Class LoginAuthenticator
java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
- All Implemented Interfaces:
Authenticator
- Direct Known Subclasses:
BasicAuthenticator, DigestAuthenticator, FormAuthenticator, SPNEGOAuthenticator, SslClientCertAuthenticator
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classstatic classThis Authentication represents a just completed authentication, that has sent a response, typically to redirect the client to the original request target..static classBase class for representing a successful authentication state.Nested classes/interfaces inherited from interface Authenticator
Authenticator.Configuration, Authenticator.Factory, Authenticator.NoOp -
Field Summary
FieldsFields inherited from interface Authenticator
BASIC_AUTH, CERT_AUTH, CERT_AUTH2, DIGEST_AUTH, FORM_AUTH, NEGOTIATE_AUTH, OPENID_AUTH, SPNEGO_AUTH -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionlogin(String username, Object password, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) If the UserIdentity returned fromLoginService.login(String, Object, Request, Function)is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability.voidlogout(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) voidsetConfiguration(Authenticator.Configuration configuration) Configure the Authenticatorprotected voidupdateSession(org.eclipse.jetty.server.Request httpRequest, org.eclipse.jetty.server.Response httpResponse) Update the session on authentication.Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface Authenticator
getAuthenticationType, getConstraintAuthentication, prepareRequest, validateRequest
-
Field Details
-
_loginService
-
_identityService
-
-
Constructor Details
-
LoginAuthenticator
protected LoginAuthenticator()
-
-
Method Details
-
login
public UserIdentity login(String username, Object password, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) If the UserIdentity returned fromLoginService.login(String, Object, Request, Function)is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.- Parameters:
username- the username of the client to be authenticatedpassword- the user's credentialrequest- the inbound request that needs authentication
-
logout
public void logout(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response) -
setConfiguration
Description copied from interface:AuthenticatorConfigure the Authenticator- Specified by:
setConfigurationin interfaceAuthenticator- Parameters:
configuration- the configuration
-
getLoginService
-
updateSession
protected void updateSession(org.eclipse.jetty.server.Request httpRequest, org.eclipse.jetty.server.Response httpResponse) Update the session on authentication. The session is changed to a new instance with a new ID if and only if:- A session exists.
- The
Authenticator.Configuration.isSessionRenewedOnAuthentication()returns true. - The session ID has been given to unauthenticated responses
- Parameters:
httpRequest- the requesthttpResponse- the response- See Also:
-