Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/architecture.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/architecture.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/architecture.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Architecture</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Architecture</h1>
- <p>The following is a short list of high-lights of Sling:</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The following is a short list of high-lights of Sling:</p>
<ul>
<li><strong><a href="#osgi">OSGi</a></strong> — The Sling application is
built as a series of OSGi bundles and makes heavy use of a number of OSGi core
and compendium services.</li>
<li><strong><a href="#sling-api">Sling API</a></strong> — To implement
content based Web applications with Sling, an API has been defined, this
extends the Servlet API and provides more functionality to work on the
content.</li>
@@ -100,16 +122,16 @@
<li><strong><a href="#launchpad">Launchpad</a></strong> — Sling uses a
very thin launcher to integrate with an existing servlet container, launching
Sling as a Web application or providing a main class to represent a standalone
Java application.</li>
</ul>
<p>The following sections elaborate on each of these highlights.</p>
-<h2 id="osgi">OSGi</h2>
+<h2 id="osgi">OSGi<a class="headerlink" href="#osgi" title="Permanent
link">¶</a></h2>
<p><a href="http://www.osgi.org";>OSGi</a> is a consortium that has developed a
specification to build modular and extensible applications. This offers <a
href="http://www.osgi.org/About/WhyOSGi";>various benefits</a>. We deal mainly
with two parts of the specifications: The Core Specification, which defines the
OSGi Framework and Core Services, and the Compendium Services Specification,
which defines a host of services that extend the functionality of the OSGi
Framework.</p>
-<h3 id="osgi-framework">OSGi Framework</h3>
+<h3 id="osgi-framework">OSGi Framework<a class="headerlink"
href="#osgi-framework" title="Permanent link">¶</a></h3>
<p>The OSGi Framework is made up of three layers – Module, Lifecycle,
and Services – that define how extensible applications are built and
deployed. The responsibilities of the layers are:</p>
<ul>
<li><strong>Module</strong> — Defines how a module, or a <em>Bundle</em>
in OSGi-speak, is defined. Basically, a bundle is just a plain old JAR file,
whose manifest file has some defined entries. These entries identify the bundle
with a symbolic name, a version and more. In addition there are headers which
define what a bundle provides <code>Export-Package</code> and what a bundle
requires to be operative <code>Import-Package</code> and
<code>Require-Bundle</code>.</li>
<li><strong>Lifecycle</strong> — The lifecycle layer defines the states
a bundle may be in and describes the state changes. By providing a class, which
implements the <code>BundleActivator</code> interface and which is named in the
<code>Bundle-Activator</code> manifest header, a bundle may hook into the
lifecycle process when the bundle is started and stopped.</li>
<li><strong>Services</strong> — For the application to be able to
interact, the OSGi Core Specification defines the service layer. This describes
a registry for services, which may be shared.</li>
</ul>
-<h3 id="compendium-services">Compendium Services</h3>
+<h3 id="compendium-services">Compendium Services<a class="headerlink"
href="#compendium-services" title="Permanent link">¶</a></h3>
<p>Based on the OSGi Framework specification, the Compendium Services
specification defines a (growing) number of extension services, which may be
used by applications for various tasks. Of these Compendium Services, Sling is
using just a small number:</p>
<ul>
<li><strong>Log Service</strong> — Sling comes with its own
implementation of the OSGi Log Service specification. The respective bundle not
only provides this implementation, it also exports the SLF4J, Log4J and Commons
Logging APIs needed for the Sling application to perform logging.</li>
@@ -119,25 +141,25 @@
<li><strong>Event Admin Service</strong> — Sling uses the OSGi
EventAdmin service to dispatch events when scheduling tasks.</li>
<li><strong>Declarative Services</strong> — One of the most important
(beside the Log Service) services used by Sling is the Declarative Services
Specification. This specification defines how to declaratively create
components and services to have the Declarative Services runtime actually
manage the lifecycle, configuration and references of components.</li>
</ul>
-<h2 id="sling-api">Sling API</h2>
+<h2 id="sling-api">Sling API<a class="headerlink" href="#sling-api"
title="Permanent link">¶</a></h2>
<p>The Sling API is an extension to the Servlet API which provides more
functionality to interact with the Sling framework and also to extend Sling
itself and to implement Sling applications.</p>
<p>See the <a href="/old-stuff/sling-api.html">Sling API</a> page for more
information.</p>
-<h2 id="request-processing">Request Processing</h2>
+<h2 id="request-processing">Request Processing<a class="headerlink"
href="#request-processing" title="Permanent link">¶</a></h2>
<p>Traditional Web Application framework emply more or less elaborate methods
to select a Servlet or Controller based on the request URL, which in turn tries
to load some data (usually from a database) to act upon and finally to render
the result somehow.</p>
<p>Sling turns this processing around in that it places the data to act upon
at the center and consequently uses the request URL to first resolve the data
to process. This data is internally represented as an instance of the
<code>Resource</code> interface. Based on this resource as well as the request
method and more properties of the request URL a script or servlet is then
selected to handle the request.</p>
<p>See the <a
href="/documentation/the-sling-engine/servlets.html">Servlets</a> page for more
information.</p>
-<h2 id="resources">Resources</h2>
+<h2 id="resources">Resources<a class="headerlink" href="#resources"
title="Permanent link">¶</a></h2>
<p>The Resource is one of the central parts of Sling. Extending from JCR's
<em>Everything is Content</em>, Sling assumes <em>Everthing is a Resource</em>.
Thus Sling is maintaining a virtual tree of resources, which is a merger of the
actual contents in the JCR Repository and resources provided by so called
resource providers.</p>
<p>Each resource has a path by which it is addressed in the resource tree, a
resource type and some resource metadata (such as file size, last modification
time). It is important to understand, that a <code>Resource</code> instance
actually is only a handle to the actual data. By virtue of the
<code>adaptTo(Class<Type>)</code> method, a resource may be coerced into
another data type, which may then be used while processing the request.
