[jira] Updated: (SLING-1116) FORM Based Authentication

Eric Norman (JIRA) Sun, 18 Oct 2009 12:26:00 -0700

     [ 
https://issues.apache.org/jira/browse/SLING-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Norman updated SLING-1116:
-------------------------------

    Attachment: org.apache.sling.sessionauth.zip

org.apache.sling.cookieauth.zip is the source for a bundle that stores the 
encrypted auth credentials in a cookie.

orig.apache.sling.sessionauth.zip is the source for a bundle that stores the 
encrypted auth credentials in a session attribute.

> FORM Based Authentication
> -------------------------
>
>                 Key: SLING-1116
>                 URL: https://issues.apache.org/jira/browse/SLING-1116
>             Project: Sling
>          Issue Type: New Feature
>          Components: Extensions
>            Reporter: Eric Norman
>         Attachments: org.apache.sling.formauth.zip, 
> org.apache.sling.sessionauth.zip
>
>
> This is a new bundle that provides an implementation of forms based 
> authentication for sling.
> There are two servlets:
> 1. LoginServlet - bound to /session/login
> 2. LogoutServlet - bound to /session/logout
> The FormAuthenticationHandler will use http basic auth credentials if they 
> are on the request.  If there is no basic auth header, it will use attempt to 
> use cached credentials stored on the server side by the LoginServlet.  
> The login form html is generated by a set of scripts
> 1. login.html.esp     - full login page (includes login_body.html.esp for the 
> form markup)
> 2. login_body.html.esp   - just the login form, which may be useful for 
> drawing the login form for an ajax context
> 3. loginError.html.esp   - full login-error page
> 4. loginError_body.html.esp  - just the login-error form, for login error in 
> ajax context
> The above scripts are included as bundle-resources @ 
> /libs/sling/servlet/default
> The bundle also has a couple of test scripts to show some examples of usage:
> 1. loginTest.html.esp  - shows who is logged in and links to login or logout
> 2. loginTest2.html.esp - shows how a script can check permissions and show a 
> login page if the anonymous user doesn't have permission to see the page,
> Some examples of usage are:
> 1. http://host:port/path/to/node.login.html   - show the login page and then 
> goto http://host:port/path/to/node after  authenticated
> 2. http://host:port/path/to/node.login.html?s=.edit.html   - show the login 
> page and then goto http://host:port/path/to/node.edit.html after  
> authenticated
> 3. http://host:port/session/logout  - invalidate the session and switch back 
> to anonymous user

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (SLING-1116) FORM Based Authentication

Reply via email to