Author: buildbot
Date: Fri May 3 20:30:29 2013
New Revision: 860744
Log:
Staging update by buildbot for sling
Modified:
websites/staging/sling/trunk/content/ (props changed)
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri May 3 20:30:29 2013
@@ -1 +1 @@
-1478710
+1478959
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Fri May 3 20:30:29 2013
@@ -110,13 +110,39 @@
<li>Set request attributes listed below.</li>
</ol>
<p>Extracting the credentials and trying to login to the repository may yield
the following results:</p>
-<p>| Credentials | Login | Consequence |
-| present | successfull | Continue with an authenticated request |
-| present | failed | Select <code>AuthenticationHandler</code> and call
<code>requestCredentials</code> method |
-| missing | anonymous allowed | Continue with a non authenticated request
using anonymous access to the repository |
-| missing | anonymous forbidden | Select <code>AuthenticationHandler</code>
and call <code>requestCredentials</code> method |</p>
+<table>
+<thead>
+<tr>
+<th>Credentials</th>
+<th>Login</th>
+<th>Consequence</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>present</td>
+<td>successful</td>
+<td>Continue with an authenticated request</td>
+</tr>
+<tr>
+<td>present</td>
+<td>failed</td>
+<td>Select <code>AuthenticationHandler</code> and call
<code>requestCredentials</code> method</td>
+</tr>
+<tr>
+<td>missing</td>
+<td>anonymous allowed</td>
+<td>Continue with a non authenticated request using anonymous access to the
repository</td>
+</tr>
+<tr>
+<td>missing</td>
+<td>anonymous forbidden</td>
+<td>Select <code>AuthenticationHandler</code> and call
<code>requestCredentials</code> method</td>
+</tr>
+</tbody>
+</table>
<div class="note">
-Only one `AuthenticationHandler` is able to provide credentials for a given
request. If the credentials provided by the handler cannot be used to login to
the repository, authentication fails and no further `AuthenticationHandler` is
consulted.
+ Only one <code>AuthenticationHandler</code> is able to provide credentials
for a given request. If the credentials provided by the handler cannot be used
to login to the repository, authentication fails and no further
<code>AuthenticationHandler</code> is consulted.
</div>
<h4 id="request-attributes-on-successful-login">Request Attributes on
Successful Login</h4>
@@ -151,7 +177,7 @@ Only one `AuthenticationHandler` is able
</tr>
</tbody>
</table>
-<p><em>NOTE</em>: Do <em>NOT</em> use the <code>javax.jcr.Session</code>
request attribute in your Sling applications. This attribute must be considered
implementation specific to convey the JCR Session to the
<code>SlingMainServlet</code>. In future versions of the Sling Commons Auth
bundle, this request attribute will not be present anymore. To get the JCR
Session for the current request adapt the request's resource resolver to a JCR
Session:</p>
+<p><strong>NOTE</strong>: Do <em>NOT</em> use the
<code>javax.jcr.Session</code> request attribute in your Sling applications.
This attribute must be considered implementation specific to convey the JCR
Session to the <code>SlingMainServlet</code>. In future versions of the Sling
Commons Auth bundle, this request attribute will not be present anymore. To get
the JCR Session for the current request adapt the request's resource resolver
to a JCR Session:</p>
<div class="codehilite"><pre><span class="n">Session</span> <span
class="n">session</span> <span class="o">=</span> <span
class="n">request</span><span class="o">.</span><span
class="n">getResourceResolver</span><span class="p">()</span><span
class="o">.</span><span class="n">adaptTo</span><span class="p">(</span><span
class="n">Session</span><span class="o">.</span><span
class="n">class</span><span class="p">);</span>
</pre></div>
@@ -164,7 +190,7 @@ Only one `AuthenticationHandler` is able
<li>Any OSGi service may provide a <code>sling.auth.requirements</code>
registration property which is used to dynamically extend the authentication
requirements from the <em>Authentication Requirements</em> configuration. This
may for example be set by <code>AuthenticationHandler</code> implementations
providing a login form to ensure access to the login form does not require
authentication. The value of this property is a single string, an array of
strings or a Collection of strings and is formatted in the same way as the
<em>Authentication Requirements</em> configuration property.</li>
</ul>
<p>The URLs set on the <em>Authentication Requirements</em> configuration
property or the <code>sling.auth.requirements</code> service registration
property can be absolute paths or URLs like the <code>path</code> service
registration property of <code>AuthenticationHandler</code> services. This
allows the limitation of this setup to certain requests by scheme and/or
virtual host address.</p>
-<p><em>Examples</em></p>
+<p><strong>Examples</strong></p>
<ul>
<li>
<p>The <code>LoginServlet</code> contained in the Commons Auth bundle
registers itself with the service registration property
<code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the
servlet can be accessed without requiring authentication.</p>
@@ -175,7 +201,7 @@ Only one `AuthenticationHandler` is able
</ul>
<h2 id="authenticator-implementation">Authenticator implementation</h2>
<p>The implementation of the <code>Authenticator</code> interface is similar
for both methods:</p>
-<p><em><code>login</code></em></p>
+<p><strong><code>login</code></strong></p>
<ol>
<li>Select one or more <code>AuthenticationHandler</code> for the request
according to the request URL's scheme and authorization part.</li>
<li>Call the <code>requestCredentials</code> method of each authentication
handler, where the order of handler call is defined by the length of the
registered path: handlers registered with longer paths are called before
handlers with shorter paths. The goal is to call the handlers in order from
longest request path match to shortest match. Handlers not matching the request
path at all are not called.</li>
@@ -204,12 +230,14 @@ Only one `AuthenticationHandler` is able
</tr>
</tbody>
</table>
-<p><em><code>logout</code></em>
-1. Select one or more <code>AuthenticationHandler</code> for the request
according to the request URL's scheme and authorization part.
-1. Call the <code>dropCredentials</code> method of each authentication
handler, where the order of handler call is defined by the length of the
registered path: handlers registered with longer paths are called before
handlers with shorter paths. The goal is to call the handlers in order from
longest request path match to shortest match. Handlers not matching the request
path at all are not called.</p>
+<p><strong><code>logout</code></strong></p>
+<ol>
+<li>Select one or more <code>AuthenticationHandler</code> for the request
according to the request URL's scheme and authorization part.</li>
+<li>Call the <code>dropCredentials</code> method of each authentication
handler, where the order of handler call is defined by the length of the
registered path: handlers registered with longer paths are called before
handlers with shorter paths. The goal is to call the handlers in order from
longest request path match to shortest match. Handlers not matching the request
path at all are not called.</li>
+</ol>
<p>Unlike for the <code>login</code> method in the <code>logout</code> method
case all <code>AuthenticationHandler</code> services selected in the first step
are called. If none can be selected or none can actually handle the
<code>dropCredentials</code> request, the <code>logout</code> silently
returns.</p>
<div class="timestamp" style="margin-top: 30px; font-size: 80%;
text-align: right;">
- Rev. 1464512 by bdelacretaz on Thu, 4 Apr 2013 13:03:31 +0000
+ Rev. 1478959 by dklco on Fri, 3 May 2013 20:29:53 +0000
</div>
<div class="trademarkFooter">
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache
Sling project