Examples of data types are <code>javax.jcr.Node</code> and
<code>java.io.InputStream</code>.</p>
<p>See the <a
href="/documentation/the-sling-engine/resources.html">Resources</a> page for
more information.</p>
-<h2 id="servlets-and-scripts">Servlets and Scripts</h2>
+<h2 id="servlets-and-scripts">Servlets and Scripts<a class="headerlink"
href="#servlets-and-scripts" title="Permanent link">¶</a></h2>
<p>Scripts are usually provided as content in a JCR repository. But since
Sling is using a resource tree, a script actually is represented as a Resource
and may be provided from within a Bundle (by virtue of the bundle resource
provider) or even from the platform file system (by virtue of the file system
resource provider).</p>
<p>Accessing scripts in the resource tree, allows for a very easy to
understand mapping from resource type to some script path.</p>
<p>Having found the script resource, we still need access to the appropriate
script language implementation to evaluate the script. To this avail, Sling is
making use of the <code>Resource.adaptTo(Class<Type>)</code> method: If a
script language implementation is available for the extension of the script
name an adaptor for the script resource can be found, which handles the
evaluation of the script.</p>
<p>Besides scripting languages, such as ECMAScript, Groovy, JSP, Sling also
supports regular servlets. To be able to use servlets for request processing,
such servlets must be registered as OSGi services for the
<code>javax.servlet.Servlet</code> interface and provide a number of service
registration properties, which are used to use the servlets. In fact servlets
thus registered as OSGi services are mapped into the resource tree by means of
a servlet resource provider. This resource provider mapps the servlets into the
resource tree using the service registration properties to build one or more
resource paths for the servlet.</p>
<p>As a result of mapping servlets into the resource tree and the possibility
to adapt resource to an adaptor data type, scripts and servlets may be handled
completely transparently: The servlet resolver just looks for a resource
matching the resource type and adapts the resource found to
<code>javax.jcr.Servlet</code>. If the resource happens to be provided by a
servlet resource provider, the adapter is of course the servlet itself. If the
resource happens to be a script, the adapter is a servlet facade which
internally calls the script language implementation to evaluate the script.</p>
<p>See the <a href="/old-stuff/servlet-resolution.html">Servlet Resolution</a>
page for more information.</p>
-<h2 id="launchpad">Launchpad</h2>
+<h2 id="launchpad">Launchpad<a class="headerlink" href="#launchpad"
title="Permanent link">¶</a></h2>
<p>Sling may be launched as a standalone application using the Sling
Application or as a Web Application running inside any Servlet API 2.4 or newer
Servlet Container.</p>
<p>The Sling Application is a standalone Java Application which is really
small: Just the main class and some glue classes. The OSGi framework as well as
the OSGi API libraries are packaged as a JAR file, which is loaded through a
custom classloader. This enables to update the framework and/or OSGi API
libraries from within Sling by updating the system bundle.</p>
<p>The Sling Servlet is equally small as the Sling Application. It uses the
Felix <code>HttpService</code> bridge as the glue between the servlet container
and the OSGi framework.</p>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Authentication</h1>
- <p>This section describes the framework provided by Sling to
authenticate HTTP requests.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>This section describes the framework provided by Sling to authenticate HTTP
requests.</p>
<p>Let's look at generic request processing of Sling: Sling is linked into the
outside world by registering the Sling Main Servlet – implemented by the
<code>SlingMainServlet</code> class in the Sling Engine bundle – with an
OSGi <code>HttpService</code>. This registration is accompanyied with an
implementation instance of the OSGi <code>HttpContext</code> interface, which
defines a method to authenticate requests: <code>handleSecurity</code>.</p>
<p>This method is called by the OSGi HTTP Service implementation after the
servlet has been selected to handle the request but before actually calling the
servlet's <code>service</code> method.</p>
<p><a href="authentication.png" style="float:left;padding-right:5%">
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-actors.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - Actors</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,23 +101,34 @@
<h1>Authentication - Actors</h1>
- <p>The authentication process involves a number of actors contributing
to the concepts, the API and the particular implementations.</p>
-<h2 id="osgi-http-service-specification">OSGi Http Service Specification</h2>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The authentication process involves a number of actors contributing to the
concepts, the API and the particular implementations.</p>
+<h2 id="osgi-http-service-specification">OSGi Http Service Specification<a
class="headerlink" href="#osgi-http-service-specification" title="Permanent
link">¶</a></h2>
<p>The main support for authentication is defined by the OSGi Http Service
specification. This specification defines how an OSGi application can register
servlets and resources to build web applications. As part of the servlet and/or
resource registration a <code>HttpContext</code> may be provided, which allows
for additional support.</p>
<p>The main method of interest to the authentication process is the
<code>handleSecurity</code> method. This is called by the OSGi Http Service
implementation before the registered servlet is called. Its intent is to
authenticate the request and to provide authentication information for the
request object: the authentication type and the remote user name.</p>
<p>The Sling Auth Core bundle provides the <code>AuthenticationSupport</code>
service which may be used to the implement the
<code>HttpContext.handleSecurity</code> method.</p>
-<h2 id="sling-engine">Sling Engine</h2>
+<h2 id="sling-engine">Sling Engine<a class="headerlink" href="#sling-engine"
title="Permanent link">¶</a></h2>
<p>The Sling Engine implements the main entry point into the Sling system by
means of the <code>SlingMainServlet</code>. This servlet is registered with the
OSGi Http Service and provides a custom <code>HttpContext</code> whose
<code>handleSecurity</code> method is implemented by the
<code>AuthenticationSupport</code> service.</p>
<p>When the request hits the <code>service</code> method of the Sling Main
Servlet, the resource resolver provided by the
<code>AuthenticationSupport</code> service is retrieved from the request
attributes and used as the resource resolver for the request.</p>
