Re: [jira] Updated: (SLING-1116) FORM Based Authentication

Sun, 24 Jan 2010 10:33:35 -0800

Would it be possible to put this all under /system/session/... or / _session ?
/session is used for content at times, we have tried to put non user generated urls at /system/... or /_.... to avoid conflicts. 

Ian

Sent from my iPhone

On 24 Jan 2010, at 17:18, "Eric Norman (JIRA)" <[email protected]> wrote:




    [ https://issues.apache.org/jira/browse/SLING-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel 
 ]


Eric Norman updated SLING-1116:
-------------------------------

   Attachment:     (was: org.apache.sling.cookieauth.zip)


FORM Based Authentication
-------------------------

               Key: SLING-1116
               URL: https://issues.apache.org/jira/browse/SLING-1116
           Project: Sling
        Issue Type: New Feature
        Components: Extensions
          Reporter: Eric Norman

       Attachments: org.apache.sling.cookieauth.zip,  
org.apache.sling.sessionauth.zip




This is a new bundle that provides an implementation of forms based  
authentication for sling.

There are two servlets:
1. LoginServlet - bound to /session/login
2. LogoutServlet - bound to /session/logout

The FormAuthenticationHandler will use http basic auth credentials  
if they are on the request.  If there is no basic auth header, it  
will use attempt to use cached credentials stored on the server  
side by the LoginServlet.

The login form html is generated by a set of scripts

1. login.html.esp     - full login page (includes  
login_body.html.esp for the form markup)
2. login_body.html.esp   - just the login form, which may be useful  
for drawing the login form for an ajax context

3. loginError.html.esp   - full login-error page

4. loginError_body.html.esp  - just the login-error form, for login  
error in ajax context
The above scripts are included as bundle-resources @ /libs/sling/ 
servlet/default
The bundle also has a couple of test scripts to show some examples  
of usage:
1. loginTest.html.esp  - shows who is logged in and links to login  
or logout
2. loginTest2.html.esp - shows how a script can check permissions  
and show a login page if the anonymous user doesn't have permission  
to see the page,

Some examples of usage are:

1. http://host:port/path/to/node.login.html   - show the login page  
and then goto http://host:port/path/to/node after  authenticated
2. http://host:port/path/to/node.login.html?s=.edit.html   - show  
the login page and then goto http://host:port/path/to/ 
node.edit.html after  authenticated
3. http://host:port/session/logout  - invalidate the session and  
switch back to anonymous user


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
























					Reply via email to