Interface AuthenticationSupport

  • @ProviderType
    public interface AuthenticationSupport
    The AuthenticationSupport provides the service API used to implement the HttpContext.handleSecurity method as defined in the OSGi Http Service specification.

    Bundles registering servlets and/or resources with custom HttpContext implementations may implement the handleSecurity method using this service. The handleSecurity(HttpServletRequest, HttpServletResponse) method implemented by this service exactly implements the specification of the HttpContext.handleSecurity method.

    A simple implementation of the HttpContext interface based on this could be (using SCR JavaDoc tags of the Maven SCR Plugin) :

     /** @scr.component */
     public class MyHttpContext implements HttpContext {
         /** @scr.reference */
         private AuthenticationSupport authSupport;
         /** @scr.reference */
         private MimeTypeService mimeTypes;
         public boolean handleSecurity(HttpServletRequest request,
                 HttpServletResponse response) {
             return authSupport.handleSecurity(request, response);
         public URL getResource(String name) {
             return null;
         public String getMimeType(String name) {
             return mimeTypes.getMimeType(name);

    This interface is implemented by this bundle and is not intended to be implemented by client bundles.

    • Field Detail


        static final java.lang.String SERVICE_NAME
        The name under which this service is registered.
        See Also:
        Constant Field Values

        static final java.lang.String REQUEST_ATTRIBUTE_RESOLVER
        The name of the request attribute set by the handleSecurity(HttpServletRequest, HttpServletResponse) method if authentication succeeds and true is returned.

        The request attribute is set to a Sling ResourceResolver attached to the JCR repository using the credentials provided by the request.

        See Also:
        Constant Field Values

        static final java.lang.String REDIRECT_PARAMETER
        The name of the request parameter indicating where to redirect to after successful authentication (and optional impersonation). This parameter is respected if either anonymous authentication or regular authentication succeed.

        If authentication fails, either because the credentials are wrong or because anonymous authentication fails or because anonymous authentication is not allowed for the request, the parameter is ignored and the AuthenticationHandler.requestCredentials(HttpServletRequest, HttpServletResponse) method is called to request authentication.

        See Also:
        Constant Field Values
    • Method Detail

      • handleSecurity

        boolean handleSecurity​(HttpServletRequest request,
                               HttpServletResponse response)
        Handles security on behalf of a custom OSGi Http Service HttpContext instance extracting credentials from the request using any registered AuthenticationHandler services. If the credentials can be extracted and used to log into the JCR repository this method sets the request attributes required by the OSGi Http Service specification plus the REQUEST_ATTRIBUTE_RESOLVER attribute.
        request - The HTTP request to be authenticated
        response - The HTTP response to send any response to in case of problems.
        true if authentication succeeded and the request attributes are set. If false is returned the request is immediately terminated and no request attributes are set.