Class ConfigurableSpnegoAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator
All Implemented Interfaces:
Authenticator

public class ConfigurableSpnegoAuthenticator extends LoginAuthenticator

A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

See Also:
  • Constructor Details

    • ConfigurableSpnegoAuthenticator

      public ConfigurableSpnegoAuthenticator()
    • ConfigurableSpnegoAuthenticator

      public ConfigurableSpnegoAuthenticator(String authMethod)
      Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
      Parameters:
      authMethod - the auth method
  • Method Details

    • getAuthMethod

      public String getAuthMethod()
      Returns:
      The name of the authentication method
    • getAuthenticationDuration

      public Duration getAuthenticationDuration()
      Returns:
      the authentication duration
    • setAuthenticationDuration

      public void setAuthenticationDuration(Duration authenticationDuration)

      Sets the duration of the authentication.

      A negative duration means that the authentication is only valid for the current request.

      A zero duration means that the authentication is valid forever.

      A positive value means that the authentication is valid for the specified duration.

      Parameters:
      authenticationDuration - the authentication duration
    • login

      public UserIdentity login(String username, Object password, jakarta.servlet.ServletRequest servletRequest)
      Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
      Overrides:
      login in class LoginAuthenticator
      Parameters:
      username - the username of the client to be authenticated
      password - the user's credential
      servletRequest - the inbound request that needs authentication
    • validateRequest

      public Authentication validateRequest(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException
      Description copied from interface: Authenticator
      Validate a request
      Parameters:
      req - The request
      res - The response
      mandatory - True if authentication is mandatory.
      Returns:
      An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
      Throws:
      ServerAuthException - if unable to validate request
    • secureResponse

      public boolean secureResponse(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)
      Description copied from interface: Authenticator
      is response secure
      Parameters:
      request - the request
      response - the response
      mandatory - if security is mandator
      validatedUser - the user that was validated
      Returns:
      true if response is secure