Author: fmeschbe
Date: Thu Apr 23 08:44:30 2009
New Revision: 767854
URL: http://svn.apache.org/viewvc?rev=767854&view=rev
Log:
SLING-939 Adapt HTTP Header Authentication to the new Authentication.login
service method
Added:
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
(with props)
Modified:
incubator/sling/trunk/bundles/extensions/httpauth/pom.xml
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
Modified: incubator/sling/trunk/bundles/extensions/httpauth/pom.xml
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/pom.xml?rev=767854&r1=767853&r2=767854&view=diff
==============================================================================
--- incubator/sling/trunk/bundles/extensions/httpauth/pom.xml (original)
+++ incubator/sling/trunk/bundles/extensions/httpauth/pom.xml Thu Apr 23
08:44:30 2009
@@ -87,7 +87,7 @@
<dependency>
<groupId>org.apache.sling</groupId>
<artifactId>org.apache.sling.engine</artifactId>
- <version>2.0.2-incubator</version>
+ <version>2.0.3-incubator-SNAPSHOT</version>
</dependency>
<dependency>
Modified:
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java?rev=767854&r1=767853&r2=767854&view=diff
==============================================================================
---
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
(original)
+++
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/AuthorizationHeaderAuthenticationHandler.java
Thu Apr 23 08:44:30 2009
@@ -18,8 +18,15 @@
*/
package org.apache.sling.httpauth.impl;
+import java.awt.image.ImagingOpException;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.Cookie;
@@ -38,10 +45,11 @@
* the authorization steps based on the Authorization header of the HTTP
* request. This authenticator should eventually support both BASIC and DIGEST
* authentication methods.
- *
+ *
* @scr.component immediate="false" label="%auth.http.name"
* description="%auth.http.description"
- * @scr.property name="service.description" value="HTTP Header Authentication
Handler"
+ * @scr.property name="service.description"
+ * value="HTTP Header Authentication Handler"
* @scr.property name="service.vendor" value="The Apache Software Foundation"
* @scr.property nameRef="AuthenticationHandler.PATH_PROPERTY" value="/"
* @scr.service
@@ -59,7 +67,7 @@
* in the {...@link #authenticate(HttpServletRequest, HttpServletResponse)}
* method if no credentials are present in the request (value is
* "sling:authRequestLogin").
- *
+ *
* @see #authenticate(HttpServletRequest, HttpServletResponse)
*/
static final String REQUEST_LOGIN_PARAMETER = "sling:authRequestLogin";
@@ -80,11 +88,15 @@
private static final String DEFAULT_REALM = "Sling (Development)";
+ private static final String LOGIN_FORM_TEMPLATE = "LoginFormTemplate.html";
+
/** default log */
private final Logger log = LoggerFactory.getLogger(getClass());
private String realm = DEFAULT_REALM;
+ private String loginFormTemplate;
+
public AuthorizationHeaderAuthenticationHandler() {
log.info("AuthorizationHeaderAuthenticationHandler created");
}
@@ -96,21 +108,25 @@
* is only based on the original request object, no URI translation has
* taken place yet.
* <p>
- * The method returns any of the following values : <table>
+ * The method returns any of the following values :
+ * <table>
* <tr>
* <th>value
- * <th>description</tr>
+ * <th>description
+ * </tr>
* <tr>
* <td><code>null</code>
- * <td>no user details were contained in the request </tr>
+ * <td>no user details were contained in the request
+ * </tr>
* <tr>
* <td>{...@link AuthenticationInfo#DOING_AUTH}
- * <td>the handler is in an ongoing authentication exchange with the
- * client. The request handling is terminated.
+ * <td>the handler is in an ongoing authentication exchange with the
client.
+ * The request handling is terminated.
* <tr>
* <tr>
* <td>valid credentials
- * <td>The user sent credentials.</tr>
+ * <td>The user sent credentials.
+ * </tr>
* </table>
* <p>
* The method must not request credential information from the client, if
@@ -120,7 +136,7 @@
* the request may be for an included servlet, in which case the values for
* some URI specific values are contained in javax.servlet.include.*
request
* attributes.
- *
+ *
* @param request The request object containing the information for the
* authentication.
