org.apache.sling.auth.core
Class AuthConstants

java.lang.Object
  extended by org.apache.sling.auth.core.AuthConstants

public final class AuthConstants
extends java.lang.Object

The AuthConstants provides a collection of constants used to configure and customize the Sling authentication infrastructure.

This class can neither be extended from nor can it be instantiated.

Since:
1.1 (bundle version 1.0.8)

Field Summary
static java.lang.String AUTH_HANDLER_BROWSER_ONLY
          Service Registration property which may be set by an AuthenticationHandler service to indicate whether its AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method supports non-browser requests (according to AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest) or not.
static java.lang.String AUTH_INFO_LOGIN
          Marker property in the AuthenticationInfo object returned by the AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method indicating a first authentication considered to be a login.
static java.lang.String PAR_J_VALIDATE
          The name of the request parameter indicating that the submitted username and password should just be checked and a status code be set for success (200/OK) or failure (403/FORBIDDEN).
static java.lang.String TOPIC_LOGIN
          The topic for the OSGi event which is sent when a user has logged in successfully.
static java.lang.String X_REASON
          The name of the request header set by the #sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided credentials cannot be used for login.
 
Method Summary
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PAR_J_VALIDATE

public static final java.lang.String PAR_J_VALIDATE
The name of the request parameter indicating that the submitted username and password should just be checked and a status code be set for success (200/OK) or failure (403/FORBIDDEN).

See Also:
#isValidateRequest(HttpServletRequest), #sendValid(HttpServletResponse), #sendInvalid(HttpServletRequest, HttpServletResponse), Constant Field Values

X_REASON

public static final java.lang.String X_REASON
The name of the request header set by the #sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided credentials cannot be used for login.

This header may be inspected by clients for a reason why the request failed.

See Also:
#sendInvalid(HttpServletRequest, HttpServletResponse), Constant Field Values

AUTH_HANDLER_BROWSER_ONLY

public static final java.lang.String AUTH_HANDLER_BROWSER_ONLY
Service Registration property which may be set by an AuthenticationHandler service to indicate whether its AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method supports non-browser requests (according to AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest) or not.

For backwards compatibility with existing AuthenticationHandler services the default assumption in the absence of this property is that all requests are supported.

If this property is set to true or yes (case-insensitive check) the handler is not called for requests assumed to be sent from non-browser clients. Any other value of this property indicates support for non-browser requests by the handler.

Note that this property only influences whether the requestCredentials method is called or not. The extractCredentials and dropCredentials are called regardless of this property.

See Also:
Constant Field Values

AUTH_INFO_LOGIN

public static final java.lang.String AUTH_INFO_LOGIN
Marker property in the AuthenticationInfo object returned by the AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method indicating a first authentication considered to be a login.

By setting this property to any non-null value an AuthenticationHandler indicates, that the TOPIC_LOGIN event should be fired after successfully acquiring the ResourceResolver.

See Also:
Constant Field Values

TOPIC_LOGIN

public static final java.lang.String TOPIC_LOGIN
The topic for the OSGi event which is sent when a user has logged in successfully. The event contains at least the SlingConstants.PROPERTY_USERID and the AuthenticationInfo.AUTH_TYPE properties.

See Also:
Constant Field Values


Copyright © 2007-2012 The Apache Software Foundation. All Rights Reserved.