src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationHandler.java - sling-org-apache-sling-auth-core - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.sling.auth.core.spi;

 import java.io.IOException;
 import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.apache.sling.auth.core.AuthUtil;

 /**
  * The <code>AbstractAuthenticationHandler</code> implements the
  * <code>AuthenticationHandler</code> interface and extends the
  * {@link DefaultAuthenticationFeedbackHandler} providing some helper methods
  * which may be used by authentication handlers.
  *
  * @deprecated since Bundle 1.0.8; {@link AuthenticationHandler} implementations
  *             should extend {@link DefaultAuthenticationFeedbackHandler}
  *             directly and use the utility methods in the {@link AuthUtil}
  *             class.
  */
 @Deprecated
 public abstract class AbstractAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements
         AuthenticationHandler {

     /**
      * Returns the value of the named request attribute or parameter as a string
      * as follows:
      * <ol>
      * <li>If there is a request attribute of that name, which is a non-empty
      * string, it is returned.</li>
      * <li>If there is a non-empty request parameter of
      * that name, this parameter is returned.
      * </li>
      * <li>Otherwise the <code>defaultValue</code> is returned.</li>
      * </ol>
      *
      * @param request The request from which to return the attribute or request
      *            parameter
      * @param name The name of the attribute/parameter
      * @param defaultValue The default value to use if neither a non-empty
      *            string attribute or a non-empty parameter exists in the
      *            request.
      * @return The attribute, parameter or <code>defaultValue</code> as defined
      *         above.
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#getAttributeOrParameter(HttpServletRequest, String, String)}
      */
     @Deprecated
     public static String getAttributeOrParameter(final HttpServletRequest request, final String name,
             final String defaultValue) {
         return AuthUtil.getAttributeOrParameter(request, name, defaultValue);
     }

     /**
      * Returns any resource target to redirect to after successful
      * authentication. This method either returns a non-empty string or the
      * <code>defaultLoginResource</code> parameter. First the
      * <code>resource</code> request attribute is checked. If it is a non-empty
      * string, it is returned. Second the <code>resource</code> request
      * parameter is checked and returned if it is a non-empty string.
      *
      * @param request The request providing the attribute or parameter
      * @param defaultLoginResource The default login resource value
      * @return The non-empty redirection target or
      *         <code>defaultLoginResource</code>.
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#getLoginResource(HttpServletRequest, String)}
      */
     @Deprecated
     public static String getLoginResource(final HttpServletRequest request, String defaultLoginResource) {
         return AuthUtil.getLoginResource(request, defaultLoginResource);
     }

     /**
      * Ensures and returns the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE} request
      * attribute is set to a non-null, non-empty string. If the attribute is not
      * currently set, this method sets it as follows:
      * <ol>
      * <li>If the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE} request parameter is set
      * to a non-empty string, that parameter is set</li>
      * <li>Otherwise if the <code>defaultValue</code> is a non-empty string the
      * default value is used</li>
      * <li>Otherwise the attribute is set to "/"</li>
      * </ol>
      *
      * @param request The request to check for the resource attribute
      * @param defaultValue The default value to use if the attribute is not set
      *            and the request parameter is not set. This parameter is
      *            ignored if it is <code>null</code> or an empty string.
      * @return returns the value of resource request attribute
      * @since 1.0.2 (Bundle version 1.0.4)
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#setLoginResourceAttribute(HttpServletRequest, String)}
      */
     @Deprecated
     public static String setLoginResourceAttribute(final HttpServletRequest request, final String defaultValue) {
         return AuthUtil.setLoginResourceAttribute(request, defaultValue);
     }