* @param response The response object which may be used to send the
@@ -141,13 +157,8 @@
}
// no credentials, check whether the client wants to login
- if (request.getParameter(REQUEST_LOGIN_PARAMETER) != null) {
- try {
- requestAuthentication(request, response);
- return AuthenticationInfo.DOING_AUTH;
- } catch (IOException ioe) {
- log.error("authenticate: Failed requesting authentication",
ioe);
- }
+ if (forceAuthentication(request, response)) {
+ return AuthenticationInfo.DOING_AUTH;
}
// no special header, so we will not authenticate here
@@ -155,16 +166,12 @@
}
/**
- * Sends status <code>401</code> (Unauthorized) with a
- * <code>WWW-Authenticate</code> requesting standard HTTP header
- * authentication with the <code>Basic</code> scheme and the configured
- * realm name. If the response is already committed, an error message is
- * logged but the 401 status is not sent.
- *
+ * Sends back the form to log into the system.
+ *
* @param request The request object
* @param response The response object to which to send the request
* @return <code>true</code> is always returned by this handler
- * @throws IOException if an error occurrs sending back the response.
+ * @throws IOException if an error occurrs sending back the form.
*/
public boolean requestAuthentication(HttpServletRequest request,
HttpServletResponse response) throws IOException {
@@ -172,11 +179,32 @@
// if the response is already committed, we have a problem !!
if (!response.isCommitted()) {
- response.setHeader(HEADER_WWW_AUTHENTICATE,
- AUTHENTICATION_SCHEME_BASIC + " realm=\"" + this.realm + "\"");
-
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
-
+ // reset the response
+ response.reset();
+ response.setStatus(HttpServletResponse.SC_OK);
+
+ String form = getLoginForm();
+
+ if (form != null) {
+
+ form = replaceVariables(form, "@@contextPath@@",
+ request.getContextPath(), "/");
+ form = replaceVariables(form, "@@authType@@",
+ request.getAuthType(), "");
+ form = replaceVariables(form, "@@user@@",
+ request.getRemoteUser(), "");
+
+ response.setContentType("text/html");
+ response.setCharacterEncoding("UTF-8");
+ response.getWriter().print(form);
+
+ } else {
+
+ // have no form, so just send 401/UNATHORIZED for simple login
+ sendUnauthorized(response);
+
+ }
+
} else {
log.error("requestAuthentication: Response is committed, cannot
request authentication");
@@ -186,6 +214,78 @@
return true;
}
+ /**
+ * If the {...@link #REQUEST_LOGIN_PARAMETER} parameter is set this method
+ * sends status <code>401</code> (Unauthorized) with a
+ * <code>WWW-Authenticate</code> requesting standard HTTP header
+ * authentication with the <code>Basic</code> scheme and the configured
+ * realm name. If the response is already committed, an error message is
+ * logged but the 401 status is not sent.
+ * <p>
+ * <code>false</code> is returned if the request parameter is not set, if
+ * the response is already committed or if an error occurred sending the
+ * status response. The latter two situations are logged as errors.
+ *
+ * @param request The request object
+ * @param response The response object to which to send the request
+ * @return <code>true</code> if the 401/UNAUTHORIZED method has
successfully
+ * been sent.
+ */
+ private boolean forceAuthentication(HttpServletRequest request,
+ HttpServletResponse response) {
+
+ // presume 401/UNAUTHORIZED has not been sent
+ boolean authenticationForced = false;
+
+ if (request.getParameter(REQUEST_LOGIN_PARAMETER) != null) {
+
+ if (!response.isCommitted()) {
+
+ authenticationForced = sendUnauthorized(response);
+
+ } else {
+
+ log.error("forceAuthentication: Response is committed, cannot
request authentication");
+
+ }
+
+ } else {
+
+ log.debug(
+ "forceAuthentication: Not forcing authentication because
request parameter {} is not set",
+ REQUEST_LOGIN_PARAMETER);
+
+ }
+
+ // true if 401/UNAUTHORIZED has been sent, false otherwise
+ return authenticationForced;
+ }
+
+ /**
+ * Sends status <code>401</code> (Unauthorized) with a
+ * <code>WWW-Authenticate</code> requesting standard HTTP header
+ * authentication with the <code>Basic</code> scheme and the configured
+ * realm name.
+ *
+ * @param response The response object to which to send the request
+ * @return <code>true</code> if the 401/UNAUTHORIZED method has
successfully
+ * been sent.
+ */
+ private boolean sendUnauthorized(HttpServletResponse response) {
+ response.setHeader(HEADER_WWW_AUTHENTICATE, AUTHENTICATION_SCHEME_BASIC
+ + " realm=\"" + this.realm + "\"");
+
+ try {
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ return true;
+ } catch (IOException ioe) {
+ log.error("sendUnauthorized: Failed requesting authentication",
+ ioe);
+ }
+
+ return false;
+ }
+
// ---------- SCR Integration
----------------------------------------------
protected void activate(ComponentContext componentContext) {
@@ -276,4 +376,70 @@
return new AuthenticationInfo(HttpServletRequest.BASIC_AUTH, creds);
}
+
+ /**
+ * Returns the login form template as a string or <code>null</code> if it
+ * cannot be read. Failure to read the template is logged.
