Author: dklco
Date: Mon Apr 29 01:14:52 2013
New Revision: 1476875
URL: http://svn.apache.org/r1476875
Log:
Migrating the page /site/form-based-authenticationhandler.html
Modified:
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.mdtext
sling/site/trunk/content/site/.htaccess
Modified:
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.mdtext
URL:
http://svn.apache.org/viewvc/sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.mdtext?rev=1476875&r1=1476874&r2=1476875&view=diff
==============================================================================
---
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.mdtext
(original)
+++
sling/site/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.mdtext
Mon Apr 29 01:14:52 2013
@@ -6,7 +6,7 @@ The Form Based AuthenticationHandler has
The implementation of the Form Based Authentication Handler follows the
guidelines of the Servlet API 2.4 specification for *Form Based Authentication*
in section SRV.12.5.3. Specifically the following requirements are implemented:
-* For the initial form submission, the request URL must end with
`/j*security*check` and the user name and password names must be `j*username`
and `j*password`, resp.
+* For the initial form submission, the request URL must end with
`/j_security_check` and the user name and password names must be `j_username`
and `j_password`, resp.
* The authentication type as returned by `HttpServletRequest.getAuthType()` is
set to `HttpServletRequest.FORM_AUTH`.
The Form Based Authentication Handler is maintained in the [Sling
SVN](http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form)
@@ -29,12 +29,12 @@ The Form Based Authentication Handler is
### Phase 1: Form Submission
-The login form submitted in phase 1 to validate the user name and password
must be provided in an HTTP `POST` request to an URL whose last segment is
`j*security*check`. The request is ignored as a form submission if either the
method is not `POST` or the last segment is no `j*security*check`.
+The login form submitted in phase 1 to validate the user name and password
must be provided in an HTTP `POST` request to an URL whose last segment is
`j_security_check`. The request is ignored as a form submission if either the
method is not `POST` or the last segment is no `j_security_check`.
The form is rendered by redirecting the client to the URL indicated by the
`form.login.form` configuration parameter. This redirection request may
accompanyied by the following parameters:
* `resource` -- The resource to which the user should be redirected after
successful login. This request parameter should be submitted back to the server
as the `resource` parameter.
-* `j*reason` -- This parameter indicates the reason for rendering the login
form. If this parameter is set, it is set to `INVALID*CREDENTIALS` indicating a
previous form submission presented invalid username and password or `TIMEOUT`
indicating a login session has timed out. The login form servlet/script can
present the user with an appropriate message.
+* `j_reason` -- This parameter indicates the reason for rendering the login
form. If this parameter is set, it is set to `INVALID_CREDENTIALS` indicating a
previous form submission presented invalid username and password or `TIMEOUT`
indicating a login session has timed out. The login form servlet/script can
present the user with an appropriate message.
The Form Based Authentication Handlers supports the following request
parameters submitted by the HTML form:
@@ -44,7 +44,7 @@ The Form Based Authentication Handlers s
* `resource` -- The location to go to on successful login
* `sling.auth.redirect` -- The location to redirect to on successful login
-The `j*username` and `j*password` parameters are used to create a JCR
`SimpleCredentials` object to log into the JCR Repository.
+The `j_username` and `j_password` parameters are used to create a JCR
`SimpleCredentials` object to log into the JCR Repository.
The `j_validate` parameter may be used to implement login form submission
using AJAX. If this parameter is set to `true` (case-insensitive) the
credentials are used to login and after success or failure to return a status
code:
@@ -62,7 +62,7 @@ If the `j_validate` parameter is not set
The `resource` and `sling.auth.redirect` parameters provide similar
functionality but with differing historical backgrounds. The `resource`
parameter is based on the `resource` request attribute which is set by the
login servlet to indicate the original target resource the client desired when
it was forced to authenticate. The `sling.auth.redirect` parameter can be used
by clients (applications like cURL or plain HTML forms) to request being
redirected after successful login. If both parameters are set, the
`sling.auth.redirect` parameter takes precedence.
-The Form Based Authentication Handler contains a [default form
servlet](http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java)
and [HTML form template
from|http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html].
+The Form Based Authentication Handler contains a [default form
servlet](http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java)
and [HTML form
template](http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html).
### Phase 2: Authenticated Requests
Modified: sling/site/trunk/content/site/.htaccess
URL:
http://svn.apache.org/viewvc/sling/site/trunk/content/site/.htaccess?rev=1476875&r1=1476874&r2=1476875&view=diff
==============================================================================
--- sling/site/trunk/content/site/.htaccess (original)
+++ sling/site/trunk/content/site/.htaccess Mon Apr 29 01:14:52 2013
@@ -21,3 +21,4 @@ Redirect Permanent /site/adapters.html /
Redirect Permanent /site/apache-sling-commons-thread-pool.html
/documentation/bundles/apache-sling-commons-thread-pool.html
Redirect Permanent /site/apache-sling-community-roles-and-processes.html
/project-information/apache-sling-community-roles-and-processes.html
Redirect Permanent /site/authentication-actors.html
/documentation/the-sling-engine/authentication/authentication-actors.html
+Redirect Permanent /site/form-based-authenticationhandler.html
/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
\ No newline at end of file
