Class SPNEGOAuthentication

java.lang.Object
org.eclipse.jetty.client.AbstractAuthentication
org.eclipse.jetty.client.SPNEGOAuthentication
All Implemented Interfaces:
Authentication
public class SPNEGOAuthentication extends AbstractAuthentication

Implementation of the SPNEGO (or "Negotiate") authentication defined in RFC 4559.

A user is logged in via JAAS (either via userName/password or via userName/keyTab) once only.

For every request that needs authentication, a GSSContext is initiated and later established after reading the response from the server.

Applications should create objects of this class and add them to the AuthenticationStore retrieved from the HttpClient via HttpClient.getAuthenticationStore().

  • Constructor Details

    • SPNEGOAuthentication

      public SPNEGOAuthentication(URI uri)

  • Method Details

    • getType

      public String getType()
      Specified by:
      getType in class AbstractAuthentication

    • getUserName

      public String getUserName()
      Get the user name of the user to login.
      Returns:
      the user name of the user to login

    • setUserName

      public void setUserName(String userName)
      Set user name of the user to login.
      Parameters:
      userName - user name of the user to login

    • getUserPassword

      public String getUserPassword()
      Get the password of the user to login.
      Returns:
      the password of the user to login

    • setUserPassword

      public void setUserPassword(String userPassword)
      Parameters:
      userPassword - the password of the user to login
      See Also:

    • getUserKeyTabPath

      public Path getUserKeyTabPath()
      Get the path of the keyTab file with the user credentials.
      Returns:
      the path of the keyTab file with the user credentials

    • setUserKeyTabPath

      public void setUserKeyTabPath(Path userKeyTabPath)
      Parameters:
      userKeyTabPath - the path of the keyTab file with the user credentials
      See Also:

    • getServiceName

      public String getServiceName()
      Get the name of the service to use.
      Returns:
      the name of the service to use

    • setServiceName

      public void setServiceName(String serviceName)
      Set the name of the service to use.
      Parameters:
      serviceName - the name of the service to use

    • isUseTicketCache

      public boolean isUseTicketCache()
      Returns:
      whether to use the ticket cache during login

    • setUseTicketCache

      public void setUseTicketCache(boolean useTicketCache)
      Parameters:
      useTicketCache - whether to use the ticket cache during login
      See Also:

    • getTicketCachePath

      public Path getTicketCachePath()
      Get the path of the ticket cache file.
      Returns:
      the path of the ticket cache file

    • setTicketCachePath

      public void setTicketCachePath(Path ticketCachePath)
      Parameters:
      ticketCachePath - the path of the ticket cache file
      See Also:

    • isRenewTGT

      public boolean isRenewTGT()
      Returns:
      whether to renew the ticket granting ticket

    • setRenewTGT

      public void setRenewTGT(boolean renewTGT)
      Set whether to renew the ticket granting ticket.
      Parameters:
      renewTGT - whether to renew the ticket granting ticket

    • authenticate

      public Authentication.Result authenticate(Request request, ContentResponse response, Authentication.HeaderInfo headerInfo, Attributes context)
      Description copied from interface: Authentication
      Executes the authentication mechanism for the given request, returning a Authentication.Result that can be used to actually authenticate the request via Authentication.Result.apply(Request).

      If a request for "/secure" returns a Authentication.Result, then the result may be used for other requests such as "/secure/foo" or "/secure/bar", unless those resources are protected by other realms.

      Parameters:
      request - the request to execute the authentication mechanism for
      response - the 401 response obtained in the previous attempt to request the protected resource
      headerInfo - the WWW-Authenticate (or Proxy-Authenticate) header chosen for this authentication (among the many that the response may contain)
      context - the conversation context in case the authentication needs multiple exchanges to be completed and information needs to be stored across exchanges
      Returns:
      the authentication result, or null if the authentication could not be performed