     /**
      * Redirects to the given target path appending any parameters provided in
      * the parameter map.
      * <p>
      * This method implements the following functionality:
      * <ul>
      * <li>The target path is prefixed with the request's context path to ensure
      * proper redirection into the same web application. Therefore the
      * <code>target</code> path parameter must not be prefixed with the context
      * path.</li>
      * <li>If the <code>params</code> map does not contain a (non-
      * <code>null</code>) value for the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE
      * resource} entry, such an entry is generated from the request URI and the
      * (optional) query string of the given <code>request</code>.</li>
      * <li>The parameters from the <code>params</code> map or at least a single
      * {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE resource} parameter are added to the
      * target path for the redirect. Each parameter value is encoded using the
      * <code>java.net.URLEncoder</code> with UTF-8 encoding to make it safe for
      * requests</li>
      * </ul>
      *
      * @param request The request object used to get the current request URI and
      *            request query string if the <code>params</code> map does not
      *            have the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE resource}
      *            parameter set.
      * @param response The response used to send the redirect to the client.
      * @param target The target path to redirect the client to. This parameter
      *            must not be prefixed with the request's context path because
      *            this will be added by this method. If this parameter is not a
      *            valid target request as per the
      *            {@link #isRedirectValid(HttpServletRequest, String)} method
      *            the target is modified to be the root of the request's
      *            context.
      * @param params The map of parameters to be added to the target path. This
      *            may be <code>null</code>.
      * @throws IOException If an error occurs sending the redirect request
      * @throws IllegalStateException If the response was committed or if a
      *             partial URL is given and cannot be converted into a valid URL
      * @throws InternalError If the UTF-8 character encoding is not supported by
      *             the platform. This should not be caught, because it is a real
      *             problem if the encoding required by the specification is
      *             missing.
      * @since 1.0.2 (Bundle version 1.0.4)
      * @since 1.0.4 (bundle version 1.0.8) the target is validated with the
      *        {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}
      *        method.
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#sendRedirect(HttpServletRequest, HttpServletResponse, String, Map)}
      */
     @Deprecated
     public static void sendRedirect(final HttpServletRequest request, final HttpServletResponse response,
             final String target, Map<String, String> params) throws IOException {
         AuthUtil.sendRedirect(request, response, request.getContextPath() + target, params);
     }

     /**
      * This method calls
      * {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}.
      *
      * @deprecated This method has been introduced after Bundle release 1.0.6
      *             but has been replaced with
      *             {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}.
      *             Use the latter method.
      */
     @Deprecated
     public static boolean isRedirectValid(final HttpServletRequest request, final String target) {
         return AuthUtil.isRedirectValid(request, target);
     }

     /**
      * Returns <code>true</code> if the the client just asks for validation of
      * submitted username/password credentials.
      * <p>
      * This implementation returns <code>true</code> if the request parameter
      * {@link org.apache.sling.auth.core.AuthConstants#PAR_J_VALIDATE} is set to <code>true</code> (case-insensitve). If
      * the request parameter is not set or to any value other than
      * <code>true</code> this method returns <code>false</code>.
      *
      * @param request The request to provide the parameter to check
      * @return <code>true</code> if the {@link org.apache.sling.auth.core.AuthConstants#PAR_J_VALIDATE} parameter is set
      *         to <code>true</code>.
      * @since 1.0.2 (Bundle version 1.0.4)
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#isValidateRequest(HttpServletRequest)}
      */
     @Deprecated
     public static boolean isValidateRequest(final HttpServletRequest request) {
         return AuthUtil.isValidateRequest(request);
     }

     /**
      * Sends a 200/OK response to a credential validation request.
      *
      * @param response The response object
      * @since 1.0.2 (Bundle version 1.0.4)
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#sendValid(HttpServletResponse)}
      */
     @Deprecated
     public static void sendValid(final HttpServletResponse response) {
         AuthUtil.sendValid(response);
     }

     /**
      * Sends a 403/FORBIDDEN response optionally stating the reason for this
      * response code in the {@link org.apache.sling.auth.core.AuthConstants#X_REASON} header. The value for the
      * {@link org.apache.sling.auth.core.AuthConstants#X_REASON} header is taken from
      * {@link AuthenticationHandler#FAILURE_REASON} request attribute if set.
      *
      * @param request The request object
      * @param response The response object
      * @since 1.0.2 (Bundle version 1.0.4)
      * @deprecated since Bundle 1.0.8, use
      *             {@link AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)}
      */
     @Deprecated
     public static void sendInvalid(final HttpServletRequest request, final HttpServletResponse response) {
         AuthUtil.sendInvalid(request, response);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.sling.auth.core.spi;

	import java.io.IOException;
	import java.util.Map;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;

	import org.apache.sling.auth.core.AuthUtil;

