This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit d24ad09cd18505d7ed7109bd50d2a460ccd56ca6 Author: Ian Boston <[email protected]> AuthorDate: Wed Jul 28 15:59:04 2010 +0000 SLING-1614 Added config settings that allow a login form to be re-displayed when the login token expires, by default the login form is not displayed on expiry, on the basis that it was not displayed by default when the anon user first came to the site. git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/formauth@980107 13f79535-47bb-0310-9956-ffa450edef68 --- .../formauth/impl/FormAuthenticationHandler.java | 30 +++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java index 638c04b..4c100ce 100644 --- a/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java +++ b/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java @@ -174,6 +174,21 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { /** + * Whether to present a login form when a users cookie expires, the default + * is not to present the form. + * + * @scr.property type="Boolean" valueRef="DEFAULT_LOGIN_AFTER_EXPIRE" + */ + private static final String PAR_LOGIN_AFTER_EXPIRE = null; + + /** + * The default login after expire of a cookie. + * + * @see #PAR_LOGIN_AFTER_EXPIRE + */ + private static final boolean DEFAULT_LOGIN_AFTER_EXPIRE = false; + + /** * The request method required for user name and password submission by the * form (value is "POST"). */ @@ -282,6 +297,11 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { */ private ResourceResolverFactory resourceResolverFactory; + /** + * If true the login form will be presented when the token expires. + */ + private boolean loginAfterExpire; + /** * Extracts cookie/session based credentials from the request. Returns @@ -305,9 +325,11 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { if (tokenStore.isValid(authData)) { info = createAuthInfo(authData); } else { - // signal the requestCredentials method a previous login failure - request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT); - info = AuthenticationInfo.FAIL_AUTH; + if (this.loginAfterExpire) { + // signal the requestCredentials method a previous login failure + request.setAttribute(PAR_J_REASON, FormReason.TIMEOUT); + info = AuthenticationInfo.FAIL_AUTH; + } // clear the cookie, its invalid and we should get rid of it so that the invalid cookie // isn't present on the authN operation. authStorage.clear(request, response); @@ -745,6 +767,8 @@ public class FormAuthenticationHandler extends AbstractAuthenticationHandler { this.includeLoginForm = OsgiUtil.toBoolean(properties.get(PAR_INCLUDE_FORM), DEFAULT_INCLUDE_FORM); + this.loginAfterExpire = OsgiUtil.toBoolean(properties.get(PAR_LOGIN_AFTER_EXPIRE), DEFAULT_LOGIN_AFTER_EXPIRE); + } protected void deactivate( -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
