Class OpenIdAuthenticator
- java.lang.Object
-
- org.eclipse.jetty.security.authentication.LoginAuthenticator
-
- org.eclipse.jetty.security.openid.OpenIdAuthenticator
-
- All Implemented Interfaces:
Authenticator
public class OpenIdAuthenticator extends LoginAuthenticator
Implements authentication using OpenId Connect on top of OAuth 2.0.
The OpenIdAuthenticator redirects unauthenticated requests to the OpenID Connect Provider. The End-User is eventually redirected back with an Authorization Code to the /j_security_check URI within the context. The Authorization Code is then used to authenticate the user through the
OpenIdCredentialsandOpenIdLoginService.Once a user is authenticated the OpenID Claims can be retrieved through an attribute on the session with the key
CLAIMS. The full response containing the OAuth 2.0 Access Token can be obtained with the session attributeRESPONSE.SessionAuthenticationis then used to wrap Authentication results so that they are associated with the session.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classOpenIdAuthenticator.OpenIdAuthenticationThis Authentication represents a just completed OpenId Connect authentication.-
Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
Authenticator.AuthConfiguration, Authenticator.Factory
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringCLAIMSstatic java.lang.StringCSRF_TOKENstatic java.lang.StringERROR_PAGEstatic java.lang.StringERROR_PARAMETERstatic java.lang.StringJ_METHODstatic java.lang.StringJ_POSTstatic java.lang.StringJ_SECURITY_CHECKstatic java.lang.StringJ_URIstatic java.lang.StringRESPONSE-
Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
_identityService, _loginService
-
-
Constructor Summary
Constructors Constructor Description OpenIdAuthenticator()OpenIdAuthenticator(OpenIdConfiguration configuration, java.lang.String errorPage)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.StringgetAuthMethod()protected java.lang.StringgetChallengeUri(javax.servlet.http.HttpServletRequest request)booleanisAlwaysSaveUri()booleanisErrorPage(java.lang.String pathInContext)booleanisJSecurityCheck(java.lang.String uri)UserIdentitylogin(java.lang.String username, java.lang.Object credentials, javax.servlet.ServletRequest request)voidlogout(javax.servlet.ServletRequest request)voidprepareRequest(javax.servlet.ServletRequest request)booleansecureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser)voidsetAlwaysSaveUri(boolean alwaysSave)If true, uris that cause a redirect to a login page will always be remembered.voidsetConfiguration(Authenticator.AuthConfiguration configuration)AuthenticationvalidateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory)-
Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, renewSession
-
-
-
-
Field Detail
-
CLAIMS
public static final java.lang.String CLAIMS
- See Also:
- Constant Field Values
-
RESPONSE
public static final java.lang.String RESPONSE
- See Also:
- Constant Field Values
-
ERROR_PAGE
public static final java.lang.String ERROR_PAGE
- See Also:
- Constant Field Values
-
J_URI
public static final java.lang.String J_URI
- See Also:
- Constant Field Values
-
J_POST
public static final java.lang.String J_POST
- See Also:
- Constant Field Values
-
J_METHOD
public static final java.lang.String J_METHOD
- See Also:
- Constant Field Values
-
CSRF_TOKEN
public static final java.lang.String CSRF_TOKEN
- See Also:
- Constant Field Values
-
J_SECURITY_CHECK
public static final java.lang.String J_SECURITY_CHECK
- See Also:
- Constant Field Values
-
ERROR_PARAMETER
public static final java.lang.String ERROR_PARAMETER
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
OpenIdAuthenticator
public OpenIdAuthenticator()
-
OpenIdAuthenticator
public OpenIdAuthenticator(OpenIdConfiguration configuration, java.lang.String errorPage)
-
-
Method Detail
-
setConfiguration
public void setConfiguration(Authenticator.AuthConfiguration configuration)
- Specified by:
setConfigurationin interfaceAuthenticator- Overrides:
setConfigurationin classLoginAuthenticator
-
getAuthMethod
public java.lang.String getAuthMethod()
-
setAlwaysSaveUri
public void setAlwaysSaveUri(boolean alwaysSave)
If true, uris that cause a redirect to a login page will always be remembered. If false, only the first uri that leads to a login page redirect is remembered.- Parameters:
alwaysSave- true to always save the uri
-
isAlwaysSaveUri
public boolean isAlwaysSaveUri()
-
login
public UserIdentity login(java.lang.String username, java.lang.Object credentials, javax.servlet.ServletRequest request)
- Overrides:
loginin classLoginAuthenticator
-
logout
public void logout(javax.servlet.ServletRequest request)
- Overrides:
logoutin classLoginAuthenticator
-
prepareRequest
public void prepareRequest(javax.servlet.ServletRequest request)
- Specified by:
prepareRequestin interfaceAuthenticator- Overrides:
prepareRequestin classLoginAuthenticator
-
validateRequest
public Authentication validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException
- Throws:
ServerAuthException
-
isJSecurityCheck
public boolean isJSecurityCheck(java.lang.String uri)
-
isErrorPage
public boolean isErrorPage(java.lang.String pathInContext)
-
getChallengeUri
protected java.lang.String getChallengeUri(javax.servlet.http.HttpServletRequest request)
-
secureResponse
public boolean secureResponse(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory, Authentication.User validatedUser)
-
-