Changes for page HTTP authentication API NG

Last modified by christoph_lechleitner@iteg_at on 2013-02-02 05.47:41

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Children
- Content
- Comments
- Attachments
- History
- Information

From 2.1 to 3.1

From version 1.1

edited by christoph_lechleitner@iteg_at
on 2012-09-21 11.47:16

Change comment: There is no comment for this version

To version 2.1

edited by christoph_lechleitner@iteg_at
on 2012-09-21 12.40:24

Change comment: Completed operation list

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)
Objects (1 modified, 0 added, 0 removed)
- Confluence.Code.ConfluencePageClass[0]

Details

Page properties

Content

@@ -1,4 +1,4 @@
--=== {{id name="HTTPauthenticationAPING-Motivation"/}}Motivation ===
++== {{id name="HTTPauthenticationAPING-Motivation"/}}Motivation ==
  {{code language="none"}}org.clazzes.login.http{{/code}} is a the HTTP based implementation of [[DomainPasswordLoginService>>confluencePage:page:LOGIN.(HTTP)Login Service NG: DomainPasswordLoginService]].
@@ -6,8 +6,14 @@
  This document speficies the next-gen HTTP authentication API.
--=== {{id name="HTTPauthenticationAPING-BasicRequestpattern"/}}Basic Request pattern ===
++== {{id name="HTTPauthenticationAPING-Contents"/}}Contents ==
++{{toc depth="4" start="2"/}}
++
++== {{id name="HTTPauthenticationAPING-BasicHandshakePattern"/}}Basic Handshake Pattern ==
++
++==== {{id name="HTTPauthenticationAPING-BasicRequestPattern"/}}Basic Request Pattern ====
++
  A request to an authentication URL is a HTTPS POST request like this:
  {{code}}
@@ -15,17 +15,17 @@
  Host: auth.my.domain
  Content-Type: application/x-www-form-urlencoded
--[op=<op>&]param1=<value1>&param2=<value2>
++op=<op>&param1=<value1>&param2=<value2>
  {{/code}}
  {{code language="none"}}<op>{{/code}} is the operation requested, usually the name of the method in [[DomainPasswordLoginService.java>>url:https://svn.clazzes.org/svn/util/trunk/clazzes-util/src/main/java/org/clazzes/util/sec/DomainPasswordLoginService.java||shape="rect"]].
--To provide backwards compatibility, the op parameter is optional and defaults to {{code language="none"}}tryLogin{{/code}}.
++To provide backwards compatibility, the {{code language="none"}}op{{/code}} parameter is optional and defaults to {{code language="none"}}tryLogin{{/code}}.
--See below for examples.
++See below for detailed examples.
--=== {{id name="HTTPauthenticationAPING-BasicResponsepattern"/}}Basic Response pattern ===
++==== {{id name="HTTPauthenticationAPING-BasicResponsepattern"/}}Basic Response pattern ====
  Every respond to an authentication request is answered with a HTTP response with
@@ -39,23 +39,35 @@
  {{code}}
 OK - login is ok, or other operation was completed successfully
 Forbidden - the login is invalid or the operation is not permitted
++404 Not found - if a user could not be found during a search operation
  Not Acceptable - too many unsuccessful authentications, or other reason to suspect a brute force attack
  {{/code}}
--(% style="color: rgb(0,0,0);" %)The response body must not be empty, it's content is specified differently for each operation.
++(% style="color: rgb(0,0,0);" %)The response body must not be empty and must be UTF-8 encoded, it's content is specified differently for each operation.
--(% style="color: rgb(0,0,0);" %) (%%)The server may enforce the use of HTTP basic authentication in order to keep offending servers away from dictionary attacks.
++(% style="color: rgb(0,0,0);" %)For most operations the reponse is either
--=== {{id name="HTTPauthenticationAPING-Authenticationoperation:tryLogin"/}}Authentication operation: tryLogin ===
++* (% style="color: rgb(0,0,0);" %)a short message for logging (not more than 1024 bytes)
++* (% style="color: rgb(0,0,0);" %)or a list of values separated by '{{code language="none"}},{{/code}}'
++* (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}-{{/code}}' for "empty list"/"no data"
++* (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}–-{{/code}}' for "not supported by backend"
++The server may enforce the use of HTTP basic authentication in order to keep offending servers away from dictionary attacks.
++
++== {{id name="HTTPauthenticationAPING-Requiredoperations"/}}Required operations ==
++
++==== {{id name="HTTPauthenticationAPING-tryLogin"/}}tryLogin ====
++
  Request body (new format, preferred):
  {{code}}
--op=tryLogin&user=<user>&passwd=<passwd>
++op=tryLogin&user=<user>&domain=<domain>&passwd=<passwd>
  {{/code}}
++The {{code language="none"}}domain{{/code}} parameter is optional.
++
  Request body in old format, supported for backward compatibility reasons:
  {{code}}
@@ -64,8 +64,131 @@
  Response body:
