Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save auniverseaway/f52b447038105b91abda to your computer and use it in GitHub Desktop.
Save auniverseaway/f52b447038105b91abda to your computer and use it in GitHub Desktop.
package org.millr.slick.auth;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.resource.JcrResourceConstants;
import org.apache.sling.settings.SlingSettingsService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Dictionary;
@Component(label = "Auth0 Sling Authentication Handler",
description = "Sample Sling Authentication Handler",
metatype = true,
immediate = false
)
@Properties({
@Property(label = "Authentication Paths",
description = "JCR Paths which this Authentication Handler will authenticate",
name = AuthenticationHandler.PATH_PROPERTY,
value = {"/content/slick"},
cardinality = Integer.MAX_VALUE),
@Property(label = "Service Ranking",
description = "Service ranking. Higher gives more priority.",
name = "service.ranking",
intValue = 20,
propertyPrivate = false),
@Property(
name = AuthenticationHandler.TYPE_PROPERTY,
value = "SAMPLES",
propertyPrivate = true),
@Property(label = "Vendor",
name = "service.vendor",
value = "ActiveCQ",
propertyPrivate = true)
})
@Service
public class SampleSlingAuthenticationHandler implements AuthenticationHandler, AuthenticationFeedbackHandler {
@SuppressWarnings("unused")
private final Logger log = LoggerFactory.getLogger(this.getClass().getName());
private static final String DEFAULT_TRUST_CREDENTIALS = "TrustedInfo";
private String trustCredentials = DEFAULT_TRUST_CREDENTIALS;
@Property(label = "Trust Credentials",
description = "The Trust Credentials found in repository.xml or ldap.config",
value = DEFAULT_TRUST_CREDENTIALS)
private static final String PROP_TRUST_CREDENTIALS = "prop.trust-credentials";
private SlingRepository repository;
/**
* OSGi Service References *
*/
@Reference
private ResourceResolverFactory resourceResolverFactory;
@Reference
private SlingSettingsService slingSettings;
/** AuthenticationHandler Methods **/
/**
* Extract the credentials contained inside the request, parameter or cookie
*
* @see com .day.cq.auth.impl.AbstractHTTPAuthHandler#authenticate(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse)
*/
@Override
public AuthenticationInfo extractCredentials(HttpServletRequest request,
HttpServletResponse response) {
log.error("Begin Extract credentials");
final String extractedUserId = "admin"; //request.getParameter("j_username");
final String extractedPassword = "admin"; // request.getParameter("j_password");
// Extract UserId and Password from Request and store in SimpleCredentials object
final SimpleCredentials credentials =
new SimpleCredentials(extractedUserId, extractedPassword.toCharArray());
// Execute any pre-authentication here such as authenticating cookies
// or authentication credentials to third-party systems
boolean preauthenticated = false; // based on pre-authentication success
if (preauthenticated) {
// If preauthenticated and the trustCredentials are applied, the
// credentials.getUser() in the credentials object will be logged in
// regardless of the credentials.getPassword() is valid
// Set Trusted Credentials Attributes; Must match to what is in
// repository.xml or ldap.config (if LDAP is used)
//credentials.setAttribute(trustCredentials, "this value is inconsequential");
}
// Return a populated AuthenticationInfo object which will be
// authenticated by the registered LoginModules
final AuthenticationInfo info = new AuthenticationInfo(
HttpServletRequest.BASIC_AUTH, credentials.getUserID());
// Add the credentials obj to the AuthenticationInfo obj
info.put(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS, credentials);
log.error("Exiting Extract credentials");
return info;
}
@Override
public void dropCredentials(HttpServletRequest request,
HttpServletResponse response) {
// Remove credentials from the request/response
// This generally removed removing/expiring auth Cookies
}
@Override
public boolean requestCredentials(HttpServletRequest request,
HttpServletResponse response) {
log.error("++ Begin Request credentials");
// Invoked when an anonymous request is made to a resource this
// authentication handler handles (based on OSGi paths properties)
log.error("-- Begin Request credentials");
// Also invoked after authenticatedFailed if this auth handler is the best match
return true;
}
/**
* AuthenticationFeedbackHandler Methods *
*/
@Override
public void authenticationFailed(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) {
// Executes if authentication by the LoginModule fails
// Executes after extractCredentials(..) returns a credentials object
// that CANNOT be authenticated by the LoginModule
log.error(">>>> Authentication failed");
request.setAttribute(AuthenticationHandler.REQUEST_LOGIN_PARAMETER, "SAMPLES");
}
@Override
public boolean authenticationSucceeded(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) {
// Executes if authentication by the LoginModule succeeds
log.error(">>>> Authentication succeeded");
// Executes after extractCredentials(..) returns a credentials object
// that CAN be authenticated by the LoginModule
// Return true if the handler sent back a response to the client and request processing should terminate.
// Return false if the request should proceed as authenticated through the framework. (This is usually the desired behavior)
return false;
}
/**
* OSGi Component Methods *
*/
@Activate
protected void activate(ComponentContext componentContext) {
Dictionary properties = componentContext.getProperties();
this.trustCredentials = PropertiesUtil.toString(
properties.get(PROP_TRUST_CREDENTIALS), DEFAULT_TRUST_CREDENTIALS);
}
@Deactivate
protected void deactivate(ComponentContext componentContext) {
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment