Package org.eclipse.jetty.security.authentication

Class ConfigurableSpnegoAuthenticator

  • All Implemented Interfaces:
    Authenticator
    public class ConfigurableSpnegoAuthenticator
extends LoginAuthenticator

    A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

    A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

    See Also:
    ConfigurableSpnegoLoginService

    • Constructor Detail

      • ConfigurableSpnegoAuthenticator

        public ConfigurableSpnegoAuthenticator()

      • ConfigurableSpnegoAuthenticator

        public ConfigurableSpnegoAuthenticator​(java.lang.String authMethod)
        Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
        Parameters:
        authMethod - the auth method

    • Method Detail

      • getAuthMethod

        public java.lang.String getAuthMethod()
        Returns:
        The name of the authentication method

      • getAuthenticationDuration

        public java.time.Duration getAuthenticationDuration()
        Returns:
        the authentication duration

      • setAuthenticationDuration

        public void setAuthenticationDuration​(java.time.Duration authenticationDuration)

        Sets the duration of the authentication.

        A negative duration means that the authentication is only valid for the current request.

        A zero duration means that the authentication is valid forever.

        A positive value means that the authentication is valid for the specified duration.

        Parameters:
        authenticationDuration - the authentication duration

      • login

        public UserIdentity login​(java.lang.String username,
                          java.lang.Object password,
                          javax.servlet.ServletRequest servletRequest)
        Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
        Overrides:
        login in class LoginAuthenticator
        Parameters:
        username - the username of the client to be authenticated
        password - the user's credential
        servletRequest - the inbound request that needs authentication

      • validateRequest

        public Authentication validateRequest​(javax.servlet.ServletRequest req,
                                      javax.servlet.ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException
        Description copied from interface: Authenticator
        Validate a request
        Parameters:
        req - The request
        res - The response
        mandatory - True if authentication is mandatory.
        Returns:
        An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
        Throws:
        ServerAuthException - if unable to validate request

      • secureResponse

        public boolean secureResponse​(javax.servlet.ServletRequest request,
                              javax.servlet.ServletResponse response,
                              boolean mandatory,
                              Authentication.User validatedUser)
        Description copied from interface: Authenticator
        is response secure
        Parameters:
        request - the request
        response - the response
        mandatory - if security is mandator
        validatedUser - the user that was validated
        Returns:
        true if response is secure