Details

    • Type: Sub-task Sub-task
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: Extensions httpauth 2.0.2
    • Fix Version/s: Extensions httpauth 2.0.4
    • Component/s: Extensions
    • Labels:
      None

      Description

      Adapt the HTTP Header authentication handler to the new refined authenticaiton initiation processing implemented by SLING-938.

      Tasks:

      • The LoginServlet calls the new requestAuthentication service method
      • requestAuthentication method will now draw the login form

        Activity

        Hide
        Felix Meschberger added a comment -

        Adapted the HTTP Base authenticator in Rev. 767854.

        The LoginServlet is stripped down to just calling the Authenticator.login method. The AuthorizationHeaderAuthenticationHandler class now renders the login form itself. The login form is provided in the bundle as an HTML template. For now, this login form is not configurable.

        Show
        Felix Meschberger added a comment - Adapted the HTTP Base authenticator in Rev. 767854. The LoginServlet is stripped down to just calling the Authenticator.login method. The AuthorizationHeaderAuthenticationHandler class now renders the login form itself. The login form is provided in the bundle as an HTML template. For now, this login form is not configurable.
        Hide
        Felix Meschberger added a comment -

        Updated reference to the HTTP Header Authentication Handler bundle in Rev. 767855 of the launchpad/bundles pom

        Show
        Felix Meschberger added a comment - Updated reference to the HTTP Header Authentication Handler bundle in Rev. 767855 of the launchpad/bundles pom
        Hide
        Aaron Zeckoski added a comment -

        Should be possible to update it via a bundle fragment though right?

        Show
        Aaron Zeckoski added a comment - Should be possible to update it via a bundle fragment though right?
        Hide
        Felix Meschberger added a comment -

        No, not at the moment, since you cannot replace bundle content with a fragment, just ammend. In this case it would have to be replacement.

        What I would envision to make the form for this handler configurable is to actually place it in the repository where it might be modified, replaced, whatever ...

        But this requires more thinking about the protocol and much more importandly: documentation of the protocol.

        Show
        Felix Meschberger added a comment - No, not at the moment, since you cannot replace bundle content with a fragment, just ammend. In this case it would have to be replacement. What I would envision to make the form for this handler configurable is to actually place it in the repository where it might be modified, replaced, whatever ... But this requires more thinking about the protocol and much more importandly: documentation of the protocol.
        Hide
        Aaron Zeckoski added a comment -

        That makes sense. I was thinking something like checking for "overrideTemplate" before getting the default one but storing in the repo would be good. My only possible issue with that is setting up a new one the first time sling starts up would be annoying (unless there is some way to push things into the repo on startup?). If there is no way to push things into the repo on startup I would recommend doing something like allowing a bundle fragment to control this.

        Show
        Aaron Zeckoski added a comment - That makes sense. I was thinking something like checking for "overrideTemplate" before getting the default one but storing in the repo would be good. My only possible issue with that is setting up a new one the first time sling starts up would be annoying (unless there is some way to push things into the repo on startup?). If there is no way to push things into the repo on startup I would recommend doing something like allowing a bundle fragment to control this.
        Hide
        Felix Meschberger added a comment -

        Adapted LoginServlet to new NoAuthenticationHandlerException to log a message and fall back to returning 403/FORBIDDEN in Rev. 768397.

        Show
        Felix Meschberger added a comment - Adapted LoginServlet to new NoAuthenticationHandlerException to log a message and fall back to returning 403/FORBIDDEN in Rev. 768397.
        Hide
        Felix Meschberger added a comment -

        Works fine, therefore closing.

        Show
        Felix Meschberger added a comment - Works fine, therefore closing.

          People

          • Assignee:
            Felix Meschberger
            Reporter:
            Felix Meschberger
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development