Package org.eclipse.jetty.security
Class ConfigurableSpnegoLoginService
- java.lang.Object
-
- org.eclipse.jetty.util.component.AbstractLifeCycle
-
- org.eclipse.jetty.util.component.ContainerLifeCycle
-
- org.eclipse.jetty.security.ConfigurableSpnegoLoginService
-
- All Implemented Interfaces:
LoginService,org.eclipse.jetty.util.component.Container,org.eclipse.jetty.util.component.Destroyable,org.eclipse.jetty.util.component.Dumpable,org.eclipse.jetty.util.component.Dumpable.DumpableContainer,org.eclipse.jetty.util.component.LifeCycle
public class ConfigurableSpnegoLoginService extends org.eclipse.jetty.util.component.ContainerLifeCycle implements LoginService
A configurable (as opposed to using system properties) SPNEGO LoginService.
At startup, this LoginService will login via JAAS the service principal, composed of the
service nameand thehost name, for exampleHTTP/wonder.com, using akeyTabfile as the service principal credentials.Upon receiving an HTTP request, the server tries to authenticate the client calling
login(String, Object, ServletRequest)where the GSS APIs are used to verify client tokens and (perhaps after a few round-trips) aGSSContextis established.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener
-
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener
-
-
Constructor Summary
Constructors Constructor Description ConfigurableSpnegoLoginService(java.lang.String realm, AuthorizationService authorizationService)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoStart()java.lang.StringgetHostName()IdentityServicegetIdentityService()Get the IdentityService associated with this Login Service.java.nio.file.PathgetKeyTabPath()java.lang.StringgetName()java.lang.StringgetServiceName()UserIdentitylogin(java.lang.String username, java.lang.Object credentials, javax.servlet.ServletRequest req)Login a user.voidlogout(UserIdentity user)voidsetHostName(java.lang.String hostName)voidsetIdentityService(IdentityService identityService)Set the IdentityService associated with this Login Service.voidsetKeyTabPath(java.nio.file.Path keyTabFile)voidsetServiceName(java.lang.String serviceName)booleanvalidate(UserIdentity user)Validate a user identity.-
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, destroy, doStop, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
-
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
-
-
-
-
Constructor Detail
-
ConfigurableSpnegoLoginService
public ConfigurableSpnegoLoginService(java.lang.String realm, AuthorizationService authorizationService)
-
-
Method Detail
-
getName
public java.lang.String getName()
- Specified by:
getNamein interfaceLoginService- Returns:
- the realm name
-
getKeyTabPath
public java.nio.file.Path getKeyTabPath()
- Returns:
- the path of the keyTab file containing service credentials
-
setKeyTabPath
public void setKeyTabPath(java.nio.file.Path keyTabFile)
- Parameters:
keyTabFile- the path of the keyTab file containing service credentials
-
getServiceName
public java.lang.String getServiceName()
- Returns:
- the service name, typically "HTTP"
- See Also:
getHostName()
-
setServiceName
public void setServiceName(java.lang.String serviceName)
- Parameters:
serviceName- the service name- See Also:
setHostName(String)
-
getHostName
public java.lang.String getHostName()
- Returns:
- the host name of the service
- See Also:
setServiceName(String)
-
setHostName
public void setHostName(java.lang.String hostName)
- Parameters:
hostName- the host name of the service
-
doStart
protected void doStart() throws java.lang.Exception- Overrides:
doStartin classorg.eclipse.jetty.util.component.ContainerLifeCycle- Throws:
java.lang.Exception
-
login
public UserIdentity login(java.lang.String username, java.lang.Object credentials, javax.servlet.ServletRequest req)
Description copied from interface:LoginServiceLogin a user.- Specified by:
loginin interfaceLoginService- Parameters:
username- The user namecredentials- The users credentialsreq- TODO- Returns:
- A UserIdentity if the credentials matched, otherwise null
-
validate
public boolean validate(UserIdentity user)
Description copied from interface:LoginServiceValidate a user identity. Validate that a UserIdentity previously created by a call toLoginService.login(String, Object, ServletRequest)is still valid.- Specified by:
validatein interfaceLoginService- Parameters:
user- The user to validate- Returns:
- true if authentication has not been revoked for the user.
-
getIdentityService
public IdentityService getIdentityService()
Description copied from interface:LoginServiceGet the IdentityService associated with this Login Service.- Specified by:
getIdentityServicein interfaceLoginService- Returns:
- the IdentityService associated with this Login Service.
-
setIdentityService
public void setIdentityService(IdentityService identityService)
Description copied from interface:LoginServiceSet the IdentityService associated with this Login Service.- Specified by:
setIdentityServicein interfaceLoginService- Parameters:
identityService- the IdentityService associated with this Login Service.
-
logout
public void logout(UserIdentity user)
- Specified by:
logoutin interfaceLoginService
-
-