public class ConfigurableSpnegoAuthenticator extends LoginAuthenticator
A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.
A successful authentication from a client is cached for a configurable
duration
using the HTTP session; this avoids
that the client is asked to authenticate for every request.
ConfigurableSpnegoLoginService
Modifier and Type | Class and Description |
---|---|
private static class |
ConfigurableSpnegoAuthenticator.UserIdentityHolder |
Authenticator.AuthConfiguration, Authenticator.Factory
Modifier and Type | Field and Description |
---|---|
private java.time.Duration |
_authenticationDuration |
private java.lang.String |
_authMethod |
private static Logger |
LOG |
_identityService, _loginService
Constructor and Description |
---|
ConfigurableSpnegoAuthenticator() |
ConfigurableSpnegoAuthenticator(java.lang.String authMethod)
Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
|
Modifier and Type | Method and Description |
---|---|
java.time.Duration |
getAuthenticationDuration() |
java.lang.String |
getAuthMethod() |
private java.lang.String |
getSpnegoToken(java.lang.String header) |
UserIdentity |
login(java.lang.String username,
java.lang.Object password,
javax.servlet.ServletRequest servletRequest)
Only renew the session id if the user has been fully authenticated, don't
renew the session for any of the intermediate request/response handshakes.
|
boolean |
secureResponse(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
boolean mandatory,
Authentication.User validatedUser)
is response secure
|
private void |
sendChallenge(javax.servlet.http.HttpServletResponse response,
java.lang.String token) |
void |
setAuthenticationDuration(java.time.Duration authenticationDuration)
Sets the duration of the authentication.
|
private void |
setSpnegoToken(javax.servlet.http.HttpServletResponse response,
java.lang.String token) |
Authentication |
validateRequest(javax.servlet.ServletRequest req,
javax.servlet.ServletResponse res,
boolean mandatory)
Validate a request
|
getLoginService, logout, prepareRequest, renewSession, setConfiguration
private static final Logger LOG
private final java.lang.String _authMethod
private java.time.Duration _authenticationDuration
public ConfigurableSpnegoAuthenticator()
public ConfigurableSpnegoAuthenticator(java.lang.String authMethod)
authMethod
- the auth methodpublic java.lang.String getAuthMethod()
public java.time.Duration getAuthenticationDuration()
public void setAuthenticationDuration(java.time.Duration authenticationDuration)
Sets the duration of the authentication.
A negative duration means that the authentication is only valid for the current request.
A zero duration means that the authentication is valid forever.
A positive value means that the authentication is valid for the specified duration.
authenticationDuration
- the authentication durationpublic UserIdentity login(java.lang.String username, java.lang.Object password, javax.servlet.ServletRequest servletRequest)
login
in class LoginAuthenticator
username
- the username of the client to be authenticatedpassword
- the user's credentialservletRequest
- the inbound request that needs authenticationpublic Authentication validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory) throws ServerAuthException
Authenticator
req
- The requestres
- The responsemandatory
- True if authentication is mandatory.Authentication.User
. If a response has
been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will
implement Authentication.ResponseSent
. If Authentication is not mandatory, then a
Authentication.Deferred
may be returned.ServerAuthException
- if unable to validate requestprivate void sendChallenge(javax.servlet.http.HttpServletResponse response, java.lang.String token) throws ServerAuthException
ServerAuthException
private void setSpnegoToken(javax.servlet.http.HttpServletResponse response, java.lang.String token)
private java.lang.String getSpnegoToken(java.lang.String header)
public boolean secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)
Authenticator
request
- the requestresponse
- the responsemandatory
- if security is mandatorvalidatedUser
- the user that was validated