Class EthereumAuthenticator
java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.siwe.EthereumAuthenticator
- All Implemented Interfaces:
Authenticator, Dumpable
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classstatic final recordNested classes/interfaces inherited from class LoginAuthenticator
LoginAuthenticator.LoggedOutAuthentication, LoginAuthenticator.UserAuthenticationSent, LoginAuthenticator.UserAuthenticationSucceededNested classes/interfaces inherited from interface Authenticator
Authenticator.Configuration, Authenticator.Factory, Authenticator.NoOpNested classes/interfaces inherited from interface Dumpable
Dumpable.DumpableContainer, Dumpable.DumpAppendable -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final StringFields inherited from class LoginAuthenticator
_identityService, _loginServiceFields inherited from interface Authenticator
BASIC_AUTH, CERT_AUTH, CERT_AUTH2, DIGEST_AUTH, FORM_AUTH, MULTI_AUTH, NEGOTIATE_AUTH, OPENID_AUTH, SIWE_AUTH, SPNEGO_AUTH -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected StringcreateNonce(Session session) voiddump(Appendable out, String indent) Dump this object (and children) into an Appendable using the provided indent after any new lines.getConstraintAuthentication(String pathInContext, Constraint.Authorization existing, Function<Boolean, Session> getSession) Get anConstraint.Authorizationapplicable to the path for this authenticator.protected FieldsgetParameters(Request request) protected AuthenticationStatehandleNonceRequest(Request request, Response response, Callback callback) voidincludeChainIds(String... chainIds) voidincludeDomains(String... domains) booleanbooleanbooleanisErrorPage(String pathInContext) booleanisLoginPage(String uri) booleanisNonceRequest(String uri) If the UserIdentity returned fromLoginService.login(String, Object, Request, Function)is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability.voidprotected EthereumAuthenticator.SignedMessageparseMessage(Request request, Response response, Callback callback) prepareRequest(Request request, AuthenticationState authenticationState) Called afterAuthenticator.validateRequest(Request, Response, Callback)and before callingRequest.Handler.handle(Request, Response, Callback)of the nested handler.protected Stringprotected booleanredeemNonce(Session session, String nonce) voidsetAuthenticateNewUsers(boolean authenticateNewUsers) Configures the behavior for authenticating users not found by a wrappedLoginService.voidsetAuthenticationPath(String authenticationPath) voidsetConfiguration(Authenticator.Configuration authConfig) Configure the AuthenticatorvoidsetDispatch(boolean dispatch) voidsetErrorPage(String path) voidsetLoginPath(String loginPath) voidsetLogoutRedirectPath(String logoutRedirectPath) voidsetMaxMessageSize(int maxMessageSize) voidsetNoncePath(String noncePath) validateRequest(Request request, Response response, Callback callback) Attempts to validate the authentication state of the given request.Methods inherited from class LoginAuthenticator
getAuthorizationHeader, getChallengeHeader, getLoginService, getUnauthorizedStatusCode, isProxyMode, setLoginService, setProxyMode, updateSession
-
Field Details
-
LOGIN_PATH_PARAM
- See Also:
-
AUTHENTICATION_PATH_PARAM
- See Also:
-
NONCE_PATH_PARAM
- See Also:
-
LOGOUT_REDIRECT_PARAM
- See Also:
-
ERROR_PATH_PARAM
- See Also:
-
ERROR_PARAMETER
- See Also:
-
MAX_MESSAGE_SIZE_PARAM
- See Also:
-
DISPATCH_PARAM
- See Also:
-
AUTHENTICATE_NEW_USERS_PARAM
- See Also:
-
CHAIN_IDS_PARAM
- See Also:
-
DOMAINS_PARAM
- See Also:
-
-
Constructor Details
-
EthereumAuthenticator
public EthereumAuthenticator()
-
-
Method Details
-
includeDomains
-
includeChainIds
-
setConfiguration
Description copied from interface:AuthenticatorConfigure the Authenticator- Specified by:
setConfigurationin interfaceAuthenticator- Overrides:
setConfigurationin classLoginAuthenticator- Parameters:
authConfig- the configuration
-
getAuthenticationType
- Specified by:
getAuthenticationTypein interfaceAuthenticator- Returns:
- The name of the authentication type
-
isAuthenticateNewUsers
public boolean isAuthenticateNewUsers() -
setAuthenticateNewUsers
