Module org.eclipse.jetty.security
Class SPNEGOAuthenticator
java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.authentication.SPNEGOAuthenticator
- All Implemented Interfaces:
Authenticator
A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.
A successful authentication from a client is cached for a configurable
duration
using the HTTP session; this avoids
that the client is asked to authenticate for every request.
- See Also:
-
Nested Class Summary
Nested classes/interfaces inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
LoginAuthenticator.LoggedOutAuthentication, LoginAuthenticator.UserAuthenticationSent, LoginAuthenticator.UserAuthenticationSucceeded
Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
Authenticator.Configuration, Authenticator.Factory, Authenticator.NoOp
-
Field Summary
Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
_identityService, _loginService
Fields inherited from interface org.eclipse.jetty.security.Authenticator
BASIC_AUTH, CERT_AUTH, CERT_AUTH2, DIGEST_AUTH, FORM_AUTH, NEGOTIATE_AUTH, OPENID_AUTH, SPNEGO_AUTH
-
Constructor Summary
ConstructorDescriptionSPNEGOAuthenticator
(String type) Allow for a custom name value to be set for instances where SPNEGO may not be appropriate -
Method Summary
Modifier and TypeMethodDescriptionlogin
(String username, Object password, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.void
setAuthenticationDuration
(Duration authenticationDuration) Sets the duration of the authentication.validateRequest
(org.eclipse.jetty.server.Request req, org.eclipse.jetty.server.Response res, org.eclipse.jetty.util.Callback callback) Validate a requestMethods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, logout, renewSession, setConfiguration
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.eclipse.jetty.security.Authenticator
getConstraintAuthentication, prepareRequest
-
Constructor Details
-
SPNEGOAuthenticator
public SPNEGOAuthenticator() -
SPNEGOAuthenticator
Allow for a custom name value to be set for instances where SPNEGO may not be appropriate- Parameters:
type
- the authenticator name
-
-
Method Details
-
getAuthenticationType
- Returns:
- The name of the authentication type
-
getAuthenticationDuration
- Returns:
- the authentication duration
-
setAuthenticationDuration
Sets the duration of the authentication.
A negative duration means that the authentication is only valid for the current request.
A zero duration means that the authentication is valid forever.
A positive value means that the authentication is valid for the specified duration.
- Parameters:
authenticationDuration
- the authentication duration
-
login
public UserIdentity login(String username, Object password, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.- Overrides:
login
in classLoginAuthenticator
- Parameters:
username
- the username of the client to be authenticatedpassword
- the user's credentialrequest
- the inbound request that needs authentication
-
validateRequest
public AuthenticationState validateRequest(org.eclipse.jetty.server.Request req, org.eclipse.jetty.server.Response res, org.eclipse.jetty.util.Callback callback) throws ServerAuthException Description copied from interface:Authenticator
Validate a request- Parameters:
req
- The requestres
- The responsecallback
- the callback to use for writing a response- Returns:
- An Authentication. If Authentication is successful, this will be a
AuthenticationState.Succeeded
. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implementAuthenticationState.ResponseSent
. - Throws:
ServerAuthException
- if unable to validate request
-