This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository
https://gitbox.apache.org/repos/asf/sling-org-apache-sling-auth-core.git
The following commit(s) were added to refs/heads/master by this push:
new 3bbbb19 SLING-12605 : Enhance Auth Core to support Jakarta Servlet
API (#18)
3bbbb19 is described below
commit 3bbbb195d74b14afb1bd2ae65ae13de6326eaa25
Author: Carsten Ziegeler <[email protected]>
AuthorDate: Sun Feb 2 10:54:22 2025 +0100
SLING-12605 : Enhance Auth Core to support Jakarta Servlet API (#18)
* Add alternative API and implementation for Jakarta Servlet
* Use Sling api to wrap request/response
* Require Java 17, update dependency
* Migrate webconsole plugin to Jakarta API
* Update javadocs
---
pom.xml | 18 +-
.../org/apache/sling/auth/core/AuthConstants.java | 20 +-
.../java/org/apache/sling/auth/core/AuthUtil.java | 543 ++++++++++++++++++++-
.../sling/auth/core/AuthenticationSupport.java | 28 +-
...orator.java => JakartaLoginEventDecorator.java} | 11 +-
.../sling/auth/core/LoginEventDecorator.java | 8 +-
.../impl/AbstractAuthenticationHandlerHolder.java | 25 +-
.../core/impl/AuthenticationHandlerHolder.java | 29 +-
.../core/impl/AuthenticationHandlerWrapper.java | 101 ++++
.../core/impl/AuthenticationHandlersManager.java | 46 +-
.../core/impl/AuthenticatorWebConsolePlugin.java | 10 +-
.../core/impl/HttpBasicAuthenticationHandler.java | 10 +-
.../sling/auth/core/impl/PathBasedHolderCache.java | 2 +-
.../sling/auth/core/impl/SlingAuthenticator.java | 105 +++-
.../engine/EngineAuthenticationHandlerHolder.java | 34 +-
.../org/apache/sling/auth/core/package-info.java | 4 +-
.../spi/AbstractAuthenticationFormServlet.java | 2 +
... AbstractJakartaAuthenticationFormServlet.java} | 11 +-
.../core/spi/AuthenticationFeedbackHandler.java | 2 +
.../sling/auth/core/spi/AuthenticationHandler.java | 2 +
.../sling/auth/core/spi/AuthenticationInfo.java | 12 +-
.../core/spi/AuthenticationInfoPostProcessor.java | 2 +
.../spi/DefaultAuthenticationFeedbackHandler.java | 4 +
...faultJakartaAuthenticationFeedbackHandler.java} | 22 +-
...a => JakartaAuthenticationFeedbackHandler.java} | 15 +-
...dler.java => JakartaAuthenticationHandler.java} | 44 +-
...=> JakartaAuthenticationInfoPostProcessor.java} | 9 +-
.../apache/sling/auth/core/spi/package-info.java | 8 +-
.../org/apache/sling/auth/core/AuthUtilTest.java | 24 +-
...t.java => SlingAuthenticatorOsgiJavaxTest.java} | 45 +-
.../auth/core/impl/SlingAuthenticatorOsgiTest.java | 22 +-
.../auth/core/impl/SlingAuthenticatorTest.java | 62 +--
32 files changed, 1013 insertions(+), 267 deletions(-)
diff --git a/pom.xml b/pom.xml
index 2b071d6..34cee9d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
</parent>
<artifactId>org.apache.sling.auth.core</artifactId>
- <version>1.7.1-SNAPSHOT</version>
+ <version>2.0.0-SNAPSHOT</version>
<name>Apache Sling Auth Core</name>
<description>
@@ -42,6 +42,7 @@
<properties>
<site.jira.version.id>12315268</site.jira.version.id>
<site.javadoc.exclude>**.impl.**</site.javadoc.exclude>
+ <sling.java.version>17</sling.java.version>
<project.build.outputTimestamp>2023-10-04T05:43:57Z</project.build.outputTimestamp>
</properties>
@@ -87,7 +88,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.api</artifactId>
- <version>2.25.4</version>
+ <version>3.0.0-SNAPSHOT</version>
<scope>provided</scope>
</dependency>
<dependency>
@@ -110,6 +111,19 @@
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
+ <version>4.0.1</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
+ <version>6.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.http.wrappers</artifactId>
+ <version>1.1.8</version>
<scope>provided</scope>
</dependency>
<dependency>
diff --git a/src/main/java/org/apache/sling/auth/core/AuthConstants.java
b/src/main/java/org/apache/sling/auth/core/AuthConstants.java
index b0c073c..7b39bc4 100644
--- a/src/main/java/org/apache/sling/auth/core/AuthConstants.java
+++ b/src/main/java/org/apache/sling/auth/core/AuthConstants.java
@@ -18,8 +18,8 @@
*/
package org.apache.sling.auth.core;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
/**
* The <code>AuthConstants</code> provides a collection of constants used to
@@ -68,15 +68,15 @@ public final class AuthConstants {
/**
* Service Registration property which may be set by an
- * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} service to
+ * {@link org.apache.sling.auth.core.spi.JakartaAuthenticationHandler}
service to
* indicate whether its
- * {@link
org.apache.sling.auth.core.spi.AuthenticationHandler#requestCredentials(javax.servlet.http.HttpServletRequest,
javax.servlet.http.HttpServletResponse)}
+ * {@link
org.apache.sling.auth.core.spi.JakartaAuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)}
* method supports non-browser requests (according to
- * {@link AuthUtil#isBrowserRequest(javax.servlet.http.HttpServletRequest)}
+ * {@link AuthUtil#isBrowserRequest(HttpServletRequest)}
* or not.
* <p>
* For backwards compatibility with existing
- * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} services
the
+ * {@link org.apache.sling.auth.core.spi.JakartaAuthenticationHandler}
services the
* default assumption in the absence of this property is that all requests
* are supported.
* <p>
@@ -96,11 +96,11 @@ public final class AuthConstants {
* Marker property in the
* {@link org.apache.sling.auth.core.spi.AuthenticationInfo} object
returned
* by the
- * {@link
org.apache.sling.auth.core.spi.AuthenticationHandler#extractCredentials(javax.servlet.http.HttpServletRequest,
javax.servlet.http.HttpServletResponse)}
+ * {@link
org.apache.sling.auth.core.spi.JakartaAuthenticationHandler#extractCredentials(HttpServletRequest,
HttpServletResponse)}
* method indicating a first authentication considered to be a login.
* <p>
* By setting this property to any non-<code>null</code> value an
- * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} indicates,
+ * {@link org.apache.sling.auth.core.spi.JakartaAuthenticationHandler}
indicates,
* that the {@link #TOPIC_LOGIN} event should be fired after successfully
* acquiring the <code>ResourceResolver</code>.
*/
@@ -140,11 +140,11 @@ public final class AuthConstants {
* <code>org.apache.sling.auth.core.impl.SlingAuthenticator</code>.
* The authenticator will populate this attribute so that login JSPs
* can post j_username and j_password to the correct URI.
- *
+ *
* @since 1.3.2 (bundle version 1.4.0)
*/
public static final String ATTR_REQUEST_AUTH_URI_SUFFIX =
"org.apache.sling.api.include.auth_uri_suffix";
-
+
private AuthConstants() {
}
diff --git a/src/main/java/org/apache/sling/auth/core/AuthUtil.java
b/src/main/java/org/apache/sling/auth/core/AuthUtil.java
index c07d8ab..2d1ee50 100644
--- a/src/main/java/org/apache/sling/auth/core/AuthUtil.java
+++ b/src/main/java/org/apache/sling/auth/core/AuthUtil.java
@@ -31,19 +31,19 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.regex.Pattern;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.auth.Authenticator;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The <code>AuthUtil</code> provides utility functions for implementations of
- * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} services and
+ * {@link org.apache.sling.auth.core.spi.JakartaAuthenticationHandler}
services and
* users of the Sling authentication infrastructure.
* <p>
* This utility class can neither be extended from nor can it be instantiated.
@@ -60,7 +60,7 @@ public final class AuthUtil {
* This header is known to be set by JQuery, ExtJS and Prototype. Other
* client-side JavaScript framework most probably also set it.
*
- * @see #isAjaxRequest(javax.servlet.http.HttpServletRequest)
+ * @see #isAjaxRequest(HttpServletRequest)
*/
private static final String X_REQUESTED_WITH = "X-Requested-With";
@@ -68,7 +68,7 @@ public final class AuthUtil {
* The expected value of the {@link #X_REQUESTED_WITH} request header to
* identify a request as an Ajax request.
*
- * @see #isAjaxRequest(javax.servlet.http.HttpServletRequest)
+ * @see #isAjaxRequest(HttpServletRequest)
*/
private static final String XML_HTTP_REQUEST = "XMLHttpRequest";
@@ -116,6 +116,7 @@ public final class AuthUtil {
* request.
* @return The attribute, parameter or <code>defaultValue</code> as defined
* above.
+ * @since 1.6.0
*/
public static String getAttributeOrParameter(
final HttpServletRequest request, final String name,
@@ -134,6 +135,45 @@ public final class AuthUtil {
return defaultValue;
}
+ /**
+ * Returns the value of the named request attribute or parameter as a
string
+ * as follows:
+ * <ol>
+ * <li>If there is a request attribute of that name, which is a non-empty
+ * string, it is returned.</li>
+ * <li>If there is a non-empty request parameter of
+ * that name, this parameter is returned. </li>
+ * <li>Otherwise the <code>defaultValue</code> is returned.</li>
+ * </ol>
+ *
+ * @param request The request from which to return the attribute or request
+ * parameter
+ * @param name The name of the attribute/parameter
+ * @param defaultValue The default value to use if neither a non-empty
+ * string attribute or a non-empty parameter exists in the
+ * request.
+ * @return The attribute, parameter or <code>defaultValue</code> as defined
+ * above.
+ * @deprecated Use {@link #getAttributeOrParameter(HttpServletRequest,
String, String)}
+ */
+ @Deprecated
+ public static String getAttributeOrParameter(
+ final javax.servlet.http.HttpServletRequest request, final String
name,
+ final String defaultValue) {
+
+ final String resourceAttr = getAttributeString(request, name);
+ if (resourceAttr != null) {
+ return resourceAttr;
+ }
+
+ final String resource = request.getParameter(name);
+ if (resource != null && resource.length() > 0) {
+ return resource;
+ }
+
+ return defaultValue;
+ }
+
/**
* Returns any resource target to redirect to after successful
* authentication. This method either returns a non-empty string or the
@@ -146,6 +186,7 @@ public final class AuthUtil {
* @param defaultLoginResource The default login resource value
* @return The non-empty redirection target or
* <code>defaultLoginResource</code>.
+ * @since 1.6.0
*/
public static String getLoginResource(final HttpServletRequest request,
String defaultLoginResource) {
@@ -153,6 +194,27 @@ public final class AuthUtil {
defaultLoginResource);
}
+ /**
+ * Returns any resource target to redirect to after successful
+ * authentication. This method either returns a non-empty string or the
+ * <code>defaultLoginResource</code> parameter. First the
+ * <code>resource</code> request attribute is checked. If it is a non-empty
+ * string, it is returned. Second the <code>resource</code> request
+ * parameter is checked and returned if it is a non-empty string.
+ *
+ * @param request The request providing the attribute or parameter
+ * @param defaultLoginResource The default login resource value
+ * @return The non-empty redirection target or
+ * <code>defaultLoginResource</code>.
+ * @deprecated Use {@link #getLoginResource(HttpServletRequest, String)}
+ */
+ @Deprecated
+ public static String getLoginResource(final
javax.servlet.http.HttpServletRequest request,
+ String defaultLoginResource) {
+ return getAttributeOrParameter(request, Authenticator.LOGIN_RESOURCE,
+ defaultLoginResource);
+ }
+
/**
* Ensures and returns the {@link Authenticator#LOGIN_RESOURCE} request
* attribute is set to a non-null, non-empty string. If the attribute is
not
@@ -170,6 +232,7 @@ public final class AuthUtil {
* and the request parameter is not set. This parameter is
* ignored if it is <code>null</code> or an empty string.
* @return returns the value of resource request attribute
+ * @since 1.6.0
*/
public static String setLoginResourceAttribute(
final HttpServletRequest request, final String defaultValue) {
@@ -189,6 +252,44 @@ public final class AuthUtil {
return resourceAttr;
}
+ /**
+ * Ensures and returns the {@link Authenticator#LOGIN_RESOURCE} request
+ * attribute is set to a non-null, non-empty string. If the attribute is
not
+ * currently set, this method sets it as follows:
+ * <ol>
+ * <li>If the {@link Authenticator#LOGIN_RESOURCE} request parameter is set
+ * to a non-empty string, that parameter is set</li>
+ * <li>Otherwise if the <code>defaultValue</code> is a non-empty string the
+ * default value is used</li>
+ * <li>Otherwise the attribute is set to "/"</li>
+ * </ol>
+ *
+ * @param request The request to check for the resource attribute
+ * @param defaultValue The default value to use if the attribute is not set
+ * and the request parameter is not set. This parameter is
+ * ignored if it is <code>null</code> or an empty string.
