Module org.eclipse.jetty.security

Package org.eclipse.jetty.security

Class SPNEGOLoginService

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.security.SPNEGOLoginService

All Implemented Interfaces:

LoginService, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle

public class SPNEGOLoginService
extends org.eclipse.jetty.util.component.ContainerLifeCycle
implements LoginService

A configurable (as opposed to using system properties) SPNEGO LoginService.

At startup, this LoginService will login via JAAS the service principal, composed of the service name and the host name, for example HTTP/wonder.com, using a keyTab file as the service principal credentials.

Upon receiving an HTTP request, the server tries to authenticate the client calling LoginService.login(String, Object, Request, Function) where the GSS APIs are used to verify client tokens and (perhaps after a few round-trips) a GSSContext is established.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

org.eclipse.jetty.util.component.Dumpable.DumpableContainer

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

org.eclipse.jetty.util.component.LifeCycle.Listener

Field Summary

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

KEY

Constructor Summary

Constructors

Constructor	Description
SPNEGOLoginService(String realm, LoginService loginService)

Method Summary

Modifier and Type	Method	Description
protected void	doStart()
String	getHostName()
IdentityService	getIdentityService()	Get the IdentityService associated with this Login Service.
Path	getKeyTabPath()	Get the path of the keyTab file containing service credentials.
String	getName()
String	getServiceName()
UserIdentity	login(String username, Object credentials, org.eclipse.jetty.server.Request request, Function<Boolean,org.eclipse.jetty.server.Session> getOrCreateSession)	Login a user.
void	logout(UserIdentity user)
void	setHostName(String hostName)	Set the host name of the service.
void	setIdentityService(IdentityService identityService)	Set the IdentityService associated with this Login Service.
void	setKeyTabPath(Path keyTabFile)	Set the path of the keyTab file containing service credentials.
void	setServiceName(String serviceName)
boolean	validate(UserIdentity user)	Validate a user identity.

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, destroy, doStop, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.Container

getCachedBeans, getEventListeners

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dumpSelf

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

isDumpable

Methods inherited from interface org.eclipse.jetty.security.LoginService

getUserIdentity

Constructor Details

SPNEGOLoginService

public SPNEGOLoginService(String realm,
 LoginService loginService)

Method Details

getName

public String getName()

Specified by:

getName in interface LoginService

Returns:

the realm name

getKeyTabPath

public Path getKeyTabPath()

Get the path of the keyTab file containing service credentials.

Returns:

the path of the keyTab file containing service credentials

setKeyTabPath

public void setKeyTabPath(Path keyTabFile)

Set the path of the keyTab file containing service credentials.

Parameters:

keyTabFile - the path of the keyTab file containing service credentials

getServiceName

public String getServiceName()

Returns:

the service name, typically "HTTP"

See Also:

• getHostName()

setServiceName

public void setServiceName(String serviceName)

Parameters:

serviceName - the service name

See Also:

• setHostName(String)

getHostName

public String getHostName()

Returns:

the host name of the service

See Also:

• setServiceName(String)

setHostName

public void setHostName(String hostName)

Set the host name of the service.

Parameters:

hostName - the host name of the service

doStart

protected void doStart()
                throws Exception

Overrides:

doStart in class org.eclipse.jetty.util.component.ContainerLifeCycle

Throws:

Exception

login

public UserIdentity login(String username,
 Object credentials,
 org.eclipse.jetty.server.Request request,
 Function<Boolean,org.eclipse.jetty.server.Session> getOrCreateSession)

Description copied from interface: LoginService

Login a user.

Specified by:

login in interface LoginService

Parameters:

username - The username.

credentials - The users credentials.

request - The request or null

getOrCreateSession - function to retrieve or create a session.

Returns:

A UserIdentity if the credentials matched, otherwise null

validate

public boolean validate(UserIdentity user)

Description copied from interface: LoginService

Validate a user identity. Validate that a UserIdentity previously created by a call to LoginService.login(String, Object, Request, Function) is still valid.

Specified by:

validate in interface LoginService

Parameters:

user - The user to validate

Returns:

true if authentication has not been revoked for the user.

getIdentityService

public IdentityService getIdentityService()

Description copied from interface: LoginService

Get the IdentityService associated with this Login Service.

Specified by:

getIdentityService in interface LoginService

Returns:

the IdentityService associated with this Login Service.

setIdentityService

public void setIdentityService(IdentityService identityService)

Description copied from interface: LoginService

Set the IdentityService associated with this Login Service.

Specified by:

setIdentityService in interface LoginService

Parameters:

identityService - the IdentityService associated with this Login Service.

logout

public void logout(UserIdentity user)

Specified by:

logout in interface LoginService