FORM Based Authentication
-------------------------
Key: SLING-1116
URL: https://issues.apache.org/jira/browse/SLING-1116
Project: Sling
Issue Type: New Feature
Components: Extensions
Reporter: Eric Norman
This is a new bundle that provides an implementation of forms based
authentication for sling.
There are two servlets:
1. LoginServlet - bound to /session/login
2. LogoutServlet - bound to /session/logout
The FormAuthenticationHandler will use http basic auth credentials if they are
on the request. If there is no basic auth header, it will use attempt to use
cached credentials stored on the server side by the LoginServlet.
The login form html is generated by a set of scripts
1. login.html.esp - full login page (includes login_body.html.esp for the
form markup)
2. login_body.html.esp - just the login form, which may be useful for drawing
the login form for an ajax context
3. loginError.html.esp - full login-error page
4. loginError_body.html.esp - just the login-error form, for login error in
ajax context
The above scripts are included as bundle-resources @ /libs/sling/servlet/default
The bundle also has a couple of test scripts to show some examples of usage:
1. loginTest.html.esp - shows who is logged in and links to login or logout
2. loginTest2.html.esp - shows how a script can check permissions and show a
login page if the anonymous user doesn't have permission to see the page,
Some examples of usage are:
1. http://host:port/path/to/node.login.html - show the login page and then
goto http://host:port/path/to/node after authenticated
2. http://host:port/path/to/node.login.html?s=.edit.html - show the login
page and then goto http://host:port/path/to/node.edit.html after authenticated
3. http://host:port/session/logout - invalidate the session and switch back to
anonymous user
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
