Example 1 with AuthenticationInfo
use of org.apache.sling.auth.core.spi.AuthenticationInfo in project sling by apache.
the class SlingAuthenticator method getAuthenticationInfo.
private AuthenticationInfo getAuthenticationInfo(HttpServletRequest request, HttpServletResponse response) {
// Get the path used to select the authenticator, if the SlingServlet
// itself has been requested without any more info, this will be empty
// and we assume the root (SLING-722)
String path = getPath(request);
if (path.length() == 0) {
path = "/";
}
final Collection<AbstractAuthenticationHandlerHolder>[] localArray = this.authHandlerCache.findApplicableHolders(request);
for (int m = 0; m < localArray.length; m++) {
final Collection<AbstractAuthenticationHandlerHolder> local = localArray[m];
if (local != null) {
for (AbstractAuthenticationHandlerHolder holder : local) {
if (isNodeRequiresAuthHandler(path, holder.path)) {
final AuthenticationInfo authInfo = holder.extractCredentials(request, response);
if (authInfo != null) {
// add the feedback handler to the info (may be null)
authInfo.put(AUTH_INFO_PROP_FEEDBACK_HANDLER, holder.getFeedbackHandler());
return authInfo;
}
}
}
}
}
// check whether the HTTP Basic handler can extract the header
if (httpBasicHandler != null) {
final AuthenticationInfo authInfo = httpBasicHandler.extractCredentials(request, response);
if (authInfo != null) {
authInfo.put(AUTH_INFO_PROP_FEEDBACK_HANDLER, httpBasicHandler);
return authInfo;
}
}
// no handler found for the request ....
log.debug("getAuthenticationInfo: no handler could extract credentials; assuming anonymous");
return getAnonymousCredentials();
}
Also used :
Collection(java.util.Collection)
AuthenticationInfo(org.apache.sling.auth.core.spi.AuthenticationInfo)
Example 2 with AuthenticationInfo
use of org.apache.sling.auth.core.spi.AuthenticationInfo in project sling by apache.
the class SlingAuthenticator method getAnonymousResolver.
/** Try to acquire an anonymous ResourceResolver */
private boolean getAnonymousResolver(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationInfo authInfo) {
// a request for the login servlet
if (isAnonAllowed(request)) {
try {
ResourceResolver resolver = resourceResolverFactory.getResourceResolver(authInfo);
// authentication and/or impersonation
if (DefaultAuthenticationFeedbackHandler.handleRedirect(request, response)) {
// request will now be terminated, so close the resolver
// to release resources
resolver.close();
return false;
}
// set the attributes for further processing
setAttributes(resolver, null, request);
return true;
} catch (LoginException re) {
// cannot login > fail login, do not try to authenticate
handleLoginFailure(request, response, new AuthenticationInfo(null, "anonymous user"), re);
return false;
}
}
// If we get here, anonymous access is not allowed: redirect
// to the login servlet
log.info("getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials");
doLogin(request, response);
// fallback to no session
return false;
}
Also used :
ResourceResolver(org.apache.sling.api.resource.ResourceResolver)
LoginException(org.apache.sling.api.resource.LoginException)
AuthenticationInfo(org.apache.sling.auth.core.spi.AuthenticationInfo)
Example 3 with AuthenticationInfo
use of org.apache.sling.auth.core.spi.AuthenticationInfo in project sling by apache.
the class FormAuthenticationHandler method extractCredentials.
/**
* Extracts cookie/session based credentials from the request. Returns
* <code>null</code> if the handler assumes HTTP Basic authentication would
* be more appropriate, if no form fields are present in the request and if
* the secure user data is not present either in the cookie or an HTTP
* Session.
*/
@Override
public AuthenticationInfo extractCredentials(HttpServletRequest request, HttpServletResponse response) {
AuthenticationInfo info = null;
// 1. try credentials from POST'ed request parameters
info = this.extractRequestParameterAuthentication(request);
// 2. try credentials from the cookie or session
if (info == null) {
String authData = authStorage.extractAuthenticationInfo(request);
if (authData != null) {
if (tokenStore.isValid(authData)) {
info = createAuthInfo(authData);
} else {
// clear the cookie, its invalid and we should get rid of it
// so that the invalid cookie isn't present on the authN
// operation.
authStorage.clear(request, response);
if (this.loginAfterExpire || AuthUtil.isValidateRequest(request)) {
// signal the requestCredentials method a previous login
// failure
request.setAttribute(FAILURE_REASON, FormReason.TIMEOUT);
info = AuthenticationInfo.FAIL_AUTH;
}
}
}
}
return info;
}
Also used :
AuthenticationInfo(org.apache.sling.auth.core.spi.AuthenticationInfo)
Example 4 with AuthenticationInfo
use of org.apache.sling.auth.core.spi.AuthenticationInfo in project sling by apache.
the class SlingAuthenticatorTest method test_childNodeShouldHaveAuthenticationInfoLonger.