+ * @return returns the value of resource request attribute
+ * @deprecated Use {@link #setLoginResourceAttribute(HttpServletRequest,
String)}
+ */
+ @Deprecated
+ public static String setLoginResourceAttribute(
+ final javax.servlet.http.HttpServletRequest request, final String
defaultValue) {
+ String resourceAttr = getAttributeString(request,
+ Authenticator.LOGIN_RESOURCE);
+ if (resourceAttr == null) {
+ final String resourcePar =
request.getParameter(Authenticator.LOGIN_RESOURCE);
+ if (resourcePar != null && resourcePar.length() > 0) {
+ resourceAttr = resourcePar;
+ } else if (defaultValue != null && defaultValue.length() > 0) {
+ resourceAttr = defaultValue;
+ } else {
+ resourceAttr = "/";
+ }
+ request.setAttribute(Authenticator.LOGIN_RESOURCE, resourceAttr);
+ }
+ return resourceAttr;
+ }
+
/**
* Redirects to the given target path appending any parameters provided in
* the parameter map.
@@ -231,6 +332,7 @@ public final class AuthUtil {
* the platform. This should not be caught, because it is a
real
* problem if the encoding required by the specification is
* missing.
+ * @since 1.6.0
*/
public static void sendRedirect(final HttpServletRequest request,
final HttpServletResponse response, final String target,
@@ -282,6 +384,101 @@ public final class AuthUtil {
response.sendRedirect(b.toString());
}
+ /**
+ * Redirects to the given target path appending any parameters provided in
+ * the parameter map.
+ * <p>
+ * This method implements the following functionality:
+ * <ul>
+ * <li>If the <code>params</code> map does not contain a (non-
+ * <code>null</code>) value for the {@link Authenticator#LOGIN_RESOURCE
+ * resource} entry, such an entry is generated from the request URI and the
+ * (optional) query string of the given <code>request</code>.</li>
+ * <li>The parameters from the <code>params</code> map or at least a single
+ * {@link Authenticator#LOGIN_RESOURCE resource} parameter are added to the
+ * target path for the redirect. Each parameter value is encoded using the
+ * <code>java.net.URLEncoder</code> with UTF-8 encoding to make it safe for
+ * requests</li>
+ * </ul>
+ * <p>
+ * After checking the redirect target and creating the target URL from the
+ * parameter map, the response buffer is reset and the
+ * <code>HttpServletResponse.sendRedirect</code> is called. Any headers
+ * already set before calling this method are preserved.
+ *
+ * @param request The request object used to get the current request URI
and
+ * request query string if the <code>params</code> map does not
+ * have the {@link Authenticator#LOGIN_RESOURCE resource}
+ * parameter set.
+ * @param response The response used to send the redirect to the client.
+ * @param target The redirect target to validate. This path must be
prefixed
+ * with the request's servlet context path. If this parameter is
+ * not a valid target request as per the
+ * {@link
#isRedirectValid(javax.servlet.http.HttpServletRequest, String)} method
+ * the target is modified to be the root of the request's
+ * context.
+ * @param params The map of parameters to be added to the target path. This
+ * may be <code>null</code>.
+ * @throws IOException If an error occurs sending the redirect request
+ * @throws IllegalStateException If the response was committed or if a
+ * partial URL is given and cannot be converted into a valid
URL
+ * @throws InternalError If the UTF-8 character encoding is not supported
by
+ * the platform. This should not be caught, because it is a
real
+ * problem if the encoding required by the specification is
+ * missing.
+ * @deprecated Use {@link #sendRedirect(HttpServletRequest,
HttpServletResponse, String, Map)}
+ */
+ @Deprecated
+ public static void sendRedirect(final
javax.servlet.http.HttpServletRequest request,
+ final javax.servlet.http.HttpServletResponse response, final
String target,
+ Map<String, String> params) throws IOException {
+
+ checkAndReset(response);
+
+ StringBuilder b = new StringBuilder();
+ if (AuthUtil.isRedirectValid(request, target)) {
+ b.append(target);
+ } else if (request.getContextPath().length() == 0) {
+ b.append("/");
+ } else {
+ b.append(request.getContextPath());
+ }
+
+ if (params == null) {
+ params = new HashMap<>();
+ }
+
+ // ensure the login resource is provided with the redirect
+ if (params.get(Authenticator.LOGIN_RESOURCE) == null) {
+ String resource = request.getRequestURI();
+ if (request.getQueryString() != null) {
+ resource += "?" + request.getQueryString();
+ }
+ params.put(Authenticator.LOGIN_RESOURCE, resource);
+ }
+
+ b.append('?');
+ Iterator<Entry<String, String>> ei = params.entrySet().iterator();
+ while (ei.hasNext()) {
+ Entry<String, String> entry = ei.next();
+ if (entry.getKey() != null && entry.getValue() != null) {
+ try {
+ b.append(entry.getKey()).append('=').append(
+ URLEncoder.encode(entry.getValue(), "UTF-8"));
+ } catch (UnsupportedEncodingException uee) {
+ throw new InternalError(
+ "Unexpected UnsupportedEncodingException for UTF-8");
+ }
+
+ if (ei.hasNext()) {
+ b.append('&');
+ }
+ }
+ }
+
+ response.sendRedirect(b.toString());
+ }
+
/**
* Returns the name request attribute if it is a non-empty string value.
*
@@ -301,6 +498,25 @@ public final class AuthUtil {
return null;
}
+ /**
+ * Returns the name request attribute if it is a non-empty string value.
+ *
+ * @param request The request from which to retrieve the attribute
+ * @param name The name of the attribute to return
+ * @return The named request attribute or <code>null</code> if the
attribute
+ * is not set or is not a non-empty string value.
+ */
+ private static String getAttributeString(final
javax.servlet.http.HttpServletRequest request,
+ final String name) {
+ Object resObj = request.getAttribute(name);
+ if ((resObj instanceof String) && ((String) resObj).length() > 0) {
+ return (String) resObj;
+ }
+
+ // not set or not a non-empty string
+ return null;
+ }
+
/**
* Returns <code>true</code> if the the client just asks for validation of
* submitted username/password credentials.
@@ -313,11 +529,31 @@ public final class AuthUtil {
* @param request The request to provide the parameter to check
* @return <code>true</code> if the {@link AuthConstants#PAR_J_VALIDATE}
parameter is set
* to <code>true</code>.
+ * @since 1.6.0
*/
public static boolean isValidateRequest(final HttpServletRequest request) {
return
"true".equalsIgnoreCase(request.getParameter(AuthConstants.PAR_J_VALIDATE));
}
+ /**
+ * Returns <code>true</code> if the the client just asks for validation of
+ * submitted username/password credentials.
+ * <p>
+ * This implementation returns <code>true</code> if the request parameter
+ * {@link AuthConstants#PAR_J_VALIDATE} is set to <code>true</code>
(case-insensitve). If
+ * the request parameter is not set or to any value other than
+ * <code>true</code> this method returns <code>false</code>.
+ *
+ * @param request The request to provide the parameter to check
+ * @return <code>true</code> if the {@link AuthConstants#PAR_J_VALIDATE}
parameter is set
+ * to <code>true</code>.
+ * @deprecated Use {@link #isValidateRequest(HttpServletRequest)}
+ */
+ @Deprecated
+ public static boolean isValidateRequest(final
javax.servlet.http.HttpServletRequest request) {
+ return
"true".equalsIgnoreCase(request.getParameter(AuthConstants.PAR_J_VALIDATE));
+ }
+
/**
* Sends a 200/OK response to a credential validation request.
* <p>
@@ -328,6 +564,7 @@ public final class AuthUtil {
*
* @param response The response object
* @throws IllegalStateException if the response has already been committed
+ * @since 1.6.0
*/
public static void sendValid(final HttpServletResponse response) {
checkAndReset(response);
@@ -352,11 +589,47 @@ public final class AuthUtil {
}
}
+ /**
+ * Sends a 200/OK response to a credential validation request.
+ * <p>
+ * This method just overwrites the response status to 200/OK, sends no
+ * content (content length header set to zero) and prevents caching on
+ * clients and proxies. Any other response headers set before calling this
+ * methods are preserved and sent along with the response.
+ *
+ * @param response The response object
+ * @throws IllegalStateException if the response has already been committed
+ * @deprecated Use {@link #sendValid(HttpServletResponse)}
+ */
+ @Deprecated
+ public static void sendValid(final javax.servlet.http.HttpServletResponse
response) {
+ checkAndReset(response);
+ try {
+ response.setStatus(HttpServletResponse.SC_OK);
+
+ // explicitly tell we have no content but set content type
+ // to prevent firefox from trying to parse the response
+ // (SLING-1841)
+ response.setContentType("text/plain");
+ response.setContentLength(0);
+
+ // prevent the client from aggressively caching the response
+ // (SLING-1841)
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-Control", "no-cache");
+ response.addHeader("Cache-Control", "no-store");
+
+ response.flushBuffer();
+ } catch (IOException ioe) {
+ getLog().error("Failed to send 200/OK response", ioe);
+ }
+ }
+
/**
* Sends a 403/FORBIDDEN response optionally stating the reason for this
* response code in the {@link AuthConstants#X_REASON} header. The value
for the
* {@link AuthConstants#X_REASON} header is taken from
- * {@link AuthenticationHandler#FAILURE_REASON} request attribute if set.
+ * {@link JakartaAuthenticationHandler#FAILURE_REASON} request attribute
if set.
* <p>
* This method just overwrites the response status to 403/FORBIDDEN, adds
* the {@link AuthConstants#X_REASON} header and sends the reason as result
@@ -366,6 +639,7 @@ public final class AuthUtil {
* @param request The request object
* @param response The response object
* @throws IllegalStateException if the response has already been committed
+ * @since 1.6.0
*/
public static void sendInvalid(final HttpServletRequest request,
final HttpServletResponse response) {
@@ -373,8 +647,49 @@ public final class AuthUtil {
try {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- Object reason =
request.getAttribute(AuthenticationHandler.FAILURE_REASON);
- Object reasonCode =
request.getAttribute(AuthenticationHandler.FAILURE_REASON_CODE);
+ Object reason =
request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON);
+ Object reasonCode =
request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE);
+ if (reason != null) {
+ response.setHeader(AuthConstants.X_REASON, reason.toString());
+ if ( reasonCode != null ) {
+ response.setHeader(AuthConstants.X_REASON_CODE,
reasonCode.toString());
+ }
+ response.setContentType("text/plain");
+ response.setCharacterEncoding("UTF-8");
+ response.getWriter().println(reason);
+ }
+
+ response.flushBuffer();
+ } catch (IOException ioe) {
+ getLog().error("Failed to send 403/Forbidden response", ioe);
+ }
+ }
+
+ /**
+ * Sends a 403/FORBIDDEN response optionally stating the reason for this
+ * response code in the {@link AuthConstants#X_REASON} header. The value
for the
+ * {@link AuthConstants#X_REASON} header is taken from
+ * {@link JakartaAuthenticationHandler#FAILURE_REASON} request attribute
if set.
+ * <p>
+ * This method just overwrites the response status to 403/FORBIDDEN, adds
+ * the {@link AuthConstants#X_REASON} header and sends the reason as result
+ * back. Any other response headers set before calling this methods are
+ * preserved and sent along with the response.
+ *
+ * @param request The request object
+ * @param response The response object
+ * @throws IllegalStateException if the response has already been committed
+ * @deprecated Use {@link #sendInvalid(HttpServletRequest,
HttpServletResponse)}
+ */
+ @Deprecated
+ public static void sendInvalid(final javax.servlet.http.HttpServletRequest
request,
+ final javax.servlet.http.HttpServletResponse response) {
+ checkAndReset(response);
+ try {
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+
+ Object reason =
request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON);
+ Object reasonCode =
request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE);
if (reason != null) {
response.setHeader(AuthConstants.X_REASON, reason.toString());
if ( reasonCode != null ) {
@@ -397,6 +712,7 @@ public final class AuthUtil {
* @param request the current request
* @param loginForm Path to the login form
* @return true if the referrer matches this handler, or false otherwise
+ * @since 1.6.0
*/
public static boolean checkReferer(HttpServletRequest request, String
loginForm) {
//SLING-2165: if a Referrer header is supplied check if it matches the
login path for this handler
@@ -418,6 +734,35 @@ public final class AuthUtil {
return true;
}
+ /**
+ * Check if the request is for this authentication handler.
+ *
+ * @param request the current request
+ * @param loginForm Path to the login form
+ * @return true if the referrer matches this handler, or false otherwise
+ * @deprecated Use {@link #checkReferer(HttpServletRequest, String)}
+ */
+ @Deprecated
+ public static boolean checkReferer(javax.servlet.http.HttpServletRequest
request, String loginForm) {
+ //SLING-2165: if a Referrer header is supplied check if it matches the
login path for this handler
+ if ("POST".equals(request.getMethod())) {
+ String referer = request.getHeader("Referer");
+ if (referer != null) {
+ String expectedPath = String.format("%s%s",
request.getContextPath(), loginForm);
+ try {
+ URL uri = new URL(referer);
+ if (!expectedPath.equals(uri.getPath())) {
+ //not for this selector, so let the next one handle it.
+ return false;
+ }
+ } catch (MalformedURLException e) {
+ getLog().debug("Failed to parse the referer value for the
login form " + loginForm, e);
+ }
+ }
+ }
+ return true;
+ }
+
/**
* Returns <code>true</code> if the given redirect <code>target</code> is
* valid according to the following list of requirements:
@@ -452,6 +797,7 @@ public final class AuthUtil {
* @param target The redirect target to validate. This path must be
* prefixed with the request's servlet context path.
