Package org.apache.sling.auth.core

Interface AuthenticationSupport

@ProviderType public interface AuthenticationSupport
The AuthenticationSupport provides the service API used to implement the ServletContextHelper.handleSecurity method as defined in the OSGi Whiteboard Specification for Jakarta Servlet.

Bundles registering servlets and/or resources with custom ServletContextHelper implementations may implement the handleSecurity method using this service. The handleSecurity(HttpServletRequest, HttpServletResponse) method implemented by this service exactly implements the specification of the ServletContextHelper.handleSecurity method. Similarly, the finishSecurity(HttpServletRequest, HttpServletResponse) method implemented by this service exactly implements the specification of the ServletContextHelper.finishSecurity method.

A simple implementation of the ServletContextHelper interface based on this could be (using SCR JavaDoc tags of the Maven SCR Plugin) : 

 /** @scr.component */
 public class MyHttpContext extends ServletContextHelper {
     /** @scr.reference */
     private AuthenticationSupport authSupport;

     /** @scr.reference */
     private MimeTypeService mimeTypes;

     public boolean handleSecurity(HttpServletRequest request,
             HttpServletResponse response) {
         return authSupport.handleSecurity(request, response);
     }

     public void finishSecurity(HttpServletRequest request,
             HttpServletResponse response) {
         return authSupport.finishSecurity(request, response);
     }
 }

This interface is implemented by this bundle and is not intended to be implemented by client bundles.

  • Field Details

    • SERVICE_NAME

      static final String SERVICE_NAME
      The name under which this service is registered.
      See Also:

    • REQUEST_ATTRIBUTE_RESOLVER

      static final String REQUEST_ATTRIBUTE_RESOLVER
      The name of the request attribute set by the handleSecurity(HttpServletRequest, HttpServletResponse) method if authentication succeeds and true is returned.

      The request attribute is set to a Sling ResourceResolver attached to resource providers, e.g. a JCR repository, using the credentials provided by the request.

      See Also:

    • REDIRECT_PARAMETER

      static final String REDIRECT_PARAMETER
      The name of the request parameter indicating where to redirect to after successful authentication (and optional impersonation). This parameter is respected if either anonymous authentication or regular authentication succeed.

      If authentication fails, either because the credentials are wrong or because anonymous authentication fails or because anonymous authentication is not allowed for the request, the parameter is ignored and the JakartaAuthenticationHandler.requestCredentials(HttpServletRequest, HttpServletResponse) method is called to request authentication.

      See Also:

  • Method Details

    • handleSecurity

      boolean handleSecurity(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Handles security on behalf of a custom OSGi ServletContextHelper instance extracting credentials from the request using any registered AuthenticationHandler services. If the credentials can be extracted and used to log into the resource resolver this method sets the request attributes required by the OSGi Whiteboard Specification for Jakarta Service plus the REQUEST_ATTRIBUTE_RESOLVER attribute.
      Parameters:
      request - The HTTP request to be authenticated
      response - The HTTP response to send any response to in case of problems.
      Returns:
      true if authentication succeeded and the request attributes are set. false is returned no request attributes are set.
      Since:
      1.6.0

    • finishSecurity

      void finishSecurity(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Handles security on behalf of a custom OSGi ServletContextHelper instance, finishing the authentication context established by handleSecurity(HttpServletRequest, HttpServletResponse). If the request contains an attribute REQUEST_ATTRIBUTE_RESOLVER and the value is a ResourceResolver, this method will close it.
      Parameters:
      request - The HTTP request
      response - The HTTP response
      Since:
      1.6.0

    • handleSecurity

      @Deprecated boolean handleSecurity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Deprecated.
      Use handleSecurity(HttpServletRequest, HttpServletResponse)
      Handles security on behalf of a custom OSGi Http Service HttpContext instance extracting credentials from the request using any registered AuthenticationHandler services. If the credentials can be extracted and used to log into the JCR repository this method sets the request attributes required by the OSGi Http Service specification plus the REQUEST_ATTRIBUTE_RESOLVER attribute.
      Parameters:
      request - The HTTP request to be authenticated
      response - The HTTP response to send any response to in case of problems.
      Returns:
      true if authentication succeeded and the request attributes are set. If false is returned the request is immediately terminated and no request attributes are set.