<p>That's all there is for the Sling Engine to do with respect to
authentication.</p>
-<h2 id="sling-auth-core">Sling Auth Core</h2>
+<h2 id="sling-auth-core">Sling Auth Core<a class="headerlink"
href="#sling-auth-core" title="Permanent link">¶</a></h2>
<p>The support for authenticating client requests is implemented in the Sling
Auth Core bundle. As such this bundle provides three areas of support</p>
<ul>
<li><code>AuthenticationHandler</code> service interface. This is implemented
by services providing functionality to extract credentials from HTTP
requests.</li>
<li><code>Authenticator</code> service interface. This is implemented by the
<code>SlingAuthenticator</code> class in the Sling Auth Core bundle and
provides applications with entry points to login and logout.</li>
<li><code>AuthenticationSupport</code> service interface. This is implemented
by the <code>SlingAuthenticator</code> class in the Sling Auth Core bundle and
allows applications registering with the OSGi HTTP Service to make use of the
Sling authentication infrastructure.</li>
</ul>
-<h2 id="jcr-repository">JCR Repository</h2>
+<h2 id="jcr-repository">JCR Repository<a class="headerlink"
href="#jcr-repository" title="Permanent link">¶</a></h2>
<p>The actual process of logging into the repository and provided a
<code>Session</code> is implementation dependent. In the case of Jackrabbit
extensibility is provided by configuration of the Jackrabbit repository by
means of an interface and two helper classes:</p>
<ul>
<li><code>LoginModule</code> -- The interface to be implemented to provide
login processing plugins</li>
@@ -118,7 +140,7 @@
<li><code>LoginModulePlugin</code> -- The main service interface. Plugins must
implement this interface to be able to extend the login process. See for
example the <a
href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/";>Sling
OpenID authentication handler</a>, which implements this interface to support
OpenID authentication.</li>
<li><code>AuthenticationPlugin</code> -- Helper interface for the
<code>LoginModulePlugin</code>.</li>
</ul>
-<h2 id="sling-applications">Sling Applications</h2>
+<h2 id="sling-applications">Sling Applications<a class="headerlink"
href="#sling-applications" title="Permanent link">¶</a></h2>
<p>Sling Applications requiring authenticated requests should not care about
how authentication is implemented. To support such functionality the
<code>Authenticator</code> service is provided with two methods:</p>
<ul>
<li>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - AuthenticationHandler</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,9 +101,20 @@
<h1>Authentication - AuthenticationHandler</h1>
- <p>The <code>AuthenticationHandler</code> interface defines the service
API which may be implemented by authentication handlers registered as OSGi
services.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The <code>AuthenticationHandler</code> interface defines the service API
which may be implemented by authentication handlers registered as OSGi
services.</p>
<p><code>AuthenticationHandler</code> services have a single required service
registration property which is used to identify requests to which the
<code>AuthenticationHandler</code> service is applicable:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Property</th>
@@ -111,7 +133,7 @@
</tbody>
</table>
<p>Each path may be an absolute URL, an URL with just the host/port and path
or just a plain absolute path:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>URL part</th>
@@ -143,20 +165,20 @@
</table>
<p>When looking for an <code>AuthenticationHandler</code> the authentication
handler is selected whose path is the longest match on the request URL. If the
service is registered with Scheme and Host/Port, these must exactly match for
the service to be eligible. If multiple <code>AuthenticationHandler</code>
services are registered with the same length matching path, the handler with
the higher service ranking is selected<sup id="fnref:ranking"><a
class="footnote-ref" href="#fn:ranking" rel="footnote">1</a></sup>.</p>
<p>The value of <code>path</code> service registration property value
triggering the call to any of the <code>AuthenticationHandler</code> methods is
available as the <code>path</code> request attribute (for the time of the
method call only). If the service is registered with multiple path values, the
value of the <code>path</code> request attribute may be used to implement
specific handling.</p>
-<h3 id="implementations-provided-by-sling">Implementations provided by
Sling</h3>
+<h3 id="implementations-provided-by-sling">Implementations provided by Sling<a
class="headerlink" href="#implementations-provided-by-sling" title="Permanent
link">¶</a></h3>
<ul>
<li><a
href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html">Form
Based AuthenticationHandler</a></li>
<li><a
href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html">OpenID
AuthenticationHandler</a></li>
</ul>
-<h3 id="sample-implementations">Sample implementations</h3>
-<h4 id="http-basic-authentication-handler">HTTP Basic Authentication
Handler</h4>
+<h3 id="sample-implementations">Sample implementations<a class="headerlink"
href="#sample-implementations" title="Permanent link">¶</a></h3>
+<h4 id="http-basic-authentication-handler">HTTP Basic Authentication Handler<a
class="headerlink" href="#http-basic-authentication-handler" title="Permanent
link">¶</a></h4>
<ul>
<li><code>extractCredentials</code> -- Get user name and password from the
<code>Authorization</code> HTTP header</li>
<li><code>requestCredentials</code> -- Send a 401/UNAUTHORIZED status with
<code>WWW-Authenticate</code> response header setting the Realm</li>
<li><code>dropCredentials</code> -- Send a 401/UNAUTHORIZED status with
<code>WWW-Authenticate</code> response header setting the Realm</li>
</ul>
<p>Interestingly the <code>dropCredentials</code> method is implemented in the
same way as the <code>requestCredentials</code> method. The reason for this is,
that HTTP Basic authentication does not have a notion of login and logout.
Rather the request is accompanied with an <code>Authorization</code> header or
not. The contents of this header is usually cached by the client browser. So
logout is actually simulated by sending a 401/UNAUTHORIZED status thus causing
the client browser to clear the cache and ask for user name and password.</p>
-<h4 id="form-based-authentication-handler">Form Based Authentication
Handler</h4>
+<h4 id="form-based-authentication-handler">Form Based Authentication Handler<a
class="headerlink" href="#form-based-authentication-handler" title="Permanent
link">¶</a></h4>
<ul>
<li><code>extractCredentials</code> -- Get user name and password with the
help of a special cookie (note, that of course the cookie should not contain
this data, but refer to it in an internal store of the authentication handler).
