Author: buildbot
Date: Tue Nov 3 12:55:21 2015
New Revision: 971184
Log:
Staging update by buildbot for sling
Modified:
websites/staging/sling/trunk/content/ (props changed)
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Nov 3 12:55:21 2015
@@ -1 +1 @@
-1712247
+1712284
Modified:
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
==============================================================================
---
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
(original)
+++
websites/staging/sling/trunk/content/documentation/the-sling-engine/authentication/authentication-framework.html
Tue Nov 3 12:55:21 2015
@@ -213,15 +213,23 @@ h2:hover > .headerlink, h3:hover > .head
<h4 id="anonymous-login">Anonymous Login<a class="headerlink"
href="#anonymous-login" title="Permanent link">¶</a></h4>
<p>The <code>SlingAuthenticator</code> provides high level of control with
respect to allowing anonymous requests or requiring authentication up front:</p>
<ul>
-<li>Global setting of whether anonymous requests are allowed or not. This is
the value of the <em>Allow Anonymous Access</em> (<code>auth.annonymous</code>)
property of the <code>SlingAuthenticator</code> configuration. This property is
supported for backwards compatibility and defaults to <code>true</code>
(allowing anonymous access).</li>
-<li>Specific configuration per URL. The <em>Authentication Requirements</em>
(<code>sling.auth.requirements</code>) property of the
<code>SlingAuthenticator</code> configuration may provide a list of URLs for
which authentication may be required or not: Any entry prefixed with a dash
<code>-</code> defines a subtree for which authentication is not required. Any
entry not prefixed with a dash or prefixed with a plus <code>+</code> defines a
subtree for which authentication is required up front and thus anonymous access
is not allowed. This list is empty by default.</li>
+<li>Global setting of whether anonymous requests are allowed or not. This is
the boolean value of the <em>Allow Anonymous Access</em>
(<code>auth.annonymous</code>) property of the <code>SlingAuthenticator</code>
configuration. This property is supported for backwards compatibility and
defaults to <code>true</code> (allowing anonymous access). Setting it to
<code>true</code> is a shortcut for setting
<code>sling.auth.requirements</code> to <code>-/</code>.</li>
+<li>Specific configuration per URL. The <em>Authentication Requirements</em>
(<code>sling.auth.requirements</code>) property of the
<code>SlingAuthenticator</code> configuration may provide a list of URLs for
which authentication may be required or not: Any entry prefixed with a dash
<code>-</code> defines a request path prefix for which authentication is not
required. Any entry not prefixed with a dash or prefixed with a plus
<code>+</code> defines a subtree for which authentication is required up front
and thus anonymous access is not allowed. This list is empty by default.</li>
<li>Any OSGi service may provide a <code>sling.auth.requirements</code>
registration property which is used to dynamically extend the authentication
requirements from the <em>Authentication Requirements</em> configuration. This
may for example be set by <code>AuthenticationHandler</code> implementations
providing a login form to ensure access to the login form does not require
authentication. The value of this property is a single string, an array of
strings or a Collection of strings and is formatted in the same way as the
<em>Authentication Requirements</em> configuration property.</li>
</ul>
-<p>The URLs set on the <em>Authentication Requirements</em> configuration
property or the <code>sling.auth.requirements</code> service registration
property can be absolute paths or URLs like the <code>path</code> service
registration property of <code>AuthenticationHandler</code> services. This
allows the limitation of this setup to certain requests by scheme and/or
virtual host address.</p>
+<p>The values set on the <em>Authentication Requirements</em> configuration
property or the <code>sling.auth.requirements</code> service registration
property can be absolute paths or URLs like the <code>path</code> service
registration property of <code>AuthenticationHandler</code> services. This
allows the limitation of this setup to certain requests by scheme and/or
virtual host address. The requests path
(<code>HttpServletRequest.getServletPath()</code> +
<code>HttpServletRequest.getPathInfo()</code>) is afterwards matched against
the given paths. It matches if it starts with one of the given paths.</p>
<p><strong>Examples</strong></p>
<ul>
<li>
-<p>The <code>LoginServlet</code> contained in the Sling Auth Core bundle
registers itself with the service registration property
<code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the
servlet can be accessed without requiring authentication.</p>
+<p>The <code>LoginServlet</code> contained in the Sling Auth Core bundle
registers itself with the service registration property
<code>sling.auth.requirements = "-/system/sling/login"</code> to ensure the
servlet can be accessed without requiring authentication. The following request
urls would work then without authentication:</p>
+</li>
+<li>
+<p>/system/sling/login</p>
+</li>
+<li>/system/sling/login.html</li>
+<li>/system/sling/login/somesuffix</li>
+<li>
+<p>/system/sling/login-test (if this is not desired, you have to use a
restriction like this: <code>sling.auth.requirements =
"-/system/sling/login"</code>)</p>
</li>
<li>
<p>An authentication handler may register itself with the service registration
property <code>sling.auth.requirements = "-/apps/sample/loginform"</code> to
ensure the login form can be rendered without requiring authentication.</p>
@@ -265,7 +273,7 @@ h2:hover > .headerlink, h3:hover > .head
</ol>
<p>Unlike for the <code>login</code> method in the <code>logout</code> method
case all <code>AuthenticationHandler</code> services selected in the first step
are called. If none can be selected or none can actually handle the
<code>dropCredentials</code> request, the <code>logout</code> silently
returns.</p>
<div class="timestamp" style="margin-top: 30px; font-size: 80%;
text-align: right;">
- Rev. 1593323 by olli on Thu, 8 May 2014 16:33:44 +0000
+ Rev. 1712284 by kwin on Tue, 3 Nov 2015 12:55:01 +0000
</div>
<div class="trademarkFooter">
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache
Sling project
