Class JaspiAuthenticator
java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.ee11.security.jaspi.JaspiAuthenticator
- All Implemented Interfaces:
Authenticator
Implementation of Jetty
LoginAuthenticator that is a bridge from Jakarta Authentication to Jetty Security.-
Nested Class Summary
Nested classes/interfaces inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
LoginAuthenticator.LoggedOutAuthentication, LoginAuthenticator.UserAuthenticationSent, LoginAuthenticator.UserAuthenticationSucceededNested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
Authenticator.Configuration, Authenticator.Factory, Authenticator.NoOp -
Field Summary
Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
_loginServiceFields inherited from interface org.eclipse.jetty.security.Authenticator
BASIC_AUTH, CERT_AUTH, CERT_AUTH2, DIGEST_AUTH, FORM_AUTH, MULTI_AUTH, NEGOTIATE_AUTH, OPENID_AUTH, SIWE_AUTH, SPNEGO_AUTH -
Constructor Summary
ConstructorsConstructorDescriptionJaspiAuthenticator(jakarta.security.auth.message.config.ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService) Deprecated.JaspiAuthenticator(Subject serviceSubject, String appContext, boolean allowLazyAuthentication) -
Method Summary
Modifier and TypeMethodDescriptionIf the UserIdentity returned fromLoginService.login(String, Object, Request, Function)is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability.booleansecureResponse(JaspiMessageInfo messageInfo, AuthenticationState validatedUser) booleansecureResponse(Request request, Response response, Callback callback, boolean mandatory, AuthenticationState.Succeeded validatedSucceeded) voidsetConfiguration(Authenticator.Configuration configuration) Configure the AuthenticatorvalidateRequest(JaspiMessageInfo messageInfo) validateRequest(Request request, Response response, Callback callback) Attempts to validate the authentication state of the given request.Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, logout, setLoginService, updateSessionMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.eclipse.jetty.security.Authenticator
getConstraintAuthentication, prepareRequest
-
Constructor Details
-
JaspiAuthenticator
-
JaspiAuthenticator
@Deprecated public JaspiAuthenticator(jakarta.security.auth.message.config.ServerAuthConfig authConfig, Map authProperties, ServletCallbackHandler callbackHandler, Subject serviceSubject, boolean allowLazyAuthentication, IdentityService identityService) Deprecated.
-
-
Method Details
-
setConfiguration
Description copied from interface:AuthenticatorConfigure the Authenticator- Specified by:
setConfigurationin interfaceAuthenticator- Overrides:
setConfigurationin classLoginAuthenticator- Parameters:
configuration- the configuration
-
getAuthenticationType
- Returns:
- The name of the authentication type
-
login
Description copied from class:LoginAuthenticatorIf the UserIdentity returned fromLoginService.login(String, Object, Request, Function)is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.- Overrides:
loginin classLoginAuthenticator- Parameters:
username- the username of the client to be authenticatedpassword- the user's credentialrequest- the inbound request that needs authentication
-
validateRequest
public AuthenticationState validateRequest(Request request, Response response, Callback callback) throws ServerAuthException Description copied from interface:AuthenticatorAttempts to validate the authentication state of the given request.If authentication is successful, an
AuthenticationState.Succeededis returned. If the authenticator has already committed a response (for either success or failure), the returned value will implementAuthenticationState.ResponseSent, and the providedCallbackwill be eventually be completed, otherwise the caller is responsible for completing theCallback.A
nullreturn value indicates that no authentication state could be established, possibly because the response has already been committed.- Parameters:
request- the request to validate.response- the response associated with the request.callback- the callback to use for writing a response.- Returns:
- an
AuthenticationState, ornullif authentication could not be resolved. - Throws:
ServerAuthException- if unable to validate request.
-
validateRequest
- Throws:
ServerAuthException
-
secureResponse
public boolean secureResponse(Request request, Response response, Callback callback, boolean mandatory, AuthenticationState.Succeeded validatedSucceeded) throws ServerAuthException - Throws:
ServerAuthException
-
secureResponse
public boolean secureResponse(JaspiMessageInfo messageInfo, AuthenticationState validatedUser) throws ServerAuthException - Throws:
ServerAuthException
-