+ */
+ private String getLoginForm() {
+ if (loginFormTemplate == null) {
+ InputStream ins = getClass().getResourceAsStream(
+ LOGIN_FORM_TEMPLATE);
+ if (ins != null) {
+ try {
+
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ byte[] buf = new byte[3000];
+ int bytes = 0;
+ while ((bytes = ins.read(buf)) >= 0) {
+ out.write(buf, 0, bytes);
+ }
+ out.close();
+ loginFormTemplate = new String(out.toByteArray(), "UTF-8");
+
+ } catch (IOException ioe) {
+
+ log.error(
+ "getLoginForm: Failure reading login form template",
+ ioe);
+
+ } finally {
+
+ try {
+ ins.close();
+ } catch (IOException ignore) {
+ }
+
+ }
+
+ } else {
+
+ log.error("getLoginForm: Cannot access login form template at "
+ + LOGIN_FORM_TEMPLATE);
+
+ }
+ }
+
+ return loginFormTemplate;
+ }
+
+ /**
+ * Replaces all occurrences in the <code>template</code> of the
+ * <code>key</code> (a regular expression) by the <code>value</code> or
+ * <code>defaultValue</code>.
+ *
+ * @param template The template to replace occurences of key
+ * @param key The regular expression of the key to replace
+ * @param value The replacement value
+ * @param defaultValue The replacement value to use if the value is null or
+ * an empty string.
+ * @return the template with the key values replaced.
+ */
+ private String replaceVariables(String template, String key, String value,
+ String defaultValue) {
+ if (value == null || value.length() == 0) {
+ value = defaultValue;
+ }
+ return template.replaceAll(key, value);
+ }
}
\ No newline at end of file
Modified:
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java?rev=767854&r1=767853&r2=767854&view=diff
==============================================================================
---
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
(original)
+++
incubator/sling/trunk/bundles/extensions/httpauth/src/main/java/org/apache/sling/httpauth/impl/LoginServlet.java
Thu Apr 23 08:44:30 2009
@@ -19,15 +19,19 @@
package org.apache.sling.httpauth.impl;
import java.io.IOException;
-import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletResponse;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
+import org.apache.sling.engine.auth.Authenticator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* The <code>LoginServlet</code> TODO
- *
+ *
* @scr.component metatype="no"
* @scr.service interface="javax.servlet.Servlet"
* @scr.property name="service.description" value="HTTP Header Login Servlet"
@@ -37,28 +41,24 @@
*/
public class LoginServlet extends SlingAllMethodsServlet {
+ /** default log */
+ private final Logger log = LoggerFactory.getLogger(getClass());
+
+ /** @scr.reference cardinality="0..1" policy="dynamic" */
+ private Authenticator authenticator;
+
@Override
protected void doGet(SlingHttpServletRequest request,
SlingHttpServletResponse response) throws IOException {
- response.setContentType("text/html");
- response.setCharacterEncoding("UTF-8");
-
- PrintWriter pw = response.getWriter();
-
- prolog(pw);
-
- final String contexPath = request.getContextPath();
- String authType = request.getAuthType();
- String user = request.getRemoteUser();
-
- if (authType == null) {
- login(pw, contexPath);
+ Authenticator authenticator = this.authenticator;
+ if (authenticator != null) {
+ authenticator.login(request, response);
} else {
- logout(pw, contexPath, user);
+ log.error("doGet: Authenticator service missing, cannot request
authentication");
+ response.sendError(HttpServletResponse.SC_FORBIDDEN,
+ "Cannot request Authentication");
}
-
- epilog(pw);
}
@Override
@@ -67,142 +67,4 @@
response.sendRedirect(request.getRequestURI());
}
- private void login(PrintWriter pw, String contextPath) {
-
- pw.println("<script>");
- ajax(pw, contextPath);
- pw.println("function loginuser() {");
- pw.println(" var user = document.forms['login'].usr.value;");
- pw.println(" var pass = document.forms['login'].pwd.value;");
- pw.println(" sendRequest(user, pass);");
- pw.println(" document.location = document.location");
- pw.println(" return false;");
- pw.println("}");
- pw.println("</script>");
