This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.auth.form-1.0.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-form.git
commit d3222a7e7e13176f6ba2b5965e62b9f743ab4ded Author: Felix Meschberger <[email protected]> AuthorDate: Tue Jul 27 12:33:51 2010 +0000 SLING-1575 Adapt Form and OpenID authentication handler to use new abstract form servlet and authentication handler git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/formauth@979669 13f79535-47bb-0310-9956-ffa450edef68 --- .../formauth/impl/AuthenticationFormServlet.java | 164 +-------------------- .../formauth/impl/FormAuthenticationHandler.java | 43 +----- 2 files changed, 10 insertions(+), 197 deletions(-) diff --git a/src/main/java/org/apache/sling/formauth/impl/AuthenticationFormServlet.java b/src/main/java/org/apache/sling/formauth/impl/AuthenticationFormServlet.java index 233f48c..a2c1d1b 100644 --- a/src/main/java/org/apache/sling/formauth/impl/AuthenticationFormServlet.java +++ b/src/main/java/org/apache/sling/formauth/impl/AuthenticationFormServlet.java @@ -18,15 +18,8 @@ */ package org.apache.sling.formauth.impl; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.Reader; - -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import org.apache.sling.commons.auth.spi.AbstractAuthenticationFormServlet; import org.apache.sling.formauth.FormReason; /** @@ -34,16 +27,15 @@ import org.apache.sling.formauth.FormReason; * used for Form Based Authentication. * * @scr.component metatype="no" - * @scr.service interface="javax.servlet.Servlet" * @scr.property name="service.vendor" value="The Apache Software Foundation" * @scr.property name="service.description" * value="Default Login Form for Form Based Authentication" */ @SuppressWarnings("serial") -public class AuthenticationFormServlet extends HttpServlet { +public class AuthenticationFormServlet extends AbstractAuthenticationFormServlet { /** - * The constant is sued to provide the service registration path + * The constant is used to provide the service registration path * * @scr.property name="sling.servlet.paths" */ @@ -58,108 +50,6 @@ public class AuthenticationFormServlet extends HttpServlet { @SuppressWarnings("unused") private static final String AUTH_REQUIREMENT = "-" + SERVLET_PATH; - private static final String DEFAULT_FORM_PATH = "login.html"; - - private static final String CUSTOM_FORM_PATH = "custom_login.html"; - - /** - * The raw form used by the {@link #getForm(HttpServletRequest)} method to - * fill in with per-request data. This field is set by the - * {@link #getRawForm()} method when first loading the form. - */ - private volatile String rawForm; - - /** - * Prepares and returns the login form. The response is sent as an UTF-8 - * encoded <code>text/html</code> page with all known cache control headers - * set to prevent all caching. - * <p> - * This servlet is to be called to handle the request directly, that is it - * expected to not be included and for the response to not be committed yet - * because it first resets the response. - * - * @throws IOException if an error occurrs preparing or sending back the - * login form - * @throws IllegalStateException if the response has already been committed - * and thus response reset is not possible. - */ - @Override - protected void doGet(HttpServletRequest request, - HttpServletResponse response) throws IOException { - handle(request, response); - } - - /** - * Prepares and returns the login form. The response is sent as an UTF-8 - * encoded <code>text/html</code> page with all known cache control headers - * set to prevent all caching. - * <p> - * This servlet is to be called to handle the request directly, that is it - * expected to not be included and for the response to not be committed yet - * because it first resets the response. - * - * @throws IOException if an error occurrs preparing or sending back the - * login form - * @throws IllegalStateException if the response has already been committed - * and thus response reset is not possible. - */ - @Override - protected void doPost(HttpServletRequest request, - HttpServletResponse response) throws IOException { - handle(request, response); - } - - private void handle(HttpServletRequest request, HttpServletResponse response) throws IOException { - // reset the response first - response.reset(); - - // setup the response for HTML and cache prevention - response.setContentType("text/html"); - response.setCharacterEncoding("UTF-8"); - response.setHeader("Cache-Control", "no-cache"); - response.addHeader("Cache-Control", "no-store"); - response.setHeader("Pragma", "no-cache"); - response.setHeader("Expires", "0"); - - // send the form and flush - response.getWriter().print(getForm(request)); - response.flushBuffer(); - } - - /** - * Returns the form to be sent back to the client for login providing an - * optional informational message and the optional target to redirect to - * after successfully logging in. - * - * @param request The request providing parameters indicating the - * informational message and redirection target. - * @return The login form to be returned to the client - * @throws IOException If the login form cannot be loaded - */ - private String getForm(final HttpServletRequest request) throws IOException { - String form = getRawForm(); - - form = form.replace("${resource}", getResource(request)); - form = form.replace("${j_reason}", getReason(request)); - form = form.replace("${requestContextPath}", request.getContextPath()); - - return form; - } - - /** - * Returns the path to the resource to which the request should be - * redirected after successfully completing the form or an empty string if - * there is no <code>resource</code> request parameter. - * - * @param request The request providing the <code>resource</code> parameter. - * @return The target to redirect after sucessfully login or an empty string - * if no specific target has been requested. - */ - private String