Author: buildbot Date: Tue Nov 3 12:55:21 2015 New Revision: 971184 Log: Staging update by buildbot for sling
Modified: websites/staging/sling/trunk/content/ (props changed) websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html Propchange: websites/staging/sling/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Tue Nov 3 12:55:21 2015 @@ -1 +1 @@ -1712247 +1712284 Modified: websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html ============================================================================== --- websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html (original) +++ websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html Tue Nov 3 12:55:21 2015 @@ -213,15 +213,23 @@ h2:hover > .headerlink, h3:hover > .head <h4 id="anonymous-login">Anonymous Login<a class="headerlink" href="#anonymous-login" title="Permanent link">¶</a></h4> <p>The <code>SlingAuthenticator</code> provides high level of control with respect to allowing anonymous requests or requiring authentication up front:</p> <ul> -<li>Global setting of whether anonymous requests are allowed or not. This is the value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code> configuration. This property is supported for backwards compatibility and defaults to <code>true</code> (allowing anonymous access).</li> -<li>Specific configuration per URL. The <em>Authentication Requirements</em> (<code>sling.auth.requirements</code>) property of the <code>SlingAuthenticator</code> configuration may provide a list of URLs for which authentication may be required or not: Any entry prefixed with a dash <code>-</code> defines a subtree for which authentication is not required. Any entry not prefixed with a dash or prefixed with a plus <code>+</code> defines a subtree for which authentication is required up front and thus anonymous access is not allowed. This list is empty by default.</li> +<li>Global setting of whether anonymous requests are allowed or not. This is the boolean value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code> configuration. This property is supported for backwards compatibility and defaults to <code>true</code> (allowing anonymous access). Setting it to <code>true</code> is a shortcut for setting <code>sling.auth.requirements</code> to <code>-/</code>.</li> +<li>Specific configuration per URL. The <em>Authentication Requirements</em> (<code>sling.auth.requirements</code>) property of the <code>SlingAuthenticator</code> configuration may provide a list of URLs for which authentication may be required or not: Any entry prefixed with a dash <code>-</code> defines a request path prefix for which authentication is not required. Any entry not prefixed with a dash or prefixed with a plus <code>+</code> defines a subtree for which authentication is required up front and thus anonymous access is not allowed. This list is empty by default.</li> <li>Any OSGi service may provide a <code>sling.auth.requirements</code> registration property which is used to dynamically extend the authentication requirements from the <em>Authentication Requirements</em> configuration. This may for example be set by <code>AuthenticationHandler</code> implementations providing a login form to ensure access to the login form does not require authentication. The value of this property is a single string, an array of strings or a Collection of strings and is formatted in the same way as the <em>Authentication Requirements</em> configuration property.</li> </ul> -<p>The URLs set on the <em>Authentication Requirements</em> configuration property or the <code>sling.auth.requirements</code> service registration property can be absolute paths or URLs like the <code>path</code> service registration property of <code>AuthenticationHandler</code> services. This allows the limitation of this setup to certain requests by scheme and/or virtual host address.</p> +<p>The values set on the <em>Authentication Requirements</em> configuration property or the <code>sling.auth.requirements</code> service registration property can be absolute paths or URLs like the <code>path</code> service registration property of <code>AuthenticationHandler</code> services. This allows the limitation of this setup to certain requests by scheme and/or virtual host address. The requests path (<code>HttpServletRequest.getServletPath()</code> + <code>HttpServletRequest.getPathInfo()</code>) is afterwards matched against the given paths. It matches if it starts with one of the given paths.</p> <p><strong>Examples</strong></p> <ul> <li> -<p>The <code>LoginServlet</code> contained in the Sling Auth Core bundle registers itself with the service registration property <code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the servlet can be accessed without requiring authentication.</p> +<p>The <code>LoginServlet</code> contained in the Sling Auth Core bundle registers itself with the service registration property <code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the servlet can be accessed without requiring authentication. The following request urls would work then without authentication:</p> +</li> +<li> +<p>/system/sling/login</p> +</li> +<li>/system/sling/login.html</li> +<li>/system/sling/login/somesuffix</li> +<li> +<p>/system/sling/login-test (if this is not desired, you have to use a restriction like this: <code>sling.auth.requirements = "-/system/sling/login"</code>)</p> </li> <li> <p>An authentication handler may register itself with the service registration property <code>sling.auth.requirements = "-/apps/sample/loginform"</code> to ensure the login form can be rendered without requiring authentication.</p> @@ -265,7 +273,7 @@ h2:hover > .headerlink, h3:hover > .head </ol> <p>Unlike for the <code>login</code> method in the <code>logout</code> method case all <code>AuthenticationHandler</code> services selected in the first step are called. If none can be selected or none can actually handle the <code>dropCredentials</code> request, the <code>logout</code> silently returns.</p> <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;"> - Rev. 1593323 by olli on Thu, 8 May 2014 16:33:44 +0000 + Rev. 1712284 by kwin on Tue, 3 Nov 2015 12:55:01 +0000 </div> <div class="trademarkFooter"> Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project