Class ConfigurableSpnegoAuthenticator

  • All Implemented Interfaces:

    public class ConfigurableSpnegoAuthenticator
    extends LoginAuthenticator

    A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

    A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

    See Also:
    • Constructor Detail

      • ConfigurableSpnegoAuthenticator

        public ConfigurableSpnegoAuthenticator()
      • ConfigurableSpnegoAuthenticator

        public ConfigurableSpnegoAuthenticator​(java.lang.String authMethod)
        Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
        authMethod - the auth method
    • Method Detail

      • getAuthMethod

        public java.lang.String getAuthMethod()
        The name of the authentication method
      • getAuthenticationDuration

        public java.time.Duration getAuthenticationDuration()
        the authentication duration
      • setAuthenticationDuration

        public void setAuthenticationDuration​(java.time.Duration authenticationDuration)

        Sets the duration of the authentication.

        A negative duration means that the authentication is only valid for the current request.

        A zero duration means that the authentication is valid forever.

        A positive value means that the authentication is valid for the specified duration.

        authenticationDuration - the authentication duration
      • login

        public UserIdentity login​(java.lang.String username,
                                  java.lang.Object password,
                                  javax.servlet.ServletRequest servletRequest)
        Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
        login in class LoginAuthenticator
        username - the username of the client to be authenticated
        password - the user's credential
        servletRequest - the inbound request that needs authentication
      • validateRequest

        public Authentication validateRequest​(javax.servlet.ServletRequest req,
                                              javax.servlet.ServletResponse res,
                                              boolean mandatory)
                                       throws ServerAuthException
        Description copied from interface: Authenticator
        Validate a request
        req - The request
        res - The response
        mandatory - True if authentication is mandatory.
        An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
        ServerAuthException - if unable to validate request
      • secureResponse

        public boolean secureResponse​(javax.servlet.ServletRequest request,
                                      javax.servlet.ServletResponse response,
                                      boolean mandatory,
                                      Authentication.User validatedUser)
        Description copied from interface: Authenticator
        is response secure
        request - the request
        response - the response
        mandatory - if security is mandator
        validatedUser - the user that was validated
        true if response is secure