Package org.eclipse.jetty.security.authentication

Class ConfigurableSpnegoAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator

All Implemented Interfaces:

Authenticator

public class ConfigurableSpnegoAuthenticator
extends LoginAuthenticator

A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

See Also:

• ConfigurableSpnegoLoginService

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_identityService, _loginService

Constructor Summary

Constructors

Constructor	Description
ConfigurableSpnegoAuthenticator()
ConfigurableSpnegoAuthenticator(String authMethod)	Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate

Method Summary

Modifier and Type	Method	Description
Duration	getAuthenticationDuration()
String	getAuthMethod()
UserIdentity	login(String username, Object password, javax.servlet.ServletRequest servletRequest)	Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
boolean	secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)	is response secure
void	setAuthenticationDuration(Duration authenticationDuration)	Sets the duration of the authentication.
Authentication	validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory)	Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, logout, prepareRequest, renewSession, setConfiguration

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ConfigurableSpnegoAuthenticator

public ConfigurableSpnegoAuthenticator()

ConfigurableSpnegoAuthenticator

public ConfigurableSpnegoAuthenticator(String authMethod)

Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate

Parameters:

authMethod - the auth method

Method Details

getAuthMethod

public String getAuthMethod()

Returns:

The name of the authentication method

getAuthenticationDuration

public Duration getAuthenticationDuration()

Returns:

the authentication duration

setAuthenticationDuration

public void setAuthenticationDuration(Duration authenticationDuration)

Sets the duration of the authentication.

A negative duration means that the authentication is only valid for the current request.

A zero duration means that the authentication is valid forever.

A positive value means that the authentication is valid for the specified duration.

Parameters:

authenticationDuration - the authentication duration

login

public UserIdentity login(String username,
 Object password,
 javax.servlet.ServletRequest servletRequest)

Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.

Overrides:

login in class LoginAuthenticator

Parameters:

username - the username of the client to be authenticated

password - the user's credential

servletRequest - the inbound request that needs authentication

validateRequest

public Authentication validateRequest(javax.servlet.ServletRequest req,
 javax.servlet.ServletResponse res,
 boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a request

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException - if unable to validate request

secureResponse

public boolean secureResponse(javax.servlet.ServletRequest request,
 javax.servlet.ServletResponse response,
 boolean mandatory,
 Authentication.User validatedUser)

Description copied from interface: Authenticator

is response secure

Parameters:

request - the request

response - the response

mandatory - if security is mandator

validatedUser - the user that was validated

Returns:

true if response is secure