* @return <code>true</code> if the redirect target can be considered valid
+ * @since 1.6.0
*/
public static boolean isRedirectValid(final HttpServletRequest request,
final String target) {
if (target == null || target.length() == 0) {
@@ -516,6 +862,106 @@ public final class AuthUtil {
return true;
}
+ /**
+ * Returns <code>true</code> if the given redirect <code>target</code> is
+ * valid according to the following list of requirements:
+ * <ul>
+ * <li>The <code>target</code> is neither <code>null</code> nor an empty
+ * string</li>
+ * <li>The <code>target</code> is not an URL which is identified by the
+ * character sequence <code>://</code> separating the scheme from the
host</li>
+ * <li>The <code>target</code> is normalized such that it contains no
+ * consecutive slashes and no path segment contains a single or double
dot</li>
+ * <li>The <code>target</code> must be prefixed with the servlet context
+ * path</li>
+ * <li>If a <code>ResourceResolver</code> is available as a request
+ * attribute the <code>target</code> (without the servlet context path
+ * prefix) must resolve to an existing resource</li>
+ * <li>If a <code>ResourceResolver</code> is <i>not</i> available as a
+ * request attribute the <code>target</code> must be an absolute path
+ * starting with a slash character does not contain any of the characters
+ * <code><</code>, <code>></code>, <code>'</code>, or <code>"</code>
+ * in plain or URL encoding</li>
+ * </ul>
+ * <p>
+ * If any of the conditions does not hold, the method returns
+ * <code>false</code> and logs a <i>warning</i> level message with the
+ * <i>org.apache.sling.auth.core.AuthUtil</i> logger.
+ *
+ * @param request Providing the <code>ResourceResolver</code> attribute and
+ * the context to resolve the resource from the
+ * <code>target</code>. This may be <code>null</code> which
+ * causes the target to not be validated with a
+ * <code>ResoureResolver</code>
+ * @param target The redirect target to validate. This path must be
+ * prefixed with the request's servlet context path.
+ * @return <code>true</code> if the redirect target can be considered valid
+ * @deprecated Use {@link #isRedirectValid(HttpServletRequest, String)}
+ */
+ @Deprecated
+ public static boolean isRedirectValid(final
javax.servlet.http.HttpServletRequest request, final String target) {
+ if (target == null || target.length() == 0) {
+ getLog().warn("isRedirectValid: Redirect target must not be empty
or null");
+ return false;
+ }
+
+ try {
+ new URI(target);
+ } catch (URISyntaxException e) {
+ getLog().warn("isRedirectValid: Redirect target '{}' contains
illegal characters", target);
+ return false;
+ }
+
+ if (target.contains("://")) {
+ getLog().warn("isRedirectValid: Redirect target '{}' must not be
an URL", target);
+ return false;
+ }
+
+ if (target.contains("//") || target.contains("/../") ||
target.contains("/./") || target.endsWith("/.")
+ || target.endsWith("/..")) {
+ getLog().warn("isRedirectValid: Redirect target '{}' is not
normalized", target);
+ return false;
+ }
+
+ final String ctxPath = getContextPath(request);
+ if (ctxPath.length() > 0 && !target.startsWith(ctxPath)) {
+ getLog().warn("isRedirectValid: Redirect target '{}' does not
start with servlet context path '{}'",
+ target, ctxPath);
+ return false;
+ }
+
+ // special case of requesting the servlet context root path
+ if (ctxPath.length() == target.length()) {
+ return true;
+ }
+
+ final String localTarget = target.substring(ctxPath.length());
+ if (!localTarget.startsWith("/")) {
+ getLog().warn(
+ "isRedirectValid: Redirect target '{}' without servlet context
path '{}' must be an absolute path",
+ target, ctxPath);
+ return false;
+ }
+
+ final int query = localTarget.indexOf('?');
+ final String path = (query > 0) ? localTarget.substring(0, query) :
localTarget;
+
+ ResourceResolver resolver = getResourceResolver(request);
+ // assume all is fine if the path resolves to a resource
+ if (resolver != null &&
!ResourceUtil.isNonExistingResource(resolver.resolve(request, path))) {
+ return true;
+ }
+
+ // not resolving to a resource, check for illegal characters
+ final Pattern illegal = Pattern.compile("[<>'\"]");
+ if (illegal.matcher(path).find()) {
+ getLog().warn("isRedirectValid: Redirect target '{}' must not
contain any of <>'\"", target);
+ return false;
+ }
+
+ return true;
+ }
+
/**
* Returns the context path from the request or an empty string if the
* request is <code>null</code>.
@@ -527,6 +973,17 @@ public final class AuthUtil {
return "";
}
+ /**
+ * Returns the context path from the request or an empty string if the
+ * request is <code>null</code>.
+ */
+ private static String getContextPath(final
javax.servlet.http.HttpServletRequest request) {
+ if (request != null) {
+ return request.getContextPath();
+ }
+ return "";
+ }
+
/**
* Returns the resource resolver set as the
* {@link AuthenticationSupport#REQUEST_ATTRIBUTE_RESOLVER} request
@@ -540,6 +997,19 @@ public final class AuthUtil {
return null;
}
+ /**
+ * Returns the resource resolver set as the
+ * {@link AuthenticationSupport#REQUEST_ATTRIBUTE_RESOLVER} request
+ * attribute or <code>null</code> if the request object is
<code>null</code>
+ * or the resource resolver is not present.
+ */
+ private static ResourceResolver getResourceResolver(final
javax.servlet.http.HttpServletRequest request) {
+ if (request != null) {
+ return (ResourceResolver)
request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
+ }
+ return null;
+ }
+
/**
* Returns <code>true</code> if the given request can be assumed to be sent
* by a client browser such as Firefix, Internet Explorer, etc.
@@ -553,12 +1023,34 @@ public final class AuthUtil {
* @param request The request to inspect
* @return <code>true</code> if the request is assumed to be sent by a
* browser.
+ * @since 1.6.0
*/
public static boolean isBrowserRequest(final HttpServletRequest request) {
final String userAgent = request.getHeader(USER_AGENT);
return userAgent != null && (userAgent.contains(BROWSER_CLASS_MOZILLA)
|| userAgent.contains(BROWSER_CLASS_OPERA));
}
+ /**
+ * Returns <code>true</code> if the given request can be assumed to be sent
+ * by a client browser such as Firefix, Internet Explorer, etc.
+ * <p>
+ * This method inspects the <code>User-Agent</code> header and returns
+ * <code>true</code> if the header contains the string <i>Mozilla</i>
(known
+ * to be contained in Firefox, Internet Explorer, WebKit-based browsers
+ * User-Agent) or <i>Opera</i> (known to be contained in the Opera
+ * User-Agent).
+ *
+ * @param request The request to inspect
+ * @return <code>true</code> if the request is assumed to be sent by a
+ * browser.
+ * @deprecated Use {@link #isBrowserRequest(HttpServletRequest)}
+ */
+ @Deprecated
+ public static boolean isBrowserRequest(final
javax.servlet.http.HttpServletRequest request) {
+ final String userAgent = request.getHeader(USER_AGENT);
+ return userAgent != null && (userAgent.contains(BROWSER_CLASS_MOZILLA)
|| userAgent.contains(BROWSER_CLASS_OPERA));
+ }
+
/**
* Returns <code>true</code> if the request is to be considered an AJAX
* request placed using the <code>XMLHttpRequest</code> browser host
object.
@@ -569,11 +1061,29 @@ public final class AuthUtil {
* @param request The current request
* @return <code>true</code> if the request can be considered an AJAX
* request.
+ * @since 1.6.0
*/
public static boolean isAjaxRequest(final HttpServletRequest request) {
return XML_HTTP_REQUEST.equals(request.getHeader(X_REQUESTED_WITH));
}
+ /**
+ * Returns <code>true</code> if the request is to be considered an AJAX
+ * request placed using the <code>XMLHttpRequest</code> browser host
object.
+ * Currently a request is considered an AJAX request if the client sends
the
+ * <i>X-Requested-With</i> request header set to
<code>XMLHttpRequest</code>
+ * .
+ *
+ * @param request The current request
+ * @return <code>true</code> if the request can be considered an AJAX
+ * request.
+ * @deprecated Use {@link #isAjaxRequest(HttpServletRequest)}
+ */
+ @Deprecated
+ public static boolean isAjaxRequest(final
javax.servlet.http.HttpServletRequest request) {
+ return XML_HTTP_REQUEST.equals(request.getHeader(X_REQUESTED_WITH));
+ }
+
/**
* Checks whether the response has already been committed. If so an
* <code>IllegalStateException</code> is thrown. Otherwise the response
@@ -589,6 +1099,21 @@ public final class AuthUtil {
response.resetBuffer();
}
+ /**
+ * Checks whether the response has already been committed. If so an
+ * <code>IllegalStateException</code> is thrown. Otherwise the response
+ * buffer is cleared leaving any headers and status already set untouched.
+ *
+ * @param response The response to check and reset.
+ * @throws IllegalStateException if the response has already been committed
+ */
+ private static void checkAndReset(final
javax.servlet.http.HttpServletResponse response) {
+ if (response.isCommitted()) {
+ throw new IllegalStateException("Response is already committed");
+ }
+ response.resetBuffer();
+ }
+
/**
* Helper method returning a <i>org.apache.sling.auth.core.AuthUtil</i>
logger.
*/
diff --git
a/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java
b/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java
index 7257110..ce4f20b 100644
--- a/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java
+++ b/src/main/java/org/apache/sling/auth/core/AuthenticationSupport.java
@@ -18,8 +18,8 @@
*/
package org.apache.sling.auth.core;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.osgi.annotation.versioning.ProviderType;
@@ -94,7 +94,7 @@ public interface AuthenticationSupport {
* because anonymous authentication fails or because anonymous
* authentication is not allowed for the request, the parameter is ignored
* and the
- * {@link
org.apache.sling.auth.core.spi.AuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)}
+ * {@link
org.apache.sling.auth.core.spi.JakartaAuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)}
* method is called to request authentication.
*/
static final String REDIRECT_PARAMETER = "sling.auth.redirect";
@@ -115,8 +115,30 @@ public interface AuthenticationSupport {
* @return <code>true</code> if authentication succeeded and the request
* attributes are set. If <code>false</code> is returned the
request
* is immediately terminated and no request attributes are set.
+ * @since 1.6.0
*/
boolean handleSecurity(HttpServletRequest request,
HttpServletResponse response);
+ /**
+ * Handles security on behalf of a custom OSGi Http Service
+ * <code>HttpContext</code> instance extracting credentials from the
request
+ * using any registered
+ * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} services.
+ * If the credentials can be extracted and used to log into the JCR
+ * repository this method sets the request attributes required by the OSGi
+ * Http Service specification plus the {@link #REQUEST_ATTRIBUTE_RESOLVER}
+ * attribute.
+ *
+ * @param request The HTTP request to be authenticated
+ * @param response The HTTP response to send any response to in case of
+ * problems.
+ * @return <code>true</code> if authentication succeeded and the request
+ * attributes are set. If <code>false</code> is returned the
request
+ * is immediately terminated and no request attributes are set.
+ * @deprecated Use {@link #handleSecurity(HttpServletRequest,
HttpServletResponse)}
+ */
+ @Deprecated
+ boolean handleSecurity(javax.servlet.http.HttpServletRequest request,
+ javax.servlet.http.HttpServletResponse response);
}
diff --git a/src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
b/src/main/java/org/apache/sling/auth/core/JakartaLoginEventDecorator.java
similarity index 91%
copy from src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
copy to src/main/java/org/apache/sling/auth/core/JakartaLoginEventDecorator.java
index 6e0c8e2..eb20d70 100644
--- a/src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
+++ b/src/main/java/org/apache/sling/auth/core/JakartaLoginEventDecorator.java
@@ -18,20 +18,23 @@ package org.apache.sling.auth.core;
import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.jetbrains.annotations.NotNull;
+import org.osgi.annotation.versioning.ConsumerType;
/**
* Components should implement this interface to customize properties
* in the Login and/or LoginFailed event
+ * @since 1.6.0
*/
-public interface LoginEventDecorator {
+@ConsumerType
+public interface JakartaLoginEventDecorator {
/**
* Called to allow the component to modify the login event properties
- *
+ *
* @param request the current request
* @param authInfo the current authInfo
* @param eventProperties the event properties to decorate
@@ -44,7 +47,7 @@ public interface LoginEventDecorator {
/**
* Called to allow the component to modify the login failed event
properties
- *
+ *
* @param request the current request
* @param authInfo the current authInfo
* @param eventProperties the event properties to decorate
diff --git a/src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
b/src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
index 6e0c8e2..081b171 100644
--- a/src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
+++ b/src/main/java/org/apache/sling/auth/core/LoginEventDecorator.java
@@ -22,16 +22,20 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.jetbrains.annotations.NotNull;
+import org.osgi.annotation.versioning.ConsumerType;
/**
* Components should implement this interface to customize properties
* in the Login and/or LoginFailed event
+ * @deprecated Use {@link JakartaLoginEventDecorator} instead
*/
+@Deprecated
+@ConsumerType
public interface LoginEventDecorator {
/**
* Called to allow the component to modify the login event properties
- *
+ *
* @param request the current request
* @param authInfo the current authInfo
* @param eventProperties the event properties to decorate
@@ -44,7 +48,7 @@ public interface LoginEventDecorator {
/**
* Called to allow the component to modify the login failed event
properties
- *
+ *
* @param request the current request
* @param authInfo the current authInfo
* @param eventProperties the event properties to decorate
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java
b/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java
index 33acaa0..4d8fe98 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/AbstractAuthenticationHandlerHolder.java
@@ -20,12 +20,12 @@ package org.apache.sling.auth.core.impl;
import java.io.IOException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
-import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.osgi.framework.ServiceReference;
/**
@@ -33,8 +33,9 @@ import org.osgi.framework.ServiceReference;
* represent authentication handlers (both legacy and new ones) for use in the
* {@link SlingAuthenticator}.
