Module org.eclipse.jetty.security.openid
Package org.eclipse.jetty.security.openid

Class OpenIdAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.openid.OpenIdAuthenticator
All Implemented Interfaces:
org.eclipse.jetty.security.Authenticator
public class OpenIdAuthenticator extends org.eclipse.jetty.security.authentication.LoginAuthenticator

Implements authentication using OpenId Connect on top of OAuth 2.0.

The OpenIdAuthenticator redirects unauthenticated requests to the OpenID Connect Provider. The End-User is eventually redirected back with an Authorization Code to the path set by setRedirectPath(String) within the context. The Authorization Code is then used to authenticate the user through the OpenIdCredentials and OpenIdLoginService.

Once a user is authenticated the OpenID Claims can be retrieved through an attribute on the session with the key CLAIMS. The full response containing the OAuth 2.0 Access Token can be obtained with the session attribute RESPONSE.

SessionAuthentication is then used to wrap Authentication results so that they are associated with the session.

  • Field Details

  • Constructor Details

  • Method Details

    • setConfiguration

      public void setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration authConfig)
      Specified by:
      setConfiguration in interface org.eclipse.jetty.security.Authenticator
      Overrides:
      setConfiguration in class org.eclipse.jetty.security.authentication.LoginAuthenticator

    • getAuthMethod

      public String getAuthMethod()

    • setAlwaysSaveUri

      @Deprecated public void setAlwaysSaveUri(boolean alwaysSave)
      Deprecated.

    • isAlwaysSaveUri

      @Deprecated public boolean isAlwaysSaveUri()
      Deprecated.

    • setRedirectPath

      public void setRedirectPath(String redirectPath)

    • setErrorPage

      public void setErrorPage(String path)

    • login

      public org.eclipse.jetty.server.UserIdentity login(String username, Object credentials, jakarta.servlet.ServletRequest request)
      Overrides:
      login in class org.eclipse.jetty.security.authentication.LoginAuthenticator

    • logout

      public void logout(jakarta.servlet.ServletRequest request)
      Overrides:
      logout in class org.eclipse.jetty.security.authentication.LoginAuthenticator

    • prepareRequest

      public void prepareRequest(jakarta.servlet.ServletRequest request)
      Specified by:
      prepareRequest in interface org.eclipse.jetty.security.Authenticator
      Overrides:
      prepareRequest in class org.eclipse.jetty.security.authentication.LoginAuthenticator

    • validateRequest

      public org.eclipse.jetty.server.Authentication validateRequest(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, boolean mandatory) throws org.eclipse.jetty.security.ServerAuthException
      Throws:
      org.eclipse.jetty.security.ServerAuthException

    • isJSecurityCheck

      public boolean isJSecurityCheck(String uri)

    • isErrorPage

      public boolean isErrorPage(String pathInContext)

    • getChallengeUri

      protected String getChallengeUri(org.eclipse.jetty.server.Request request)

    • secureResponse

      public boolean secureResponse(jakarta.servlet.ServletRequest req, jakarta.servlet.ServletResponse res, boolean mandatory, org.eclipse.jetty.server.Authentication.User validatedUser)