org.apache.sling.auth.form.impl

Class FormAuthenticationHandler

java.lang.Object

org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler

org.apache.sling.auth.form.impl.FormAuthenticationHandler

All Implemented Interfaces:

org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler, org.apache.sling.auth.core.spi.AuthenticationHandler

public class FormAuthenticationHandler
extends org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler
implements org.apache.sling.auth.core.spi.AuthenticationHandler

The FormAuthenticationHandler class implements the authorization steps based on a cookie.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.sling.auth.core.spi.AuthenticationHandler

org.apache.sling.auth.core.spi.AuthenticationHandler.FAILURE_REASON_CODES

Field Summary

Fields inherited from interface org.apache.sling.auth.core.spi.AuthenticationHandler

FAILURE_REASON, FAILURE_REASON_CODE, PATH_PROPERTY, REQUEST_LOGIN_PARAMETER, SERVICE_NAME, TYPE_PROPERTY

Constructor Summary

Constructors

Constructor and Description
FormAuthenticationHandler()

Method Summary

Modifier and Type	Method and Description
protected void	activate(FormAuthenticationHandlerConfig config, org.osgi.service.component.ComponentContext componentContext) Called by SCR to activate the authentication handler.
void	authenticationFailed(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.apache.sling.auth.core.spi.AuthenticationInfo authInfo) Called after an unsuccessful login attempt.
boolean	authenticationSucceeded(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.apache.sling.auth.core.spi.AuthenticationInfo authInfo) Called after successful login with the given authentication info.
protected void	deactivate()
void	dropCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Clears all authentication state which might have been prepared by this authentication handler.
org.apache.sling.auth.core.spi.AuthenticationInfo	extractCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Extracts cookie/session based credentials from the request.
boolean	isValid(javax.jcr.Credentials credentials)
boolean	requestCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Unless the sling:authRequestLogin to anything other than Form this method either sends back a 403/FORBIDDEN response if the j_verify parameter is set to true or redirects to the login form to ask for credentials.
String	toString()

Methods inherited from class org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler

handleRedirect

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

FormAuthenticationHandler

public FormAuthenticationHandler()

Method Detail

extractCredentials

public org.apache.sling.auth.core.spi.AuthenticationInfo extractCredentials(javax.servlet.http.HttpServletRequest request,
                                                                            javax.servlet.http.HttpServletResponse response)

Extracts cookie/session based credentials from the request. Returns null if the handler assumes HTTP Basic authentication would be more appropriate, if no form fields are present in the request and if the secure user data is not present either in the cookie or an HTTP Session.

Specified by:

extractCredentials in interface org.apache.sling.auth.core.spi.AuthenticationHandler

requestCredentials

public boolean requestCredentials(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response)
                           throws IOException

Unless the sling:authRequestLogin to anything other than Form this method either sends back a 403/FORBIDDEN response if the j_verify parameter is set to true or redirects to the login form to ask for credentials.

This method assumes the j_verify request parameter to only be set in the initial username/password submission through the login form. No further checks are applied, though, before sending back the 403/FORBIDDEN response.

Specified by:

requestCredentials in interface org.apache.sling.auth.core.spi.AuthenticationHandler

Throws:

IOException

dropCredentials

public void dropCredentials(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response)

Clears all authentication state which might have been prepared by this authentication handler.

Specified by:

dropCredentials in interface org.apache.sling.auth.core.spi.AuthenticationHandler

authenticationFailed

public void authenticationFailed(javax.servlet.http.HttpServletRequest request,
                                 javax.servlet.http.HttpServletResponse response,
                                 org.apache.sling.auth.core.spi.AuthenticationInfo authInfo)

Called after an unsuccessful login attempt. This implementation makes sure the authentication data is removed either by removing the cookie or by remove the HTTP Session attribute.

Specified by:

authenticationFailed in interface org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler

Overrides:

authenticationFailed in class org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler

authenticationSucceeded

public boolean authenticationSucceeded(javax.servlet.http.HttpServletRequest request,
                                       javax.servlet.http.HttpServletResponse response,
                                       org.apache.sling.auth.core.spi.AuthenticationInfo authInfo)

Called after successful login with the given authentication info. This implementation ensures the authentication data is set in either the cookie or the HTTP session with the correct security tokens.

If no authentication data already exists, it is created. Otherwise if the data has expired the data is updated with a new security token and a new expiry time.

If creating or updating the authentication data fails, it is actually removed from the cookie or the HTTP session and future requests will not be authenticated any longer.

Specified by:

authenticationSucceeded in interface org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler

Overrides:

authenticationSucceeded in class org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler

toString

public String toString()

Overrides:

toString in class Object

isValid

public boolean isValid(javax.jcr.Credentials credentials)

activate

protected void activate(FormAuthenticationHandlerConfig config,
                        org.osgi.service.component.ComponentContext componentContext)
                 throws InvalidKeyException,
                        NoSuchAlgorithmException,
                        IllegalStateException,
                        UnsupportedEncodingException

Called by SCR to activate the authentication handler.

Throws:

InvalidKeyException

NoSuchAlgorithmException

IllegalStateException

UnsupportedEncodingException

deactivate

protected void deactivate()