org.eclipse.jetty.security.ConfigurableSpnegoLoginService

All Implemented Interfaces:: LoginService, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle

public class ConfigurableSpnegoLoginService extends ContainerLifeCycle implements LoginService

A configurable (as opposed to using system properties) SPNEGO LoginService.

At startup, this LoginService will login via JAAS the service principal, composed of the service name and the host name, for example HTTP/wonder.com, using a keyTab file as the service principal credentials.

Upon receiving an HTTP request, the server tries to authenticate the client calling login(String, Object, ServletRequest) where the GSS APIs are used to verify client tokens and (perhaps after a few round-trips) a GSSContext is established.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
Field Summary

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable
KEY
Constructor Summary

Constructors

Constructor

Description

ConfigurableSpnegoLoginService(String realm, AuthorizationService authorizationService)
Method Summary

Modifier and Type

Method

Description

protected void

doStart()

Starts the managed lifecycle beans in the order they were added.

String

getHostName()

IdentityService

getIdentityService()

Get the IdentityService associated with this Login Service.

Path

getKeyTabPath()

String

getName()

String

getServiceName()

UserIdentity

login(String username, Object credentials, jakarta.servlet.ServletRequest req)

Login a user.

void

logout(UserIdentity user)

void

setHostName(String hostName)

void

setIdentityService(IdentityService identityService)

Set the IdentityService associated with this Login Service.

void

setKeyTabPath(Path keyTabFile)

void

setServiceName(String serviceName)

boolean

validate(UserIdentity user)

Validate a user identity.

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, destroy, doStop, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListeners

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable
dumpSelf

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable

Constructor Details
- ConfigurableSpnegoLoginService
  
  public ConfigurableSpnegoLoginService(String realm, AuthorizationService authorizationService)
Method Details
- getName
  
  public String getName()
  
  Specified by:
  
  getName in interface LoginService
  
  Returns:
  
  the realm name
- getKeyTabPath
  
  public Path getKeyTabPath()
  
  Returns:
  
  the path of the keyTab file containing service credentials
- setKeyTabPath
  
  public void setKeyTabPath(Path keyTabFile)
  
  Parameters:
  
  keyTabFile - the path of the keyTab file containing service credentials
- getServiceName
  public String getServiceName()
  
  Returns:
  
  the service name, typically "HTTP"
  
  See Also:
  
  getHostName()
- setServiceName
  public void setServiceName(String serviceName)
  
  Parameters:
  
  serviceName - the service name
  
  See Also:
  
  setHostName(String)
- getHostName
  public String getHostName()
  
  Returns:
  
  the host name of the service
  
  See Also:
  
  setServiceName(String)
- setHostName
  
  public void setHostName(String hostName)
  
  Parameters:
  
  hostName - the host name of the service
- doStart
  
  protected void doStart() throws Exception
  
  Description copied from class: ContainerLifeCycle
  
  Starts the managed lifecycle beans in the order they were added.
  
  Overrides:
  
  doStart in class ContainerLifeCycle
  
  Throws:
  
  Exception - If there was a problem starting. Will cause a transition to FAILED state
- login
  
  public UserIdentity login(String username, Object credentials, jakarta.servlet.ServletRequest req)
  
  Description copied from interface: LoginService
  
  Login a user.
  
  Specified by:
  
  login in interface LoginService
  
  Parameters:
  
  username - The user name
  
  credentials - The users credentials
  
  req - TODO
  
  Returns:
  
  A UserIdentity if the credentials matched, otherwise null
- validate
  
  public boolean validate(UserIdentity user)
  
  Description copied from interface: LoginService
  
  Validate a user identity. Validate that a UserIdentity previously created by a call to LoginService.login(String, Object, ServletRequest) is still valid.
  
  Specified by:
  
  validate in interface LoginService
  
  Parameters:
  
  user - The user to validate
  
  Returns:
  
  true if authentication has not been revoked for the user.
- getIdentityService
  
  public IdentityService getIdentityService()
  
  Description copied from interface: LoginService
  
  Get the IdentityService associated with this Login Service.
  
  Specified by:
  
  getIdentityService in interface LoginService
  
  Returns:
  
  the IdentityService associated with this Login Service.
- setIdentityService
  
  public void setIdentityService(IdentityService identityService)
  
  Description copied from interface: LoginService
  
  Set the IdentityService associated with this Login Service.
  
  Specified by:
  
  setIdentityService in interface LoginService
  
  Parameters:
  
  identityService - the IdentityService associated with this Login Service.
- logout
  
  public void logout(UserIdentity user)
  
  Specified by:
  
  logout in interface LoginService

Class ConfigurableSpnegoLoginService

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

Field Summary

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

Constructor Summary

Method Summary

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

Methods inherited from class java.lang.Object

Methods inherited from interface org.eclipse.jetty.util.component.Container

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

Constructor Details

ConfigurableSpnegoLoginService

Method Details

getName

getKeyTabPath

setKeyTabPath

getServiceName

setServiceName

getHostName

setHostName

doStart

login

validate

getIdentityService

setIdentityService

logout