This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.extensions.webconsolesecurityprovider-1.1.2 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-extensions-webconsolesecurityprovider.git
commit f56c18c6a1a4d7ef1dbb95e22ed708e5a927a6ad Author: Carsten Ziegeler <[email protected]> AuthorDate: Tue Dec 10 05:23:38 2013 +0000 SLING-3273 : Switch to login page if user is not allowed to access the web console git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/webconsolesecurityprovider@1549759 13f79535-47bb-0310-9956-ffa450edef68 --- .../internal/ServicesListener.java | 25 ++++++--- .../internal/SlingWebConsoleSecurityProvider2.java | 59 ++++++++++++---------- 2 files changed, 50 insertions(+), 34 deletions(-) diff --git a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java index 99d93d3..cb8663b 100644 --- a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java +++ b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/ServicesListener.java @@ -26,6 +26,7 @@ import java.util.concurrent.atomic.AtomicBoolean; import javax.jcr.Repository; import org.apache.felix.webconsole.WebConsoleSecurityProvider; +import org.apache.sling.api.auth.Authenticator; import org.apache.sling.auth.core.AuthenticationSupport; import org.apache.sling.launchpad.api.StartupListener; import org.apache.sling.launchpad.api.StartupMode; @@ -45,6 +46,7 @@ import org.osgi.service.cm.ManagedService; public class ServicesListener implements StartupListener { private static final String AUTH_SUPPORT_CLASS = AuthenticationSupport.class.getName(); + private static final String AUTHENTICATOR_CLASS = Authenticator.class.getName(); private static final String REPO_CLASS = Repository.class.getName(); /** The bundle context. */ @@ -56,6 +58,9 @@ public class ServicesListener implements StartupListener { /** The listener for the authentication support. */ private final Listener authSupportListener; + /** The listener for the authenticator. */ + private final Listener authListener; + private enum State { NONE, PROVIDER, @@ -81,8 +86,10 @@ public class ServicesListener implements StartupListener { this.bundleContext = bundleContext; this.authSupportListener = new Listener(AUTH_SUPPORT_CLASS); this.repositoryListener = new Listener(REPO_CLASS); + this.authListener = new Listener(AUTHENTICATOR_CLASS); this.authSupportListener.start(); this.repositoryListener.start(); + this.authListener.start(); } /** @@ -106,7 +113,7 @@ public class ServicesListener implements StartupListener { /** * @see org.apache.sling.launchpad.api.StartupListener#startupProgress(float) */ - public void startupProgress(float arg0) { + public void startupProgress(final float progress) { // nothing to do } @@ -116,16 +123,18 @@ public class ServicesListener implements StartupListener { public synchronized void notifyChange() { // check if all services are available final Object authSupport = this.startupFinished.get() ? this.authSupportListener.getService() : null; + final Object authenticator = this.startupFinished.get() ? this.authListener.getService() : null; + final boolean hasAuthServices = authSupport != null && authenticator != null; final Object repository = this.repositoryListener.getService(); if ( registrationState == State.NONE ) { - if ( authSupport != null ) { - registerProvider2(authSupport); + if ( hasAuthServices ) { + registerProvider2(authSupport, authenticator); } else if ( repository != null ) { registerProvider(repository); } } else if ( registrationState == State.PROVIDER ) { - if ( authSupport != null ) { - registerProvider2(authSupport); + if ( hasAuthServices ) { + registerProvider2(authSupport, authenticator); unregisterProvider(); } else if ( repository == null ) { unregisterProvider(); @@ -157,13 +166,14 @@ public class ServicesListener implements StartupListener { } } - private void registerProvider2(final Object authSupport) { + private void registerProvider2(final Object authSupport, final Object authenticator) { final Dictionary<String, Object> props = new Hashtable<String, Object>(); props.put(Constants.SERVICE_PID, SlingWebConsoleSecurityProvider.class.getName()); props.put(Constants.SERVICE_DESCRIPTION, "Apache Sling Web Console Security Provider 2"); props.put(Constants.SERVICE_VENDOR, "The Apache Software Foundation"); this.provider2Reg = this.bundleContext.registerService( - new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName()}, new SlingWebConsoleSecurityProvider2(authSupport), props); + new String[] {ManagedService.class.getName(), WebConsoleSecurityProvider.class.getName()}, + new SlingWebConsoleSecurityProvider2(authSupport, authenticator), props); this.registrationState = State.PROVIDER2; } @@ -183,6 +193,7 @@ public class ServicesListener implements StartupListener { public void deactivate() { this.repositoryListener.deactivate(); this.authSupportListener.deactivate(); + this.authListener.deactivate(); this.unregisterProvider(); this.unregisterProvider2(); } diff --git a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java index 7521fc9..8762a58 100644 --- a/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java +++ b/src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java @@ -31,6 +31,7 @@ import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; +import org.apache.sling.api.auth.Authenticator; import org.apache.sling.api.resource.ResourceResolver; import org.apache.sling.auth.core.AuthenticationSupport; @@ -50,17 +51,19 @@ public class SlingWebConsoleSecurityProvider2 extends AbstractWebConsoleSecurityProvider implements WebConsoleSecurityProvider2 { - private final AuthenticationSupport authenticator; + private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate"; - public SlingWebConsoleSecurityProvider2(final Object support) { - this.authenticator = (AuthenticationSupport)support; - } + private static final String AUTHENTICATION_SCHEME_BASIC = "Basic"; - private void invokeAuthenticator(final HttpServletRequest request, final HttpServletResponse response) { - final AuthenticationSupport localAuthenticator = this.authenticator; - if (localAuthenticator != null) { - localAuthenticator.handleSecurity(request, response); - } + private static final String DEFAULT_REALM = "OSGi Management Console"; //$NON-NLS-1$ + + private final AuthenticationSupport authentiationSupport; + + private final Authenticator authenticator; + + public SlingWebConsoleSecurityProvider2(final Object support, final Object authenticator) { + this.authentiationSupport = (AuthenticationSupport)support; + this.authenticator = (Authenticator)authenticator; } /** @@ -68,27 +71,29 @@ public class SlingWebConsoleSecurityProvider2 */ public boolean authenticate(final HttpServletRequest request, final HttpServletResponse response) { - invokeAuthenticator(request, response); - // get ResourceResolver (set by AuthenticationSupport) - Object resolverObject = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); - final ResourceResolver resolver = (resolverObject instanceof ResourceResolver) - ? (ResourceResolver) resolverObject - : null; - if ( resolver != null ) { - final Session session = resolver.adaptTo(Session.class); - if ( session != null ) { - try { - final User u = this.authenticate(session); - if ( u != null ) { - request.setAttribute(USER_ATTRIBUTE, u); - return true; + if ( this.authentiationSupport.handleSecurity(request, response) ) { + // get ResourceResolver (set by AuthenticationSupport) + Object resolverObject = request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER); + final ResourceResolver resolver = (resolverObject instanceof ResourceResolver) + ? (ResourceResolver) resolverObject + : null; + if ( resolver != null ) { + final Session session = resolver.adaptTo(Session.class); + if ( session != null ) { + try { + final User u = this.authenticate(session); + if ( u != null ) { + request.setAttribute(USER_ATTRIBUTE, u); + return true; + } + } catch (final Exception re) { + logger.info("authenticate: Generic problem trying grant User " + + " access to the Web Console", re); } - return false; - } catch (final Exception re) { - logger.info("authenticate: Generic problem trying grant User " - + " access to the Web Console", re); } } + + this.authenticator.login(request, response); } return false; } -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
