Package org.apache.sling.auth.core.impl
Class SlingAuthenticator
- java.lang.Object
-
- org.apache.sling.auth.core.impl.SlingAuthenticator
-
- All Implemented Interfaces:
EventListener
,javax.servlet.ServletRequestListener
,org.apache.sling.api.auth.Authenticator
,AuthenticationSupport
public class SlingAuthenticator extends Object implements org.apache.sling.api.auth.Authenticator, AuthenticationSupport, javax.servlet.ServletRequestListener
TheSlingAuthenticator
class is the default implementation for handling authentication. This class supports :- Support for login sessions where session ids are exchanged with cookies
- Support for multiple authentication handlers, which must implement the
AuthenticationHandler
interface.
Currently this class does not support multiple handlers for any one request URL.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
SlingAuthenticator.Config
-
Field Summary
-
Fields inherited from interface org.apache.sling.auth.core.AuthenticationSupport
REDIRECT_PARAMETER, REQUEST_ATTRIBUTE_RESOLVER, SERVICE_NAME
-
-
Constructor Summary
Constructors Constructor Description SlingAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Checks the authentication contained in the request.void
login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Requests authentication information from the client.void
logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Logs out the user calling all applicableAuthenticationHandler
authentication handlers.void
requestDestroyed(javax.servlet.ServletRequestEvent sre)
void
requestInitialized(javax.servlet.ServletRequestEvent sre)
-
-
-
Method Detail
-
handleSecurity
public boolean handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Checks the authentication contained in the request. This check is only based on the original request object, no URI translation has taken place yet.- Specified by:
handleSecurity
in interfaceAuthenticationSupport
- Parameters:
request
- The request object containing the information for the authentication.response
- The response object which may be used to send the information on the request failure to the user.- Returns:
true
if request processing should continue assuming successful authentication. Iffalse
is returned it is assumed a response has been sent to the client and the request is terminated.
-
login
public void login(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Requests authentication information from the client. Returnstrue
if the information has been requested and request processing can be terminated. Otherwise the request information could not be requested and the request should be terminated with a 403/FORBIDDEN response.Any response sent by the handler is also handled by the error handler infrastructure.
- Specified by:
login
in interfaceorg.apache.sling.api.auth.Authenticator
- Parameters:
request
- The request objectresponse
- The response object to which to send the request- Throws:
IllegalStateException
- If response is already committedorg.apache.sling.api.auth.NoAuthenticationHandlerException
- If no authentication handler claims responsibility to authenticate the request.
-
logout
public void logout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Logs out the user calling all applicableAuthenticationHandler
authentication handlers.- Specified by:
logout
in interfaceorg.apache.sling.api.auth.Authenticator
-
requestInitialized
public void requestInitialized(javax.servlet.ServletRequestEvent sre)
- Specified by:
requestInitialized
in interfacejavax.servlet.ServletRequestListener
-
requestDestroyed
public void requestDestroyed(javax.servlet.ServletRequestEvent sre)
- Specified by:
requestDestroyed
in interfacejavax.servlet.ServletRequestListener
-
-