@Test
public void test_childNodeShouldHaveAuthenticationInfoLonger() throws Throwable {
final String AUTH_TYPE = "AUTH_TYPE_TEST";
final String AUTH_TYPE_LONGER = "AUTH_TYPE_LONGER_TEST";
final String PROTECTED_PATH = "/resource1";
final String PROTECTED_PATH_LONGER = "/resource1.test2";
final String REQUEST_CHILD_NODE = "/resource1.test2";
SlingAuthenticator slingAuthenticator = new SlingAuthenticator();
PathBasedHolderCache<AbstractAuthenticationHandlerHolder> authRequiredCache = new PathBasedHolderCache<AbstractAuthenticationHandlerHolder>();
authRequiredCache.addHolder(buildAuthHolderForAuthTypeAndPath(AUTH_TYPE, PROTECTED_PATH));
authRequiredCache.addHolder(buildAuthHolderForAuthTypeAndPath(AUTH_TYPE_LONGER, PROTECTED_PATH_LONGER));
PrivateAccessor.setField(slingAuthenticator, "authHandlerCache", authRequiredCache);
final HttpServletRequest request = context.mock(HttpServletRequest.class);
buildExpectationsForRequestPathAndAuthPath(request, REQUEST_CHILD_NODE, PROTECTED_PATH);
AuthenticationInfo authInfo = (AuthenticationInfo) PrivateAccessor.invoke(slingAuthenticator, "getAuthenticationInfo", new Class[] { HttpServletRequest.class, HttpServletResponse.class }, new Object[] { request, context.mock(HttpServletResponse.class) });
/**
* The AUTH TYPE defined aboved should be used for the path /test and his children: eg /test/childnode.
*/
Assert.assertTrue(AUTH_TYPE_LONGER.equals(authInfo.getAuthType()));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationInfo(org.apache.sling.auth.core.spi.AuthenticationInfo)
Test(org.junit.Test)
Example 5 with AuthenticationInfo
use of org.apache.sling.auth.core.spi.AuthenticationInfo in project sling by apache.
the class SlingAuthenticatorTest method test_childNodeShouldHaveAuthenticationInfoRoot.
@Test
public void test_childNodeShouldHaveAuthenticationInfoRoot() throws Throwable {
final String AUTH_TYPE = "AUTH_TYPE_TEST";
final String PROTECTED_PATH = "/";
final String REQUEST_CHILD_NODE = "/content/en/test";
SlingAuthenticator slingAuthenticator = new SlingAuthenticator();
PathBasedHolderCache<AbstractAuthenticationHandlerHolder> authRequiredCache = new PathBasedHolderCache<AbstractAuthenticationHandlerHolder>();
authRequiredCache.addHolder(buildAuthHolderForAuthTypeAndPath(AUTH_TYPE, PROTECTED_PATH));
PrivateAccessor.setField(slingAuthenticator, "authHandlerCache", authRequiredCache);
final HttpServletRequest request = context.mock(HttpServletRequest.class);
buildExpectationsForRequestPathAndAuthPath(request, REQUEST_CHILD_NODE, PROTECTED_PATH);
AuthenticationInfo authInfo = (AuthenticationInfo) PrivateAccessor.invoke(slingAuthenticator, "getAuthenticationInfo", new Class[] { HttpServletRequest.class, HttpServletResponse.class }, new Object[] { request, context.mock(HttpServletResponse.class) });
/**
* The AUTH TYPE defined aboved should be used for the path /test and his children: eg /test/childnode.
*/
Assert.assertTrue(AUTH_TYPE.equals(authInfo.getAuthType()));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthenticationInfo(org.apache.sling.auth.core.spi.AuthenticationInfo)
Test(org.junit.Test)
Aggregations
AuthenticationInfo (org.apache.sling.auth.core.spi.AuthenticationInfo)36
Test (org.junit.Test)25
HttpServletRequest (javax.servlet.http.HttpServletRequest)8
HttpServletResponse (javax.servlet.http.HttpServletResponse)8
SimpleCredentials (javax.jcr.SimpleCredentials)4
IOException (java.io.IOException)3
Collection (java.util.Collection)2
Credentials (javax.jcr.Credentials)2
LoginException (org.apache.sling.api.resource.LoginException)2
Method (java.lang.reflect.Method)1
AccountLockedException (javax.security.auth.login.AccountLockedException)1
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
CredentialExpiredException (javax.security.auth.login.CredentialExpiredException)1
Cookie (javax.servlet.http.Cookie)1
HttpSession (javax.servlet.http.HttpSession)1
ResourceResolver (org.apache.sling.api.resource.ResourceResolver)1
FormCredentials (org.apache.sling.auth.form.impl.jaas.FormCredentials)1
XingUser (org.apache.sling.auth.xing.api.XingUser)1
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)1
Token (org.scribe.model.Token)1
