jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1747410 - in /jackrabbit/site/live/oak/docs/security/authentication: external/externallogin_examples.html preauthentication.html
Date Wed, 08 Jun 2016 15:45:08 GMT
Author: angela
Date: Wed Jun  8 15:45:08 2016
New Revision: 1747410

URL: http://svn.apache.org/viewvc?rev=1747410&view=rev
Log:
OAK-936: Site checkin for project Oak Documentation-1.6-SNAPSHOT

Modified:
    jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html
    jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html

Modified: jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html?rev=1747410&r1=1747409&r2=1747410&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html
(original)
+++ jackrabbit/site/live/oak/docs/security/authentication/external/externallogin_examples.html
Wed Jun  8 15:45:08 2016
@@ -651,7 +651,7 @@
                      idp.name="your_idp_name";
    };
 </pre></div>
-<p>See <a href="../preauthentication.html">Pre-Authenticated Login</a>
for an example <tt>LoginModule</tt> that illustrates how the pre-authentication
is being pushed to the shared stated.</p>
+<p>See <a href="../preauthentication.html#withloginchain">Pre-Authenticated Login</a>
for an example <tt>LoginModule</tt> that illustrates how the pre-authentication
is being pushed to the shared stated.</p>
 <p><i>Note:</i> This configuration has been slightly adjusted from the
example in <a class="externalLink" href="https://issues.apache.org/jira/browse/OAK-3508">OAK-3508</a>
marking the pre-auth login to be <i>optional</i>. This highlights the fact that
subsequent <tt>LoginModule</tt>s are in charge of respecting the <tt>PreAuthenticatedLogin</tt>
marker and properly populating the <tt>Subject</tt> in the second <i>commit</i>
phase.</p>
 <p>Also, in the example implementation the login never succeeds (in which case <i>sufficient</i>
would actually work as well). However, if it ever succeeded the <tt>PreAuthenticatedLogin</tt>
marker would be meaningless and the pre-auth module in fact would have to populate the <tt>Subject</tt>
i.e. relying on details defined and handled by other <tt>LoginModule</tt>s. </p></div>
 <div class="section">

Modified: jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html?rev=1747410&r1=1747409&r2=1747410&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html (original)
+++ jackrabbit/site/live/oak/docs/security/authentication/preauthentication.html Wed Jun 
8 15:45:08 2016
@@ -512,10 +512,11 @@
 
 <ul>
   
-<li>Pre-Authentication combined with Login Module Chain</li>
+<li><a href="#withloginchain">Pre-Authentication combined with Login Module Chain</a></li>
   
-<li>Pre-Authentication without Repository Involvement</li>
+<li><a href="#withoutrepository">Pre-Authentication without Repository Involvement</a></li>
 </ul>
+<p><a name="withloginchain"></a></p>
 <div class="section">
 <h3>Pre-Authentication combined with Login Module Chain<a name="Pre-Authentication_combined_with_Login_Module_Chain"></a></h3>
 <p>This first variant allows to support 3rd party login modules that wish to provide
the login context with pre authenticated login names, but still want to rely on the rest of
the Oak&#x2019;s login module chain. For example an external SSO login module can extract
the userid from a servlet request and use it to authenticate against the repository. But instead
of re-implementing the user lookup and subject population (and possible external user synchronization)
it just informs any subsequent login modules that the credential validation was already successful.</p>
@@ -572,7 +573,8 @@
         return false;
     }
 }
-</pre></div></div></div></div>
+</pre></div>
+<p><a name="withoutrepository"></a></p></div></div></div>
 <div class="section">
 <h3>Pre-Authentication without Repository Involvement<a name="Pre-Authentication_without_Repository_Involvement"></a></h3>
 <p>Like in Jackrabbit-core the repository internal authentication verification can
be skipped by calling <tt>Repository#login()</tt> or <tt>Repository#login(null,
wspName)</tt>. In this case the repository implementation expects the verification to
be performed prior to the login call.</p>



Mime
View raw message