	/**
	* The <code>AbstractAuthenticationHandler</code> implements the
	* <code>AuthenticationHandler</code> interface and extends the
	* {@link DefaultAuthenticationFeedbackHandler} providing some helper methods
	* which may be used by authentication handlers.
	*
	* @deprecated since Bundle 1.0.8; {@link AuthenticationHandler} implementations
	* should extend {@link DefaultAuthenticationFeedbackHandler}
	* directly and use the utility methods in the {@link AuthUtil}
	* class.
	*/
	@Deprecated
	public abstract class AbstractAuthenticationHandler extends DefaultAuthenticationFeedbackHandler implements
	AuthenticationHandler {

	/**
	* Returns the value of the named request attribute or parameter as a string
	* as follows:
	* <ol>
	* <li>If there is a request attribute of that name, which is a non-empty
	* string, it is returned.</li>
	* <li>If there is a non-empty request parameter of
	* that name, this parameter is returned.
	* </li>
	* <li>Otherwise the <code>defaultValue</code> is returned.</li>
	* </ol>
	*
	* @param request The request from which to return the attribute or request
	* parameter
	* @param name The name of the attribute/parameter
	* @param defaultValue The default value to use if neither a non-empty
	* string attribute or a non-empty parameter exists in the
	* request.
	* @return The attribute, parameter or <code>defaultValue</code> as defined
	* above.
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#getAttributeOrParameter(HttpServletRequest, String, String)}
	*/
	@Deprecated
	public static String getAttributeOrParameter(final HttpServletRequest request, final String name,
	final String defaultValue) {
	return AuthUtil.getAttributeOrParameter(request, name, defaultValue);
	}

	/**
	* Returns any resource target to redirect to after successful
	* authentication. This method either returns a non-empty string or the
	* <code>defaultLoginResource</code> parameter. First the
	* <code>resource</code> request attribute is checked. If it is a non-empty
	* string, it is returned. Second the <code>resource</code> request
	* parameter is checked and returned if it is a non-empty string.
	*
	* @param request The request providing the attribute or parameter
	* @param defaultLoginResource The default login resource value
	* @return The non-empty redirection target or
	* <code>defaultLoginResource</code>.
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#getLoginResource(HttpServletRequest, String)}
	*/
	@Deprecated
	public static String getLoginResource(final HttpServletRequest request, String defaultLoginResource) {
	return AuthUtil.getLoginResource(request, defaultLoginResource);
	}

	/**
	* Ensures and returns the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE} request
	* attribute is set to a non-null, non-empty string. If the attribute is not
	* currently set, this method sets it as follows:
	* <ol>
	* <li>If the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE} request parameter is set
	* to a non-empty string, that parameter is set</li>
	* <li>Otherwise if the <code>defaultValue</code> is a non-empty string the
	* default value is used</li>
	* <li>Otherwise the attribute is set to "/"</li>
	* </ol>
	*
	* @param request The request to check for the resource attribute
	* @param defaultValue The default value to use if the attribute is not set
	* and the request parameter is not set. This parameter is
	* ignored if it is <code>null</code> or an empty string.
	* @return returns the value of resource request attribute
	* @since 1.0.2 (Bundle version 1.0.4)
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#setLoginResourceAttribute(HttpServletRequest, String)}
	*/
	@Deprecated
	public static String setLoginResourceAttribute(final HttpServletRequest request, final String defaultValue) {
	return AuthUtil.setLoginResourceAttribute(request, defaultValue);
	}

