org.eclipse.jetty.security.authentication

Class LoginAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

All Implemented Interfaces:

Authenticator

Direct Known Subclasses:

BasicAuthenticator, ClientCertAuthenticator, DigestAuthenticator, FormAuthenticator, JaspiAuthenticator, SpnegoAuthenticator

public abstract class LoginAuthenticator
extends Object
implements Authenticator

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields

Modifier and Type	Field and Description
protected IdentityService	_identityService
protected LoginService	_loginService

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	LoginAuthenticator()

Method Summary

Methods

Modifier and Type	Method and Description
LoginService	getLoginService()
UserIdentity	login(String username, Object password, ServletRequest request)
void	prepareRequest(ServletRequest request) Called prior to validateRequest.
protected HttpSession	renewSession(HttpServletRequest request, HttpServletResponse response) Change the session id.
void	setConfiguration(Authenticator.AuthConfiguration configuration) Configure the Authenticator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.security.Authenticator

getAuthMethod, secureResponse, validateRequest

Field Detail

_loginService

protected LoginService _loginService

_identityService

protected IdentityService _identityService

Constructor Detail

LoginAuthenticator

protected LoginAuthenticator()

Method Detail

prepareRequest

public void prepareRequest(ServletRequest request)

Description copied from interface: Authenticator

Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.

Specified by:

prepareRequest in interface Authenticator

login

public UserIdentity login(String username,
                 Object password,
                 ServletRequest request)

setConfiguration

public void setConfiguration(Authenticator.AuthConfiguration configuration)

Description copied from interface: Authenticator

Configure the Authenticator

Specified by:

setConfiguration in interface Authenticator

getLoginService

public LoginService getLoginService()

renewSession

protected HttpSession renewSession(HttpServletRequest request,
                       HttpServletResponse response)

Change the session id. The session is changed to a new instance with a new ID if and only if:

• A session exists.
• The AuthConfiguration#isSessionRenewedOnAuthentication() returns true.
• The session ID has been given to unauthenticated responses

Parameters:

request -

response -

Returns:

The new session.