure(request, response, "<null>", e);
+ }
+ return false;
+ }
+
}
// ---------- Authenticator interface
@@ -502,7 +517,8 @@ public class SlingAuthenticator implemen
// ---------- internal
private AuthenticationInfo getAuthenticationInfo(
- HttpServletRequest request, HttpServletResponse response) {
+ HttpServletRequest request, HttpServletResponse response)
+ throws LoginException {
// Get the path used to select the authenticator, if the SlingServlet
// itself has been requested without any more info, this will be null
@@ -553,7 +569,8 @@ public class SlingAuthenticator implemen
/**
* Run through the available post processors.
*/
- private void postProcess(AuthenticationInfo info, HttpServletRequest
request, HttpServletResponse response) {
+ private void postProcess(AuthenticationInfo info, HttpServletRequest
request, HttpServletResponse response)
+ throws LoginException {
Object[] services = authInfoPostProcessorTracker.getServices();
if (services != null) {
for (Object serviceObj : services) {
Modified:
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java?rev=987110&r1=987109&r2=987110&view=diff
==============================================================================
---
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
(original)
+++
sling/trunk/bundles/auth/core/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
Thu Aug 19 09:53:39 2010
@@ -19,6 +19,9 @@ package org.apache.sling.auth.core.spi;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.sling.api.SlingException;
+import org.apache.sling.api.resource.LoginException;
+
/**
* Service interface which allows bundles to modify the AuthenticationInfo
object
* after authentication has been performed.
@@ -38,7 +41,14 @@ public interface AuthenticationInfoPostP
* @param info
* @param request
* @param response
+ * @throws LoginException if SlingAuthenticator should handle the
exception (eg.
+ * set the correct status in the response)
+ * SlingException will not be caught by SlingAuthenticator, in
this case
+ * the method has to set the accurate status in the response
+ * @throws SlingException may be thrown to convey any problem while
handling the
+ * credentials
*/
- void postProcess(AuthenticationInfo info, HttpServletRequest request,
HttpServletResponse response);
+ void postProcess(AuthenticationInfo info, HttpServletRequest request,
HttpServletResponse response)
+ throws LoginException;
}
