ConfigurableSpnegoAuthenticator

java.lang.Object
- org.eclipse.jetty.security.authentication.LoginAuthenticator
- - org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator

All Implemented Interfaces:

Authenticator
```
public class ConfigurableSpnegoAuthenticator
extends LoginAuthenticator
```
A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

See Also:

ConfigurableSpnegoLoginService

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

private static class ConfigurableSpnegoAuthenticator.UserIdentityHolder
- Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
  Authenticator.AuthConfiguration, Authenticator.Factory

Nested Classes
Modifier and Type	Class and Description
`private static class`	`ConfigurableSpnegoAuthenticator.UserIdentityHolder`

Field Summary

Fields
Modifier and Type Field and Description

private java.time.Duration _authenticationDuration

private java.lang.String _authMethod

private static Logger LOG
- Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
  _identityService, _loginService

Fields
Modifier and Type	Field and Description
`private java.time.Duration`	`_authenticationDuration`
`private java.lang.String`	`_authMethod`
`private static Logger`	`LOG`

Constructor Summary

Constructors
Constructor and Description
`ConfigurableSpnegoAuthenticator()`
`ConfigurableSpnegoAuthenticator(java.lang.String authMethod)` Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`java.time.Duration`	`getAuthenticationDuration()`
`java.lang.String`	`getAuthMethod()`
`private java.lang.String`	`getSpnegoToken(java.lang.String header)`
`UserIdentity`	`login(java.lang.String username, java.lang.Object password, javax.servlet.ServletRequest servletRequest)` Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
`boolean`	`secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)` is response secure
`private void`	`sendChallenge(javax.servlet.http.HttpServletResponse response, java.lang.String token)`
`void`	`setAuthenticationDuration(java.time.Duration authenticationDuration)` Sets the duration of the authentication.
`private void`	`setSpnegoToken(javax.servlet.http.HttpServletResponse response, java.lang.String token)`
`Authentication`	`validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory)` Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, logout, prepareRequest, renewSession, setConfiguration

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - LOG
```
private static final Logger LOG
```
  - _authMethod
```
private final java.lang.String _authMethod
```
  - _authenticationDuration
```
private java.time.Duration _authenticationDuration
```
- Constructor Detail
  - ConfigurableSpnegoAuthenticator
```
public ConfigurableSpnegoAuthenticator()
```
  - ConfigurableSpnegoAuthenticator
```
public ConfigurableSpnegoAuthenticator(java.lang.String authMethod)
```
    Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
    
    Parameters:
    
    authMethod - the auth method
- Method Detail
  - getAuthMethod
```
public java.lang.String getAuthMethod()
```
    Returns:
    
    The name of the authentication method
  - getAuthenticationDuration
```
public java.time.Duration getAuthenticationDuration()
```
    Returns:
    
    the authentication duration
  - setAuthenticationDuration
```
public void setAuthenticationDuration(java.time.Duration authenticationDuration)
```
    Sets the duration of the authentication.
    
    A negative duration means that the authentication is only valid for the current request.
    
    A zero duration means that the authentication is valid forever.
    
    A positive value means that the authentication is valid for the specified duration.
    
    Parameters:
    
    authenticationDuration - the authentication duration
  - login
```
public UserIdentity login(java.lang.String username,
                          java.lang.Object password,
                          javax.servlet.ServletRequest servletRequest)
```
    Only renew the session id if the user has been fully authenticated, don't renew the session for any of the intermediate request/response handshakes.
    
    Overrides:
    
    login in class LoginAuthenticator
    
    Parameters:
    
    username - the username of the client to be authenticated
    
    password - the user's credential
    
    servletRequest - the inbound request that needs authentication
  - validateRequest
```
public Authentication validateRequest(javax.servlet.ServletRequest req,
                                      javax.servlet.ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException
```
    Description copied from interface: Authenticator
    
    Validate a request
    
    Parameters:
    
    req - The request
    
    res - The response
    
    mandatory - True if authentication is mandatory.
    
    Returns:
    
    An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
    
    Throws:
    
    ServerAuthException - if unable to validate request
  - sendChallenge
```
private void sendChallenge(javax.servlet.http.HttpServletResponse response,
                           java.lang.String token)
                    throws ServerAuthException
```
    Throws:
    
    ServerAuthException
  - setSpnegoToken
```
private void setSpnegoToken(javax.servlet.http.HttpServletResponse response,
                            java.lang.String token)
```
  - getSpnegoToken
```
private java.lang.String getSpnegoToken(java.lang.String header)
```
  - secureResponse
```
public boolean secureResponse(javax.servlet.ServletRequest request,
                              javax.servlet.ServletResponse response,
                              boolean mandatory,
                              Authentication.User validatedUser)
```
    Description copied from interface: Authenticator
    
    is response secure
    
    Parameters:
    
    request - the request
    
    response - the response
    
    mandatory - if security is mandator
    
    validatedUser - the user that was validated
    
    Returns:
    
    true if response is secure

Class ConfigurableSpnegoAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

Constructor Summary

Method Summary

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

Methods inherited from class java.lang.Object

Field Detail

LOG

_authMethod

_authenticationDuration

Constructor Detail

ConfigurableSpnegoAuthenticator

ConfigurableSpnegoAuthenticator

Method Detail

getAuthMethod

getAuthenticationDuration

setAuthenticationDuration

login

validateRequest

sendChallenge

setSpnegoToken

getSpnegoToken

secureResponse