Changes for page HTTP authentication API NG

Last modified by christoph_lechleitner@iteg_at on 2013-02-02 05.47:41

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Children
- Content
- Comments
- Attachments
- History
- Information

From 2.1 to 3.1 From 8.1 to 9.1

From version 3.1

edited by christoph_lechleitner@iteg_at
on 2012-09-23 03.00:15

Change comment: There is no comment for this version

To version 8.1

edited by christoph_lechleitner@iteg_at
on 2013-02-02 05.17:08

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)
Objects (1 modified, 0 added, 0 removed)
- Confluence.Code.ConfluencePageClass[0]

Details

Page properties

Content

@@ -1,8 +1,8 @@
  == {{id name="HTTPauthenticationAPING-Motivation"/}}Motivation ==
--{{code language="none"}}org.clazzes.login.http{{/code}} is a the HTTP based implementation of [[DomainPasswordLoginService>>confluencePage:page:LOGIN.(HTTP)Login Service NG: DomainPasswordLoginService]].
++{{code language="none"}}org.clazzes.login.http{{/code}} is a the HTTP based implementation of [[DomainPasswordLoginService>>confluencePage:page:OSGI.(HTTP)Login Service NG: DomainPasswordLoginService]].
--While the old [[HTTP authentication request>>confluencePage:page:LOGIN.HTTP authentication requests]] is satisfying for user/password checks, new optional features like group membership queries require new handshakes for the HTTP backend API.
++While the old [[HTTP authentication request>>confluencePage:page:UTIL.HTTP authentication requests]] is satisfying for user/password checks, new optional features like group membership queries require new handshakes for the HTTP backend API.
  This document speficies the next-gen HTTP authentication API.
@@ -57,15 +57,55 @@
  * (% style="color: rgb(0,0,0);" %)a short message for logging (not more than 1024 bytes)
  * (% style="color: rgb(0,0,0);" %)or a list of values separated by '{{code language="none"}},{{/code}}'
  * (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}-{{/code}}' for "empty list"/"no data"
--* (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}–-{{/code}}' for "not supported by backend"
++* (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}--{{/code}}' for "not supported by backend"
  The server may enforce the use of HTTP basic authentication in order to keep offending servers away from dictionary attacks.
++===== {{id name="HTTPauthenticationAPING-JSONvariants"/}}JSON variants =====
++
++A backend may support to return the response in the form of small JSON documents.
++
++To trigger json response, add the parameter {{code language="none"}}json=1{{/code}} to the request, like this:
++
++{{code}}
++POST /my/authentication/service HTTP/1.1
++Host: auth.my.domain
++Content-Type: application/x-www-form-urlencoded
++
++op=<op>&json=1&param1=<value1>&param2=<value2>
++{{/code}}
++
++To explicitly disable JSON response, use {{code language="none"}}json=0{{/code}} instead.
++
++Backends might choose to support only one variant, only with or only without JSON response.
++
++With JSON reponses on, the repsonse is either
++
++(% style="list-style-type: square;" %)
++* (((
++a short info message, like
++
++{{code language="none"}}
++{ "info" : "Some message to use in log files" }
++{{/code}}
++)))
++* (% style="color: rgb(0,0,0);" %)or a list of named values, for examples scroll down to the operation chapters
++* (% style="color: rgb(0,0,0);" %)or a empty list if no data can be found
++* (((
++(% style="color: rgb(0,0,0);" %)or an error message for "not supported by backend" or similar problems, like
++
++{{code language="none"}}
++{ "error" : "Operation not supported by backend for specified domain" }
++{{/code}}
++
++(% style="color: rgb(0,0,0);" %)\\
++)))
++
  == {{id name="HTTPauthenticationAPING-Requiredoperations"/}}Required operations ==
  ==== {{id name="HTTPauthenticationAPING-tryLogin"/}}tryLogin ====
--Request body (new format, preferred):
++====== {{id name="HTTPauthenticationAPING-Requestbody(newformat,preferred)"/}}Request body (new format, preferred) ======
  {{code}}
  op=tryLogin&user=<user>&domain=<domain>&passwd=<passwd>
@@ -74,25 +74,35 @@
  The {{code language="none"}}domain{{/code}} parameter is optional.
--Request body in old format, supported for backward compatibility reasons:
++====== {{id name="HTTPauthenticationAPING-Requestbodyinoldformat,supportedforbackwardcompatibilityreasons"/}}Request body in old format, supported for backward compatibility reasons ======
  {{code}}
  user=<user>&passwd=<passwd>
  {{/code}}
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}Response body(% style="color: rgb(0,0,0);" %) (plain non-JSON variant)(%%) ======
  (% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Non-empty information text, not more (% style="color: rgb(0,0,0);" %)than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
++====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Response body (JSON variant)(%%) ======
++
++(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Successful:
++
++{{code language="none"}}
++{ "user" : "jdoe", "prettyName" : "John Doe", "eMailAddress" : "jdoe@foo.bar" }
++{{/code}}
++
++Not found or problem: See documentation of "searchUser".
++
  ==== {{id name="HTTPauthenticationAPING-getSupportedOperations"/}}getSupportedOperations ====
--Request body (new format, preferred):
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=getSupportedFeatures
  {{/code}}
--Response body:(% style="color: rgb(0,0,0);" %)
++====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}Response body (plain non-JSON variant)(% style="color: rgb(0,0,0);" %) (%%) ======
  (% style="color: rgb(0,0,0);" %)List of suppored operations, separated by '{{code language="none"}},{{/code}}'.
@@ -108,6 +108,12 @@
  getSupportedOperations,tryLogin,changePassword,deactivateUser,getDefaultDomain,getGroups,sendPassword,searchUser
  {{/code}}
++====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
++
++{{code language="none"}}
