java.lang.Object
- org.apache.sling.auth.core.AuthConstants

```
public final class AuthConstants
extends java.lang.Object
```
The AuthConstants provides a collection of constants used to configure and customize the Sling authentication infrastructure.
This class can neither be extended from nor can it be instantiated.

Since:

1.1 (bundle version 1.0.8)

Field Summary

Fields
Modifier and Type	Field	Description
`static java.lang.String`	`ATTR_REQUEST_AUTH_URI_SUFFIX`	The name of the request attribute containing the list of request URI suffixes handled by the default authenticator `org.apache.sling.auth.core.impl.SlingAuthenticator`.
`static java.lang.String`	`AUTH_HANDLER_BROWSER_ONLY`	Service Registration property which may be set by an `AuthenticationHandler` service to indicate whether its `AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)` method supports non-browser requests (according to `AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest)` or not.
`static java.lang.String`	`AUTH_INFO_LOGIN`	Marker property in the `AuthenticationInfo` object returned by the `AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)` method indicating a first authentication considered to be a login.
`static java.lang.String`	`AUTH_REQUIREMENTS`	Any OSGi service may provide a `sling.auth.requirements` registration property which is used to dynamically extend the authentication requirements for the `AuthenticationSupport`.
`static java.lang.String`	`PAR_J_VALIDATE`	The name of the request parameter indicating that the submitted username and password should just be checked and a status code be set for success (200/OK) or failure (403/FORBIDDEN).
`static java.lang.String`	`TOPIC_LOGIN`	The topic for the OSGi event which is sent when a user has logged in successfully.
`static java.lang.String`	`TOPIC_LOGIN_FAILED`	The topic for the OSGi event which is sent when a user has failed to login successfully.
`static java.lang.String`	`X_REASON`	The name of the request header set by the `AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse)` method if the provided credentials cannot be used for login.
`static java.lang.String`	`X_REASON_CODE`	The name of the request header set by the `AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse)` method if the provided credentials cannot be used for login.

Method Summary
- Methods inherited from class java.lang.Object
  equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - PAR_J_VALIDATE
```
public static final java.lang.String PAR_J_VALIDATE
```
    The name of the request parameter indicating that the submitted username and password should just be checked and a status code be set for success (200/OK) or failure (403/FORBIDDEN).
    
    See Also:
    
    AuthUtil.isValidateRequest(HttpServletRequest), AuthUtil.sendValid(HttpServletResponse), AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse), Constant Field Values
  - X_REASON
```
public static final java.lang.String X_REASON
```
    The name of the request header set by the AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided credentials cannot be used for login.
    This header may be inspected by clients for a reason why the request failed.
    
    See Also:
    
    AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse), Constant Field Values
  - X_REASON_CODE
```
public static final java.lang.String X_REASON_CODE
```
    The name of the request header set by the AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse) method if the provided credentials cannot be used for login.
    This header may be inspected by clients for a a detailed reason code why the request failed.
    
    See Also:
    
    AuthUtil.sendInvalid(HttpServletRequest, HttpServletResponse), Constant Field Values
  - AUTH_HANDLER_BROWSER_ONLY
```
public static final java.lang.String AUTH_HANDLER_BROWSER_ONLY
```
    Service Registration property which may be set by an AuthenticationHandler service to indicate whether its AuthenticationHandler.requestCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method supports non-browser requests (according to AuthUtil.isBrowserRequest(javax.servlet.http.HttpServletRequest) or not.
    For backwards compatibility with existing AuthenticationHandler services the default assumption in the absence of this property is that all requests are supported.
    If this property is set to true or yes (case-insensitive check) the handler is not called for requests assumed to be sent from non-browser clients. Any other value of this property indicates support for non-browser requests by the handler.
    Note that this property only influences whether the requestCredentials method is called or not. The extractCredentials and dropCredentials are called regardless of this property.
    
    See Also:
    
    Constant Field Values
  - AUTH_INFO_LOGIN
```
public static final java.lang.String AUTH_INFO_LOGIN
```
    Marker property in the AuthenticationInfo object returned by the AuthenticationHandler.extractCredentials(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) method indicating a first authentication considered to be a login.
    By setting this property to any non-null value an AuthenticationHandler indicates, that the TOPIC_LOGIN event should be fired after successfully acquiring the ResourceResolver.
    
    See Also:
    
    Constant Field Values
  - TOPIC_LOGIN
```
public static final java.lang.String TOPIC_LOGIN
```
    The topic for the OSGi event which is sent when a user has logged in successfully. The event contains at least the SlingConstants.PROPERTY_USERID and the AuthenticationInfo.AUTH_TYPE properties.
    
    See Also:
    
    Constant Field Values
  - TOPIC_LOGIN_FAILED
```
public static final java.lang.String TOPIC_LOGIN_FAILED
```
    The topic for the OSGi event which is sent when a user has failed to login successfully. The event contains at least the SlingConstants.PROPERTY_USERID and the AuthenticationInfo.AUTH_TYPE properties.
    
    See Also:
    
    Constant Field Values
  - AUTH_REQUIREMENTS
```
public static final java.lang.String AUTH_REQUIREMENTS
```
    Any OSGi service may provide a sling.auth.requirements registration property which is used to dynamically extend the authentication requirements for the AuthenticationSupport. This may for example be set by AuthenticationHandler implementations providing a login form to ensure access to the login form does not require authentication. The value of this property is a single string, an array of strings or a Collection of strings. Each string can be an absolute path (such as /content) or and absolute URI (such as http://thehost/content). Optionally each entry may be prefixed by a plus (+) or minus (-) sign indicating that authentication is required (plus) or not required (minus).
    
    See Also:
    
    Constant Field Values
  - ATTR_REQUEST_AUTH_URI_SUFFIX
```
public static final java.lang.String ATTR_REQUEST_AUTH_URI_SUFFIX
```
    The name of the request attribute containing the list of request URI suffixes handled by the default authenticator org.apache.sling.auth.core.impl.SlingAuthenticator. The authenticator will populate this attribute so that login JSPs can post j_username and j_password to the correct URI.
    
    Since:
    
    1.3.2 (bundle version 1.4.0)
    
    See Also:
    
    Constant Field Values

Class AuthConstants

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

PAR_J_VALIDATE

X_REASON

X_REASON_CODE

AUTH_HANDLER_BROWSER_ONLY

AUTH_INFO_LOGIN

TOPIC_LOGIN

TOPIC_LOGIN_FAILED

AUTH_REQUIREMENTS

ATTR_REQUEST_AUTH_URI_SUFFIX