Class MultiAuthenticator

java.lang.Object
org.eclipse.jetty.security.authentication.LoginAuthenticator
org.eclipse.jetty.security.MultiAuthenticator
All Implemented Interfaces:
Authenticator
public class MultiAuthenticator extends LoginAuthenticator

An Authenticator which maps different Authenticators to PathSpecs.

This can be used to support multiple different authentication methods for a single application such as FORM, OPENID and SIWE.

The setLoginPath(String) can be used to set a login page where unauthenticated users are redirected in the case that no Authenticators were matched. This can be used as a page to link to other paths where Authenticators are mapped to so that users can choose their login method.

  • Field Details

  • Constructor Details

    • MultiAuthenticator

      public MultiAuthenticator()

  • Method Details

    • addAuthenticator

      public void addAuthenticator(String pathSpec, Authenticator authenticator)
      Adds an authenticator which maps to the given pathSpec.
      Parameters:
      pathSpec - the pathSpec.
      authenticator - the authenticator.

    • setConfiguration

      public void setConfiguration(Authenticator.Configuration configuration)
      Description copied from interface: Authenticator
      Configure the Authenticator
      Specified by:
      setConfiguration in interface Authenticator
      Overrides:
      setConfiguration in class LoginAuthenticator
      Parameters:
      configuration - the configuration

    • setLoginPath

      public void setLoginPath(String loginPath)
      If a user is unauthenticated, a request which does not map to any of the Authenticators will redirect to this path.
      Parameters:
      loginPath - the loginPath.

    • isLoginPage

      public boolean isLoginPage(String uri)

    • setDispatch

      public void setDispatch(boolean dispatch)

    • getAuthenticationType

      public String getAuthenticationType()
      Returns:
      The name of the authentication type

    • login

      public UserIdentity login(String username, Object password, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response)
      Description copied from class: LoginAuthenticator
      If the UserIdentity returned from LoginService.login(String, Object, Request, Function) is not null, it is assumed that the user is fully authenticated and we need to change the session id to prevent session fixation vulnerability. If the UserIdentity is not necessarily fully authenticated, then subclasses must override this method and determine when the UserIdentity IS fully authenticated and renew the session id.
      Overrides:
      login in class LoginAuthenticator
      Parameters:
      username - the username of the client to be authenticated
      password - the user's credential
      request - the inbound request that needs authentication

    • logout

      public void logout(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response)
      Overrides:
      logout in class LoginAuthenticator

    • getConstraintAuthentication

      public Constraint.Authorization getConstraintAuthentication(String pathInContext, Constraint.Authorization existing, Function<Boolean, org.eclipse.jetty.server.Session> getSession)
      Description copied from interface: Authenticator
      Get an Constraint.Authorization applicable to the path for this authenticator. This is typically used to vary protection on special URIs known to a specific Authenticator (e.g. /j_security_check for the FormAuthenticator.
      Parameters:
      pathInContext - The pathInContext to potentially constrain.
      existing - The existing authentication constraint for the pathInContext determined independently of Authenticator
      getSession - Function to get or create a Session.
      Returns:
      The Constraint.Authorization to apply.

    • validateRequest

      public AuthenticationState validateRequest(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback) throws ServerAuthException
      Description copied from interface: Authenticator
      Attempts to validate the authentication state of the given request.

      If authentication is successful, an AuthenticationState.Succeeded is returned. If the authenticator has already committed a response (for either success or failure), the returned value will implement AuthenticationState.ResponseSent, and the provided Callback will be eventually be completed, otherwise the caller is responsible for completing the Callback.

      A null return value indicates that no authentication state could be established, possibly because the response has already been committed.

      Parameters:
      request - the request to validate.
      response - the response associated with the request.
      callback - the callback to use for writing a response.
      Returns:
      an AuthenticationState, or null if authentication could not be resolved.
      Throws:
      ServerAuthException - if unable to validate request.

    • prepareRequest

      public org.eclipse.jetty.server.Request prepareRequest(org.eclipse.jetty.server.Request request, AuthenticationState authenticationState)
      Description copied from interface: Authenticator
      Called after Authenticator.validateRequest(Request, Response, Callback) and before calling Request.Handler.handle(Request, Response, Callback) of the nested handler. This may be used by an Authenticator to restore method or content from a previous request that was challenged.
      Parameters:
      request - the request to prepare for handling
      authenticationState - The authentication for the request