[ https://issues.apache.org/jira/browse/SLING-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman updated SLING-1116: ------------------------------- Attachment: (was: org.apache.sling.cookieauth.zip) > FORM Based Authentication > ------------------------- > > Key: SLING-1116 > URL: https://issues.apache.org/jira/browse/SLING-1116 > Project: Sling > Issue Type: New Feature > Components: Extensions > Reporter: Eric Norman > Attachments: org.apache.sling.cookieauth.zip, > org.apache.sling.sessionauth.zip > > > This is a new bundle that provides an implementation of forms based > authentication for sling. > There are two servlets: > 1. LoginServlet - bound to /session/login > 2. LogoutServlet - bound to /session/logout > The FormAuthenticationHandler will use http basic auth credentials if they > are on the request. If there is no basic auth header, it will use attempt to > use cached credentials stored on the server side by the LoginServlet. > The login form html is generated by a set of scripts > 1. login.html.esp - full login page (includes login_body.html.esp for the > form markup) > 2. login_body.html.esp - just the login form, which may be useful for > drawing the login form for an ajax context > 3. loginError.html.esp - full login-error page > 4. loginError_body.html.esp - just the login-error form, for login error in > ajax context > The above scripts are included as bundle-resources @ > /libs/sling/servlet/default > The bundle also has a couple of test scripts to show some examples of usage: > 1. loginTest.html.esp - shows who is logged in and links to login or logout > 2. loginTest2.html.esp - shows how a script can check permissions and show a > login page if the anonymous user doesn't have permission to see the page, > Some examples of usage are: > 1. http://host:port/path/to/node.login.html - show the login page and then > goto http://host:port/path/to/node after authenticated > 2. http://host:port/path/to/node.login.html?s=.edit.html - show the login > page and then goto http://host:port/path/to/node.edit.html after > authenticated > 3. http://host:port/session/logout - invalidate the session and switch back > to anonymous user -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.