Created
March 4, 2016 21:44
-
-
Save auniverseaway/f52b447038105b91abda to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package org.millr.slick.auth; | |
| import org.apache.felix.scr.annotations.Activate; | |
| import org.apache.felix.scr.annotations.Component; | |
| import org.apache.felix.scr.annotations.Deactivate; | |
| import org.apache.felix.scr.annotations.Properties; | |
| import org.apache.felix.scr.annotations.Property; | |
| import org.apache.felix.scr.annotations.Reference; | |
| import org.apache.felix.scr.annotations.Service; | |
| import org.apache.sling.api.resource.ResourceResolverFactory; | |
| import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler; | |
| import org.apache.sling.auth.core.spi.AuthenticationHandler; | |
| import org.apache.sling.auth.core.spi.AuthenticationInfo; | |
| import org.apache.sling.commons.osgi.PropertiesUtil; | |
| import org.apache.sling.jcr.api.SlingRepository; | |
| import org.apache.sling.jcr.resource.JcrResourceConstants; | |
| import org.apache.sling.settings.SlingSettingsService; | |
| import org.osgi.service.component.ComponentContext; | |
| import org.slf4j.Logger; | |
| import org.slf4j.LoggerFactory; | |
| import javax.jcr.Credentials; | |
| import javax.jcr.LoginException; | |
| import javax.jcr.RepositoryException; | |
| import javax.jcr.Session; | |
| import javax.jcr.SimpleCredentials; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.util.Dictionary; | |
| @Component(label = "Auth0 Sling Authentication Handler", | |
| description = "Sample Sling Authentication Handler", | |
| metatype = true, | |
| immediate = false | |
| ) | |
| @Properties({ | |
| @Property(label = "Authentication Paths", | |
| description = "JCR Paths which this Authentication Handler will authenticate", | |
| name = AuthenticationHandler.PATH_PROPERTY, | |
| value = {"/content/slick"}, | |
| cardinality = Integer.MAX_VALUE), | |
| @Property(label = "Service Ranking", | |
| description = "Service ranking. Higher gives more priority.", | |
| name = "service.ranking", | |
| intValue = 20, | |
| propertyPrivate = false), | |
| @Property( | |
| name = AuthenticationHandler.TYPE_PROPERTY, | |
| value = "SAMPLES", | |
| propertyPrivate = true), | |
| @Property(label = "Vendor", | |
| name = "service.vendor", | |
| value = "ActiveCQ", | |
| propertyPrivate = true) | |
| }) | |
| @Service | |
| public class SampleSlingAuthenticationHandler implements AuthenticationHandler, AuthenticationFeedbackHandler { | |
| @SuppressWarnings("unused") | |
| private final Logger log = LoggerFactory.getLogger(this.getClass().getName()); | |
| private static final String DEFAULT_TRUST_CREDENTIALS = "TrustedInfo"; | |
| private String trustCredentials = DEFAULT_TRUST_CREDENTIALS; | |
| @Property(label = "Trust Credentials", | |
| description = "The Trust Credentials found in repository.xml or ldap.config", | |
| value = DEFAULT_TRUST_CREDENTIALS) | |
| private static final String PROP_TRUST_CREDENTIALS = "prop.trust-credentials"; | |
| private SlingRepository repository; | |
| /** | |
| * OSGi Service References * | |
| */ | |
| @Reference | |
| private ResourceResolverFactory resourceResolverFactory; | |
| @Reference | |
| private SlingSettingsService slingSettings; | |
| /** AuthenticationHandler Methods **/ | |
| /** | |
| * Extract the credentials contained inside the request, parameter or cookie | |
| * | |
| * @see com .day.cq.auth.impl.AbstractHTTPAuthHandler#authenticate(javax.servlet.http.HttpServletRequest, | |
| * javax.servlet.http.HttpServletResponse) | |
| */ | |
| @Override | |
| public AuthenticationInfo extractCredentials(HttpServletRequest request, | |
| HttpServletResponse response) { | |
| log.error("Begin Extract credentials"); | |
| final String extractedUserId = "admin"; //request.getParameter("j_username"); | |
| final String extractedPassword = "admin"; // request.getParameter("j_password"); | |
| // Extract UserId and Password from Request and store in SimpleCredentials object | |
| final SimpleCredentials credentials = | |
| new SimpleCredentials(extractedUserId, extractedPassword.toCharArray()); | |
| // Execute any pre-authentication here such as authenticating cookies | |
| // or authentication credentials to third-party systems | |
| boolean preauthenticated = false; // based on pre-authentication success | |
| if (preauthenticated) { | |
| // If preauthenticated and the trustCredentials are applied, the | |
| // credentials.getUser() in the credentials object will be logged in | |
| // regardless of the credentials.getPassword() is valid | |
| // Set Trusted Credentials Attributes; Must match to what is in | |
| // repository.xml or ldap.config (if LDAP is used) | |
| //credentials.setAttribute(trustCredentials, "this value is inconsequential"); | |
| } | |
| // Return a populated AuthenticationInfo object which will be | |
| // authenticated by the registered LoginModules | |
| final AuthenticationInfo info = new AuthenticationInfo( | |
| HttpServletRequest.BASIC_AUTH, credentials.getUserID()); | |
| // Add the credentials obj to the AuthenticationInfo obj | |
| info.put(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS, credentials); | |
| log.error("Exiting Extract credentials"); | |
| return info; | |
| } | |
| @Override | |
| public void dropCredentials(HttpServletRequest request, | |
| HttpServletResponse response) { | |
| // Remove credentials from the request/response | |
| // This generally removed removing/expiring auth Cookies | |
| } | |
| @Override | |
| public boolean requestCredentials(HttpServletRequest request, | |
| HttpServletResponse response) { | |
| log.error("++ Begin Request credentials"); | |
| // Invoked when an anonymous request is made to a resource this | |
| // authentication handler handles (based on OSGi paths properties) | |
| log.error("-- Begin Request credentials"); | |
| // Also invoked after authenticatedFailed if this auth handler is the best match | |
| return true; | |
| } | |
| /** | |
| * AuthenticationFeedbackHandler Methods * | |
| */ | |
| @Override | |
| public void authenticationFailed(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) { | |
| // Executes if authentication by the LoginModule fails | |
| // Executes after extractCredentials(..) returns a credentials object | |
| // that CANNOT be authenticated by the LoginModule | |
| log.error(">>>> Authentication failed"); | |
| request.setAttribute(AuthenticationHandler.REQUEST_LOGIN_PARAMETER, "SAMPLES"); | |
| } | |
| @Override | |
| public boolean authenticationSucceeded(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) { | |
| // Executes if authentication by the LoginModule succeeds | |
| log.error(">>>> Authentication succeeded"); | |
| // Executes after extractCredentials(..) returns a credentials object | |
| // that CAN be authenticated by the LoginModule | |
| // Return true if the handler sent back a response to the client and request processing should terminate. | |
| // Return false if the request should proceed as authenticated through the framework. (This is usually the desired behavior) | |
| return false; | |
| } | |
| /** | |
| * OSGi Component Methods * | |
| */ | |
| @Activate | |
| protected void activate(ComponentContext componentContext) { | |
| Dictionary properties = componentContext.getProperties(); | |
| this.trustCredentials = PropertiesUtil.toString( | |
| properties.get(PROP_TRUST_CREDENTIALS), DEFAULT_TRUST_CREDENTIALS); | |
| } | |
| @Deactivate | |
| protected void deactivate(ComponentContext componentContext) { | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment