AuthConstants.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sling.auth.core;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * The <code>AuthConstants</code> provides a collection of constants used to
 * configure and customize the Sling authentication infrastructure.
 * <p>
 * This class can neither be extended from nor can it be instantiated.
 *
 * @since 1.1 (bundle version 1.0.8)
 */
public final class AuthConstants {

    /**
     * The name of the request parameter indicating that the submitted username
     * and password should just be checked and a status code be set for success
     * (200/OK) or failure (403/FORBIDDEN).
     *
     * @see AuthUtil#isValidateRequest(HttpServletRequest)
     * @see AuthUtil#sendValid(HttpServletResponse)
     * @see AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)
     */
    public static final String PAR_J_VALIDATE = "j_validate";

    /**
     * The name of the request header set by the
     * {@link AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)} method if the provided
     * credentials cannot be used for login.
     * <p>
     * This header may be inspected by clients for a reason why the request
     * failed.
     *
     * @see AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)
     */
    public static final String X_REASON = "X-Reason";

    /**
     * The name of the request header set by the
     * {@link AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)} method if the provided
     * credentials cannot be used for login.
     * <p>
     * This header may be inspected by clients for a a detailed reason code why the request
     * failed.
     *
     * @see AuthUtil#sendInvalid(HttpServletRequest, HttpServletResponse)
     */
    public static final String X_REASON_CODE = "X-Reason-Code";

    /**
     * Service Registration property which may be set by an
     * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} service to
     * indicate whether its
     * {@link org.apache.sling.auth.core.spi.AuthenticationHandler#requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
     * method supports non-browser requests (according to
     * {@link AuthUtil#isBrowserRequest(javax.servlet.http.HttpServletRequest)}
     * or not.
     * <p>
     * For backwards compatibility with existing
     * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} services the
     * default assumption in the absence of this property is that all requests
     * are supported.
     * <p>
     * If this property is set to <code>true</code> or <code>yes</code>
     * (case-insensitive check) the handler is not called for requests assumed
     * to be sent from non-browser clients. Any other value of this property
     * indicates support for non-browser requests by the handler.
     * <p>
     * Note that this property only influences whether the
     * <code>requestCredentials</code> method is called or not. The
     * <code>extractCredentials</code> and <code>dropCredentials</code> are
     * called regardless of this property.
     */
    public static final String AUTH_HANDLER_BROWSER_ONLY = "sling.auth.browser-only";

    /**
     * Marker property in the
     * {@link org.apache.sling.auth.core.spi.AuthenticationInfo} object returned
     * by the
     * {@link org.apache.sling.auth.core.spi.AuthenticationHandler#extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)}
     * method indicating a first authentication considered to be a login.
     * <p>
     * By setting this property to any non-<code>null</code> value an
     * {@link org.apache.sling.auth.core.spi.AuthenticationHandler} indicates,
     * that the {@link #TOPIC_LOGIN} event should be fired after successfully
     * acquiring the <code>ResourceResolver</code>.
     */
    public static final String AUTH_INFO_LOGIN = "$$auth.info.login$$";

    /**
     * The topic for the OSGi event which is sent when a user has logged in successfully.
     * The event contains at least the {@link org.apache.sling.api.SlingConstants#PROPERTY_USERID}
     * and the {@link org.apache.sling.auth.core.spi.AuthenticationInfo#AUTH_TYPE}
     * properties.
     */
    public static final String TOPIC_LOGIN = "org/apache/sling/auth/core/Authenticator/LOGIN";

    /**
     * Any OSGi service may provide a {@code sling.auth.requirements} registration property which is used
     * to dynamically extend the authentication requirements for the {@code AuthenticationSupport}.
     * This may for example be set by AuthenticationHandler implementations providing
     * a login form to ensure access to the login form does not require authentication. The value
     * of this property is a single string, an array of strings or a Collection of strings.
     * Each string can be an absolute path (such as /content) or and absolute URI (such as
     * http://thehost/content). Optionally each entry may be prefixed by a plus (+) or minus (-) sign
     * indicating that authentication is required (plus) or not required (minus).
     */
    public static final String AUTH_REQUIREMENTS = "sling.auth.requirements";

    private AuthConstants() {
    }

}