*/
-public abstract class AbstractAuthenticationHandlerHolder extends
- PathBasedHolder implements AuthenticationHandler {
+public abstract class AbstractAuthenticationHandlerHolder
+ extends PathBasedHolder
+ implements JakartaAuthenticationHandler {
protected AbstractAuthenticationHandlerHolder(final String fullPath,
final ServiceReference<?> serviceReference) {
@@ -42,7 +43,7 @@ public abstract class AbstractAuthenticationHandlerHolder
extends
}
/**
- * Sets the {@link AuthenticationHandler#PATH_PROPERTY} request attribute
to
+ * Sets the {@link JakartaAuthenticationHandler#PATH_PROPERTY} request
attribute to
* this {@link PathBasedHolder#fullPath} and calls the
* {@link #extractCredentials(HttpServletRequest, HttpServletResponse)} to
* have the credentials extracted from the request.
@@ -65,7 +66,7 @@ public abstract class AbstractAuthenticationHandlerHolder
extends
}
/**
- * Sets the {@link AuthenticationHandler#PATH_PROPERTY} request attribute
to
+ * Sets the {@link JakartaAuthenticationHandler#PATH_PROPERTY} request
attribute to
* this {@link PathBasedHolder#fullPath} and calls the
* {@link #doRequestCredentials(HttpServletRequest, HttpServletResponse)}
to
* have the credentials requested from the client.
@@ -87,7 +88,7 @@ public abstract class AbstractAuthenticationHandlerHolder
extends
}
/**
- * Sets the {@link AuthenticationHandler#PATH_PROPERTY} request attribute
to
+ * Sets the {@link JakartaAuthenticationHandler#PATH_PROPERTY} request
attribute to
* this {@link PathBasedHolder#fullPath} and calls the
* {@link #doDropCredentials(HttpServletRequest, HttpServletResponse)} to
* have the credentials dropped by the held authentication handler.
@@ -112,7 +113,7 @@ public abstract class AbstractAuthenticationHandlerHolder
extends
* Returns a feedback handler provided by the authentication handler held
by
* this instance or <code>null</code> if none is provided.
*/
- protected abstract AuthenticationFeedbackHandler getFeedbackHandler();
+ protected abstract JakartaAuthenticationFeedbackHandler
getFeedbackHandler();
/**
* Calls the actual authentication handler to extract the credentials from
@@ -161,7 +162,7 @@ public abstract class AbstractAuthenticationHandlerHolder
extends
*/
private Object setPath(final HttpServletRequest request) {
return setRequestAttribute(request,
- AuthenticationHandler.PATH_PROPERTY, fullPath);
+ JakartaAuthenticationHandler.PATH_PROPERTY, fullPath);
}
/**
@@ -169,7 +170,7 @@ public abstract class AbstractAuthenticationHandlerHolder
extends
* {@link AuthenticationHandler#PATH_PROPERTY} request attribute.
*/
private void resetPath(final HttpServletRequest request, Object oldValue) {
- setRequestAttribute(request, AuthenticationHandler.PATH_PROPERTY,
+ setRequestAttribute(request,
JakartaAuthenticationHandler.PATH_PROPERTY,
oldValue);
}
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerHolder.java
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerHolder.java
index 51edb97..e1e7f8e 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerHolder.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerHolder.java
@@ -21,14 +21,14 @@ package org.apache.sling.auth.core.impl;
import java.io.IOException;
import java.util.Objects;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.auth.core.AuthConstants;
import org.apache.sling.auth.core.AuthUtil;
-import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.osgi.framework.ServiceReference;
import org.osgi.util.converter.Converters;
import org.slf4j.Logger;
@@ -39,11 +39,10 @@ import org.slf4j.LoggerFactory;
* authentication handler service in the internal data structure of the
* {@link SlingAuthenticator}.
*/
-final class AuthenticationHandlerHolder extends
- AbstractAuthenticationHandlerHolder {
+final class AuthenticationHandlerHolder extends
AbstractAuthenticationHandlerHolder {
// the actual authentication handler
- private final AuthenticationHandler handler;
+ private final JakartaAuthenticationHandler handler;
// the supported authentication type of the handler
private final String authType;
@@ -54,7 +53,7 @@ final class AuthenticationHandlerHolder extends
private Logger logger = LoggerFactory.getLogger(this.getClass());
AuthenticationHandlerHolder(final String fullPath,
- final AuthenticationHandler handler,
+ final JakartaAuthenticationHandler handler,
final ServiceReference<?> serviceReference) {
super(fullPath, serviceReference);
@@ -62,15 +61,21 @@ final class AuthenticationHandlerHolder extends
// assign the fields
this.handler = handler;
- this.authType =
Converters.standardConverter().convert(serviceReference.getProperty(TYPE_PROPERTY)).to(String.class);
+ this.authType =
Converters.standardConverter().convert(serviceReference.getProperty(JakartaAuthenticationHandler.TYPE_PROPERTY)).to(String.class);
this.browserOnlyRequestCredentials =
"true".equalsIgnoreCase(browserOnly)
|| "yes".equalsIgnoreCase(browserOnly);
}
+ AuthenticationHandlerHolder(final String fullPath,
+ @SuppressWarnings("deprecation") final
org.apache.sling.auth.core.spi.AuthenticationHandler handler,
+ final ServiceReference<?> serviceReference) {
+ this(fullPath, AuthenticationHandlerWrapper.wrap(handler),
serviceReference);
+ }
+
@Override
- protected AuthenticationFeedbackHandler getFeedbackHandler() {
- if (handler instanceof AuthenticationFeedbackHandler) {
- return (AuthenticationFeedbackHandler) handler;
+ protected JakartaAuthenticationFeedbackHandler getFeedbackHandler() {
+ if (handler instanceof JakartaAuthenticationFeedbackHandler) {
+ return (JakartaAuthenticationFeedbackHandler) handler;
}
return null;
}
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerWrapper.java
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerWrapper.java
new file mode 100644
index 0000000..610edf8
--- /dev/null
+++
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlerWrapper.java
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.auth.core.impl;
+
+import java.io.IOException;
+
+import org.apache.sling.api.wrappers.JakartaToJavaxRequestWrapper;
+import org.apache.sling.api.wrappers.JakartaToJavaxResponseWrapper;
+import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@SuppressWarnings("deprecation")
+public class AuthenticationHandlerWrapper {
+
+ public static JakartaAuthenticationHandler wrap(final
AuthenticationHandler handler) {
+ if (handler instanceof AuthenticationFeedbackHandler) {
+ return new FeedbackHandlerWrapper(handler);
+
+ }
+ return new HandlerWrapper(handler);
+ }
+
+ private static class HandlerWrapper implements
JakartaAuthenticationHandler {
+
+ private final AuthenticationHandler handler;
+
+ HandlerWrapper(final AuthenticationHandler handler) {
+ this.handler = handler;
+ }
+
+ @Override
+ public void dropCredentials(final HttpServletRequest request, final
HttpServletResponse response) throws IOException {
+ handler.dropCredentials(
+ JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response));
+ }
+
+ @Override
+ public AuthenticationInfo extractCredentials(final HttpServletRequest
request, final HttpServletResponse response) {
+ return handler.extractCredentials(
+ JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response));
+ }
+
+ @Override
+ public boolean requestCredentials(final HttpServletRequest request,
final HttpServletResponse response)
+ throws IOException {
+ return handler.requestCredentials(
+ JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response));
+ }
+ }
+
+ private static class FeedbackHandlerWrapper extends HandlerWrapper
implements JakartaAuthenticationFeedbackHandler {
+
+ private final AuthenticationFeedbackHandler handler;
+
+ FeedbackHandlerWrapper(final AuthenticationHandler handler) {
+ super(handler);
+ this.handler = (AuthenticationFeedbackHandler)handler;
+ }
+
+
+ @Override
+ public void authenticationFailed(final HttpServletRequest request,
final HttpServletResponse response,
+ final AuthenticationInfo authInfo) {
+
handler.authenticationFailed(JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response),
authInfo);
+ }
+
+
+ @Override
+ public boolean authenticationSucceeded(final HttpServletRequest
request, final HttpServletResponse response,
+ final AuthenticationInfo authInfo) {
+ return
handler.authenticationSucceeded(JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response),
authInfo);
+ }
+ }
+}
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlersManager.java
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlersManager.java
index 2541a03..221a14f 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlersManager.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticationHandlersManager.java
@@ -26,7 +26,7 @@ import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
import
org.apache.sling.auth.core.impl.engine.EngineAuthenticationHandlerHolder;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.annotations.Activate;
@@ -43,7 +43,7 @@ public class AuthenticationHandlersManager extends
PathBasedHolderCache<Abstract
/** Handler map for authentication handlers */
private final Map<String, List<AbstractAuthenticationHandlerHolder>>
handlerMap = new ConcurrentHashMap<>();
-
+
private volatile Boolean httpSupport;
@Activate
@@ -79,15 +79,49 @@ public class AuthenticationHandlersManager extends
PathBasedHolderCache<Abstract
return ahMap;
}
+ /**
+ * Bind jakarta authentication handler
+ * @param ref Service reference
+ * @param handler The handler
+ */
+ @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy =
ReferencePolicy.DYNAMIC)
+ private void bindJakartaAuthHandler(final JakartaAuthenticationHandler
handler, final ServiceReference<Object> ref) {
+ final String id =
"A".concat(ref.getProperty(Constants.SERVICE_ID).toString());
+ final String[] paths =
Converters.standardConverter().convert(ref.getProperty(JakartaAuthenticationHandler.PATH_PROPERTY)).to(String[].class);
+ internalBindAuthHandler(paths, id, path -> new
AuthenticationHandlerHolder(path,
+ handler,
+ ref));
+ }
+
+ /**
+ * Update Jakarta authentication handler
+ * @param ref Service reference
+ * @param handler The handler
+ */
+ @SuppressWarnings("unused")
+ private void Jakarta(final JakartaAuthenticationHandler handler, final
ServiceReference<Object> ref) {
+ unbindJakartaAuthHandler(ref);
+ bindJakartaAuthHandler(handler, ref);
+ }
+
+ /**
+ * Unbind Jakarta authentication handler
+ * @param ref Service Reference
+ */
+ private void unbindJakartaAuthHandler(final ServiceReference<Object> ref) {
+ final String id =
"A".concat(ref.getProperty(Constants.SERVICE_ID).toString());
+ internalUnbindAuthHandler(id);
+ }
+
/**
* Bind authentication handler
* @param ref Service reference
* @param handler The handler
*/
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy =
ReferencePolicy.DYNAMIC)
- private void bindAuthHandler(final AuthenticationHandler handler, final
ServiceReference<Object> ref) {
+ private void bindAuthHandler(@SuppressWarnings("deprecation") final
org.apache.sling.auth.core.spi.AuthenticationHandler handler, final
ServiceReference<Object> ref) {
final String id =
"A".concat(ref.getProperty(Constants.SERVICE_ID).toString());
- final String[] paths =
Converters.standardConverter().convert(ref.getProperty(AuthenticationHandler.PATH_PROPERTY)).to(String[].class);
+ final String[] paths =
Converters.standardConverter().convert(ref.getProperty(JakartaAuthenticationHandler.PATH_PROPERTY)).to(String[].class);
internalBindAuthHandler(paths, id, path -> new
AuthenticationHandlerHolder(path,
handler,
ref));
@@ -99,7 +133,7 @@ public class AuthenticationHandlersManager extends
PathBasedHolderCache<Abstract
* @param handler The handler
*/
@SuppressWarnings("unused")
- private void updatedAuthHandler(final AuthenticationHandler handler, final
ServiceReference<Object> ref) {
+ private void updatedAuthHandler(@SuppressWarnings("deprecation") final
org.apache.sling.auth.core.spi.AuthenticationHandler handler, final
ServiceReference<Object> ref) {
unbindAuthHandler(ref);
bindAuthHandler(handler, ref);
}
@@ -123,7 +157,7 @@ public class AuthenticationHandlersManager extends
PathBasedHolderCache<Abstract
@Reference(cardinality = ReferenceCardinality.MULTIPLE, policy =
ReferencePolicy.DYNAMIC)
private void bindEngineAuthHandler(final
org.apache.sling.engine.auth.AuthenticationHandler handler, final
ServiceReference<Object> ref) {
final String id =
"E".concat(ref.getProperty(Constants.SERVICE_ID).toString());
- final String[] paths =
Converters.standardConverter().convert(ref.getProperty(AuthenticationHandler.PATH_PROPERTY)).to(String[].class);
+ final String[] paths =
Converters.standardConverter().convert(ref.getProperty(JakartaAuthenticationHandler.PATH_PROPERTY)).to(String[].class);
internalBindAuthHandler(paths, id, path -> new
EngineAuthenticationHandlerHolder(path,
handler,
ref));
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
index 741e01e..1ab9ef8 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/AuthenticatorWebConsolePlugin.java
@@ -23,11 +23,11 @@ import java.io.PrintWriter;
import java.util.List;
import java.util.Map;
-import javax.servlet.Servlet;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.Servlet;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.request.ResponseUtil;
import org.osgi.service.component.annotations.Activate;
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
b/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
index 51fca02..1152301 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/HttpBasicAuthenticationHandler.java
@@ -21,14 +21,14 @@ package org.apache.sling.auth.core.impl;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.sling.auth.core.AuthUtil;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
-import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import
org.apache.sling.auth.core.spi.DefaultJakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -46,7 +46,7 @@ import org.slf4j.LoggerFactory;
* preemptively authenticate with HTTP Basic authentication.
