Skip to Content
Last modified by christoph_lechleitner@iteg_at on 2013-02-02 05.47:41
From version 9.1
edited by christoph_lechleitner@iteg_at
on 2013-02-02 05.17:43
Change comment: There is no comment for this version
To version 2.1
edited by christoph_lechleitner@iteg_at
on 2012-09-21 12.40:24
Change comment: Completed operation list

Summary

Details

Page properties
Content
... ... @@ -1,8 +1,8 @@
1 1  == {{id name="HTTPauthenticationAPING-Motivation"/}}Motivation ==
2 2  
3 -{{code language="none"}}org.clazzes.login.http{{/code}} is a the HTTP based implementation of [[DomainPasswordLoginService>>confluencePage:page:OSGI.(HTTP)Login Service NG: DomainPasswordLoginService]].
3 +{{code language="none"}}org.clazzes.login.http{{/code}} is a the HTTP based implementation of [[DomainPasswordLoginService>>confluencePage:page:LOGIN.(HTTP)Login Service NG: DomainPasswordLoginService]].
4 4  
5 -While the old [[HTTP authentication request>>confluencePage:page:UTIL.HTTP authentication requests towardshttp-util's HttpLoginService]] is satisfying for user/password checks, new optional features like group membership queries require new handshakes for the HTTP backend API.
5 +While the old [[HTTP authentication request>>confluencePage:page:LOGIN.HTTP authentication requests]] is satisfying for user/password checks, new optional features like group membership queries require new handshakes for the HTTP backend API.
6 6  
7 7  This document speficies the next-gen HTTP authentication API.
8 8  
... ... @@ -57,55 +57,15 @@
57 57  * (% style="color: rgb(0,0,0);" %)a short message for logging (not more than 1024 bytes)
58 58  * (% style="color: rgb(0,0,0);" %)or a list of values separated by '{{code language="none"}},{{/code}}'
59 59  * (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}-{{/code}}' for "empty list"/"no data"
60 -* (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}--{{/code}}' for "not supported by backend"
60 +* (% style="color: rgb(0,0,0);" %)or '{{code language="none"}}-{{/code}}' for "not supported by backend"
61 61  
62 62  The server may enforce the use of HTTP basic authentication in order to keep offending servers away from dictionary attacks.
63 63  
64 -===== {{id name="HTTPauthenticationAPING-JSONvariants"/}}JSON variants =====
65 -
66 -A backend may support to return the response in the form of small JSON documents.
67 -
68 -To trigger json response, add the parameter {{code language="none"}}json=1{{/code}} to the request, like this:
69 -
70 -{{code}}
71 -POST /my/authentication/service HTTP/1.1
72 -Host: auth.my.domain
73 -Content-Type: application/x-www-form-urlencoded
74 -
75 -op=<op>&json=1&param1=<value1>&param2=<value2>
76 -{{/code}}
77 -
78 -To explicitly disable JSON response, use {{code language="none"}}json=0{{/code}} instead.
79 -
80 -Backends might choose to support only one variant, only with or only without JSON response.
81 -
82 -With JSON reponses on, the repsonse is either
83 -
84 -(% style="list-style-type: square;" %)
85 -* (((
86 -a short info message, like
87 -
88 -{{code language="none"}}
89 -{ "info" : "Some message to use in log files" }
90 -{{/code}}
91 -)))
92 -* (% style="color: rgb(0,0,0);" %)or a list of named values, for examples scroll down to the operation chapters
93 -* (% style="color: rgb(0,0,0);" %)or a empty list if no data can be found
94 -* (((
95 -(% style="color: rgb(0,0,0);" %)or an error message for "not supported by backend" or similar problems, like
96 -
97 -{{code language="none"}}
98 -{ "error" : "Operation not supported by backend for specified domain" }
99 -{{/code}}
100 -
101 -(% style="color: rgb(0,0,0);" %)\\
102 -)))
103 -
104 104  == {{id name="HTTPauthenticationAPING-Requiredoperations"/}}Required operations ==
105 105  
106 106  ==== {{id name="HTTPauthenticationAPING-tryLogin"/}}tryLogin ====
107 107  
108 -====== {{id name="HTTPauthenticationAPING-Requestbody(newformat,preferred)"/}}Request body (new format, preferred) ======
68 +Request body (new format, preferred):
109 109  
110 110  {{code}}
111 111  op=tryLogin&user=<user>&domain=<domain>&passwd=<passwd>
... ... @@ -114,35 +114,25 @@
114 114  
115 115  The {{code language="none"}}domain{{/code}} parameter is optional.