++[ "getSupportedOperations", "tryLogin" ]
++{{/code}}
++
  == {{id name="HTTPauthenticationAPING-OptionalOperations"/}}(% style="color: rgb(0,0,0);" %)Optional Operations(%%) ==
  ==== {{id name="HTTPauthenticationAPING-changePassword"/}}changePassword ====
@@ -114,7 +114,7 @@
  Changes the password of the user.
--Request body:
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=changePassword&user=<user>&domain=<domain>&oldPassword=<oldPassword>&newPassword=<newPassword>&newPasswordConfirmed=<newPassword>
@@ -125,7 +125,7 @@
  The {{code language="none"}}newPasswordConfirmed{{/code}} parameter is optional and available only to simplify writing web interfaces. If it is specified and does not match {{code language="none"}}newPassword{{/code}}, the password is not changed.
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
@@ -133,7 +133,7 @@
  Deactivates a user, prevents him for logging in again.
--Request body:
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=deactivateUser&user=<user>&domain=<domain>
@@ -141,7 +141,7 @@
  The {{code language="none"}}domain{{/code}} parameter is optional.
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
@@ -149,7 +149,7 @@
  Returns the default domain, if there is any.
--Request body (new format, preferred):
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=getDefaultDomain
@@ -156,15 +156,21 @@
  {{/code}}
--Response body:(% style="color: rgb(0,0,0);" %)
++====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}Response body(% style="color: rgb(0,0,0);" %) (plain non-JSON variant) (%%) ======
  Default authentication domain, or '{{code language="none"}}-{{/code}}' if there is no default domain, or '{{code language="none"}}--{{/code}}' if there is no domain support at all.
++====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
++
++{{code language="none"}}
++[ "SOMEDOMAIN" ]
++{{/code}}
++
  ==== {{id name="HTTPauthenticationAPING-getGroups"/}}getGroups ====
  Returns the groups the user is a member of.
--Request body:
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=getGroups&user=<user>&domain=<domain>
@@ -172,15 +172,26 @@
  The {{code language="none"}}domain{{/code}} parameter is optional.
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Response body (plain non-JSON variant)(%%) ======
--(% style="color: rgb(0,0,0);" %)List of group names, separated by '{{code language="none"}},{{/code}}' or just '{{code language="none"}}-{{/code}}' if the user is not member of any group, or '{{code language="none"}}--{{/code}}' if there is no group support.
++(% style="color: rgb(0,0,0);" %)List of group names, separated by '(% style="color: rgb(0,0,0);" %){{code language="none"}},{{/code}}' or just '(% style="color: rgb(0,0,0);" %){{code language="none"}}-{{/code}}' if the user is not member of any group, or '(% style="color: rgb(0,0,0);" %){{code language="none"}}--{{/code}}' if there is no group support.
++====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
++
++The following example shows a list of 2 groups, one with maximum details, one wiht miniimal details:
++
++{{code language="none"}}
++[
++  { "group" : "users", "prettyName" : "Human users of this system", "domain" : "MYDOMAIN" } ,
++  { "group" : "dialout" }
++]
++{{/code}}
++
  ==== {{id name="HTTPauthenticationAPING-getGroupMembers"/}}getGroupMembers ====
  Returns the users the are a member of the specified group.
--Request body:
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=getGroupMembers&group=<group>&domain=<domain>
@@ -188,15 +188,25 @@
  The {{code language="none"}}domain{{/code}} parameter is optional.
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}(% style="color: rgb(0,0,0);" %)Response body (plain non-JSON variant)(%%) ======
  (% style="color: rgb(0,0,0);" %)List of group names, separated by '{{code language="none"}},{{/code}}' or just '{{code language="none"}}-{{/code}}' if the user is not member of any group, or '{{code language="none"}}--{{/code}}' if there is no group support.
++====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
++
++{{code language="none"}}
++[
++  { "user" : "leonard", "prettyName" : "Leonard Hofstaetter", "eMailAddress" : "lh@tbbt.foo.bar" } ,
++  { "user" : "penny" } ,
++  { "user" : "sheldon" }
++]
++{{/code}}
++
  ==== {{id name="HTTPauthenticationAPING-sendPassword"/}}sendPassword ====
  Generates a new password or send a "new password" link to the user.
--Request body:
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=sendPassword&user=<user>&domain=<domain>
@@ -205,7 +205,7 @@
  The {{code language="none"}}domain{{/code}} parameter is optional.
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
@@ -213,7 +213,7 @@
  Searches a user in the database, sets response code to 200 if the user is there, 404 if the user could not be found.
--Request body:
++====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
  {{code}}
  op=searchUser&user=<user>&domain=<domain>
@@ -221,8 +221,26 @@
  The {{code language="none"}}domain{{/code}} parameter is optional.
--Response body:
++====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
--
++====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
++
++Successful, with response code 200:
++
++{{code language="none"}}
++{ "user" : "jdoe", "prettyName" : "John Doe", "eMailAddress" : "jdoe@foo.bar" }
++{{/code}}
++
++Not found, with response code 404:
++
++{{code language="none"}}
++{ "error" : "user not found" }
++{{/code}}
++
++Problem, with repsonse code 500:
++
++{{code language="none"}}
++{ "error" : "Operation not supported by backend for specified domain" }
++{{/code}}

Confluence.Code.ConfluencePageClass[0]

Id

@@ -1,1 +1,1 @@
--688880
++688902

URL

@@ -1,1 +1,1 @@
--https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688880/HTTP authentication API NG
++https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688902/HTTP authentication API NG

Changes for page HTTP authentication API NG

Summary

Details

Applications

Need help?