Class OpenIdLoginService

All Implemented Interfaces:
LoginService, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle

public class OpenIdLoginService extends ContainerLifeCycle implements LoginService
The implementation of LoginService required to use OpenID Connect.

Can contain an optional wrapped LoginService which is used to store role information about users.

  • Constructor Details

    • OpenIdLoginService

      public OpenIdLoginService(OpenIdConfiguration configuration)
    • OpenIdLoginService

      public OpenIdLoginService(OpenIdConfiguration configuration, LoginService loginService)
      Use a wrapped LoginService to store information about user roles. Users in the wrapped loginService must be stored with their username as the value of the sub (subject) Claim, and a credentials value of the empty string.
      Parameters:
      configuration - the OpenID configuration to use.
      loginService - the wrapped LoginService to defer to for user roles.
  • Method Details

    • getName

      public String getName()
      Specified by:
      getName in interface LoginService
      Returns:
      Get the name of the login service (aka Realm name)
    • getConfiguration

      public OpenIdConfiguration getConfiguration()
    • login

      public UserIdentity login(String identifier, Object credentials, Request request, Function<Boolean,Session> getOrCreateSession)
      Description copied from interface: LoginService
      Login a user.
      Specified by:
      login in interface LoginService
      Parameters:
      identifier - The username.
      credentials - The users credentials.
      request - The request or null
      getOrCreateSession - function to retrieve or create a session.
      Returns:
      A UserIdentity if the credentials matched, otherwise null
    • isAuthenticateNewUsers

      public boolean isAuthenticateNewUsers()
    • setAuthenticateNewUsers

      public void setAuthenticateNewUsers(boolean authenticateNewUsers)
      This setting is only meaningful if a wrapped LoginService has been set.

      If set to true, any users not found by the wrapped LoginService will still be authenticated but with no roles, if set to false users will not be authenticated unless they are discovered by the wrapped LoginService.

      Parameters:
      authenticateNewUsers - whether to authenticate users not found by a wrapping LoginService
    • validate

      public boolean validate(UserIdentity user)
      Description copied from interface: LoginService
      Validate a user identity. Validate that a UserIdentity previously created by a call to LoginService.login(String, Object, Request, Function) is still valid.
      Specified by:
      validate in interface LoginService
      Parameters:
      user - The user to validate
      Returns:
      true if authentication has not been revoked for the user.
    • getIdentityService

      public IdentityService getIdentityService()
      Description copied from interface: LoginService
      Get the IdentityService associated with this Login Service.
      Specified by:
      getIdentityService in interface LoginService
      Returns:
      the IdentityService associated with this Login Service.
    • setIdentityService

      public void setIdentityService(IdentityService service)
      Description copied from interface: LoginService
      Set the IdentityService associated with this Login Service.
      Specified by:
      setIdentityService in interface LoginService
      Parameters:
      service - the IdentityService associated with this Login Service.
    • logout

      public void logout(UserIdentity user)
      Specified by:
      logout in interface LoginService