Package org.eclipse.jetty.security
Interface Authenticator
-
- All Known Implementing Classes:
BasicAuthenticator
,ClientCertAuthenticator
,ConfigurableSpnegoAuthenticator
,DigestAuthenticator
,FormAuthenticator
,JaspiAuthenticator
,LoginAuthenticator
,OpenIdAuthenticator
,SpnegoAuthenticator
public interface Authenticator
Authenticator InterfaceAn Authenticator is responsible for checking requests and sending response challenges in order to authenticate a request. Various types of
Authentication
are returned in order to signal the next step in authentication.- Version:
- $Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
Authenticator.AuthConfiguration
Authenticator Configurationstatic interface
Authenticator.Factory
Authenticator Factory
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description java.lang.String
getAuthMethod()
void
prepareRequest(javax.servlet.ServletRequest request)
Called prior to validateRequest.boolean
secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)
is response securevoid
setConfiguration(Authenticator.AuthConfiguration configuration)
Configure the AuthenticatorAuthentication
validateRequest(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory)
Validate a request
-
-
-
Method Detail
-
setConfiguration
void setConfiguration(Authenticator.AuthConfiguration configuration)
Configure the Authenticator- Parameters:
configuration
- the configuration
-
getAuthMethod
java.lang.String getAuthMethod()
- Returns:
- The name of the authentication method
-
prepareRequest
void prepareRequest(javax.servlet.ServletRequest request)
Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.- Parameters:
request
- the request to manipulate
-
validateRequest
Authentication validateRequest(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory) throws ServerAuthException
Validate a request- Parameters:
request
- The requestresponse
- The responsemandatory
- True if authentication is mandatory.- Returns:
- An Authentication. If Authentication is successful, this will be a
Authentication.User
. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implementAuthentication.ResponseSent
. If Authentication is not mandatory, then aAuthentication.Deferred
may be returned. - Throws:
ServerAuthException
- if unable to validate request
-
secureResponse
boolean secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser) throws ServerAuthException
is response secure- Parameters:
request
- the requestresponse
- the responsemandatory
- if security is mandatorvalidatedUser
- the user that was validated- Returns:
- true if response is secure
- Throws:
ServerAuthException
- if unable to test response
-
-