Package org.eclipse.jetty.client.util

Class SPNEGOAuthentication

  • All Implemented Interfaces:
    Authentication
    public class SPNEGOAuthentication
extends AbstractAuthentication

    Implementation of the SPNEGO (or "Negotiate") authentication defined in RFC 4559.

    A user is logged in via JAAS (either via userName/password or via userName/keyTab) once only.

    For every request that needs authentication, a GSSContext is initiated and later established after reading the response from the server.

    Applications should create objects of this class and add them to the AuthenticationStore retrieved from the HttpClient via HttpClient.getAuthenticationStore().

    • Constructor Detail

      • SPNEGOAuthentication

        public SPNEGOAuthentication​(java.net.URI uri)

    • Method Detail

      • getUserName

        public java.lang.String getUserName()
        Returns:
        the user name of the user to login

      • setUserName

        public void setUserName​(java.lang.String userName)
        Parameters:
        userName - user name of the user to login

      • getUserPassword

        public java.lang.String getUserPassword()
        Returns:
        the password of the user to login

      • setUserPassword

        public void setUserPassword​(java.lang.String userPassword)
        Parameters:
        userPassword - the password of the user to login
        See Also:
        setUserKeyTabPath(Path)

      • getUserKeyTabPath

        public java.nio.file.Path getUserKeyTabPath()
        Returns:
        the path of the keyTab file with the user credentials

      • setUserKeyTabPath

        public void setUserKeyTabPath​(java.nio.file.Path userKeyTabPath)
        Parameters:
        userKeyTabPath - the path of the keyTab file with the user credentials
        See Also:
        setUserPassword(String)

      • getServiceName

        public java.lang.String getServiceName()
        Returns:
        the name of the service to use

      • setServiceName

        public void setServiceName​(java.lang.String serviceName)
        Parameters:
        serviceName - the name of the service to use

      • isUseTicketCache

        public boolean isUseTicketCache()
        Returns:
        whether to use the ticket cache during login

      • setUseTicketCache

        public void setUseTicketCache​(boolean useTicketCache)
        Parameters:
        useTicketCache - whether to use the ticket cache during login
        See Also:
        setTicketCachePath(Path)

      • getTicketCachePath

        public java.nio.file.Path getTicketCachePath()
        Returns:
        the path of the ticket cache file

      • setTicketCachePath

        public void setTicketCachePath​(java.nio.file.Path ticketCachePath)
        Parameters:
        ticketCachePath - the path of the ticket cache file
        See Also:
        setUseTicketCache(boolean)

      • isRenewTGT

        public boolean isRenewTGT()
        Returns:
        whether to renew the ticket granting ticket

      • setRenewTGT

        public void setRenewTGT​(boolean renewTGT)
        Parameters:
        renewTGT - whether to renew the ticket granting ticket

      • authenticate

        public Authentication.Result authenticate​(Request request,
                                          ContentResponse response,
                                          Authentication.HeaderInfo headerInfo,
                                          Attributes context)
        Description copied from interface: Authentication
        Executes the authentication mechanism for the given request, returning a Authentication.Result that can be used to actually authenticate the request via Authentication.Result.apply(Request).

        If a request for "/secure" returns a Authentication.Result, then the result may be used for other requests such as "/secure/foo" or "/secure/bar", unless those resources are protected by other realms.

        Parameters:
        request - the request to execute the authentication mechanism for
        response - the 401 response obtained in the previous attempt to request the protected resource
        headerInfo - the WWW-Authenticate (or Proxy-Authenticate) header chosen for this authentication (among the many that the response may contain)
        context - the conversation context in case the authentication needs multiple exchanges to be completed and information needs to be stored across exchanges
        Returns:
        the authentication result, or null if the authentication could not be performed