getResource(final HttpServletRequest request) { - final String resource = FormAuthenticationHandler.getLoginResource(request); - return (resource == null) ? "" : resource; - } - /** * Returns an informational message according to the value provided in the * <code>j_reason</code> request parameter. Supported reasons are invalid @@ -169,7 +59,7 @@ public class AuthenticationFormServlet extends HttpServlet { * @return The "translated" reason to render the login form or an empty * string if there is no specific reason */ - private String getReason(final HttpServletRequest request) { + protected String getReason(final HttpServletRequest request) { // return the resource attribute if set to a non-empty string Object resObj = request.getAttribute(FormAuthenticationHandler.PAR_J_REASON); if (resObj instanceof FormReason) { @@ -190,50 +80,4 @@ public class AuthenticationFormServlet extends HttpServlet { return ""; } - - /** - * Load the raw unmodified form from the bundle (through the class loader). - * - * @return The raw form as a string - * @throws IOException If an error occurrs reading the "file" or if the - * class loader cannot provide the form data. - */ - private String getRawForm() throws IOException { - if (rawForm == null) { - InputStream ins = null; - try { - // try a custom login page first. - ins = getClass().getResourceAsStream(CUSTOM_FORM_PATH); - if (ins == null) { - // try the standard login page - ins = getClass().getResourceAsStream(DEFAULT_FORM_PATH); - } - - if (ins != null) { - StringBuilder builder = new StringBuilder(); - Reader r = new InputStreamReader(ins, "UTF-8"); - char[] cbuf = new char[1024]; - int rd = 0; - while ((rd = r.read(cbuf)) >= 0) { - builder.append(cbuf, 0, rd); - } - - rawForm = builder.toString(); - } - } finally { - if (ins != null) { - try { - ins.close(); - } catch (IOException ignore) { - } - } - } - - if (rawForm == null) { - throw new IOException("Failed reading form template"); - } - } - - return rawForm; - } } diff --git a/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java b/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java index d62b5a0..c902551 100644 --- a/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java +++ b/src/main/java/org/apache/sling/formauth/impl/FormAuthenticationHandler.java @@ -37,13 +37,12 @@ import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Base64; import org.apache.commons.lang.StringUtils; +import org.apache.sling.api.auth.Authenticator; import org.apache.sling.api.resource.LoginException; import org.apache.sling.api.resource.Resource; import org.apache.sling.api.resource.ResourceResolver; import org.apache.sling.api.resource.ResourceResolverFactory; -import org.apache.sling.commons.auth.Authenticator; -import org.apache.sling.commons.auth.spi.AuthenticationFeedbackHandler; -import org.apache.sling.commons.auth.spi.AuthenticationHandler; +import org.apache.sling.commons.auth.spi.AbstractAuthenticationHandler; import org.apache.sling.commons.auth.spi.AuthenticationInfo; import org.apache.sling.commons.auth.spi.DefaultAuthenticationFeedbackHandler; import org.apache.sling.commons.osgi.OsgiUtil; @@ -70,8 +69,7 @@ import org.slf4j.LoggerFactory; * private="true" * @scr.service */ -public class FormAuthenticationHandler implements AuthenticationHandler, - AuthenticationFeedbackHandler { +public class FormAuthenticationHandler extends AbstractAuthenticationHandler { /** * The name of the parameter providing the login form URL. @@ -346,7 +344,7 @@ public class FormAuthenticationHandler implements AuthenticationHandler, return true; } - String resource = getLoginResource(request); + String resource = getLoginResource(request, null); if (resource == null) { resource = request.getContextPath() + request.getPathInfo(); request.setAttribute(Authenticator.LOGIN_RESOURCE, resource); @@ -490,7 +488,7 @@ public class FormAuthenticationHandler implements AuthenticationHandler, // check whether redirect is requested by the resource parameter - final String resource = getLoginResource(request); + final String resource = getLoginResource(request, null); if (resource != null) { try { response.sendRedirect(resource); @@ -595,35 +593,6 @@ public class FormAuthenticationHandler implements AuthenticationHandler, } } - /** - * Returns any resource target to redirect to after successful - * authentication. This method either returns a non-empty string or - * <code>null</code>. First the <code>resource</code> request attribute is - * checked. If it is a non-empty string, it is returned. Second the - * <code>resource</code> request parameter is checked and returned if it is - * a non-empty string. - * - * @param request The request providing the attribute or parameter - * @return The non-empty redirection target or <code>null</code>. - */ - static String getLoginResource(final HttpServletRequest request) { - - // return the resource attribute if set to a non-empty string - Object resObj = request.getAttribute(Authenticator.LOGIN_RESOURCE); - if ((resObj instanceof String) && ((String) resObj).length() > 0) { - return (String) resObj; - } - - // return the resource parameter if not set or set to a non-empty value - final String resource = request.getParameter(Authenticator.LOGIN_RESOURCE); - if (resource == null || resource.length() > 0) { - return resource; - } - - // normalize empty resource string to null - return null; - } - // --------- Request Parameter Auth --------- private AuthenticationInfo extractRequestParameterAuthentication( @@ -647,7 +616,7 @@ public class FormAuthenticationHandler implements AuthenticationHandler, // authentication, otherwise the request may be processed // as a POST request to the j_security_check page (unless // the j_validate parameter is set) - if (getLoginResource(request) == null) { + if (getLoginResource(request, null) == null) { request.setAttribute(Authenticator.LOGIN_RESOURCE, "/"); } } -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