If the cookie is not set, check for specific login parameters to setup the
cookie.</li>
<li><code>requestCredentials</code> -- Send the login form for the user to
provide the login parameters.</li>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Form Based AuthenticationHandler</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Form Based AuthenticationHandler</h1>
- <div class="toc">
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<div class="toc">
<ul>
<li><a href="#authenticationhandler-implementation">AuthenticationHandler
implementation</a></li>
<li><a
href="#authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler
implementation</a></li>
@@ -107,18 +129,18 @@
<li>The authentication type as returned by
<code>HttpServletRequest.getAuthType()</code> is set to
<code>HttpServletRequest.FORM_AUTH</code>.</li>
</ul>
<p>The Form Based Authentication Handler is maintained in the <a
href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form";>Sling
SVN</a></p>
-<h3 id="authenticationhandler-implementation">AuthenticationHandler
implementation</h3>
+<h3 id="authenticationhandler-implementation">AuthenticationHandler
implementation<a class="headerlink"
href="#authenticationhandler-implementation" title="Permanent
link">¶</a></h3>
<ul>
<li><code>extractCredentials</code> -- Prepares credentials for the form
entered data or from the Cookie or HTTP Session attribute. Returns
<code>null</code> if neither data is provided in the request</li>
<li><code>requestCredentials</code> -- Redirects the client (browser) to the
login form</li>
<li><code>dropCredentials</code> -- Remove the Cookie or remove the HTTP
Session attribute</li>
</ul>
-<h3
id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler
implementation</h3>
+<h3
id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler
implementation<a class="headerlink"
href="#authenticationfeedbackhandler-implementation" title="Permanent
link">¶</a></h3>
<ul>
<li><code>authenticationFailed</code> -- Remove the Cookie or remove the HTTP
Session attribute</li>
<li><code>authenticationSucceeded</code> -- Set (or update) the Cookie or HTTP
Session attribute</li>
</ul>
-<h3 id="phase-1-form-submission">Phase 1: Form Submission</h3>
+<h3 id="phase-1-form-submission">Phase 1: Form Submission<a class="headerlink"
href="#phase-1-form-submission" title="Permanent link">¶</a></h3>
<p>The login form submitted in phase 1 to validate the user name and password
must be provided in an HTTP <code>POST</code> request to an URL whose last
segment is <code>j_security_check</code>. The request is ignored as a form
submission if either the method is not <code>POST</code> or the last segment is
no <code>j_security_check</code>.</p>
<p>The form is rendered by redirecting the client to the URL indicated by the
<code>form.login.form</code> configuration parameter. This redirection request
may accompanyied by the following parameters:</p>
<ul>
@@ -135,7 +157,7 @@
</ul>
<p>The <code>j_username</code> and <code>j_password</code> parameters are used
to create a JCR <code>SimpleCredentials</code> object to log into the JCR
Repository.</p>
<p>The <code>j_validate</code> parameter may be used to implement login form
submission using AJAX. If this parameter is set to <code>true</code>
(case-insensitive) the credentials are used to login and after success or
failure to return a status code:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Status</th>
@@ -154,7 +176,7 @@
</tbody>
</table>
<p>If the <code>j_validate</code> parameter is not set or is set to any value
other than <code>true</code>, the request processing depends on authentication
success or failure:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Authentication</th>
@@ -174,7 +196,7 @@
</table>
<p>The <code>resource</code> and <code>sling.auth.redirect</code> parameters
provide similar functionality but with differing historical backgrounds. The
<code>resource</code> parameter is based on the <code>resource</code> request
attribute which is set by the login servlet to indicate the original target
resource the client desired when it was forced to authenticate. The
<code>sling.auth.redirect</code> parameter can be used by clients (applications
like cURL or plain HTML forms) to request being redirected after successful
login. If both parameters are set, the <code>sling.auth.redirect</code>
parameter takes precedence.</p>
<p>The Form Based Authentication Handler contains a <a
href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/java/org/apache/sling/auth/form/impl/AuthenticationFormServlet.java";>default
form servlet</a> and <a
href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/form/src/main/resources/org/apache/sling/auth/form/impl/login.html";>HTML
form template</a>.</p>
-<h3 id="phase-2-authenticated-requests">Phase 2: Authenticated Requests</h3>
+<h3 id="phase-2-authenticated-requests">Phase 2: Authenticated Requests<a
class="headerlink" href="#phase-2-authenticated-requests" title="Permanent
link">¶</a></h3>
<p>After the successful authentication of the user in phase 1, the
authentication state is stored in a Cookie or an HTTP Session. The stored value
is a security token with the following contents:</p>
<div class="codehilite"><pre><span class="n">HmacSHA1</span><span
class="p">(</span><span class="n">securetoken</span><span class="p">,</span>
<span class="o"><</span><span class="n">securetokennumber</span><span
class="o">><</span><span class="n">expirytime</span><span
class="o">></span><span class="p">@</span><span class="o"><</span><span
class="n">userID</span><span class="o">></span><span
class="p">)@</span><span class="o"><</span><span
class="n">securetokennumber</span><span class="o">><</span><span
class="n">expirytime</span><span class="o">></span><span
class="p">@</span><span class="o"><</span><span class="n">userID</span><span
class="o">></span>
</pre></div>
@@ -194,9 +216,9 @@
<li><em>Secure</em> -- Set to the value returned by the
<code>ServletRequest.isSecure()</code> method</li>
</ul>
<p>If the authentication state is kept in an HTTP Session the setup of the
session ID cookie is maintained by the servlet container and is outside of the
control of the Form Based AuthenticationHandler.</p>
-<h3 id="configuration">Configuration</h3>
+<h3 id="configuration">Configuration<a class="headerlink"
href="#configuration" title="Permanent link">¶</a></h3>
<p>The Form Based Authentication Handler is configured with configuration
provided by the OSGi Configuration Admin Service using the
<code>org.apache.sling.formauth.FormAuthenticationHandler</code> service
PID.</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Parameter</th>
@@ -243,7 +265,7 @@
</tbody>
</table>
<p><em>Note:</em> The <code>form.token.file</code> parameter currently refers
to a file stored in the file system. If the path is a relative path, the file
is either stored in the Authentication Handler bundle private data area or --
if not possible -- below the location indicated by the <code>sling.home</code>
framework property or -- if <code>sling.home</code> is not set -- the current
working directory. In the future this file may be store in the JCR Repository
to support clustering scenarios.</p>
-<h3 id="security-considerations">Security Considerations</h3>
+<h3 id="security-considerations">Security Considerations<a class="headerlink"
href="#security-considerations" title="Permanent link">¶</a></h3>
<p>Form Based Authentication has some limitations in terms of security:</p>
<ol>
<li>User name and password are transmitted in plain text in the initial form
