Class LoginAuthenticator

java.lang.Object
org.eclipse.jetty.ee9.security.authentication.LoginAuthenticator
All Implemented Interfaces:
Authenticator
Direct Known Subclasses:
BasicAuthenticator, ConfigurableSpnegoAuthenticator, DigestAuthenticator, FormAuthenticator, JaspiAuthenticator, OpenIdAuthenticator, SslClientCertAuthenticator
public abstract class LoginAuthenticator extends Object implements Authenticator

  • Field Details

  • Constructor Details

    • LoginAuthenticator

      protected LoginAuthenticator()

  • Method Details

    • isProxyMode

      public boolean isProxyMode()
      Returns:
      true if this authenticator is in proxy mode.
      See Also:

    • setProxyMode

      public void setProxyMode(boolean proxy)
      Sets the authenticator to operate in proxy authentication mode.

      When set to true, this mode changes the behavior of the authentication helpers:

      The default is false, which uses the standard WWW-Authenticate and Authorization headers with a 401 status code.
      Parameters:
      proxy - true to enable proxy authentication mode.

    • getAuthorizationHeader

      public HttpHeader getAuthorizationHeader()
      Returns:
      The authorization header to read credentials from, either Authorization or Proxy-Authorization, depending on the proxy mode.
      See Also:

    • getChallengeHeader

      public HttpHeader getChallengeHeader()
      Returns:
      The challenge header to send to the client, either WWW-Authenticate or Proxy-Authenticate, depending on the proxy mode.
      See Also:

    • getUnauthorizedStatusCode

      public int getUnauthorizedStatusCode()
      Returns:
      The status code for an authentication challenge, either 401 or 407, depending on the proxy mode.
      See Also:

    • prepareRequest

      public void prepareRequest(jakarta.servlet.ServletRequest request)
      Description copied from interface: Authenticator
      Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.
      Specified by:
      prepareRequest in interface Authenticator
      Parameters:
      request - the request to manipulate

    • login

      public UserIdentity login(String username, Object password, jakarta.servlet.ServletRequest servletRequest)
      If the UserIdentity returned from LoginService.login(String, Object, org.eclipse.jetty.server.Request, Function) is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.
      Parameters:
      username - the username of the client to be authenticated
      password - the user's credential
      servletRequest - the inbound request that needs authentication

    • logout

      public void logout(jakarta.servlet.ServletRequest request)

    • setConfiguration

      public void setConfiguration(Authenticator.AuthConfiguration configuration)
      Description copied from interface: Authenticator
      Configure the Authenticator
      Specified by:
      setConfiguration in interface Authenticator
      Parameters:
      configuration - the configuration

    • getLoginService

      public LoginService getLoginService()

    • renewSession

      protected jakarta.servlet.http.HttpSession renewSession(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Change the session id. The session is changed to a new instance with a new ID if and only if:
      Parameters:
      request - the request
      response - the response
      Returns:
      The new session.