*/
class HttpBasicAuthenticationHandler extends
- DefaultAuthenticationFeedbackHandler implements AuthenticationHandler {
+ DefaultJakartaAuthenticationFeedbackHandler implements
JakartaAuthenticationHandler {
private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolderCache.java
b/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolderCache.java
index 4e087f8..197f63e 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolderCache.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/PathBasedHolderCache.java
@@ -26,7 +26,7 @@ import java.util.SortedSet;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
public class PathBasedHolderCache<T extends PathBasedHolder> {
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
index 9736026..1eb75d8 100644
--- a/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
+++ b/src/main/java/org/apache/sling/auth/core/impl/SlingAuthenticator.java
@@ -30,12 +30,12 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletRequestEvent;
-import javax.servlet.ServletRequestListener;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletRequestEvent;
+import jakarta.servlet.ServletRequestListener;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.SlingConstants;
import org.apache.sling.api.auth.Authenticator;
@@ -43,16 +43,23 @@ import
org.apache.sling.api.auth.NoAuthenticationHandlerException;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
+import org.apache.sling.api.wrappers.JakartaToJavaxRequestWrapper;
+import org.apache.sling.api.wrappers.JakartaToJavaxResponseWrapper;
+import org.apache.sling.api.wrappers.JavaxToJakartaRequestWrapper;
+import org.apache.sling.api.wrappers.JavaxToJakartaResponseWrapper;
import org.apache.sling.auth.core.AuthConstants;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.AuthenticationSupport;
+import org.apache.sling.auth.core.JakartaLoginEventDecorator;
import org.apache.sling.auth.core.LoginEventDecorator;
-import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import
org.apache.sling.auth.core.spi.AuthenticationHandler.FAILURE_REASON_CODES;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.auth.core.spi.AuthenticationInfoPostProcessor;
-import org.apache.sling.auth.core.spi.DefaultAuthenticationFeedbackHandler;
+import
org.apache.sling.auth.core.spi.DefaultJakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationInfoPostProcessor;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
@@ -84,7 +91,7 @@ import org.slf4j.LoggerFactory;
* <ul>
* <li>Support for login sessions where session ids are exchanged with cookies
* <li>Support for multiple authentication handlers, which must implement the
- * {@link AuthenticationHandler} interface.
+ * {@link JakartaAuthenticationHandler} interface.
* <li>
* </ul>
* <p>
@@ -294,9 +301,16 @@ public class SlingAuthenticator implements Authenticator,
*/
private final PathBasedHolderCache<AbstractAuthenticationHandlerHolder>
authHandlersManager;
+ /**
+ * JakartaAuthenticationInfoPostProcessor services
+ */
+ @Reference(cardinality = ReferenceCardinality.MULTIPLE, service =
JakartaAuthenticationInfoPostProcessor.class, fieldOption = FieldOption.REPLACE)
+ private volatile List<JakartaAuthenticationInfoPostProcessor>
jakartaAuthInfoPostProcessors = Collections.emptyList(); // NOSONAR
+
/**
* AuthenticationInfoPostProcessor services
*/
+ @SuppressWarnings("deprecation")
@Reference(cardinality = ReferenceCardinality.MULTIPLE, service =
AuthenticationInfoPostProcessor.class, fieldOption = FieldOption.REPLACE)
private volatile List<AuthenticationInfoPostProcessor>
authInfoPostProcessors = Collections.emptyList(); // NOSONAR
@@ -314,6 +328,13 @@ public class SlingAuthenticator implements Authenticator,
/**
* LoginEventDecorator services
*/
+ @Reference(cardinality = ReferenceCardinality.MULTIPLE, service =
JakartaLoginEventDecorator.class, fieldOption = FieldOption.REPLACE)
+ private volatile List<JakartaLoginEventDecorator>
jakartaLoginEventDecorators = new ArrayList<>(); // NOSONAR
+
+ /**
+ * LoginEventDecorator services
+ */
+ @SuppressWarnings("deprecation")
@Reference(cardinality = ReferenceCardinality.MULTIPLE, service =
LoginEventDecorator.class, fieldOption = FieldOption.REPLACE)
private volatile List<LoginEventDecorator> loginEventDecorators = new
ArrayList<>(); // NOSONAR
@@ -426,8 +447,8 @@ public class SlingAuthenticator implements Authenticator,
process = doHandleSecurity(request, response);
if (process && expectAuthenticationHandler(request)) {
log.warn("handleSecurity: AuthenticationHandler did not block
request; access denied");
- request.removeAttribute(AuthenticationHandler.FAILURE_REASON);
-
request.removeAttribute(AuthenticationHandler.FAILURE_REASON_CODE);
+
request.removeAttribute(JakartaAuthenticationHandler.FAILURE_REASON);
+
request.removeAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE);
AuthUtil.sendInvalid(request, response);
process = false;
}
@@ -612,6 +633,24 @@ public class SlingAuthenticator implements Authenticator,
redirectAfterLogout(request, response);
}
+ @Override
+ public void login(final javax.servlet.http.HttpServletRequest request,
final javax.servlet.http.HttpServletResponse response) {
+ this.login(JavaxToJakartaRequestWrapper.toJakartaRequest(request),
+ JavaxToJakartaResponseWrapper.toJakartaResponse(response));
+ }
+
+ @Override
+ public void logout(final javax.servlet.http.HttpServletRequest request,
final javax.servlet.http.HttpServletResponse response) {
+ this.logout(JavaxToJakartaRequestWrapper.toJakartaRequest(request),
+ JavaxToJakartaResponseWrapper.toJakartaResponse(response));
+ }
+
+ @Override
+ public boolean handleSecurity(final javax.servlet.http.HttpServletRequest
request, final javax.servlet.http.HttpServletResponse response) {
+ return
this.handleSecurity(JavaxToJakartaRequestWrapper.toJakartaRequest(request),
+ JavaxToJakartaResponseWrapper.toJakartaResponse(response));
+ }
+
// ---------- ServletRequestListener
@Override
@@ -701,15 +740,20 @@ public class SlingAuthenticator implements Authenticator,
/**
* Run through the available post processors.
*/
+ @SuppressWarnings("deprecation")
private void postProcess(AuthenticationInfo info, HttpServletRequest
request, HttpServletResponse response)
throws LoginException {
- final List<AuthenticationInfoPostProcessor> localList =
this.authInfoPostProcessors;
- for (final AuthenticationInfoPostProcessor processor : localList) {
+ final List<JakartaAuthenticationInfoPostProcessor> localList =
this.jakartaAuthInfoPostProcessors;
+ for (final JakartaAuthenticationInfoPostProcessor processor :
localList) {
processor.postProcess(info, request, response);
}
+ final List<AuthenticationInfoPostProcessor> localListDep =
this.authInfoPostProcessors;
+ for (final AuthenticationInfoPostProcessor processor : localListDep) {
+ processor.postProcess(info,
JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response));
+ }
}
-
/**
* Try to acquire a ResourceResolver as indicated by authInfo
*
@@ -723,7 +767,7 @@ public class SlingAuthenticator implements Authenticator,
final AuthenticationInfo authInfo) {
// prepare the feedback handler
- final AuthenticationFeedbackHandler feedbackHandler =
(AuthenticationFeedbackHandler)
authInfo.remove(AUTH_INFO_PROP_FEEDBACK_HANDLER);
+ final JakartaAuthenticationFeedbackHandler feedbackHandler =
(JakartaAuthenticationFeedbackHandler)
authInfo.remove(AUTH_INFO_PROP_FEEDBACK_HANDLER);
final Object sendLoginEvent =
authInfo.remove(AuthConstants.AUTH_INFO_LOGIN);
// try to connect
@@ -752,7 +796,7 @@ public class SlingAuthenticator implements Authenticator,
AuthUtil.sendValid(response);
processRequest = false;
} else if (impersChanged || feedbackHandler == null) {
- processRequest =
!DefaultAuthenticationFeedbackHandler.handleRedirect(request, response);
+ processRequest =
!DefaultJakartaAuthenticationFeedbackHandler.handleRedirect(request, response);
}
}
@@ -814,8 +858,7 @@ public class SlingAuthenticator implements Authenticator,
// check whether the client asked for redirect after
// authentication and/or impersonation
- if (DefaultAuthenticationFeedbackHandler.handleRedirect(
- request, response)) {
+ if
(DefaultJakartaAuthenticationFeedbackHandler.handleRedirect(request, response))
{
// request will now be terminated, so close the resolver
// to release resources
@@ -940,8 +983,8 @@ public class SlingAuthenticator implements Authenticator,
}
// preset a reason for the login failure
-
request.setAttribute(AuthenticationHandler.FAILURE_REASON_CODE, code);
- ensureAttribute(request, AuthenticationHandler.FAILURE_REASON,
message);
+
request.setAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE, code);
+ ensureAttribute(request,
JakartaAuthenticationHandler.FAILURE_REASON, message);
doLogin(request, response);
}
@@ -1073,14 +1116,14 @@ public class SlingAuthenticator implements
Authenticator,
// credential validation
// ensure a failure reason
- ensureAttribute(request, AuthenticationHandler.FAILURE_REASON,
+ ensureAttribute(request, JakartaAuthenticationHandler.FAILURE_REASON,
"Authentication Failed");
AuthUtil.sendInvalid(request, response);
}
private boolean isExpiredToken(HttpServletRequest request) {
- return FAILURE_REASON_CODES.EXPIRED_TOKEN ==
request.getAttribute(AuthenticationHandler.FAILURE_REASON_CODE);
+ return FAILURE_REASON_CODES.EXPIRED_TOKEN ==
request.getAttribute(JakartaAuthenticationHandler.FAILURE_REASON_CODE);
}
/**
@@ -1398,16 +1441,21 @@ public class SlingAuthenticator implements
Authenticator,
}
}
+ @SuppressWarnings("deprecation")
private void postLoginEvent(final HttpServletRequest request, final
AuthenticationInfo authInfo) {
final Map<String, Object> properties = new HashMap<>();
properties.put(SlingConstants.PROPERTY_USERID, authInfo.getUser());
properties.put(AuthenticationInfo.AUTH_TYPE, authInfo.getAuthType());
// allow extensions to supply additional properties
- final List<LoginEventDecorator> localList = this.loginEventDecorators;
- for (final LoginEventDecorator decorator : localList) {
+ final List<JakartaLoginEventDecorator> localList =
this.jakartaLoginEventDecorators;
+ for (final JakartaLoginEventDecorator decorator : localList) {
decorator.decorateLoginEvent(request, authInfo, properties);
}
+ final List<LoginEventDecorator> localListDep =
this.loginEventDecorators;
+ for (final LoginEventDecorator decorator : localListDep) {
+
decorator.decorateLoginEvent(JakartaToJavaxRequestWrapper.toJavaxRequest(request),
authInfo, properties);
+ }
EventAdmin localEA = this.eventAdmin;
if (localEA != null) {
@@ -1419,6 +1467,7 @@ public class SlingAuthenticator implements Authenticator,
* Post an event to let subscribers know that a login failure has
occurred. For examples, subscribers
* to the {@link AuthConstants#TOPIC_LOGIN_FAILED} event topic may be used
to implement a failed login throttling solution.
*/
+ @SuppressWarnings("deprecation")
private void postLoginFailedEvent(final HttpServletRequest request,
final AuthenticationInfo authInfo, Exception reason) {
// The reason for the failure may be useful to downstream subscribers.