116 116  
117 -====== {{id name="HTTPauthenticationAPING-Requestbodyinoldformat,supportedforbackwardcompatibilityreasons"/}}Request body in old format, supported for backward compatibility reasons ======
77 +Request body in old format, supported for backward compatibility reasons:
118 118  
119 119  {{code}}
120 120  user=<user>&passwd=<passwd>
121 121  {{/code}}
122 122  
123 -====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}Response body(% style="color: rgb(0,0,0);" %) (plain non-JSON variant)(%%) ======
83 +Response body:
124 124  
125 125  (% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Non-empty information text, not more (% style="color: rgb(0,0,0);" %)than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
126 126  
127 -====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Response body (JSON variant)(%%) ======
128 -
129 -(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Successful:
130 -
131 -{{code language="none"}}
132 -{ "user" : "jdoe", "prettyName" : "John Doe", "eMailAddress" : "jdoe@foo.bar" }
133 -{{/code}}
134 -
135 -Not found or problem: See documentation of "searchUser".
136 -
137 137  ==== {{id name="HTTPauthenticationAPING-getSupportedOperations"/}}getSupportedOperations ====
138 138  
139 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
89 +Request body (new format, preferred):
140 140  
141 141  {{code}}
142 142  op=getSupportedFeatures
143 143  {{/code}}
144 144  
145 -====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}Response body (plain non-JSON variant)(% style="color: rgb(0,0,0);" %) (%%) ======
95 +Response body:(% style="color: rgb(0,0,0);" %)
146 146  
147 147  (% style="color: rgb(0,0,0);" %)List of suppored operations, separated by '{{code language="none"}},{{/code}}'.
148 148  
... ... @@ -158,12 +158,6 @@
158 158  getSupportedOperations,tryLogin,changePassword,deactivateUser,getDefaultDomain,getGroups,sendPassword,searchUser
159 159  {{/code}}
160 160  
161 -====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
162 -
163 -{{code language="none"}}
164 -[ "getSupportedOperations", "tryLogin" ]
165 -{{/code}}
166 -
167 167  == {{id name="HTTPauthenticationAPING-OptionalOperations"/}}(% style="color: rgb(0,0,0);" %)Optional Operations(%%) ==
168 168  
169 169  ==== {{id name="HTTPauthenticationAPING-changePassword"/}}changePassword ====
... ... @@ -170,7 +170,7 @@
170 170  
171 171  Changes the password of the user.
172 172  
173 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
117 +Request body:
174 174  
175 175  {{code}}
176 176  op=changePassword&user=<user>&domain=<domain>&oldPassword=<oldPassword>&newPassword=<newPassword>&newPasswordConfirmed=<newPassword>
... ... @@ -181,7 +181,7 @@
181 181  
182 182  The {{code language="none"}}newPasswordConfirmed{{/code}} parameter is optional and available only to simplify writing web interfaces. If it is specified and does not match {{code language="none"}}newPassword{{/code}}, the password is not changed.
183 183  
184 -====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
128 +Response body:
185 185  
186 186  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
187 187  
... ... @@ -189,7 +189,7 @@
189 189  
190 190  Deactivates a user, prevents him for logging in again.
191 191  
192 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
136 +Request body:
193 193  
194 194  {{code}}
195 195  op=deactivateUser&user=<user>&domain=<domain>
... ... @@ -197,7 +197,7 @@
197 197  
198 198  The {{code language="none"}}domain{{/code}} parameter is optional.
199 199  
200 -====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
144 +Response body:
201 201  
202 202  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
203 203  
... ... @@ -205,7 +205,7 @@
205 205  
206 206  Returns the default domain, if there is any.
207 207  
208 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
152 +Request body (new format, preferred):
209 209  
210 210  {{code}}
211 211  op=getDefaultDomain
... ... @@ -212,74 +212,31 @@
212 212  
213 213  {{/code}}
214 214  
215 -====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}Response body(% style="color: rgb(0,0,0);" %) (plain non-JSON variant) (%%) ======
159 +Response body:(% style="color: rgb(0,0,0);" %)
216 216  
217 217  Default authentication domain, or '{{code language="none"}}-{{/code}}' if there is no default domain, or '{{code language="none"}}--{{/code}}' if there is no domain support at all.
218 218  
219 -====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
220 -
221 -{{code language="none"}}
222 -[ "SOMEDOMAIN" ]
223 -{{/code}}
224 -
225 225  ==== {{id name="HTTPauthenticationAPING-getGroups"/}}getGroups ====
226 226  
227 227  Returns the groups the user is a member of.
