Class OpenIdLoginService
java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.security.openid.OpenIdLoginService
- All Implemented Interfaces:
LoginService
,Container
,Destroyable
,Dumpable
,Dumpable.DumpableContainer
,LifeCycle
The implementation of
LoginService
required to use OpenID Connect.
Can contain an optional wrapped LoginService
which is used to store role information about users.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
-
Field Summary
-
Constructor Summary
ConstructorDescriptionOpenIdLoginService
(OpenIdConfiguration configuration) OpenIdLoginService
(OpenIdConfiguration configuration, LoginService loginService) Use a wrappedLoginService
to store information about user roles. -
Method Summary
Modifier and TypeMethodDescriptionGet the IdentityService associated with this Login Service.getName()
boolean
login
(String identifier, Object credentials, Request request, Function<Boolean, Session> getOrCreateSession) Login a user.void
logout
(UserIdentity user) void
setAuthenticateNewUsers
(boolean authenticateNewUsers) This setting is only meaningful if a wrappedLoginService
has been set.void
setIdentityService
(IdentityService service) Set the IdentityService associated with this Login Service.boolean
validate
(UserIdentity user) Validate a user identity.Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, destroy, doStart, doStop, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListeners
Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable
Methods inherited from interface org.eclipse.jetty.security.LoginService
getUserIdentity
-
Constructor Details
-
OpenIdLoginService
-
OpenIdLoginService
Use a wrappedLoginService
to store information about user roles. Users in the wrapped loginService must be stored with their username as the value of the sub (subject) Claim, and a credentials value of the empty string.- Parameters:
configuration
- the OpenID configuration to use.loginService
- the wrapped LoginService to defer to for user roles.
-
-
Method Details
-
getName
- Specified by:
getName
in interfaceLoginService
- Returns:
- Get the name of the login service (aka Realm name)
-
getConfiguration
-
login
public UserIdentity login(String identifier, Object credentials, Request request, Function<Boolean, Session> getOrCreateSession) Description copied from interface:LoginService
Login a user.- Specified by:
login
in interfaceLoginService
- Parameters:
identifier
- The username.credentials
- The users credentials.request
- The request or nullgetOrCreateSession
- function to retrieve or create a session.- Returns:
- A UserIdentity if the credentials matched, otherwise null
-
isAuthenticateNewUsers
public boolean isAuthenticateNewUsers() -
setAuthenticateNewUsers
public void setAuthenticateNewUsers(boolean authenticateNewUsers) This setting is only meaningful if a wrappedLoginService
has been set.If set to true, any users not found by the wrapped
LoginService
will still be authenticated but with no roles, if set to false users will not be authenticated unless they are discovered by the wrappedLoginService
.- Parameters:
authenticateNewUsers
- whether to authenticate users not found by a wrapping LoginService
-
validate
Description copied from interface:LoginService
Validate a user identity. Validate that a UserIdentity previously created by a call toLoginService.login(String, Object, Request, Function)
is still valid.- Specified by:
validate
in interfaceLoginService
- Parameters:
user
- The user to validate- Returns:
- true if authentication has not been revoked for the user.
-
getIdentityService
Description copied from interface:LoginService
Get the IdentityService associated with this Login Service.- Specified by:
getIdentityService
in interfaceLoginService
- Returns:
- the IdentityService associated with this Login Service.
-
setIdentityService
Description copied from interface:LoginService
Set the IdentityService associated with this Login Service.- Specified by:
setIdentityService
in interfaceLoginService
- Parameters:
service
- the IdentityService associated with this Login Service.
-
logout
- Specified by:
logout
in interfaceLoginService
-