Class ConfigurableSpnegoAuthenticator
- java.lang.Object
-
- org.eclipse.jetty.security.authentication.LoginAuthenticator
-
- org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator
-
- All Implemented Interfaces:
Authenticator
public class ConfigurableSpnegoAuthenticator extends LoginAuthenticator
A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.
A successful authentication from a client is cached for a configurable
durationusing the HTTP session; this avoids that the client is asked to authenticate for every request.- See Also:
ConfigurableSpnegoLoginService
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static classConfigurableSpnegoAuthenticator.UserIdentityHolder-
Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
Authenticator.AuthConfiguration, Authenticator.Factory
-
-
Field Summary
Fields Modifier and Type Field Description private java.time.Duration_authenticationDurationprivate java.lang.String_authMethodprivate static LoggerLOG-
Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
_identityService, _loginService
-
-
Constructor Summary
Constructors Constructor Description ConfigurableSpnegoAuthenticator()ConfigurableSpnegoAuthenticator(java.lang.String authMethod)Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.time.DurationgetAuthenticationDuration()java.lang.StringgetAuthMethod()private java.lang.StringgetSpnegoToken(java.lang.String header)UserIdentitylogin(java.lang.String username, java.lang.Object password, javax.servlet.ServletRequest servletRequest)Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.booleansecureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)is response secureprivate voidsendChallenge(javax.servlet.http.HttpServletResponse response, java.lang.String token)voidsetAuthenticationDuration(java.time.Duration authenticationDuration)Sets the duration of the authentication.private voidsetSpnegoToken(javax.servlet.http.HttpServletResponse response, java.lang.String token)AuthenticationvalidateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory)Validate a request-
Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, logout, prepareRequest, renewSession, setConfiguration
-
-
-
-
Field Detail
-
LOG
private static final Logger LOG
-
_authMethod
private final java.lang.String _authMethod
-
_authenticationDuration
private java.time.Duration _authenticationDuration
-
-
Constructor Detail
-
ConfigurableSpnegoAuthenticator
public ConfigurableSpnegoAuthenticator()
-
ConfigurableSpnegoAuthenticator
public ConfigurableSpnegoAuthenticator(java.lang.String authMethod)
Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate- Parameters:
authMethod- the auth method
-
-
Method Detail
-
getAuthMethod
public java.lang.String getAuthMethod()
- Returns:
- The name of the authentication method
-
getAuthenticationDuration
public java.time.Duration getAuthenticationDuration()
- Returns:
- the authentication duration
-
setAuthenticationDuration
public void setAuthenticationDuration(java.time.Duration authenticationDuration)
Sets the duration of the authentication.
A negative duration means that the authentication is only valid for the current request.
A zero duration means that the authentication is valid forever.
A positive value means that the authentication is valid for the specified duration.
- Parameters:
authenticationDuration- the authentication duration
-
login
public UserIdentity login(java.lang.String username, java.lang.Object password, javax.servlet.ServletRequest servletRequest)
Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.- Overrides:
loginin classLoginAuthenticator- Parameters:
username- the username of the client to be authenticatedpassword- the user's credentialservletRequest- the inbound request that needs authentication
-
validateRequest
public Authentication validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException
Description copied from interface:AuthenticatorValidate a request- Parameters:
req- The requestres- The responsemandatory- True if authentication is mandatory.- Returns:
- An Authentication. If Authentication is successful, this will be a
Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implementAuthentication.ResponseSent. If Authentication is not mandatory, then aAuthentication.Deferredmay be returned. - Throws:
ServerAuthException- if unable to validate request
-
sendChallenge
private void sendChallenge(javax.servlet.http.HttpServletResponse response, java.lang.String token) throws ServerAuthException- Throws:
ServerAuthException
-
setSpnegoToken
private void setSpnegoToken(javax.servlet.http.HttpServletResponse response, java.lang.String token)
-
getSpnegoToken
private java.lang.String getSpnegoToken(java.lang.String header)
-
secureResponse
public boolean secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)Description copied from interface:Authenticatoris response secure- Parameters:
request- the requestresponse- the responsemandatory- if security is mandatorvalidatedUser- the user that was validated- Returns:
- true if response is secure
-
-