Class LoginAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

All Implemented Interfaces:

Authenticator

Direct Known Subclasses:

BasicAuthenticator, DigestAuthenticator, EthereumAuthenticator, FormAuthenticator, JaspiAuthenticator, JaspiAuthenticator, MultiAuthenticator, OpenIdAuthenticator, SPNEGOAuthenticator, SslClientCertAuthenticator

public abstract class LoginAuthenticator
extends Object
implements Authenticator

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	LoginAuthenticator.LoggedOutAuthentication
static class	LoginAuthenticator.UserAuthenticationSent	This Authentication represents a just completed authentication, that has sent a response, typically to redirect the client to the original request target..
static class	LoginAuthenticator.UserAuthenticationSucceeded	Base class for representing a successful authentication state.

Nested classes/interfaces inherited from interface Authenticator

Authenticator.Configuration, Authenticator.Factory, Authenticator.NoOp

Field Summary

Fields

Modifier and Type	Field	Description
protected IdentityService	_identityService
protected LoginService	_loginService

Fields inherited from interface Authenticator

BASIC_AUTH, CERT_AUTH, CERT_AUTH2, DIGEST_AUTH, FORM_AUTH, MULTI_AUTH, NEGOTIATE_AUTH, OPENID_AUTH, SIWE_AUTH, SPNEGO_AUTH

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	LoginAuthenticator()

Method Summary

Modifier and Type	Method	Description
HttpHeader	getAuthorizationHeader()
HttpHeader	getChallengeHeader()
LoginService	getLoginService()
int	getUnauthorizedStatusCode()
boolean	isProxyMode()
UserIdentity	login(String username, Object password, Request request, Response response)	If the UserIdentity returned from LoginService.login(String, Object, Request, Function) is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability.
void	logout(Request request, Response response)
void	setConfiguration(Authenticator.Configuration configuration)	Configure the Authenticator
void	setLoginService(LoginService loginService)
void	setProxyMode(boolean proxy)	Sets the authenticator to operate in proxy authentication mode.
protected void	updateSession(Request httpRequest, Response httpResponse)	Update the session on authentication.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface Authenticator

getAuthenticationType, getConstraintAuthentication, prepareRequest, validateRequest

Field Details

_loginService

protected LoginService _loginService

_identityService

protected IdentityService _identityService

Constructor Details

LoginAuthenticator

protected LoginAuthenticator()

Method Details

isProxyMode

public boolean isProxyMode()

Returns:

true if this authenticator is in proxy mode.

See Also:

• setProxyMode(boolean)

setProxyMode

public void setProxyMode(boolean proxy)

Sets the authenticator to operate in proxy authentication mode.

When set to true, this mode changes the behavior of the authentication helpers:

• getChallengeHeader() will return Proxy-Authenticate.
• getUnauthorizedStatusCode() will return 407.
• getAuthorizationHeader() will return the Proxy-Authorization header.

The default is false, which uses the standard WWW-Authenticate and Authorization headers with a 401 status code.

Parameters:

proxy - true to enable proxy authentication mode.

getAuthorizationHeader

public HttpHeader getAuthorizationHeader()

Returns:

The authorization header to read credentials from, either Authorization or Proxy-Authorization, depending on the proxy mode.

See Also:

• setProxyMode(boolean)

getChallengeHeader

public HttpHeader getChallengeHeader()

Returns:

The challenge header to send to the client, either WWW-Authenticate or Proxy-Authenticate, depending on the proxy mode.

See Also:

• setProxyMode(boolean)

getUnauthorizedStatusCode

public int getUnauthorizedStatusCode()

Returns:

The status code for an authentication challenge, either 401 or 407, depending on the proxy mode.

See Also:

• setProxyMode(boolean)

login

public UserIdentity login(String username,
 Object password,
 Request request,
 Response response)

If the UserIdentity returned from LoginService.login(String, Object, Request, Function) is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.

Parameters:

username - the username of the client to be authenticated

password - the user's credential

request - the inbound request that needs authentication

logout

public void logout(Request request,
 Response response)

setConfiguration

public void setConfiguration(Authenticator.Configuration configuration)

Description copied from interface: Authenticator

Configure the Authenticator

Specified by:

setConfiguration in interface Authenticator

Parameters:

configuration - the configuration

getLoginService

public LoginService getLoginService()

setLoginService

public void setLoginService(LoginService loginService)

updateSession

protected void updateSession(Request httpRequest,
 Response httpResponse)

Update the session on authentication. The session is changed to a new instance with a new ID if and only if:

• A session exists.
• The Authenticator.Configuration.isSessionRenewedOnAuthentication() returns true.
• The session ID has been given to unauthenticated responses

Parameters:

httpRequest - the request

httpResponse - the response

See Also:

• Authenticator.Configuration.isSessionRenewedOnAuthentication()
• Authenticator.Configuration.getSessionMaxInactiveIntervalOnAuthentication()