submission.</li>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - OpenID AuthenticationHandler</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>OpenID AuthenticationHandler</h1>
- <div class="toc">
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<div class="toc">
<ul>
<li><a href="#credentials-extraction">Credentials Extraction</a></li>
<li><a href="#phase-1-form-submission">Phase 1: Form Submission</a></li>
@@ -114,13 +136,13 @@
<p>Since generally an OpenID identity is an URL and URLs may not be used as
JCR user names, an association mechanism is used by the OpenID authentication
handler to associate an OpenID identity with an existing JCR user: The OpenID
identity URL is set as the value of a JCR user property. When a user
authenticates with his OpenID identity the matching user searched for by
looking for a match in this property.</p>
<p><em>NOTE:</em> This association currently only works with Jackrabbit (or
Jackrabbit based repositories) because user management is not part of the JCR 2
specification and the OpenID authentication handler uses the Jackrabbit
<code>UserManager</code> to find users by a user property value.</p>
<p>The OpenID Authentication Handler is maintained in the <a
href="http://svn.apache.org/repos/asf/sling/trunk/bundles/auth/openid/";>Sling
SVN</a></p>
-<h3 id="credentials-extraction">Credentials Extraction</h3>
+<h3 id="credentials-extraction">Credentials Extraction<a class="headerlink"
href="#credentials-extraction" title="Permanent link">¶</a></h3>
<p>Theoretically each request with the <code>openid_identifier</code> request
parameter set may initiate an OpenID authentication process which involves
resolving the OpenID provider for the identifier and subsequently
authentication with the provider authorizing the Sling instance to use the
OpenID identity.</p>
<p>This initiation, though, is not possible if the request already contains a
valid and validated OpenID identifier either set as a request attribute or set
in the HTTP Session or the OpenID cookie. In these situations, the current
association of a client with an OpenID identity must first be removed by
logging out, e.g. by requesting <code>/system/sling/logout.html</code> which
causes the current OpenID user data to be removed by either removing it from
the HTTP Session or by clearing the OpenID cookie.</p>
-<h3 id="phase-1-form-submission">Phase 1: Form Submission</h3>
+<h3 id="phase-1-form-submission">Phase 1: Form Submission<a class="headerlink"
href="#phase-1-form-submission" title="Permanent link">¶</a></h3>
<p>Requesting an OpenID identifier is initiated by the Sling Authenticator
deciding, that authentication is actually required to process a request and the
OpenID Authentication Handler being selected to request credentials with.</p>
<p>In this case the OpenID authenticator causes a form to be rendered by
redirecting the client to the URL indicated by the <code>form.login.form</code>
configuration parameter. This redirection request may accompanied by the
following parameters:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Request Parameter</th>
@@ -149,9 +171,9 @@
<li><code>resource</code> -- The <code>resource</code> request parameter
should be sent back to ensure the user is finally redirected to requested
target resource after successful authentication. If this request parameter is
not set, or is set to an empty string, it is assumed to be the request context
root path.</li>
</ul>
<p>The OpenID Authentication Handler provides a default login form registered
at <code>/system/sling/openid/login</code>.</p>
-<h3 id="configuration">Configuration</h3>
+<h3 id="configuration">Configuration<a class="headerlink"
href="#configuration" title="Permanent link">¶</a></h3>
<p>The OpenID AuthenticationHandler is configured with configuration provided
by the OSGi Configuration Admin Service using the
<code>org.apache.sling.openidauth.OpenIdAuthenticationHandler</code> service
PID.</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Parameter</th>
@@ -212,8 +234,8 @@
</tr>
</tbody>
</table>
-<h3 id="authenticationhandler-implementation">AuthenticationHandler
implementation</h3>
-<h4 id="extractcredentials">extractCredentials</h4>
+<h3 id="authenticationhandler-implementation">AuthenticationHandler
implementation<a class="headerlink"
href="#authenticationhandler-implementation" title="Permanent
link">¶</a></h3>
+<h4 id="extractcredentials">extractCredentials<a class="headerlink"
href="#extractcredentials" title="Permanent link">¶</a></h4>
<p>To extract authentication information from the request, the Sling OpenID
Authentication handler considers the following information in order:</p>
<ol>
<li>The OpenID credentials cookie or OpenID User data in the HTTP Session
(depending on the <code>openid.use.cookie</code> configuration)</li>
@@ -223,10 +245,10 @@
<p>If the existing credentials fail to validate, authentication failure is
assumed and the credentials are removed from the request, either by clearing
the OpenID cookie or by removing the OpenID User data from the HTTP Session.</p>
<p>If no OpenID credentials are found in the request, the request parameter is
considered and if set is used to resolve the actual OpenID identity of the
user. This involves redirecting the client to the OpenID provider resolved from
the OpenID identifier supplied.</p>
<p>If the supplied OpenID identifier fails to resolve to an OpenID provider or
if the identifier fails to be resolved to a validated OpenID identity,
authentication fails.</p>
-<h4 id="requestcredentials">requestCredentials</h4>
+<h4 id="requestcredentials">requestCredentials<a class="headerlink"
href="#requestcredentials" title="Permanent link">¶</a></h4>
<p>If the <code>sling:authRequestLogin</code> parameter is set to a value
other than <code>OpenID</code> this method immediately returns
<code>false</code>.</p>
<p>If the parameter is not set or is set to <code>OpenID</code> this method
continues with first invalidating any cached OpenID credentials (same as
<code>dropCredentials</code> does) and then redirecting the client to the login
form configured with the <code>openid.login.form</code> configuration property.
The redirect is provided with up to three request parameters:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Request Parameter</th>
@@ -248,20 +270,20 @@
</tr>
</tbody>
</table>
-<h4 id="dropcredentials">dropCredentials</h4>
+<h4 id="dropcredentials">dropCredentials<a class="headerlink"
href="#dropcredentials" title="Permanent link">¶</a></h4>
<p>Invalidates the OpenID identity currently stored with the request. This
means to either remove the OpenID cookie or to remove the OpenID information
from the HTTP Session. This method does not write to the response (except
setting the <code>Set-Cookie</code> header to remove the OpenID cookie if
required) and does not commit the response.</p>
-<h3
id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler
implementation</h3>
-<h4 id="authenticationfailed">authenticationFailed</h4>
+<h3
id="authenticationfeedbackhandler-implementation">AuthenticationFeedbackHandler
implementation<a class="headerlink"
href="#authenticationfeedbackhandler-implementation" title="Permanent
link">¶</a></h3>
+<h4 id="authenticationfailed">authenticationFailed<a class="headerlink"
href="#authenticationfailed" title="Permanent link">¶</a></h4>
<p>This method is called, if the Credentials provided by the Authentication
Handler could not be validated by the Jackrabbit authentication infrastructure.