--(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Non-empty information text encoded in UTF-8, not more (% style="color: rgb(0,0,0);" %)than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
++(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Non-empty information text, not more (% style="color: rgb(0,0,0);" %)than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
--=== {{id name="HTTPauthenticationAPING-Furtheroperations:TBD"/}}(% style="color: rgb(0,0,0);" %)Further operations: TBD(%%) ===
++==== {{id name="HTTPauthenticationAPING-getSupportedOperations"/}}getSupportedOperations ====
--(% style="color: rgb(0,0,0);" %)\\
++Request body (new format, preferred):
++
++{{code}}
++op=getSupportedFeatures
++{{/code}}
++
++Response body:(% style="color: rgb(0,0,0);" %)
++
++(% style="color: rgb(0,0,0);" %)List of suppored operations, separated by '{{code language="none"}},{{/code}}'.
++
++(% style="color: rgb(0,0,0);" %)Example showing minimal feature set:
++
++{{code language="none"}}
++getSupportedOperations,tryLogin
++{{/code}}
++
++(% style="color: rgb(0,0,0);" %)Example specifying maximum feature set:
++
++{{code language="none"}}
++getSupportedOperations,tryLogin,changePassword,deactivateUser,getDefaultDomain,getGroups,sendPassword,searchUser
++{{/code}}
++
++== {{id name="HTTPauthenticationAPING-OptionalOperations"/}}(% style="color: rgb(0,0,0);" %)Optional Operations(%%) ==
++
++==== {{id name="HTTPauthenticationAPING-changePassword"/}}changePassword ====
++
++Changes the password of the user.
++
++Request body:
++
++{{code}}
++op=changePassword&user=<user>&domain=<domain>&oldPassword=<oldPassword>&newPassword=<newPassword>&newPasswordConfirmed=<newPassword>
++
++{{/code}}
++
++The {{code language="none"}}domain{{/code}} parameter is optional.
++
++The {{code language="none"}}newPasswordConfirmed{{/code}} parameter is optional and available only to simplify writing web interfaces. If it is specified and does not match {{code language="none"}}newPassword{{/code}}, the password is not changed.
++
++Response body:
++
++(% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
++
++==== {{id name="HTTPauthenticationAPING-deactivateUser"/}}deactivateUser ====
++
++Deactivates a user, prevents him for logging in again.
++
++Request body:
++
++{{code}}
++op=deactivateUser&user=<user>&domain=<domain>
++{{/code}}
++
++The {{code language="none"}}domain{{/code}} parameter is optional.
++
++Response body:
++
++(% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
++
++==== {{id name="HTTPauthenticationAPING-getDefaultDomain"/}}getDefaultDomain ====
++
++Returns the default domain, if there is any.
++
++Request body (new format, preferred):
++
++{{code}}
++op=getDefaultDomain
++
++{{/code}}
++
++Response body:(% style="color: rgb(0,0,0);" %)
++
++Default authentication domain, or '{{code language="none"}}-{{/code}}' if there is no default domain, or '{{code language="none"}}--{{/code}}' if there is no domain support at all.
++
++==== {{id name="HTTPauthenticationAPING-getGroups"/}}getGroups ====
++
++Returns the groups the user is a member of.
++
++Request body:
++
++{{code}}
++op=searchUser&user=<user>&domain=<domain>
++{{/code}}
++
++The {{code language="none"}}domain{{/code}} parameter is optional.
++
++Response body:
++
++(% style="color: rgb(0,0,0);" %)List of group names, separated by '{{code language="none"}},{{/code}}' or just '{{code language="none"}}-{{/code}}' if the user is not member of any group, or '{{code language="none"}}--{{/code}}' if there is no group support.
++
++==== {{id name="HTTPauthenticationAPING-sendPassword"/}}sendPassword ====
++
++Generates a new password or send a "new password" link to the user.
++
++Request body:
++
++{{code}}
++op=sendPassword&user=<user>&domain=<domain>
++
++{{/code}}
++
++The {{code language="none"}}domain{{/code}} parameter is optional.
++
++Response body:
++
++(% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
++
++==== {{id name="HTTPauthenticationAPING-searchUser"/}}searchUser ====
++
++Searches a user in the database, sets response code to 200 if the user is there, 404 if the user could not be found.
++
++Request body:
++
++{{code}}
++op=searchUser&user=<user>&domain=<domain>
++{{/code}}
++
++The {{code language="none"}}domain{{/code}} parameter is optional.
++
++Response body:
++
++(% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
++
++

Confluence.Code.ConfluencePageClass[0]

Id

@@ -1,1 +1,1 @@
--688674
++688675

URL

@@ -1,1 +1,1 @@
--https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688674/HTTP authentication API NG
++https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688675/HTTP authentication API NG

Changes for page HTTP authentication API NG

Summary

Details

Applications

Need help?