228 228  
229 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
167 +Request body:
230 230  
231 231  {{code}}
232 -op=getGroups&user=<user>&domain=<domain>
170 +op=searchUser&user=<user>&domain=<domain>
233 233  {{/code}}
234 234  
235 235  The {{code language="none"}}domain{{/code}} parameter is optional.
236 236  
237 -====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}(% style="color: rgb(0, 0, 0); color: rgb(0, 0, 0)" %)Response body (plain non-JSON variant)(%%) ======
175 +Response body:
238 238  
239 -(% style="color: rgb(0,0,0);" %)List of group names, separated by '(% style="color: rgb(0,0,0);" %){{code language="none"}},{{/code}}' or just '(% style="color: rgb(0,0,0);" %){{code language="none"}}-{{/code}}' if the user is not member of any group, or '(% style="color: rgb(0,0,0);" %){{code language="none"}}--{{/code}}' if there is no group support.
240 -
241 -====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
242 -
243 -The following example shows a list of 2 groups, one with maximum details, one wiht miniimal details:
244 -
245 -{{code language="none"}}
246 -[ 
247 - { "group" : "users", "prettyName" : "Human users of this system", "domain" : "MYDOMAIN" } ,
248 - { "group" : "dialout" }
249 -]
250 -{{/code}}
251 -
252 -==== {{id name="HTTPauthenticationAPING-getGroupMembers"/}}getGroupMembers ====
253 -
254 -Returns the users the are a member of the specified group.
255 -
256 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
257 -
258 -{{code}}
259 -op=getGroupMembers&group=<group>&domain=<domain>
260 -{{/code}}
261 -
262 -The {{code language="none"}}domain{{/code}} parameter is optional.
263 -
264 -====== {{id name="HTTPauthenticationAPING-Responsebody(plainnon-JSONvariant)"/}}(% style="color: rgb(0,0,0);" %)Response body (plain non-JSON variant)(%%) ======
265 -
266 266  (% style="color: rgb(0,0,0);" %)List of group names, separated by '{{code language="none"}},{{/code}}' or just '{{code language="none"}}-{{/code}}' if the user is not member of any group, or '{{code language="none"}}--{{/code}}' if there is no group support.
267 267  
268 -====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
269 -
270 -{{code language="none"}}
271 -[
272 - { "user" : "leonard", "prettyName" : "Leonard Hofstaetter", "eMailAddress" : "lh@tbbt.foo.bar" } ,
273 - { "user" : "penny" } ,
274 - { "user" : "sheldon" }
275 -]
276 -{{/code}}
277 -
278 278  ==== {{id name="HTTPauthenticationAPING-sendPassword"/}}sendPassword ====
279 279  
280 280  Generates a new password or send a "new password" link to the user.
281 281  
282 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
183 +Request body:
283 283  
284 284  {{code}}
285 285  op=sendPassword&user=<user>&domain=<domain>
... ... @@ -288,7 +288,7 @@
288 288  
289 289  The {{code language="none"}}domain{{/code}} parameter is optional.
290 290  
291 -====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
192 +Response body:
292 292  
293 293  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
294 294  
... ... @@ -296,7 +296,7 @@
296 296  
297 297  Searches a user in the database, sets response code to 200 if the user is there, 404 if the user could not be found.
298 298  
299 -====== {{id name="HTTPauthenticationAPING-Requestbody"/}}Request body ======
200 +Request body:
300 300  
301 301  {{code}}
302 302  op=searchUser&user=<user>&domain=<domain>
... ... @@ -304,26 +304,8 @@
304 304  
305 305  The {{code language="none"}}domain{{/code}} parameter is optional.
306 306  
307 -====== {{id name="HTTPauthenticationAPING-Responsebody"/}}Response body ======
208 +Response body:
308 308  
309 309  (% style="color: rgb(0,0,0);" %)Non-empty information text, not more than 1024 bytes. The message may go into logfiles and should not be displayed to the user.
310 310  
311 -====== {{id name="HTTPauthenticationAPING-Responsebody(JSONvariant)"/}}Response body (JSON variant) ======
312 -
313 -Successful, with response code 200:
314 -
315 -{{code language="none"}}
316 -{ "user" : "jdoe", "prettyName" : "John Doe", "eMailAddress" : "jdoe@foo.bar" }
317 -{{/code}}
318 -
319 -Not found, with response code 404:
320 -
321 -{{code language="none"}}
322 -{ "error" : "user not found" }
323 -{{/code}}
324 -
325 -Problem, with repsonse code 500:
326 -
327 -{{code language="none"}}
328 -{ "error" : "Operation not supported by backend for specified domain" }
329 -{{/code}}
212 +
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688937
1 +688675
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688937/HTTP authentication API NG
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688675/HTTP authentication API NG