Examples of org.apache.sling.auth.core.AuthenticationSupport

• org.apache.sling.auth.core.AuthenticationSupport
  The AuthenticationSupport provides the service API used to implement the HttpContext.handleSecurity method as defined in the OSGi Http Service specification.

  Bundles registering servlets and/or resources with custom HttpContext implementations may implement the handleSecurity method using this service. The {@link #handleSecurity(HttpServletRequest,HttpServletResponse)} methodimplemented by this service exactly implements the specification of the HttpContext.handleSecurity method.

  A simple implementation of the HttpContext interface based on this could be (using SCR JavaDoc tags of the Maven SCR Plugin) :

   /** @scr.component */ public class MyHttpContext implements HttpContext { /** @scr.reference */ private AuthenticationSupport authSupport; /** @scr.reference */ private MimeTypeService mimeTypes; public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) { return authSupport.handleSecurity(request, response); } public URL getResource(String name) { return null; } public String getMimeType(String name) { return mimeTypes.getMimeType(name); } } 

  This interface is implemented by this bundle and is not intended to be implemented by client bundles.

     * is missing this method returns <code>false</code> and sends a 503/SERVICE
     * UNAVAILABLE status back to the client.
     */
    public boolean handleSecurity(final HttpServletRequest request, final HttpServletResponse response)
            throws IOException {
        final AuthenticationSupport localAuthenticator = this.authenticator;
        if (localAuthenticator != null) {

            final String wsp = getWorkspace(request.getPathInfo());
            if (wsp != null) {
                request.setAttribute("j_workspace", wsp);
            }
            return localAuthenticator.handleSecurity(request, response);
        }
        // send 503/SERVICE UNAVAILABLE, flush to ensure delivery
        response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
        response.flushBuffer();

     * UNAVAILABLE status back to the client.
     */
    public boolean handleSecurity(HttpServletRequest request,
            HttpServletResponse response) throws IOException {

        final AuthenticationSupport authenticator = this.authenticationSupport;
        if (authenticator != null) {

            // SLING-559: ensure correct parameter handling according to
            // ParameterSupport
            request = ParameterSupport.getParameterSupportRequestWrapper(request);

            return authenticator.handleSecurity(request, response);

        }

        log.error("handleSecurity: AuthenticationSupport service missing. Cannot authenticate request.");
        log.error("handleSecurity: Possible reason is missing Repository service. Check AuthenticationSupport dependencies.");

        this.allowedUserIds = allowedUserIds;
    }

    public boolean handleSecurity(final HttpServletRequest request, final HttpServletResponse response)
            throws IOException {
        final AuthenticationSupport localAuthenticator = this.authenticator;
        if (localAuthenticator != null) {
            final boolean authResult = localAuthenticator.handleSecurity(request, response);
            if (authResult) {
                if (this.allowedUserIds.size() == 0) {
                    return true;
                } else {
                    final String userId = (String) request.getAttribute(HttpContext.REMOTE_USER);