	/**
	* Redirects to the given target path appending any parameters provided in
	* the parameter map.
	* <p>
	* This method implements the following functionality:
	* <ul>
	* <li>The target path is prefixed with the request's context path to ensure
	* proper redirection into the same web application. Therefore the
	* <code>target</code> path parameter must not be prefixed with the context
	* path.</li>
	* <li>If the <code>params</code> map does not contain a (non-
	* <code>null</code>) value for the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE
	* resource} entry, such an entry is generated from the request URI and the
	* (optional) query string of the given <code>request</code>.</li>
	* <li>The parameters from the <code>params</code> map or at least a single
	* {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE resource} parameter are added to the
	* target path for the redirect. Each parameter value is encoded using the
	* <code>java.net.URLEncoder</code> with UTF-8 encoding to make it safe for
	* requests</li>
	* </ul>
	*
	* @param request The request object used to get the current request URI and
	* request query string if the <code>params</code> map does not
	* have the {@link org.apache.sling.api.auth.Authenticator#LOGIN_RESOURCE resource}
	* parameter set.
	* @param response The response used to send the redirect to the client.
	* @param target The target path to redirect the client to. This parameter
	* must not be prefixed with the request's context path because
	* this will be added by this method. If this parameter is not a
	* valid target request as per the
	* {@link #isRedirectValid(HttpServletRequest, String)} method
	* the target is modified to be the root of the request's
	* context.
	* @param params The map of parameters to be added to the target path. This
	* may be <code>null</code>.
	* @throws IOException If an error occurs sending the redirect request
	* @throws IllegalStateException If the response was committed or if a
	* partial URL is given and cannot be converted into a valid URL
	* @throws InternalError If the UTF-8 character encoding is not supported by
	* the platform. This should not be caught, because it is a real
	* problem if the encoding required by the specification is
	* missing.
	* @since 1.0.2 (Bundle version 1.0.4)
	* @since 1.0.4 (bundle version 1.0.8) the target is validated with the
	* {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}
	* method.
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#sendRedirect(HttpServletRequest, HttpServletResponse, String, Map)}
	*/
	@Deprecated
	public static void sendRedirect(final HttpServletRequest request, final HttpServletResponse response,
	final String target, Map<String, String> params) throws IOException {
	AuthUtil.sendRedirect(request, response, request.getContextPath() + target, params);
	}

	/**
	* This method calls
	* {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}.
	*
	* @deprecated This method has been introduced after Bundle release 1.0.6
	* but has been replaced with
	* {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}.
	* Use the latter method.
	*/
	@Deprecated
	public static boolean isRedirectValid(final HttpServletRequest request, final String target) {
	return AuthUtil.isRedirectValid(request, target);
	}

	/**
	* Returns <code>true</code> if the the client just asks for validation of
	* submitted username/password credentials.
	* <p>
	* This implementation returns <code>true</code> if the request parameter
	* {@link org.apache.sling.auth.core.AuthConstants#PAR_J_VALIDATE} is set to <code>true</code> (case-insensitve). If
	* the request parameter is not set or to any value other than
	* <code>true</code> this method returns <code>false</code>.
	*
	* @param request The request to provide the parameter to check
	* @return <code>true</code> if the {@link org.apache.sling.auth.core.AuthConstants#PAR_J_VALIDATE} parameter is set
	* to <code>true</code>.
	* @since 1.0.2 (Bundle version 1.0.4)
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#isValidateRequest(HttpServletRequest)}
	*/
	@Deprecated
	public static boolean isValidateRequest(final HttpServletRequest request) {
	return AuthUtil.isValidateRequest(request);
	}

	/**
	* Sends a 200/OK response to a credential validation request.
	*
	* @param response The response object
	* @since 1.0.2 (Bundle version 1.0.4)
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#sendValid(HttpServletResponse)}
	*/
	@Deprecated
	public static void sendValid(final HttpServletResponse response) {
	AuthUtil.sendValid(response);
	}

	/**
	* Sends a 403/FORBIDDEN response optionally stating the reason for this
	* response code in the {@link org.apache.sling.auth.core.AuthConstants#X_REASON} header. The value for the
	* {@link org.apache.sling.auth.core.AuthConstants#X_REASON} header is taken from
	* {@link AuthenticationHandler#FAILURE_REASON} request attribute if set.
	*
	* @param request The request object
	* @param response The response object
	* @since 1.0.2 (Bundle version 1.0.4)
	* @deprecated since Bundle 1.0.8, use
	* {@link AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)}
	*/
	@Deprecated
	public static void sendInvalid(final HttpServletRequest request, final HttpServletResponse response) {
	AuthUtil.sendInvalid(request, response);
	}
	}