HTTPAuthHandler (Unnamed - com.day.cq.wcm:cq-wcm-javadoc:pom:5.1.16 5.1.16 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.day.cq.wcm.foundation.impl
Class HTTPAuthHandler

java.lang.Object
  com.day.cq.wcm.foundation.impl.HTTPAuthHandler

All Implemented Interfaces:: org.apache.sling.engine.auth.AuthenticationHandler

Direct Known Subclasses:: SsoAuthenticationHandler

public class HTTPAuthHandler
extends Object
implements org.apache.sling.engine.auth.AuthenticationHandler
extends Object
implements org.apache.sling.engine.auth.AuthenticationHandler

The HTTPAuthHandler class implements the authorization steps based on the Authorization header of the HTTP request. This authenticator should eventually support both BASIC and DIGEST authentication methods.

Field Summary
`protected org.slf4j.Logger`	`log` default log
`protected static String`	`REALM`

Fields inherited from interface org.apache.sling.engine.auth.AuthenticationHandler
`PATH_PROPERTY`

Constructor Summary
`HTTPAuthHandler()`

Method Summary
`protected void`	`activate(org.osgi.service.component.ComponentContext componentContext)`
`org.apache.sling.engine.auth.AuthenticationInfo`	`authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Extracts credential data from the request if at all contained.
`protected org.apache.sling.engine.auth.AuthenticationInfo`	`extractAuthentication(javax.servlet.http.HttpServletRequest request)` Extract the Base64 authentication string from the request
`boolean`	`requestAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Sends status `401` (Unauthorized) with a `WWW-Authenticate` requesting standard HTTP header authentication with the `Basic` scheme and the configured realm name.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

REALM

protected static final String REALM

See Also:: Constant Field Values

log

protected final org.slf4j.Logger log

default log

Constructor Detail

HTTPAuthHandler

public HTTPAuthHandler()

Method Detail

authenticate

public org.apache.sling.engine.auth.AuthenticationInfo authenticate(javax.servlet.http.HttpServletRequest request,
                                                                    javax.servlet.http.HttpServletResponse response)

Extracts credential data from the request if at all contained. This check is only based on the original request object, no URI translation has taken place yet.

The method returns any of the following values :

value	description
`null`	no user details were contained in the request
`AuthenticationInfo.DOING_AUTH`	the handler is in an ongoing authentication exchange with the client. The request handling is terminated.
valid credentials	The user sent credentials.

The method must not request credential information from the client, if they are not found in the request.

Note : The implementation should pay special attention to the fact, that the request may be for an included servlet, in which case the values for some URI specific values are contained in javax.servlet.include.* request attributes.

Specified by:: authenticate in interface org.apache.sling.engine.auth.AuthenticationHandler

Parameters:: request - The request object containing the information for the authentication.; response - The response object which may be used to send the information on the request failure to the user.
Returns:: A valid Credentials instance identifying the request user, DOING_AUTH if the handler is in an authentication trasaction with the client or null if the request does not contain authentication information. In case of DOING_AUTH, the method must have sent a response indicating that fact to the client.

requestAuthentication

public boolean requestAuthentication(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)
                              throws IOException

Sends status 401 (Unauthorized) with a WWW-Authenticate requesting standard HTTP header authentication with the Basic scheme and the configured realm name. If the response is already committed, an error message is logged but the 401 status is not sent.

Specified by:: requestAuthentication in interface org.apache.sling.engine.auth.AuthenticationHandler

Parameters:: request - The request object; response - The response object to which to send the request
Returns:: true is always returned by this handler
Throws:: IOException - if an error occurrs sending back the response.

activate

protected void activate(org.osgi.service.component.ComponentContext componentContext)

extractAuthentication

protected org.apache.sling.engine.auth.AuthenticationInfo extractAuthentication(javax.servlet.http.HttpServletRequest request)

Extract the Base64 authentication string from the request