Google Git
Sign in
apache / sling-org-apache-sling-api / fde63ac99f51319ca841c70e1a23566e422e6a04 / . / src / main / java / org / apache / sling / api / auth / Authenticator.java
blob: a5fdbbb45dacad22d6f4de7728be81a0de98bb34 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.sling.api.auth;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.annotation.versioning.ProviderType;
/**
* The <code>Authenticator</code> interface defines the service interface which
* may be used by applications to enforce requests to be authenticated (see
* {@link #login(HttpServletRequest, HttpServletResponse)}) or to end enforced
* authentication (see {@link #logout(HttpServletRequest, HttpServletResponse)}
* ). As such this service may be looked at as the functionality to enable
* applications to log users in and out.
* <p>
* A very simple login script (using ESP here) could be implemented like this:
*
* <pre>
* var auth = sling.getService(org.apache.sling.commons.auth.Authenticator);
* if (auth != null) {
* try {
* auth.login(request, response);
* return; // we are done here
* } catch (e) {
* // probably NoAuthenticationHandler exception
* }
* }
* // Authenticator service is missing or no AuthenticationHandler
* ... do whatever you want to for error handling ...
* </pre>
* <p>
* Likewise implementing a logout script (ESP, too) is equally simple:
*
* <pre>
* if (request.authType) {
* // not logged in at all, no need to logout
* } else {
* var auth = sling.getService(org.apache.sling.commons.auth.Authenticator);
* if (auth != null) {
* auth.logout(request, response);
* } else {
* // handle the case of no Authenticator service to logout with
* }
* }
* </pre>
* <p>
* This interface is not intended to be implemented by applications but may be
* used to initiate the authentication process form a request processing servlet
* or script.
*
* @since 1.0 (Sling API Bundle 2.1.0)
*/
@ProviderType
public interface Authenticator {
/**
* The name under which this service is registered.
*/
static final String SERVICE_NAME = Authenticator.class.getName();
/**
* Name of the request attribute which may be set by the application to
* indicate to the {@link #login(HttpServletRequest, HttpServletResponse)}
* method to which resource access should actually be authenticated. If this
* request attribute is not set or is the empty string, the
* {@link #login(HttpServletRequest, HttpServletResponse)} method uses the
* request path info (<code>HttpServletRequest.getPathInfo()</code>) method
* to find the resource to which to authenticate access.
* <p>
* This request attribute can be used by frontend servlets/scripts which
* call into {@link #login(HttpServletRequest, HttpServletResponse)} on
* behalf of users.
*/
static final String LOGIN_RESOURCE = "resource";
/**
* Tries to login a request user for the current request.
* <p>
* To identify the resource to which access should be authenticated the
* <code>{@link #LOGIN_RESOURCE resource}</code> request attribute is
* considered. If the request attribute is not set the request path info (
* <code>HttpServletRequest.getPathInfo()</code>) is used.
* <p>
* This method must be called on an uncommitted response since the
* implementation may want to reset the response to start the authentication
* process with a clean response. If the response is already committed an
* <code>IllegalStateException</code> is thrown.
* <p>
* After this method has finished, request processing should be terminated
* and the response be considered committed and finished unless the
* {@link NoAuthenticationHandlerException} exception is thrown in which
* case no response has been sent to the client.
*
* @param request The object representing the client request.
* @param response The object representing the response to the client.
* @throws NoAuthenticationHandlerException If the service cannot find a way
* to authenticate a request user.
* @throws IllegalStateException If the response has already been committed.
*/
void login(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response);
/**
* Logs out if the current request is authenticated.
* <p>
* This method must be called on an uncommitted response since the
* implementation may want to reset the response to restart the
* authentication process with a clean response. If the response is already
* committed an <code>IllegalStateException</code> is thrown.
* <p>
* After this method has finished, request processing should be terminated
* and the response be considered committed and finished.
*
* @param request The object representing the client request.
* @param response The object representing the response to the client.
* @throws IllegalStateException If the response has already been committed.
*/
void logout(@Nonnull HttpServletRequest request, @Nonnull HttpServletResponse response);
}