Package org.eclipse.jetty.security.authentication

Class ConfigurableSpnegoAuthenticator

  • All Implemented Interfaces:
    Authenticator
    public class ConfigurableSpnegoAuthenticator
extends LoginAuthenticator

    A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

    A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

    See Also:
    ConfigurableSpnegoLoginService

    • Constructor Detail

      • ConfigurableSpnegoAuthenticator

        public ConfigurableSpnegoAuthenticator()

      • ConfigurableSpnegoAuthenticator

        public ConfigurableSpnegoAuthenticator​(java.lang.String authMethod)
        Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
        Parameters:
        authMethod - the auth method

    • Method Detail

      • getAuthMethod

        public java.lang.String getAuthMethod()
        Returns:
        The name of the authentication method

      • getAuthenticationDuration

        public java.time.Duration getAuthenticationDuration()
        Returns:
        the authentication duration

      • setAuthenticationDuration

        public void setAuthenticationDuration​(java.time.Duration authenticationDuration)

        Sets the duration of the authentication.

        A negative duration means that the authentication is only valid for the current request.

        A zero duration means that the authentication is valid forever.

        A positive value means that the authentication is valid for the specified duration.

        Parameters:
        authenticationDuration - the authentication duration

      • validateRequest

        public org.eclipse.jetty.server.Authentication validateRequest​(javax.servlet.ServletRequest req,
                                                               javax.servlet.ServletResponse res,
                                                               boolean mandatory)
                                                        throws ServerAuthException
        Description copied from interface: Authenticator
        Validate a request
        Parameters:
        req - The request
        res - The response
        mandatory - True if authentication is mandatory.
        Returns:
        An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
        Throws:
        ServerAuthException - if unable to validate request

      • secureResponse

        public boolean secureResponse​(javax.servlet.ServletRequest request,
                              javax.servlet.ServletResponse response,
                              boolean mandatory,
                              org.eclipse.jetty.server.Authentication.User validatedUser)
        Description copied from interface: Authenticator
        is response secure
        Parameters:
        request - the request
        response - the response
        mandatory - if security is mandator
        validatedUser - the user that was validated
        Returns:
        true if response is secure