One cause may be that the integration with Jackrabbit has not been completed
(see <em>Integration with Jackrabbit</em> below). Another, more probably cause,
is that the validated OpenID identifier cannot be associated with an existing
JCR user.</p>
<p>The OpenID Authentication Handler implementation of the
<code>authenticationFailed</code> method sets the <code>j_reason</code> request
attribute to <code>OpenIDFailure.REPOSITORY</code> and sets the
<code>j_openid_identity</code> request attribute to the OpenID identity of the
authenticated user.</p>
<p>A login form provider may wish to act upon this situation and provide a
login form to the user to allow to his OpenID identity with an existing JCR
user.</p>
<p>In addition, the current OpenID identity is invalidated thus the cached
OpenID information is removed from the HTTP Session or the OpenID cookie is
cleaned. This will allow the user to present a different OpenID identifier to
retry or it will require the OpenID identity to be revalidated with the OpenID
provider if the identity is associated with a JCR user.</p>
-<h4 id="authenticationsucceeded">authenticationSucceeded</h4>
+<h4 id="authenticationsucceeded">authenticationSucceeded<a class="headerlink"
href="#authenticationsucceeded" title="Permanent link">¶</a></h4>
<p>The OpenID Authentication Handler implementation of the
<code>authenticationSucceeded</code> method just calls the
<code>DefaultAuthenticationFeedbackHandler.handleRedirect</code> method to
redirect the user to the initially requested location.</p>
-<h3 id="integration-with-jackrabbit">Integration with Jackrabbit</h3>
+<h3 id="integration-with-jackrabbit">Integration with Jackrabbit<a
class="headerlink" href="#integration-with-jackrabbit" title="Permanent
link">¶</a></h3>
<p>The OpenID authentication handler can be integrated in two ways into the
Jackrabbit authentication mechanism which is based on JAAS
<code>LoginModule</code>. One integration is by means of a
<code>LoginModulePlugin</code> which plugs into the extensible
<code>LoginModule</code> architecture supported by the Sling Jackrabbit
Embedded Repository bundle.</p>
<p>The other integration option is the
<code>trusted_credentials_attribute</code> mechanism supported by the
Jackrabbit <code>DefaultLoginModule</code>. By setting the
<code>trusted_credentials_attribute</code> parameter of the Jackrabbit
<code>DefaultLoginModule</code> and the <code>openid.user.attr</code>
configuration property of the OpenID Authentication Handler to the same value,
the existence of an attribute of that name in the
<code>SimpleCredentials</code> instance provided to the
<code>Repository.login</code> method signals pre-authenticated credentials,
which need not be further checked by the <code>DefaultLoginModule</code>.</p>
-<h3 id="security-considerations">Security Considerations</h3>
+<h3 id="security-considerations">Security Considerations<a class="headerlink"
href="#security-considerations" title="Permanent link">¶</a></h3>
<p>OpenIDAuthentication has some limitations in terms of security:</p>
<ol>
<li>User name and password are transmitted in plain text in the initial form
submission.</li>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - Framework</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Authentication - Framework</h1>
- <p>The core piece of functionality with respect to authentication in
Sling is contained in the Sling Auth Core bundle. This bundle provides the API
for Sling and Sling applications to make use of authentication.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>The core piece of functionality with respect to authentication in Sling is
contained in the Sling Auth Core bundle. This bundle provides the API for Sling
and Sling applications to make use of authentication.</p>
<p>This support encompasses three parts:</p>
<ul>
<li>The <code>AuthenticationSupport</code> service provided by the
<code>SlingAuthenticator</code> class. This service can be used by
implementations of the OSGi <code>HttpContext</code> interface to delegate
authentication.</li>
@@ -99,7 +121,7 @@
</ul>
<p>This page describes how the <code>SlingAuthenticator</code> class provides
the <code>AuthenticationSupport</code> and <code>Authenticator</code>
services. For a description of the <code>AuthenticationHandler</code> service
interface and the interaction between the <code>SlingAuthenticator</code> and
the <code>AuthenticationHandler</code> services refer to the <a
href="/documentation/the-sling-engine/authentication/authentication-authenticationhandler.html">AuthenticationHandler</a>
page.</p>
<p>The <code>SlingAuthenticator</code> class is an internal class of the
<code>org.apache.sling.auth.core</code> bundle and implements the
<code>Authenticator</code> and <code>AuthenticationSupport</code> services.</p>
-<h2 id="authenticationsupport">AuthenticationSupport</h2>
+<h2 id="authenticationsupport">AuthenticationSupport<a class="headerlink"
href="#authenticationsupport" title="Permanent link">¶</a></h2>
<p>The <code>AuthenticationSupport</code> service interface defines a single
method: <code>handleSecurity</code>. This method is intended to be called by
the <code>handleSecurity</code> method of any <code>HttpContext</code>
implementation wishing to make use of the Sling Authentication Framework.</p>
<p>The Sling Authenticator implementation selects an
<code>AuthenticationHandler</code> service appropriate for the request and
calls the <code>AuthenticationHandler.extractCredentials</code> method to
extract the credentials from the request. If no credentials could be extracted,
the Sling Authenticator either admits the request as an anonymous request or
requests authentication from the client by calling its own <code>login</code>
method.</p>
<p>The implementation follows this algorithm:</p>
@@ -114,7 +136,7 @@
<li>Set request attributes listed below.</li>
</ol>
<p>Extracting the credentials and trying to login to the repository may yield
the following results:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Credentials</th>
@@ -149,9 +171,9 @@
Only one <code>AuthenticationHandler</code> is able to provide credentials
for a given request. If the credentials provided by the handler cannot be used
to login to the repository, authentication fails and no further
<code>AuthenticationHandler</code> is consulted.