@@ -1435,10 +1484,14 @@ public class SlingAuthenticator implements
Authenticator,
properties.put("reason_code", reasonCode.name());
// allow extensions to supply additional properties
- final List<LoginEventDecorator> localList =
this.loginEventDecorators;
- for (final LoginEventDecorator decorator : localList) {
+ final List<JakartaLoginEventDecorator> localList =
this.jakartaLoginEventDecorators;
+ for (final JakartaLoginEventDecorator decorator : localList) {
decorator.decorateLoginFailedEvent(request, authInfo,
properties);
}
+ final List<LoginEventDecorator> localListDep =
this.loginEventDecorators;
+ for (final LoginEventDecorator decorator : localListDep) {
+
decorator.decorateLoginFailedEvent(JakartaToJavaxRequestWrapper.toJavaxRequest(request),
authInfo, properties);
+ }
EventAdmin localEA = this.eventAdmin;
if (localEA != null) {
diff --git
a/src/main/java/org/apache/sling/auth/core/impl/engine/EngineAuthenticationHandlerHolder.java
b/src/main/java/org/apache/sling/auth/core/impl/engine/EngineAuthenticationHandlerHolder.java
index a13b952..077fd22 100644
---
a/src/main/java/org/apache/sling/auth/core/impl/engine/EngineAuthenticationHandlerHolder.java
+++
b/src/main/java/org/apache/sling/auth/core/impl/engine/EngineAuthenticationHandlerHolder.java
@@ -21,12 +21,15 @@ package org.apache.sling.auth.core.impl.engine;
import java.io.IOException;
import java.util.Objects;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.sling.api.wrappers.JakartaToJavaxRequestWrapper;
+import org.apache.sling.api.wrappers.JakartaToJavaxResponseWrapper;
import org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder;
import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationFeedbackHandler;
import org.apache.sling.engine.auth.AuthenticationHandler;
import org.osgi.framework.ServiceReference;
@@ -51,9 +54,26 @@ public final class EngineAuthenticationHandlerHolder extends
}
@Override
- protected AuthenticationFeedbackHandler getFeedbackHandler() {
+ protected JakartaAuthenticationFeedbackHandler getFeedbackHandler() {
if (handler instanceof AuthenticationFeedbackHandler) {
- return (AuthenticationFeedbackHandler) handler;
+ return new JakartaAuthenticationFeedbackHandler() {
+
+ @Override
+ public void authenticationFailed(HttpServletRequest request,
+ HttpServletResponse response, AuthenticationInfo
authInfo) {
+ ((AuthenticationFeedbackHandler)
handler).authenticationFailed(
+ JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+
JakartaToJavaxResponseWrapper.toJavaxResponse(response), authInfo);
+ }
+
+ @Override
+ public boolean authenticationSucceeded(HttpServletRequest
request,
+ HttpServletResponse response, AuthenticationInfo
authInfo) {
+ return ((AuthenticationFeedbackHandler)
handler).authenticationSucceeded(
+ JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+
JakartaToJavaxResponseWrapper.toJavaxResponse(response), authInfo);
+ }
+ };
}
return null;
}
@@ -62,7 +82,8 @@ public final class EngineAuthenticationHandlerHolder extends
HttpServletResponse response) {
org.apache.sling.engine.auth.AuthenticationInfo engineAuthInfo =
handler.authenticate(
- request, response);
+ JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response));
if (engineAuthInfo == null) {
return null;
} else if (engineAuthInfo ==
org.apache.sling.engine.auth.AuthenticationInfo.DOING_AUTH) {
@@ -81,7 +102,8 @@ public final class EngineAuthenticationHandlerHolder extends
public boolean doRequestCredentials(HttpServletRequest request,
HttpServletResponse response) throws IOException {
- return handler.requestAuthentication(request, response);
+ return
handler.requestAuthentication(JakartaToJavaxRequestWrapper.toJavaxRequest(request),
+ JakartaToJavaxResponseWrapper.toJavaxResponse(response));
}
public void doDropCredentials(HttpServletRequest request,
diff --git a/src/main/java/org/apache/sling/auth/core/package-info.java
b/src/main/java/org/apache/sling/auth/core/package-info.java
index f8d608e..5b86e9f 100755
--- a/src/main/java/org/apache/sling/auth/core/package-info.java
+++ b/src/main/java/org/apache/sling/auth/core/package-info.java
@@ -22,9 +22,9 @@
* of utility functions in the {@link org.apache.sling.auth.core.AuthUtil}
* class.
*
- * @version 1.5.0
+ * @version 1.6.0
*/
[email protected]("1.5.0")
[email protected]("1.6.0")
package org.apache.sling.auth.core;
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
b/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
index 2a14bc4..7df18f8 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
@@ -35,7 +35,9 @@ import org.apache.sling.auth.core.AuthUtil;
* The <code>AbstractAuthenticationFormServlet</code> provides a basic
* implementation of a simple servlet to render a login form for authentication
* purposes.
+ * @deprecated Use {@link AbstractJakartaAuthenticationFormServlet}
*/
+@Deprecated
@SuppressWarnings("serial")
public abstract class AbstractAuthenticationFormServlet extends HttpServlet {
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
b/src/main/java/org/apache/sling/auth/core/spi/AbstractJakartaAuthenticationFormServlet.java
similarity index 97%
copy from
src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
copy to
src/main/java/org/apache/sling/auth/core/spi/AbstractJakartaAuthenticationFormServlet.java
index 2a14bc4..a153876 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/AbstractAuthenticationFormServlet.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/AbstractJakartaAuthenticationFormServlet.java
@@ -25,19 +25,20 @@ import java.io.Reader;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.atomic.AtomicReference;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.auth.core.AuthUtil;
/**
- * The <code>AbstractAuthenticationFormServlet</code> provides a basic
+ * The <code>AbstractJakartaAuthenticationFormServlet</code> provides a basic
* implementation of a simple servlet to render a login form for authentication
* purposes.
+ * @since 1.3.0
*/
@SuppressWarnings("serial")
-public abstract class AbstractAuthenticationFormServlet extends HttpServlet {
+public abstract class AbstractJakartaAuthenticationFormServlet extends
HttpServlet {
/**
* The path to the default login form.
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
index 13539af..6930d89 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
@@ -27,7 +27,9 @@ import org.osgi.annotation.versioning.ConsumerType;
* The <code>AuthenticationFeedbackHandler</code> may be implemented by
* {@link AuthenticationHandler} services to request being informed on the
* success or failure of authentication.
+ * @deprecated Use {@link JakartaAuthenticationFeedbackHandler} instead
*/
+@Deprecated
@ConsumerType
public interface AuthenticationFeedbackHandler {
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
index 2816110..45740b8 100644
--- a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
+++ b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
@@ -31,7 +31,9 @@ import aQute.bnd.annotation.baseline.BaselineIgnore;
* The <code>AuthenticationHandler</code> interface defines the service API
used
* by the authentication implementation to support plugin various ways of
* extracting credentials from the request.
+ * @deprecated Use {@link JakartaAuthenticationHandler} instead
*/
+@Deprecated
@ConsumerType
public interface AuthenticationHandler {
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfo.java
b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfo.java
index 3dedb3b..0283ef0 100644
--- a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfo.java
+++ b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfo.java
@@ -31,10 +31,10 @@ import
org.apache.sling.api.resource.ResourceResolverFactory;
/**
* The <code>AuthenticationInfo</code> conveys any authentication credentials
* and/or details extracted by the
- * {@link
AuthenticationHandler#extractCredentials(javax.servlet.http.HttpServletRequest,
javax.servlet.http.HttpServletResponse)}
+ * {@link
JakartaAuthenticationHandler#extractCredentials(jakarta.servlet.http.HttpServletRequest,
jakarta.servlet.http.HttpServletResponse)}
* method from the request.
* <p>
- * {@link AuthenticationHandler} implementations must return instances of this
+ * {@link JakartaAuthenticationHandler} implementations must return instances
of this
* class which may be constructed through any of the provided public
* constructors.
* <p>
@@ -47,7 +47,7 @@ public class AuthenticationInfo extends HashMap<String,
Object> {
/**
* A special instance of this class which may be returned from the
- * {@link
AuthenticationHandler#extractCredentials(javax.servlet.http.HttpServletRequest,
javax.servlet.http.HttpServletResponse)}
+ * {@link
JakartaAuthenticationHandler#extractCredentials(jakarta.servlet.http.HttpServletRequest,
jakarta.servlet.http.HttpServletResponse)}
* method to inform the caller, that a response has been sent to the client
* to request for credentials.
* <p>
@@ -59,7 +59,7 @@ public class AuthenticationInfo extends HashMap<String,
Object> {
/**
* A special instance of this class which may be returned from the
- * {@link
AuthenticationHandler#extractCredentials(javax.servlet.http.HttpServletRequest,
javax.servlet.http.HttpServletResponse)}
+ * {@link
JakartaAuthenticationHandler#extractCredentials(jakarta.servlet.http.HttpServletRequest,
jakarta.servlet.http.HttpServletResponse)}
* method to inform the caller that credential extraction failed for some
* reason.
* <p>
@@ -73,7 +73,7 @@ public class AuthenticationInfo extends HashMap<String,
Object> {
/**
* The name of the special property providing the authentication type
- * provided by the {@link AuthenticationHandler}. This value must be
+ * provided by the {@link JakartaAuthenticationHandler}. This value must be
* supplied to one of the constructors and is ultimately used as the value
* of the <code>HttpServletRequest.getAuthType</code> method.
* <p>
@@ -142,7 +142,7 @@ public class AuthenticationInfo extends HashMap<String,
Object> {
* If authentication is taking place through one of the standard ways, such
* as Basic or Digest, the return value is one of the predefined constants
* of the <code>HttpServletRequest</code> interface. Otherwise the value
may
- * be specific to the {@link AuthenticationHandler} implementation.
+ * be specific to the {@link JakartaAuthenticationHandler} implementation.
* @return The authentication type as stored in the {@link #AUTH_TYPE}
property.
*/
public final String getAuthType() {
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
index 2be3d69..f354b31 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
@@ -34,7 +34,9 @@ import org.osgi.annotation.versioning.ConsumerType;
* the {@code AuthenticationInfo}.
* This service interface is useful to access and modify the {{@code
AuthenticationInfo} before
* it is passed to the {@code ResourceResolverFactory} to create a {@code
ResourceResolver}.
+ * @deprecated Use {@link JakartaAuthenticationInfoPostProcessor} instead
*/
+@Deprecated
@ConsumerType
public interface AuthenticationInfoPostProcessor {
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
b/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
index 6ce23c8..63fc800 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
@@ -26,6 +26,10 @@ import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.AuthenticationSupport;
import org.slf4j.LoggerFactory;
+/**
+ * @deprecated Use {@link JakartaAuthenticationFeedbackHandler} instead
+ */
+@Deprecated
public class DefaultAuthenticationFeedbackHandler implements
AuthenticationFeedbackHandler {
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
b/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java
similarity index 90%
copy from
src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
copy to
src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java
index 6ce23c8..8348628 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/DefaultAuthenticationFeedbackHandler.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/DefaultJakartaAuthenticationFeedbackHandler.java
@@ -18,16 +18,20 @@
*/
package org.apache.sling.auth.core.spi;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.auth.core.AuthUtil;
import org.apache.sling.auth.core.AuthenticationSupport;
import org.slf4j.LoggerFactory;
-public class DefaultAuthenticationFeedbackHandler implements
- AuthenticationFeedbackHandler {
+/**
+ * Default implementation of an authentication feedback handler.
+ * @since 1.3.0
+ */
+public class DefaultJakartaAuthenticationFeedbackHandler implements
+ JakartaAuthenticationFeedbackHandler {
/**
* Handles an optional request for a redirect after successful
@@ -46,12 +50,12 @@ public class DefaultAuthenticationFeedbackHandler implements
* by resolving it relative to the request URI
* (<code>HttpServletRequest.getRequestURI()</code>). The resulting
* target is validated with the
- * {@link
AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
+ * {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}
* method. If valid a redirect to that target is sent back and
<code>true</code>
* is returned. Otherwise a redirect to the servlet context root is
* sent back and <code>true</code> is returned.</li>
* <li>If the parameter is an absolute path it is validated with the
- * {@link
AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
+ * {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}
* method. If valid a redirect to that path is sent back and
<code>true</code>
* is returned. Otherwise a redirect to the servlet context root is
* sent back and <code>true</code> is returned.</li>
@@ -68,7 +72,7 @@ public class DefaultAuthenticationFeedbackHandler implements
* succeeded or not.
*
* @since 1.0.4 (bundle version 1.0.8) the target is validated with the
- * {@link
AbstractAuthenticationHandler#isRedirectValid(HttpServletRequest, String)}
+ * {@link AuthUtil#isRedirectValid(HttpServletRequest, String)}
* method.
*/
public static boolean handleRedirect(final HttpServletRequest request,
@@ -82,7 +86,7 @@ public class DefaultAuthenticationFeedbackHandler implements
} catch (Exception e) {
// expected: IOException and IllegalStateException
LoggerFactory.getLogger(
- DefaultAuthenticationFeedbackHandler.class).error(
+ DefaultJakartaAuthenticationFeedbackHandler.class).error(
"handleRedirect: Failed to send redirect to " + redirect
+ ", aborting request without redirect", e);
}
@@ -124,7 +128,7 @@ public class DefaultAuthenticationFeedbackHandler implements
// absolute target (in the servlet context)
if (!AuthUtil.isRedirectValid(request, redirect)) {
-
LoggerFactory.getLogger(DefaultAuthenticationFeedbackHandler.class).error(
+
LoggerFactory.getLogger(DefaultJakartaAuthenticationFeedbackHandler.class).error(
"handleRedirect: Redirect target '{}' is invalid, redirecting
to '/'",
redirect);
redirect = "/";
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
b/src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationFeedbackHandler.java
similarity index 84%
copy from
src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
copy to
src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationFeedbackHandler.java
index 13539af..a40ed1d 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationFeedbackHandler.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationFeedbackHandler.java
@@ -18,8 +18,8 @@
*/
package org.apache.sling.auth.core.spi;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.osgi.annotation.versioning.ConsumerType;
@@ -27,9 +27,10 @@ import org.osgi.annotation.versioning.ConsumerType;
* The <code>AuthenticationFeedbackHandler</code> may be implemented by
* {@link AuthenticationHandler} services to request being informed on the
* success or failure of authentication.
+ * @since 1.3.0
*/
@ConsumerType
-public interface AuthenticationFeedbackHandler {
+public interface JakartaAuthenticationFeedbackHandler {
/**
* Called if authentication failed with the credentials provided in the
@@ -37,17 +38,17 @@ public interface AuthenticationFeedbackHandler {
* <p>
* This method allows the handler to cleanup any state prepared while
* handling the
- * {@link AuthenticationHandler#extractCredentials(HttpServletRequest,
HttpServletResponse)
+ * {@link
JakartaAuthenticationHandler#extractCredentials(HttpServletRequest,
HttpServletResponse)
* extractCredentials} method. Handlers are expected to not send a in this
* method because the Sling Authenticator will proceed to select an
* authentication handler whose
- * {@link AuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)
+ * {@link
JakartaAuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)
* requestCredentials} method will be called.