public void setAuthenticateNewUsers(boolean authenticateNewUsers) Configures the behavior for authenticating users not found by a wrappedLoginService.This setting is only meaningful if a wrapped
LoginServicehas been set.If set to
true, users not found by a wrappedLoginServicewill authenticated with no roles. If set tofalse, only users found by a wrappedLoginServicewill be authenticated.- Parameters:
authenticateNewUsers- whether to authenticate users not found by the wrappedLoginService
-
setLoginPath
-
setAuthenticationPath
-
setNoncePath
-
setMaxMessageSize
public void setMaxMessageSize(int maxMessageSize) -
setDispatch
public void setDispatch(boolean dispatch) -
setLogoutRedirectPath
-
setErrorPage
-
login
Description copied from class:LoginAuthenticatorIf the UserIdentity returned fromLoginService.login(String, Object, Request, Function)is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.- Overrides:
loginin classLoginAuthenticator- Parameters:
username- the username of the client to be authenticatedcredentials- the user's credentialrequest- the inbound request that needs authentication
-
logout
- Overrides:
logoutin classLoginAuthenticator
-
prepareRequest
Description copied from interface:AuthenticatorCalled afterAuthenticator.validateRequest(Request, Response, Callback)and before callingRequest.Handler.handle(Request, Response, Callback)of the nested handler. This may be used by anAuthenticatorto restore method or content from a previous request that was challenged.- Specified by:
prepareRequestin interfaceAuthenticator- Parameters:
request- the request to prepare for handlingauthenticationState- The authentication for the request
-
getConstraintAuthentication
public Constraint.Authorization getConstraintAuthentication(String pathInContext, Constraint.Authorization existing, Function<Boolean, Session> getSession) Description copied from interface:AuthenticatorGet anConstraint.Authorizationapplicable to the path for this authenticator. This is typically used to vary protection on special URIs known to a specificAuthenticator(e.g. /j_security_check for theFormAuthenticator.- Specified by:
getConstraintAuthenticationin interfaceAuthenticator- Parameters:
pathInContext- The pathInContext to potentially constrain.existing- The existing authentication constraint for the pathInContext determined independently ofAuthenticatorgetSession- Function to get or create aSession.- Returns:
- The
Constraint.Authorizationto apply.
-
readMessage
- Throws:
IOException
-
parseMessage
protected EthereumAuthenticator.SignedMessage parseMessage(Request request, Response response, Callback callback) -
handleNonceRequest
protected AuthenticationState handleNonceRequest(Request request, Response response, Callback callback) -
validateRequest
public AuthenticationState validateRequest(Request request, Response response, Callback callback) throws ServerAuthException Description copied from interface:AuthenticatorAttempts to validate the authentication state of the given request.If authentication is successful, an
AuthenticationState.Succeededis returned. If the authenticator has already committed a response (for either success or failure), the returned value will implementAuthenticationState.ResponseSent, and the providedCallbackwill be eventually be completed, otherwise the caller is responsible for completing theCallback.A
nullreturn value indicates that no authentication state could be established, possibly because the response has already been committed.- Specified by:
validateRequestin interfaceAuthenticator- Parameters:
request- the request to validate.response- the response associated with the request.callback- the callback to use for writing a response.- Returns:
- an
AuthenticationState, ornullif authentication could not be resolved. - Throws:
ServerAuthException- if unable to validate request.
-
getParameters
-
isLoginPage
-
isAuthenticationRequest
-
isNonceRequest
-
isErrorPage
-
createNonce
-
redeemNonce
-
dump
Description copied from interface:DumpableDump this object (and children) into an Appendable using the provided indent after any new lines. The indent should not be applied to the first object dumped.- Specified by:
dumpin interfaceDumpable- Parameters:
out- The appendable to dump toindent- The indent to apply after any new lines.- Throws:
IOException- if unable to write to Appendable
-