</div>
-<h4 id="request-attributes-on-successful-login">Request Attributes on
Successful Login</h4>
+<h4 id="request-attributes-on-successful-login">Request Attributes on
Successful Login<a class="headerlink"
href="#request-attributes-on-successful-login" title="Permanent
link">¶</a></h4>
<p>The <code>handleSecurity</code> method gets credentials from the
<code>AuthenticationHandler</code> and logs into the JCR repository using those
credentials. If the login is successful, the <code>SlingAuthenticator</code>
sets the following request attributes:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Attribute</th>
@@ -186,7 +208,7 @@
</pre></div>
-<h4 id="anonymous-login">Anonymous Login</h4>
+<h4 id="anonymous-login">Anonymous Login<a class="headerlink"
href="#anonymous-login" title="Permanent link">¶</a></h4>
<p>The <code>SlingAuthenticator</code> provides high level of control with
respect to allowing anonymous requests or requiring authentication up front:</p>
<ul>
<li>Global setting of whether anonymous requests are allowed or not. This is
the value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>)
property of the <code>SlingAuthenticator</code> configuration. This property is
supported for backwards compatibility and defaults to <code>true</code>
(allowing anonymous access).</li>
@@ -203,7 +225,7 @@
<p>An authentication handler may register itself with the service registration
property <code>sling.auth.requirements = "-/apps/sample/loginform"</code> to
ensure the login form can be rendered without requiring authentication.</p>
</li>
</ul>
-<h2 id="authenticator-implementation">Authenticator implementation</h2>
+<h2 id="authenticator-implementation">Authenticator implementation<a
class="headerlink" href="#authenticator-implementation" title="Permanent
link">¶</a></h2>
<p>The implementation of the <code>Authenticator</code> interface is similar
for both methods:</p>
<p><strong><code>login</code></strong></p>
<ol>
@@ -212,7 +234,7 @@
<li>As soon as the first handlers returns <code>true</code>, the process ends
and it is assumed credentials have been requested from the client.</li>
</ol>
<p>The <code>login</code> method has three possible exit states:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Exit State</th>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-tasks.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Authentication - Tasks</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,15 +101,26 @@
<h1>Authentication - Tasks</h1>
- <p>Authentication of HTTP Requests is generally a two-step process:
First the credentials must be extracted from the request and second the
credentials must be validated. In the case of Sling this means acquiring a JCR
Session.</p>
-<h2 id="extract-credentials-from-the-request">Extract Credentials from the
Request</h2>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Authentication of HTTP Requests is generally a two-step process: First the
credentials must be extracted from the request and second the credentials must
be validated. In the case of Sling this means acquiring a JCR Session.</p>
+<h2 id="extract-credentials-from-the-request">Extract Credentials from the
Request<a class="headerlink" href="#extract-credentials-from-the-request"
title="Permanent link">¶</a></h2>
<ul>
<li>Implemented and controlled by the Sling Auth Core bundle</li>
<li>Takes <code>HttpServletRequest</code></li>
<li>Provides credentials for futher processing (basically JCR
<code>Credentials</code> and Workspace name)</li>
<li>Extensible with the help of <code>AuthenticationHandler</code>
services</li>
</ul>
-<h2 id="login-to-the-jcr-repository">Login to the JCR Repository</h2>
+<h2 id="login-to-the-jcr-repository">Login to the JCR Repository<a
class="headerlink" href="#login-to-the-jcr-repository" title="Permanent
link">¶</a></h2>
<ul>
<li>Implemented and controlled by the JCR Repository</li>
<li>Takes JCR <code>Credentials</code> and Workspace name</li>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/default-mapping-and-rendering.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/default-mapping-and-rendering.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/default-mapping-and-rendering.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Default Mapping and Rendering</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -95,7 +106,18 @@
<h1>Default Mapping and Rendering</h1>
- <p>This page contained obsolete content, moved it to
http://cwiki.apache.org/confluence/display/SLING/Default+Mapping+and+Rendering+%28OBSOLETE%29
in case it is useful to someone.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>This page contained obsolete content, moved it to
http://cwiki.apache.org/confluence/display/SLING/Default+Mapping+and+Rendering+%28OBSOLETE%29
in case it is useful to someone.</p>
<div class="timestamp" style="margin-top: 30px; font-size: 80%;
text-align: right;">
Rev. 1499238 by fmeschbe on Wed, 3 Jul 2013 07:39:54 +0000
</div>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/dispatching-requests.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/dispatching-requests.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/dispatching-requests.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Dispatching Requests</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Dispatching Requests</h1>
- <h2 id="main-process">Main process</h2>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<h2 id="main-process">Main process<a class="headerlink" href="#main-process"
title="Permanent link">¶</a></h2>
<p>The following steps should give you an overview how a request is processed
in Sling. Details can be found under provided links.</p>
<ol>
<li>
@@ -142,7 +164,7 @@ If any called filter doesn't call <code>
<p>After having called the component level filters, the request servlet or
script is finally called to process the request.</p>
</li>
</ol>
-<h2 id="includeforward">Include/Forward</h2>
+<h2 id="includeforward">Include/Forward<a class="headerlink"
href="#includeforward" title="Permanent link">¶</a></h2>
<p>If a servlet or script is including another resource for processing through
the <code>RequestDispatcher.include</code> or
<code>RequestDispatcher.forward</code> (or any JSP or feature of another
scripting language which relies on one of this two methods) the following
processing takes place:</p>
<ol>
<li>
@@ -162,9 +184,9 @@ If any called filter doesn't call <code>
</li>
</ol>
<p>Note that these steps are processed for every include or forward call.</p>
-<h2 id="included-request-attributes">Included Request Attributes</h2>
+<h2 id="included-request-attributes">Included Request Attributes<a
class="headerlink" href="#included-request-attributes" title="Permanent
link">¶</a></h2>
<p>When servlet or script is called as a result of
<code>RequestDispatcher.include</code> the following request attributes are
set:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Attribute Name <br> Attribute Type</th>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/errorhandling.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/errorhandling.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/errorhandling.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Errorhandling</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/featureflags.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/featureflags.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/featureflags.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Feature Flags</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Feature Flags</h1>
- <p>Feature Flags are used to select whether a particular feature is
enabled or not. This allows to
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Feature Flags are used to select whether a particular feature is enabled or
not. This allows to
continuosly deploy new features of an application without making them globally
available yet.</p>
<p>Features may be enabled based on various contextual data:</p>
<ul>
@@ -104,7 +126,7 @@ continuosly deploy new features of an ap
<p>Feature flags can be provided by registering
<code>org.apache.sling.featureflags.Feature</code> services.
Alternatively feature flags can be provided by factory configuration with
factory PID
<code>org.apache.sling.featureflags.Feature</code> as follows:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Property</th>
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/filters.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/filters.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/filters.html
Tue Sep 22 10:23:16 2015
@@ -18,11 +18,11 @@
limitations under the License.