* <p>
* Implementations may also wish to set the
- * {@link AuthenticationHandler#FAILURE_REASON} request attribute to inform
+ * {@link JakartaAuthenticationHandler#FAILURE_REASON} request attribute
to inform
* interested parties (including its any
- * {@link AuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)}
+ * {@link
JakartaAuthenticationHandler#requestCredentials(HttpServletRequest,
HttpServletResponse)}
* method about the reasons of failure to to authenticate.
*
* @param request The current request
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
b/src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationHandler.java
similarity index 86%
copy from
src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
copy to
src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationHandler.java
index 2816110..8ae0ced 100644
--- a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationHandler.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationHandler.java
@@ -20,26 +20,25 @@ package org.apache.sling.auth.core.spi;
import java.io.IOException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.osgi.annotation.versioning.ConsumerType;
-import aQute.bnd.annotation.baseline.BaselineIgnore;
-
/**
* The <code>AuthenticationHandler</code> interface defines the service API
used
* by the authentication implementation to support plugin various ways of
* extracting credentials from the request.
+ * @since 1.3.0
*/
@ConsumerType
-public interface AuthenticationHandler {
+public interface JakartaAuthenticationHandler {
/**
* The name under which an implementation of this interface must be
* registered to be used as an authentication handler.
*/
- static final String SERVICE_NAME =
"org.apache.sling.auth.core.spi.AuthenticationHandler";
+ static final String SERVICE_NAME =
"org.apache.sling.auth.core.spi.JakartaAuthenticationHandler";
/**
* The name of the service registration property listing one or more URL
@@ -93,7 +92,6 @@ public interface AuthenticationHandler {
* any failures.
*
* @see #extractCredentials(HttpServletRequest, HttpServletResponse)
- * @since 1.0.2 (Bundle version 1.0.4)
*/
static final String FAILURE_REASON = "j_reason";
@@ -106,41 +104,9 @@ public interface AuthenticationHandler {
* more detailed failure reasons, e.g. "password_expired".
*
* @see #extractCredentials(HttpServletRequest, HttpServletResponse)
- * @since 1.1.0
*/
static final String FAILURE_REASON_CODE = "j_reason_code";
- /**
- * This enum indicates the supported detailed login failure reason codes:
- * <ul>
- * <li><code>invalid_login</code>: indicates username/password
mismatch.</li>
- * <li><code>password_expired</code>: indicates password has expired
or was never set and
- * change initial password is enabled</li>
- * <li><code>account_locked</code>: the account was disabled or
locked</li>
- * <li><code>account_not_found</code>: the account was not found (not
the same as username password mismatch)</li>
- * <li><code>expired_token</code>: the token credentials used have
expired</li>
- * </ul>
- * @since 1.1.0
- */
- // When adding a new field to the enum bnd will require a minor version
bump
- // That's unfortunately too much for an SPI package and should really have
no impact
- // on implementors since the enum values are not exposed from any public
API
- @BaselineIgnore("1.2.3")
- enum FAILURE_REASON_CODES {
- INVALID_LOGIN,
- PASSWORD_EXPIRED,
- PASSWORD_EXPIRED_AND_NEW_PASSWORD_IN_HISTORY,
- UNKNOWN,
- ACCOUNT_LOCKED,
- ACCOUNT_NOT_FOUND,
- EXPIRED_TOKEN;
-
- @Override
- public String toString() {
- return super.toString().toLowerCase();
- }
- }
-
/**
* Extracts credential data from the request if at all contained.
* <p>
diff --git
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
b/src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationInfoPostProcessor.java
similarity index 90%
copy from
src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
copy to
src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationInfoPostProcessor.java
index 2be3d69..d81a3c6 100644
---
a/src/main/java/org/apache/sling/auth/core/spi/AuthenticationInfoPostProcessor.java
+++
b/src/main/java/org/apache/sling/auth/core/spi/JakartaAuthenticationInfoPostProcessor.java
@@ -16,8 +16,8 @@
*/
package org.apache.sling.auth.core.spi;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.SlingException;
import org.apache.sling.api.resource.LoginException;
@@ -26,7 +26,7 @@ import org.osgi.annotation.versioning.ConsumerType;
/**
* Service interface which allows bundles to modify the {@code
AuthenticationInfo} object
* right after one {@code AuthenticationHandler} has returned an {{@code
AuthenticationInfo}
- * from the {@link
AuthenticationHandler#extractCredentials(HttpServletRequest,
HttpServletResponse)}
+ * from the {@link
JakartaAuthenticationHandler#extractCredentials(HttpServletRequest,
HttpServletResponse)}
* method or an anonymous {@code AuthenticationInfo} has been created. This
service is called
* before the {@code ResourceResolver} is created and any login into the
resource providers
* (such as a JCR repository or other data store) happens. However, the {@code
AuthenticationHandler}
@@ -34,9 +34,10 @@ import org.osgi.annotation.versioning.ConsumerType;
* the {@code AuthenticationInfo}.
* This service interface is useful to access and modify the {{@code
AuthenticationInfo} before
* it is passed to the {@code ResourceResolverFactory} to create a {@code
ResourceResolver}.
+ * @since 1.3.0
*/
@ConsumerType
-public interface AuthenticationInfoPostProcessor {
+public interface JakartaAuthenticationInfoPostProcessor {
/**
* The name under which an implementation of this interface must be
diff --git a/src/main/java/org/apache/sling/auth/core/spi/package-info.java
b/src/main/java/org/apache/sling/auth/core/spi/package-info.java
index 7171d7f..5c09661 100755
--- a/src/main/java/org/apache/sling/auth/core/spi/package-info.java
+++ b/src/main/java/org/apache/sling/auth/core/spi/package-info.java
@@ -20,15 +20,15 @@
/**
* Provides API to be implemented by provides of authentication
* mechanisms. The most important interface (and service definition) is
- * the {@link org.apache.sling.auth.core.spi.AuthenticationHandler}
+ * the {@link org.apache.sling.auth.core.spi.JakartaAuthenticationHandler}
* interface with the
- * {@link org.apache.sling.auth.core.spi.AbstractAuthenticationHandler}
+ * {@link
org.apache.sling.auth.core.spi.DefaultJakartaAuthenticationFeedbackHandler}
* being an abstract base implementation from which concrete
* implementations may inherit.
*
- * @version 1.2.3
+ * @version 1.3.0
*/
[email protected]("1.2.3")
[email protected]("1.3.0")
package org.apache.sling.auth.core.spi;
diff --git a/src/test/java/org/apache/sling/auth/core/AuthUtilTest.java
b/src/test/java/org/apache/sling/auth/core/AuthUtilTest.java
index 839c4a7..f3ba07b 100644
--- a/src/test/java/org/apache/sling/auth/core/AuthUtilTest.java
+++ b/src/test/java/org/apache/sling/auth/core/AuthUtilTest.java
@@ -18,7 +18,7 @@
*/
package org.apache.sling.auth.core;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import org.apache.sling.api.resource.NonExistingResource;
import org.apache.sling.api.resource.ResourceResolver;
@@ -35,19 +35,19 @@ public class AuthUtilTest {
@Test
public void test_isRedirectValid_null_empty() {
- Assert.assertFalse(AuthUtil.isRedirectValid(null, null));
- Assert.assertFalse(AuthUtil.isRedirectValid(null, ""));
+ Assert.assertFalse(AuthUtil.isRedirectValid((HttpServletRequest)null,
null));
+ Assert.assertFalse(AuthUtil.isRedirectValid((HttpServletRequest)null,
""));
}
@Test
public void test_isRedirectValid_url() {
- Assert.assertFalse(AuthUtil.isRedirectValid(null,
"http://www.google.com";));
+ Assert.assertFalse(AuthUtil.isRedirectValid((HttpServletRequest)null,
"http://www.google.com";));
}
@Test
public void test_isRedirectValid_no_request() {
- Assert.assertFalse(AuthUtil.isRedirectValid(null, "relative/path"));
- Assert.assertTrue(AuthUtil.isRedirectValid(null, "/absolute/path"));
+ Assert.assertFalse(AuthUtil.isRedirectValid((HttpServletRequest)null,
"relative/path"));
+ Assert.assertTrue(AuthUtil.isRedirectValid((HttpServletRequest)null,
"/absolute/path"));
}
@Test
@@ -100,11 +100,11 @@ public class AuthUtilTest {
Mockito.when(request.getContextPath()).thenReturn("");
Mockito.when(request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER)).thenReturn(resolver);
- Mockito.when(resolver.resolve(Mockito.any(),
Mockito.eq("/absolute/path")))
+ Mockito.when(resolver.resolve((HttpServletRequest)Mockito.any(),
Mockito.eq("/absolute/path")))
.thenReturn(new SyntheticResource(resolver, "/absolute/path",
"test"));
- Mockito.when(resolver.resolve(Mockito.any(),
Mockito.eq("relative/path")))
+ Mockito.when(resolver.resolve((HttpServletRequest)Mockito.any(),
Mockito.eq("relative/path")))
.thenReturn(new NonExistingResource(resolver, "relative/path"));
- Mockito.when(resolver.resolve(Mockito.any(), Mockito.any()))
+ Mockito.when(resolver.resolve((HttpServletRequest)Mockito.any(),
Mockito.any()))
.thenReturn(new NonExistingResource(resolver,
"/absolute/missing"));
Assert.assertFalse(AuthUtil.isRedirectValid(request, "relative/path"));
@@ -123,11 +123,11 @@ public class AuthUtilTest {
Mockito.when(request.getContextPath()).thenReturn("/ctx");
Mockito.when(request.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER)).thenReturn(resolver);
- Mockito.when(resolver.resolve(Mockito.any(),
Mockito.eq("/absolute/path")))
+ Mockito.when(resolver.resolve((HttpServletRequest)Mockito.any(),
Mockito.eq("/absolute/path")))
.thenReturn(new SyntheticResource(resolver, "/absolute/path",
"test"));
- Mockito.when(resolver.resolve(Mockito.any(),
Mockito.eq("relative/path")))
+ Mockito.when(resolver.resolve((HttpServletRequest)Mockito.any(),
Mockito.eq("relative/path")))
.thenReturn(new NonExistingResource(resolver, "relative/path"));
- Mockito.when(resolver.resolve(Mockito.any(), Mockito.any()))
+ Mockito.when(resolver.resolve((HttpServletRequest)Mockito.any(),
Mockito.any()))
.thenReturn(new NonExistingResource(resolver,
"/absolute/missing"));
Assert.assertFalse(AuthUtil.isRedirectValid(request, "relative/path"));
diff --git
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiJavaxTest.java
similarity index 85%
copy from
src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
copy to
src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiJavaxTest.java
index 9670f05..56b6989 100644
---
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
+++
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiJavaxTest.java
@@ -23,12 +23,8 @@ import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoInteractions;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
-import java.io.IOException;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collections;
@@ -39,8 +35,8 @@ import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Supplier;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
@@ -58,10 +54,11 @@ import org.jetbrains.annotations.NotNull;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
+import org.mockito.Mockito;
import org.osgi.service.event.Event;
import org.osgi.service.event.EventHandler;
-public class SlingAuthenticatorOsgiTest {
+public class SlingAuthenticatorOsgiJavaxTest {
@Rule
public final OsgiContext context = new OsgiContext();
@@ -102,26 +99,6 @@ public class SlingAuthenticatorOsgiTest {
authenticator =
context.registerInjectActivateService(SlingAuthenticator.class);
}
- @Test
- public void testHandleSecurity() throws IOException {
- HttpServletRequest req = mock(HttpServletRequest.class);
- when(req.getRequestURL()).thenReturn(new StringBuffer("/"));
- when(req.getServletPath()).thenReturn("/");
- when(req.getServerName()).thenReturn("localhost");
- when(req.getServerPort()).thenReturn(80);
- when(req.getScheme()).thenReturn("http");
- when(req.getRequestURI()).thenReturn("http://localhost:80/";);
-
- HttpServletResponse resp = mock(HttpServletResponse.class);
- authenticator.handleSecurity(req, resp);
-
- verify(timer).time();
- verify(ctx).close();
- verify(successMeter).mark();
- verifyNoMoreInteractions(timer, successMeter, ctx);
- verifyNoInteractions((failedMeter));
- }
-
/**
* Verify decoration of a login event
*/
@@ -129,11 +106,11 @@ public class SlingAuthenticatorOsgiTest {
public void testLoginEventDecoration() {
assertLoginEvent(
(req, resp) -> {
- // provide test authInfo
+ // provide test authInfo
AuthenticationInfo authInfo = new
AuthenticationInfo("testing", "admin", "admin".toCharArray());
authInfo.put(AuthConstants.AUTH_INFO_LOGIN, Boolean.TRUE);
when(req.getRequestURL()).thenReturn(new
StringBuffer("/test"));
- when(testAuthHandler.extractCredentials(req,
resp)).thenReturn(authInfo);
+ when(testAuthHandler.extractCredentials(Mockito.any(),
Mockito.any())).thenReturn(authInfo);
},
() ->
testEventHandler.collectedEvents(AuthConstants.TOPIC_LOGIN),
event -> assertEquals("test1Value", event.getProperty("test1"))
@@ -147,10 +124,10 @@ public class SlingAuthenticatorOsgiTest {
