Class SPNEGOAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.SPNEGOAuthenticator
All Implemented Interfaces:
Authenticator

public class SPNEGOAuthenticator extends LoginAuthenticator

A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

See Also:
  • Constructor Details

    • SPNEGOAuthenticator

      public SPNEGOAuthenticator()
    • SPNEGOAuthenticator

      public SPNEGOAuthenticator(String type)
      Allow for a custom name value to be set for instances where SPNEGO may not be appropriate
      Parameters:
      type - the authenticator name
  • Method Details

    • getAuthenticationType

      public String getAuthenticationType()
      Returns:
      The name of the authentication type
    • getAuthenticationDuration

      public Duration getAuthenticationDuration()
      Get the authentication duration.
      Returns:
      the authentication duration
    • setAuthenticationDuration

      public void setAuthenticationDuration(Duration authenticationDuration)

      Sets the duration of the authentication.

      A negative duration means that the authentication is only valid for the current request.

      A zero duration means that the authentication is valid forever.

      A positive value means that the authentication is valid for the specified duration.

      Parameters:
      authenticationDuration - the authentication duration
    • login

      public UserIdentity login(String username, Object password, Request request, Response response)
      Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
      Overrides:
      login in class LoginAuthenticator
      Parameters:
      username - the username of the client to be authenticated
      password - the user's credential
      request - the inbound request that needs authentication
    • validateRequest

      public AuthenticationState validateRequest(Request req, Response res, Callback callback) throws ServerAuthException
      Description copied from interface: Authenticator
      Attempts to validate the authentication state of the given request.

      If authentication is successful, an AuthenticationState.Succeeded is returned. If the authenticator has already committed a response (for either success or failure), the returned value will implement AuthenticationState.ResponseSent, and the provided Callback will be eventually be completed, otherwise the caller is responsible for completing the Callback.

      A null return value indicates that no authentication state could be established, possibly because the response has already been committed.

      Parameters:
      req - the request to validate.
      res - the response associated with the request.
      callback - the callback to use for writing a response.
      Returns:
      an AuthenticationState, or null if authentication could not be resolved.
      Throws:
      ServerAuthException - if unable to validate request.