Package org.eclipse.jetty.security

Interface Authenticator

All Known Implementing Classes:

BasicAuthenticator, ClientCertAuthenticator, DigestAuthenticator, FormAuthenticator, LoginAuthenticator, SpnegoAuthenticator

public interface Authenticator

Authenticator Interface

An Authenticator is responsible for checking requests and sending response challenges in order to authenticate a request. Various types of Authentication are returned in order to signal the next step in authentication.

Version:

$Rev: 4793 $ $Date: 2009-03-19 00:00:01 +0100 (Thu, 19 Mar 2009) $

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	Authenticator.AuthConfiguration	Authenticator Configuration
static interface	Authenticator.Factory	Authenticator Factory

Method Summary

Modifier and Type	Method	Description
java.lang.String	getAuthMethod()
void	prepareRequest(javax.servlet.ServletRequest request)	Called prior to validateRequest.
boolean	secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)	is response secure
void	setConfiguration(Authenticator.AuthConfiguration configuration)	Configure the Authenticator
Authentication	validateRequest(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory)	Validate a request

Method Detail

setConfiguration

void setConfiguration(Authenticator.AuthConfiguration configuration)

Configure the Authenticator

Parameters:

configuration - the configuration

getAuthMethod

java.lang.String getAuthMethod()

Returns:

The name of the authentication method

prepareRequest

void prepareRequest(javax.servlet.ServletRequest request)

Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.

Parameters:

request - the request to manipulate

validateRequest

Authentication validateRequest(javax.servlet.ServletRequest request,
                               javax.servlet.ServletResponse response,
                               boolean mandatory)
                        throws ServerAuthException

Validate a request

Parameters:

request - The request

response - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not manditory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException - if unable to validate request

secureResponse

boolean secureResponse(javax.servlet.ServletRequest request,
                       javax.servlet.ServletResponse response,
                       boolean mandatory,
                       Authentication.User validatedUser)
                throws ServerAuthException

is response secure

Parameters:

request - the request

response - the response

mandatory - if security is mandator

validatedUser - the user that was validated

Returns:

true if response is secure

Throws:

ServerAuthException - if unable to test response