Module org.eclipse.jetty.security
Package org.eclipse.jetty.security

Class SPNEGOLoginService

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.security.SPNEGOLoginService
All Implemented Interfaces:
LoginService, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle
public class SPNEGOLoginService extends org.eclipse.jetty.util.component.ContainerLifeCycle implements LoginService

A configurable (as opposed to using system properties) SPNEGO LoginService.

At startup, this LoginService will login via JAAS the service principal, composed of the service name and the host name, for example HTTP/wonder.com, using a keyTab file as the service principal credentials.

Upon receiving an HTTP request, the server tries to authenticate the client calling LoginService.login(String, Object, Request, Function) where the GSS APIs are used to verify client tokens and (perhaps after a few round-trips) a GSSContext is established.

  • Nested Class Summary

    Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

    org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

    org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

    org.eclipse.jetty.util.component.LifeCycle.Listener

  • Field Summary

    Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    FAILED, STARTED, STARTING, STOPPED, STOPPING

    Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

    KEY

  • Constructor Summary

    Constructors
    Constructor
    Description
    SPNEGOLoginService(String realm, LoginService loginService)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doStart()
     
    String
    getHostName()
     
    IdentityService
    getIdentityService()
    Get the IdentityService associated with this Login Service.
    Path
    getKeyTabPath()
     
    String
    getName()
     
    String
    getServiceName()
     
    UserIdentity
    login(String username, Object credentials, org.eclipse.jetty.server.Request request, Function<Boolean,org.eclipse.jetty.server.Session> getOrCreateSession)
    Login a user.
    void
    logout(UserIdentity user)
     
    void
    setHostName(String hostName)
     
    void
    setIdentityService(IdentityService identityService)
    Set the IdentityService associated with this Login Service.
    void
    setKeyTabPath(Path keyTabFile)
     
    void
    setServiceName(String serviceName)
     
    boolean
    validate(UserIdentity user)
    Validate a user identity.

    Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

    addBean, addBean, addEventListener, addManaged, contains, destroy, doStop, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

    Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface org.eclipse.jetty.util.component.Container

    getCachedBeans, getEventListeners

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

    dumpSelf

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    isDumpable

    Methods inherited from interface org.eclipse.jetty.security.LoginService

    getUserIdentity

  • Constructor Details

    • SPNEGOLoginService

      public SPNEGOLoginService(String realm, LoginService loginService)

  • Method Details

    • getName

      public String getName()
      Specified by:
      getName in interface LoginService
      Returns:
      the realm name

    • getKeyTabPath

      public Path getKeyTabPath()
      Returns:
      the path of the keyTab file containing service credentials

    • setKeyTabPath

      public void setKeyTabPath(Path keyTabFile)
      Parameters:
      keyTabFile - the path of the keyTab file containing service credentials

    • getServiceName

      public String getServiceName()
      Returns:
      the service name, typically "HTTP"
      See Also:

    • setServiceName

      public void setServiceName(String serviceName)
      Parameters:
      serviceName - the service name
      See Also:

    • getHostName

      public String getHostName()
      Returns:
      the host name of the service
      See Also:

    • setHostName

      public void setHostName(String hostName)
      Parameters:
      hostName - the host name of the service

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class org.eclipse.jetty.util.component.ContainerLifeCycle
      Throws:
      Exception

    • login

      public UserIdentity login(String username, Object credentials, org.eclipse.jetty.server.Request request, Function<Boolean,org.eclipse.jetty.server.Session> getOrCreateSession)
      Description copied from interface: LoginService
      Login a user.
      Specified by:
      login in interface LoginService
      Parameters:
      username - The username.
      credentials - The users credentials.
      request - The request or null
      getOrCreateSession - function to retrieve or create a session.
      Returns:
      A UserIdentity if the credentials matched, otherwise null

    • validate

      public boolean validate(UserIdentity user)
      Description copied from interface: LoginService
      Validate a user identity. Validate that a UserIdentity previously created by a call to LoginService.login(String, Object, Request, Function) is still valid.
      Specified by:
      validate in interface LoginService
      Parameters:
      user - The user to validate
      Returns:
      true if authentication has not been revoked for the user.

    • getIdentityService

      public IdentityService getIdentityService()
      Description copied from interface: LoginService
      Get the IdentityService associated with this Login Service.
      Specified by:
      getIdentityService in interface LoginService
      Returns:
      the IdentityService associated with this Login Service.

    • setIdentityService

      public void setIdentityService(IdentityService identityService)
      Description copied from interface: LoginService
      Set the IdentityService associated with this Login Service.
      Specified by:
      setIdentityService in interface LoginService
      Parameters:
      identityService - the IdentityService associated with this Login Service.

    • logout

      public void logout(UserIdentity user)
      Specified by:
      logout in interface LoginService