Package org.apache.sling.auth.core.spi

Interface AuthenticationHandler

All Known Implementing Classes:
AbstractAuthenticationHandler
@ConsumerType public interface AuthenticationHandler
The AuthenticationHandler interface defines the service API used by the authentication implementation to support plugin various ways of extracting credentials from the request.
Important: This interface is deprecated. Use JakartaAuthenticationHandler instead. This interface is not directly marked as deprecated as the inner enum AuthenticationHandler.FAILURE_REASON_CODES is not deprecated! This interface is deprecated since package version 1.3.0.

  • Field Details

  • Method Details

    • extractCredentials

      @Deprecated(since="1.3.0") AuthenticationInfo extractCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Deprecated.
      Use JakartaAuthenticationHandler
      Extracts credential data from the request if at all contained.

      The method returns any of the following values :

      Extracted Information
      value description
      null no user details were contained in the request or the handler is not capable or willing to extract credentials from the request
      AuthenticationInfo.DOING_AUTH the handler is in an ongoing authentication transaction with the client. Request processing should be aborted at this stage.
      AuthenticationInfo.FAIL_AUTH the handler failed extracting the credentials from the request for any reason. An example of this result is that credentials are present in the request but they could not be validated and thus not be used for request processing. When returning this value, the authentication handler may also set the FAILURE_REASON request attribute to inform interested parties (including its own requestCredentials(HttpServletRequest, HttpServletResponse) method for the reasons of failure to extract the credentials.
      AuthenticationInfo object The user sent credentials. The returned object contains the credentials as well as the type of authentication transmission employed.

      The method must not request credential information from the client, if they are not found in the request.

      The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

      Parameters:
      request - The request object containing the information for the authentication.
      response - The response object which may be used to send the information on the request failure to the user.
      Returns:
      A valid AuthenticationInfo instance identifying the request user, AuthenticationInfo.DOING_AUTH if the handler is in an authentication transaction with the client or null if the request does not contain authentication information. In case of AuthenticationInfo.DOING_AUTH, the method must have sent a response indicating that fact to the client.

    • requestCredentials

      @Deprecated(since="1.3.0") boolean requestCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
      Deprecated.
      Use JakartaAuthenticationHandler
      Requests authentication information from the client. Returns true if the information has been requested and request processing can be terminated normally. Otherwise the authorization information could not be requested.

      The HttpServletResponse.sendError methods should not be used by the implementation because these responses might be post-processed by the servlet container's error handling infrastructure thus preventing the correct operation of the authentication handler. To convey a HTTP response status the HttpServletResponse.setStatus method should be used.

      The value of PATH_PROPERTY service registration property value triggering this call is available as the path request attribute. If the service is registered with multiple path values, the value of the path request attribute may be used to implement specific handling.

      If the REQUEST_LOGIN_PARAMETER request parameter is set only those authentication handlers registered with an authentication type matching the parameter will be considered for requesting credentials through this method.

      A handler not registered with an authentication type will, for backwards compatibility reasons, always be called ignoring the actual value of the REQUEST_LOGIN_PARAMETER parameter.

      Parameters:
      request - The request object.
      response - The response object to which to send the request.
      Returns:
      true if the handler is able to send an authentication inquiry for the given request. false otherwise.
      Throws:
      IOException - If an error occurs sending the authentication inquiry to the client.

    • dropCredentials

      @Deprecated(since="1.3.0") void dropCredentials(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException
      Deprecated.
      Use JakartaAuthenticationHandler
      Drops any credential and authentication details from the request and asks the client to do the same.
      Parameters:
      request - The request object.
      response - The response object to which to send the request.
      Throws:
      IOException - If an error occurs asking the client to drop any authentication traces.