-->
<head>
+ <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title>Apache Sling - Servlet Filter Support</title>
<link rel="icon" href="/res/favicon.ico">
<link rel="stylesheet" href="/res/site.css" type="text/css" media="all">
<link rel="stylesheet" href="/res/codehilite.css" type="text/css"
media="all">
- <meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>
<body>
<div class="title">
@@ -39,7 +39,18 @@
</div>
<div class="menu">
- <p><strong><a href="/documentation.html">Documentation</a></strong> <br
/>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p><strong><a href="/documentation.html">Documentation</a></strong> <br />
<a href="/documentation/getting-started.html">Getting Started</a> <br />
<a href="/documentation/the-sling-engine.html">The Sling Engine</a> <br />
<a href="/documentation/development.html">Development</a> <br />
@@ -90,7 +101,18 @@
<h1>Servlet Filter Support</h1>
- <p>Sling supports filter processing by applying filter chains to the
requests before actually dispatching to the servlet or script for processing.
Filters to be used in such filter processing are plain OSGi services of type
<code>javax.servlet.Filter</code> which of course means that the services
implement this interface.</p>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink,
h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink,
dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Sling supports filter processing by applying filter chains to the requests
before actually dispatching to the servlet or script for processing. Filters to
be used in such filter processing are plain OSGi services of type
<code>javax.servlet.Filter</code> which of course means that the services
implement this interface.</p>
<div class="note">
See <a href="https://issues.apache.org/jira/browse/SLING-1213";>SLING-1213</a>,
<a href="https://issues.apache.org/jira/browse/SLING-1734";>SLING-1734</a>, and
@@ -101,7 +123,7 @@ from our integration tests shows an exam
</div>
<p>For Sling to pick up a <code>javax.servlet.Filter</code> service for filter
processing two service registration properties are inspected:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th>Property</th>
@@ -135,10 +157,10 @@ from our integration tests shows an exam
</tr>
</tbody>
</table>
-<h2 id="filter-chains">Filter Chains</h2>
+<h2 id="filter-chains">Filter Chains<a class="headerlink"
href="#filter-chains" title="Permanent link">¶</a></h2>
<p>Sling maintains five filter chains: request level, component level, include
filters, forward filters and error filters. Except for the component level
filter these filter chains correspond to the filter
<code><dispatcher></code> configurations as defined for Servlet API 2.5
web applications (see section SRV.6.2.5 Filters and the RequestDispatcher).</p>
<p>The following table summarizes when each of the filter chains is called and
what value must be defined in the <code>sling.filter.scope</code> property to
have a filter added to the respective chain:</p>
-<table>
+<table class="table">
<thead>
<tr>
<th><code>sling.filter.scope</code></th>
@@ -175,7 +197,7 @@ from our integration tests shows an exam
</tbody>
</table>
<p>Note on <code>INCLUDE</code> and <code>FORWARD</code> with respect to JSP
tags: These filters are also called if the respective including (e.g.
<code><jsp:include></code> or <code><sling:include></code>) or
forwarding (e.g. <code><jsp:forward></code> or
<code><sling:forward></code>) ultimately calls the
<code>RequestDispatcher</code>.</p>
-<h2 id="filter-processing">Filter Processing</h2>
+<h2 id="filter-processing">Filter Processing<a class="headerlink"
href="#filter-processing" title="Permanent link">¶</a></h2>
<p>Filter processing is part of the Sling request processing, which may be
sketched as follows:</p>
<ul>
<li><em>Request Level</em>:<ul>
@@ -205,9 +227,9 @@ from our integration tests shows an exam
</li>
</ul>
<p>As a consequence, request level filters will be called at most once during
request processing (they may not be called at all if a filter earlier in the
filter chain decides to terminate the request) while the component level,
include, and forward filters may be called multiple times while processing a
request.</p>
-<h2 id="troubleshooting">Troubleshooting</h2>
+<h2 id="troubleshooting">Troubleshooting<a class="headerlink"
href="#troubleshooting" title="Permanent link">¶</a></h2>
<p>Apart form the logs which tell you when filters are executed, two Sling
plugins provide information about filters in the OSGi console.</p>
-<h3 id="recent-requests-plugin">Recent Requests plugin</h3>
+<h3 id="recent-requests-plugin">Recent Requests plugin<a class="headerlink"
href="#recent-requests-plugin" title="Permanent link">¶</a></h3>
<p>The request traces provided at <code>/system/console/requests</code>
contain information about filter execution, as in this example:</p>
<div class="codehilite"><pre>0 <span class="p">(</span>2010<span
class="o">-</span>09<span class="o">-</span>08 15<span
class="p">:</span>22<span class="p">:</span>38<span class="p">)</span> <span
class="n">TIMER_START</span><span class="p">{</span><span
class="n">Request</span> <span class="n">Processing</span><span
class="p">}</span>
<span class="p">...</span>
@@ -225,7 +247,7 @@ from our integration tests shows an exam
</pre></div>
-<h3 id="config-status-plugin">Config Status plugin</h3>
+<h3 id="config-status-plugin">Config Status plugin<a class="headerlink"
href="#config-status-plugin" title="Permanent link">¶</a></h3>
<p>The configuration status page at <code>/system/console/config</code>
includes the current list of active filters in its <em>Servlet Filters</em>
category, as in this example:</p>
<div class="codehilite"><pre><span class="n">Current</span> <span
class="n">Apache</span> <span class="n">Sling</span> <span
class="n">Servlet</span> <span class="n">Filter</span> <span
class="n">Configuration</span>
@@ -250,7 +272,7 @@ from our integration tests shows an exam
<p>The first numbers on those lines are the filter priorities, and the last
number in parentheses is the OSGi service ID.</p>
-<h2 id="support-in-sling-engine-210">Support in Sling Engine 2.1.0</h2>
+<h2 id="support-in-sling-engine-210">Support in Sling Engine 2.1.0<a
class="headerlink" href="#support-in-sling-engine-210" title="Permanent
link">¶</a></h2>
<p>Up to and including Sling Engine 2.1.0 support for Servlet Filters has been
as follows:</p>
<ul>
<li>Any <code>javax.servlet.Filter</code> service is accepted as a filter for
Sling unless the <code>pattern</code> property used by the <a
href="http://felix.apache.org/site/apache-felix-http-service.html#ApacheFelixHTTPService-UsingtheWhiteboard";>Apache
Felix HttpService whiteboard support</a> is set in the service registration
properties.</li>