public void testLoginFailedEventDecoration() {
assertLoginEvent(
(req, resp) -> {
- // provide invalid test authInfo
+ // provide invalid test authInfo
AuthenticationInfo authInfo = new
AuthenticationInfo("testing", "invalid", "invalid".toCharArray());
when(req.getRequestURL()).thenReturn(new
StringBuffer("/testing"));
- when(testAuthHandler.extractCredentials(req,
resp)).thenReturn(authInfo);
+ when(testAuthHandler.extractCredentials(Mockito.any(),
Mockito.any())).thenReturn(authInfo);
// throw exception to trigger FailedLogin event
try {
when(resourceResolverFactory.getResourceResolver(authInfo)).thenThrow(new
LoginException("Test LoginFailed"));
@@ -167,7 +144,7 @@ public class SlingAuthenticatorOsgiTest {
/**
* The common parts for verifying the LoginEvent properties to avoid
* code duplication in the similar tests
- *
+ *
* @param prepareAuthInfo to do the work of mocking the authInfo
* @param collectEvents to do the work of collecting the delivered events
* @param verifyEvent to do the work to assert that the event has the
expected state
@@ -238,13 +215,13 @@ public class SlingAuthenticatorOsgiTest {
static class TestLoginEventDecorator implements LoginEventDecorator {
@Override
- public @NotNull void decorateLoginEvent(@NotNull HttpServletRequest
request,
+ public @NotNull void decorateLoginEvent(@NotNull
javax.servlet.http.HttpServletRequest request,
@NotNull AuthenticationInfo authInfo, @NotNull Map<String,
Object> eventProperties) {
eventProperties.put("test1", "test1Value");
}
@Override
- public @NotNull void decorateLoginFailedEvent(@NotNull
HttpServletRequest request,
+ public @NotNull void decorateLoginFailedEvent(@NotNull
javax.servlet.http.HttpServletRequest request,
@NotNull AuthenticationInfo authInfo, @NotNull Map<String,
Object> eventProperties) {
eventProperties.put("test2", "test2Value");
}
diff --git
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
index 9670f05..e931abe 100644
---
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
+++
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorOsgiTest.java
@@ -39,16 +39,16 @@ import java.util.function.BiConsumer;
import java.util.function.Consumer;
import java.util.function.Supplier;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.auth.core.AuthConstants;
-import org.apache.sling.auth.core.LoginEventDecorator;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.JakartaLoginEventDecorator;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.apache.sling.commons.metrics.Meter;
import org.apache.sling.commons.metrics.MetricsService;
import org.apache.sling.commons.metrics.Timer;
@@ -71,7 +71,7 @@ public class SlingAuthenticatorOsgiTest {
private Timer.Context ctx = mock(Timer.Context.class);
private Timer timer = mock(Timer.class);
private final MetricsService metricsService = mock(MetricsService.class);
- private final AuthenticationHandler testAuthHandler =
mock(AuthenticationHandler.class);
+ private final JakartaAuthenticationHandler testAuthHandler =
mock(JakartaAuthenticationHandler.class);
private final TestEventHandler testEventHandler = new TestEventHandler();
private final ResourceResolverFactory resourceResolverFactory =
mock(ResourceResolverFactory.class);
@@ -94,9 +94,9 @@ public class SlingAuthenticatorOsgiTest {
context.registerInjectActivateService(AuthenticationRequirementsManager.class);
//register a test auth handler
- context.registerService(AuthenticationHandler.class, testAuthHandler,
Collections.singletonMap(AuthenticationHandler.PATH_PROPERTY, new String[]
{"/"}));
+ context.registerService(JakartaAuthenticationHandler.class,
testAuthHandler,
Collections.singletonMap(JakartaAuthenticationHandler.PATH_PROPERTY, new
String[] {"/"}));
context.registerService(EventHandler.class, testEventHandler);
- context.registerService(LoginEventDecorator.class, new
TestLoginEventDecorator());
+ context.registerService(JakartaLoginEventDecorator.class, new
TestLoginEventDecorator());
context.registerInjectActivateService(AuthenticationHandlersManager.class);
authenticator =
context.registerInjectActivateService(SlingAuthenticator.class);
@@ -129,7 +129,7 @@ public class SlingAuthenticatorOsgiTest {
public void testLoginEventDecoration() {
assertLoginEvent(
(req, resp) -> {
- // provide test authInfo
+ // provide test authInfo
AuthenticationInfo authInfo = new
AuthenticationInfo("testing", "admin", "admin".toCharArray());
authInfo.put(AuthConstants.AUTH_INFO_LOGIN, Boolean.TRUE);
when(req.getRequestURL()).thenReturn(new
StringBuffer("/test"));
@@ -147,7 +147,7 @@ public class SlingAuthenticatorOsgiTest {
public void testLoginFailedEventDecoration() {
assertLoginEvent(
(req, resp) -> {
- // provide invalid test authInfo
+ // provide invalid test authInfo
AuthenticationInfo authInfo = new
AuthenticationInfo("testing", "invalid", "invalid".toCharArray());
when(req.getRequestURL()).thenReturn(new
StringBuffer("/testing"));
when(testAuthHandler.extractCredentials(req,
resp)).thenReturn(authInfo);
@@ -167,7 +167,7 @@ public class SlingAuthenticatorOsgiTest {
/**
* The common parts for verifying the LoginEvent properties to avoid
* code duplication in the similar tests
- *
+ *
* @param prepareAuthInfo to do the work of mocking the authInfo
* @param collectEvents to do the work of collecting the delivered events
* @param verifyEvent to do the work to assert that the event has the
expected state
@@ -235,7 +235,7 @@ public class SlingAuthenticatorOsgiTest {
/**
* Test login event decorator that adds a test value to the event
properties
*/
- static class TestLoginEventDecorator implements LoginEventDecorator {
+ static class TestLoginEventDecorator implements JakartaLoginEventDecorator
{
@Override
public @NotNull void decorateLoginEvent(@NotNull HttpServletRequest
request,
diff --git
a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
index bb1871b..220bd16 100644
--- a/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
+++ b/src/test/java/org/apache/sling/auth/core/impl/SlingAuthenticatorTest.java
@@ -26,20 +26,20 @@ import static org.mockito.Mockito.never;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletRequestEvent;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.sling.api.SlingHttpServletRequest;
-import org.apache.sling.api.SlingHttpServletResponse;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletRequestEvent;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.apache.sling.api.SlingJakartaHttpServletRequest;
+import org.apache.sling.api.SlingJakartaHttpServletResponse;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.auth.core.AuthenticationSupport;
-import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationFeedbackHandler;
+import org.apache.sling.auth.core.spi.JakartaAuthenticationHandler;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
@@ -102,7 +102,7 @@ public class SlingAuthenticatorTest {
return slingAuthenticator;
}
-
+
@Test
public void test_quoteCookieValue() throws UnsupportedEncodingException {
@@ -312,8 +312,8 @@ public class SlingAuthenticatorTest {
final SlingAuthenticator slingAuthenticator =
this.createSlingAuthenticator();
final AuthenticationInfo info = new AuthenticationInfo("basic");
- final SlingHttpServletRequest req =
Mockito.mock(SlingHttpServletRequest.class);
- final SlingHttpServletResponse res =
Mockito.mock(SlingHttpServletResponse.class);
+ final SlingJakartaHttpServletRequest req =
Mockito.mock(SlingJakartaHttpServletRequest.class);
+ final SlingJakartaHttpServletResponse res =
Mockito.mock(SlingJakartaHttpServletResponse.class);
assertFalse(slingAuthenticator.setSudoCookie(req, res, info));
Mockito.verify(res, never()).addCookie(Mockito.any());
@@ -323,9 +323,9 @@ public class SlingAuthenticatorTest {
final SlingAuthenticator slingAuthenticator =
this.createSlingAuthenticator();
final AuthenticationInfo info = new AuthenticationInfo("basic");
info.put(ResourceResolverFactory.USER_IMPERSONATION, "newsudo");
-
- final SlingHttpServletRequest req =
Mockito.mock(SlingHttpServletRequest.class);
- final SlingHttpServletResponse res =
Mockito.mock(SlingHttpServletResponse.class);
+
+ final SlingJakartaHttpServletRequest req =
Mockito.mock(SlingJakartaHttpServletRequest.class);
+ final SlingJakartaHttpServletResponse res =
Mockito.mock(SlingJakartaHttpServletResponse.class);
assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
ArgumentCaptor<Cookie> argument =
ArgumentCaptor.forClass(Cookie.class);
@@ -337,11 +337,11 @@ public class SlingAuthenticatorTest {
final SlingAuthenticator slingAuthenticator =
this.createSlingAuthenticator();
final AuthenticationInfo info = new AuthenticationInfo("basic");
info.put(ResourceResolverFactory.USER_IMPERSONATION, "oldsudo");
-
- final SlingHttpServletRequest req =
Mockito.mock(SlingHttpServletRequest.class);
+
+ final SlingJakartaHttpServletRequest req =
Mockito.mock(SlingJakartaHttpServletRequest.class);
final Cookie cookie = new Cookie("sling.sudo", "\"oldsudo\"");
Mockito.when(req.getCookies()).thenReturn(new Cookie[] {cookie});
- final SlingHttpServletResponse res =
Mockito.mock(SlingHttpServletResponse.class);
+ final SlingJakartaHttpServletResponse res =
Mockito.mock(SlingJakartaHttpServletResponse.class);
assertFalse(slingAuthenticator.setSudoCookie(req, res, info));
Mockito.verify(res, never()).addCookie(Mockito.any());
@@ -351,11 +351,11 @@ public class SlingAuthenticatorTest {
final SlingAuthenticator slingAuthenticator =
this.createSlingAuthenticator();
final AuthenticationInfo info = new AuthenticationInfo("basic");
info.put(ResourceResolverFactory.USER_IMPERSONATION, "newsudo");
-
- final SlingHttpServletRequest req =
Mockito.mock(SlingHttpServletRequest.class);
+
+ final SlingJakartaHttpServletRequest req =
Mockito.mock(SlingJakartaHttpServletRequest.class);
final Cookie cookie = new Cookie("sling.sudo", "\"oldsudo\"");
Mockito.when(req.getCookies()).thenReturn(new Cookie[] {cookie});
- final SlingHttpServletResponse res =
Mockito.mock(SlingHttpServletResponse.class);
+ final SlingJakartaHttpServletResponse res =
Mockito.mock(SlingJakartaHttpServletResponse.class);
assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
ArgumentCaptor<Cookie> argument =
ArgumentCaptor.forClass(Cookie.class);
@@ -366,11 +366,11 @@ public class SlingAuthenticatorTest {
@Test public void testSetSudoCookieSudoBeforeNoSudoAfter() {
final SlingAuthenticator slingAuthenticator =
this.createSlingAuthenticator();
final AuthenticationInfo info = new AuthenticationInfo("basic");
-
- final SlingHttpServletRequest req =
Mockito.mock(SlingHttpServletRequest.class);
+
+ final SlingJakartaHttpServletRequest req =
Mockito.mock(SlingJakartaHttpServletRequest.class);
final Cookie cookie = new Cookie("sling.sudo", "\"oldsudo\"");
Mockito.when(req.getCookies()).thenReturn(new Cookie[] {cookie});
- final SlingHttpServletResponse res =
Mockito.mock(SlingHttpServletResponse.class);
+ final SlingJakartaHttpServletResponse res =
Mockito.mock(SlingJakartaHttpServletResponse.class);
assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
ArgumentCaptor<Cookie> argument =
ArgumentCaptor.forClass(Cookie.class);
@@ -382,10 +382,10 @@ public class SlingAuthenticatorTest {
final SlingAuthenticator slingAuthenticator =
this.createSlingAuthenticator();
final AuthenticationInfo info = new AuthenticationInfo("basic");
info.put(ResourceResolverFactory.USER_IMPERSONATION, "newsudo");
-
- final SlingHttpServletRequest req =
Mockito.mock(SlingHttpServletRequest.class);
+
+ final SlingJakartaHttpServletRequest req =
Mockito.mock(SlingJakartaHttpServletRequest.class);
Mockito.when(req.isSecure()).thenReturn(true);
- SlingHttpServletResponse res =
Mockito.mock(SlingHttpServletResponse.class);
+ SlingJakartaHttpServletResponse res =
Mockito.mock(SlingJakartaHttpServletResponse.class);
assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
ArgumentCaptor<Cookie> argument1 =
ArgumentCaptor.forClass(Cookie.class);
@@ -393,7 +393,7 @@ public class SlingAuthenticatorTest {
assertTrue(argument1.getValue().isHttpOnly());
assertTrue(argument1.getValue().getSecure());
- res = Mockito.mock(SlingHttpServletResponse.class);
+ res = Mockito.mock(SlingJakartaHttpServletResponse.class);
Mockito.when(req.isSecure()).thenReturn(false);
assertTrue(slingAuthenticator.setSudoCookie(req, res, info));
ArgumentCaptor<Cookie> argument2 =
ArgumentCaptor.forClass(Cookie.class);
@@ -430,7 +430,7 @@ public class SlingAuthenticatorTest {
return new AbstractAuthenticationHandlerHolder(authProtectedPath,
null) {
@Override
- protected AuthenticationFeedbackHandler getFeedbackHandler() {
+ protected JakartaAuthenticationFeedbackHandler
getFeedbackHandler() {
return null;
}
@@ -461,7 +461,7 @@ public class SlingAuthenticatorTest {
Assert.assertEquals(expected, actual);
}
- class SimpleAuthHandler implements AuthenticationHandler {
+ class SimpleAuthHandler implements JakartaAuthenticationHandler {
@Override
public AuthenticationInfo extractCredentials(HttpServletRequest
request, HttpServletResponse response) {