-
- pw.println("<form name='login' onsubmit='return loginuser()'>");
- pw.println("<table align='center'>");
- pw.println("<tr><td colspan='2' align='center'>You are not currently
logged in</td></tr>");
- pw.println("<tr><td>Name</td><td><input type='text' name='usr'
/></td></tr>");
- pw.println("<tr><td>Password</td><td><input type='text' name='pwd'
/></td></tr>");
- pw.println("<tr><td colspan='2' align='center'><input type='submit'
value='Login' onClick='loginuser();'/></td></tr>");
- pw.println("</table>");
- pw.println("</form>");
- }
-
- private void logout(PrintWriter pw, String contextPath, String user) {
- pw.println("<script>");
- ajax(pw, contextPath);
- pw.println("function logoutuser() {");
-
- pw.println(" try {");
- pw.println(" // 'ClearAuthenticationCache' is only available in
some browsers");
- pw.println(" // including the IE; for eg. Firefox, who cannot
handle this command,");
- pw.println(" // we have the try-catch statement");
-
- pw.println(" // works in IE");
- pw.println("
document.execCommand('ClearAuthenticationCache');");
-
- pw.println(" } catch (e) {");
- pw.println(" sendRequest('"
- + AuthorizationHeaderAuthenticationHandler.NOT_LOGGED_IN_USER
- + "', 'null');");
- pw.println(" }");
-
- pw.println(" document.location = document.location");
- pw.println("}");
- pw.println("</script>");
-
- pw.println("<table align='center'>");
- pw.println("<tr><td align='center'>You are logged in as " + user
- + "</td></tr>");
- pw.println("<tr><td align='center'><input type='button' value='Logout'
onClick='logoutuser();'/></td></tr>");
- pw.println("</table>");
- }
-
- private void prolog(PrintWriter pw) {
- pw.println("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"
\"http://www.w3.org/TR/html4/strict.dtd\";>");
- pw.println("<html>");
- pw.println("<meta http-equiv=\"Content-Type\" content=\"text/html;
utf-8\">");
- pw.println("<title>Login/Logout</title>");
- pw.println("<style type=\"text/css\">");
- pw.println("body {");
- pw.println(" font-family: Verdana, Arial, Helvetica, sans-serif;");
- pw.println(" font-size: 10px;");
- pw.println(" color: black;");
- pw.println(" background-color: white;");
- pw.println("}");
- pw.println("#main {");
- pw.println(" border: 1px solid black;");
- pw.println(" margin-top: 25%;");
- pw.println(" margin-left: 25%;");
- pw.println(" width: 20em;");
- pw.println(" padding: 10px;");
- pw.println("}");
- pw.println("#main table {");
- pw.println(" width: 100%;");
- pw.println("}");
- pw.println("#main form {");
- pw.println(" padding: 0px;");
- pw.println(" margin: 0px;");
- pw.println("}");
- pw.println("</style>");
- pw.println("</head>");
- pw.println("<body>");
-
- pw.println("<div id=\"main\">");
- }
-
- private void ajax(PrintWriter pw, final String contextPath) {
-
pw.println("//-----------------------------------------------------------------------------");
- pw.println("// Ajax Support");
-
- pw.println("// request object, do not access directly, use getXmlHttp
instead");
- pw.println("var xmlhttp = null;");
- pw.println("function getXmlHttp() {");
- pw.println(" if (xmlhttp) {");
- pw.println(" return xmlhttp;");
- pw.println(" }");
-
- pw.println(" if (window.XMLHttpRequest) {");
- pw.println(" xmlhttp = new XMLHttpRequest();");
- pw.println(" } else if (window.ActiveXObject) {");
- pw.println(" try {");
- pw.println(" xmlhttp = new
ActiveXObject('Msxml2.XMLHTTP');");
- pw.println(" } catch (ex) {");
- pw.println(" try {");
- pw.println(" xmlhttp = new
ActiveXObject('Microsoft.XMLHTTP');");
- pw.println(" } catch (ex) {");
- pw.println(" }");
- pw.println(" }");
- pw.println(" }");
- pw.println("");
- pw.println(" return xmlhttp;");
- pw.println(" }");
-
- pw.println(" function sendRequest(/* String */ user, /* String */
pass) {");
- pw.println(" var xmlhttp = getXmlHttp();");
- pw.println(" if (!xmlhttp) {");
- pw.println(" return;");
- pw.println(" }");
-
- pw.println(" if (xmlhttp.readyState < 4) {");
- pw.println(" xmlhttp.abort();");
- pw.println(" }");
-
- pw.println(" xmlhttp.open('POST', '" + contextPath + "?"
