| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.sling.auth.core; |
| |
| import javax.servlet.http.HttpServletRequest; |
| import javax.servlet.http.HttpServletResponse; |
| |
| import org.osgi.annotation.versioning.ProviderType; |
| |
| /** |
| * The <code>AuthenticationSupport</code> provides the service API used to |
| * implement the <code>HttpContext.handleSecurity</code> method as defined in |
| * the OSGi Http Service specification. |
| * <p> |
| * Bundles registering servlets and/or resources with custom |
| * <code>HttpContext</code> implementations may implement the |
| * <code>handleSecurity</code> method using this service. The |
| * {@link #handleSecurity(HttpServletRequest, HttpServletResponse)} method |
| * implemented by this service exactly implements the specification of the |
| * <code>HttpContext.handleSecurity</code> method. |
| * <p> |
| * A simple implementation of the <code>HttpContext</code> interface based on |
| * this could be (using SCR JavaDoc tags of the Maven SCR Plugin) : |
| * |
| * <pre> |
| * /** @scr.component */ |
| * public class MyHttpContext implements HttpContext { |
| * /** @scr.reference */ |
| * private AuthenticationSupport authSupport; |
| * |
| * /** @scr.reference */ |
| * private MimeTypeService mimeTypes; |
| * |
| * public boolean handleSecurity(HttpServletRequest request, |
| * HttpServletResponse response) { |
| * return authSupport.handleSecurity(request, response); |
| * } |
| * |
| * public URL getResource(String name) { |
| * return null; |
| * } |
| * |
| * public String getMimeType(String name) { |
| * return mimeTypes.getMimeType(name); |
| * } |
| * } |
| * </pre> |
| * <p> |
| * This interface is implemented by this bundle and is not intended to be |
| * implemented by client bundles. |
| */ |
| @ProviderType |
| public interface AuthenticationSupport { |
| |
| /** |
| * The name under which this service is registered. |
| */ |
| static final String SERVICE_NAME = "org.apache.sling.auth.core.AuthenticationSupport"; |
| |
| /** |
| * The name of the request attribute set by the |
| * {@link #handleSecurity(HttpServletRequest, HttpServletResponse)} method |
| * if authentication succeeds and <code>true</code> is returned. |
| * <p> |
| * The request attribute is set to a Sling <code>ResourceResolver</code> |
| * attached to the JCR repository using the credentials provided by the |
| * request. |
| */ |
| static final String REQUEST_ATTRIBUTE_RESOLVER = "org.apache.sling.auth.core.ResourceResolver"; |
| |
| /** |
| * The name of the request attribute set by the {@link #handleSecurity(HttpServletRequest, HttpServletResponse)} method for the request |
| * URI that was resolved already. |
| * <p> |
| * The request attribute is set to a Sling <code>SlingUri</code> as provided by PathToUriMappingService.resolve(). |
| */ |
| static final String REQUEST_ATTRIBUTE_URI = "org.apache.sling.auth.core.SlingUri"; |
| |
| /** |
| * The name of the request parameter indicating where to redirect to after |
| * successful authentication (and optional impersonation). This parameter is |
| * respected if either anonymous authentication or regular authentication |
| * succeed. |
| * <p> |
| * If authentication fails, either because the credentials are wrong or |
| * because anonymous authentication fails or because anonymous |
| * authentication is not allowed for the request, the parameter is ignored |
| * and the |
| * {@link org.apache.sling.auth.core.spi.AuthenticationHandler#requestCredentials(HttpServletRequest, HttpServletResponse)} |
| * method is called to request authentication. |
| */ |
| static final String REDIRECT_PARAMETER = "sling.auth.redirect"; |
| |
| /** |
| * Handles security on behalf of a custom OSGi Http Service |
| * <code>HttpContext</code> instance extracting credentials from the request |
| * using any registered |
| * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} services. |
| * If the credentials can be extracted and used to log into the JCR |
| * repository this method sets the request attributes required by the OSGi |
| * Http Service specification plus the {@link #REQUEST_ATTRIBUTE_RESOLVER} |
| * attribute. |
| * |
| * @param request The HTTP request to be authenticated |
| * @param response The HTTP response to send any response to in case of |
| * problems. |
| * @return <code>true</code> if authentication succeeded and the request |
| * attributes are set. If <code>false</code> is returned the request |
| * is immediately terminated and no request attributes are set. |
| */ |
| boolean handleSecurity(HttpServletRequest request, |
| HttpServletResponse response); |
| |
| } |