- + AuthorizationHeaderAuthenticationHandler.REQUEST_LOGIN_PARAMETER
- + "=1', false, user, pass);");
-
- pw.println(" xmlhttp.send('');");
- pw.println(" }");
-
- }
-
- private void epilog(PrintWriter pw) {
- pw.println("</div>");
- pw.println("</body>");
- pw.println("</html>");
- }
-
}
Added:
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
URL:
http://svn.apache.org/viewvc/incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html?rev=767854&view=auto
==============================================================================
---
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
(added)
+++
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
Thu Apr 23 08:44:30 2009
@@ -0,0 +1,183 @@
+<!--
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+-->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd";>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; utf-8">
+<title>Login/Logout</title>
+<style type="text/css">
+body {
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size: 10px;
+ color: black;
+ background-color: white;
+}
+
+#main {
+ border: 1px solid black;
+ margin-top: 25%;
+ margin-left: 25%;
+ width: 220px;
+ padding: 10px;
+}
+
+table {
+ width: ;
+}
+
+#login {
+ display: none;
+}
+
+#logout {
+ display: none;
+}
+
+#login form {
+ padding: 0px;
+ margin: 0px;
+}
+</style>
+
+<script>
+ // fix the display of login/logout
+ function onLoad() {
+ if ('@@authType@@') {
+ document.getElementById("logout").style.display = "block";
+ } else {
+ document.getElementById("login").style.display = "block";
+ }
+ document.getElementById("nojs").style.display = "none";
+ }
+
+ // request object, do not access directly, use getXmlHttp instead
+ var xmlhttp = null;
+ function getXmlHttp() {
+ if (xmlhttp) {
+ return xmlhttp;
+ }
+
+ if (window.XMLHttpRequest) {
+ xmlhttp = new XMLHttpRequest();
+ } else if (window.ActiveXObject) {
+ try {
+ xmlhttp = new ActiveXObject('Msxml2.XMLHTTP');
+ } catch (ex) {
+ try {
+ xmlhttp = new ActiveXObject('Microsoft.XMLHTTP');
+ } catch (ex) {
+ }
+ }
+ }
+
+ return xmlhttp;
+ }
+
+ function sendRequest(/* String */ user, /* String */ pass) {
+ var xmlhttp = getXmlHttp();
+ if (!xmlhttp) {
+ return;
+ }
+
+ if (xmlhttp.readyState < 4) {
+ xmlhttp.abort();
+ }
+
+ xmlhttp.open('POST', '@@contextPath@@?sling:authRequestLogin=1', false,
user, pass);
+ xmlhttp.send('');
+ }
+
+ function loginuser() {
+ var user = document.forms['login'].usr.value;
+ var pass = document.forms['login'].pwd.value;
+ sendRequest(user, pass);
+ document.location = document.location
+ return false;
+ }
+
+ function logoutuser() {
+
+ try {
+ // 'ClearAuthenticationCache' is only available in some browsers
+ // including the IE; for eg. Firefox, who cannot handle this command,
+ // we have the try-catch statement
+
+ // works in IE
+ document.execCommand('ClearAuthenticationCache');
+
+ } catch (e) {
+ sendRequest('__forced_logout_user__', 'null');
+ }
+
+ document.location = document.location
+ }
+
+</script>
+</head>
+<body onload="onLoad()">
+<div id="main"><!-- Login Form -->
+<div id="login">
+<form name='login' onsubmit='return loginuser()'>
+<table align='center'>
+ <tr>
+ <td colspan='2' align='center'>You are not currently logged in</td>
+ </tr>
+ <tr>
+ <td>Name</td>
+ <td><input type='text' name='usr' /></td>
+ </tr>
+ <tr>
+ <td>Password</td>
+ <td><input type='password' name='pwd' /></td>
+ </tr>
+ <tr>
+ <td colspan='2' align='center'><input type='submit'
+ value='Login' onClick='loginuser();' /></td>
+ </tr>
+</table>
+</form>
+</div>
+
+
+<!-- Logout Information -->
+<div id="logout">
+<table align='center'>
+ <tr>
+ <td align='center'>You are logged in as @@user@@</td>
+ </tr>
+ <tr>
+ <td align='center'><input type='button' value='Logout'
+ onClick='logoutuser();' /></td>
+ </tr>
+</table>
+</div>
+
+<!-- Warning in case JavaScript is disabled -->
+<div id="nojs">
+<table align='center'>
+ <tr>
+ <td align='center'>This Login/Logout form requires JavaScript
+ enabled.</td>
+ </tr>
+</table>
+</div>
+
+</div>
+</body>
+</html>
Propchange:
incubator/sling/trunk/bundles/extensions/httpauth/src/main/resources/org/apache/sling/httpauth/impl/LoginFormTemplate.html
------------------------------------------------------------------------------
svn:eol-style = native
