org.eclipse.jetty.security.authentication

Class FormAuthenticator

java.lang.Object

org.eclipse.jetty.security.authentication.LoginAuthenticator

org.eclipse.jetty.security.authentication.FormAuthenticator

All Implemented Interfaces:

Authenticator

public class FormAuthenticator
extends LoginAuthenticator

FORM Authenticator.

This authenticator implements form authentication will use dispatchers to the login page if the __FORM_DISPATCH init parameter is set to true. Otherwise it will redirect.

The form authenticator redirects unauthenticated requests to a log page which should use a form to gather username/password from the user and send them to the /j_security_check URI within the context. FormAuthentication uses SessionAuthentication to wrap Authentication results so that they are associated with the session.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	FormAuthenticator.FormAuthentication This Authentication represents a just completed Form authentication.
protected static class	FormAuthenticator.FormRequest
protected static class	FormAuthenticator.FormResponse

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary

Fields

Modifier and Type	Field and Description
static String	__FORM_DISPATCH
static String	__FORM_ERROR_PAGE
static String	__FORM_LOGIN_PAGE
static String	__J_METHOD
static String	__J_PASSWORD
static String	__J_POST
static String	__J_SECURITY_CHECK
static String	__J_URI
static String	__J_USERNAME

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

_identityService, _loginService

Constructor Summary

Constructors

Constructor and Description
FormAuthenticator()
FormAuthenticator(String login, String error, boolean dispatch)

Method Summary

Methods

Modifier and Type	Method and Description
boolean	getAlwaysSaveUri()
String	getAuthMethod()
boolean	isJSecurityCheck(String uri)
boolean	isLoginOrErrorPage(String pathInContext)
UserIdentity	login(String username, Object password, ServletRequest request)
void	prepareRequest(ServletRequest request) Called prior to validateRequest.
boolean	secureResponse(ServletRequest req, ServletResponse res, boolean mandatory, Authentication.User validatedUser)
void	setAlwaysSaveUri(boolean alwaysSave) If true, uris that cause a redirect to a login page will always be remembered.
void	setConfiguration(Authenticator.AuthConfiguration configuration) Configure the Authenticator
Authentication	validateRequest(ServletRequest req, ServletResponse res, boolean mandatory) Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

getLoginService, renewSession

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

__FORM_LOGIN_PAGE

public static final String __FORM_LOGIN_PAGE

See Also:

Constant Field Values

__FORM_ERROR_PAGE

public static final String __FORM_ERROR_PAGE

See Also:

Constant Field Values

__FORM_DISPATCH

public static final String __FORM_DISPATCH

See Also:

Constant Field Values

__J_URI

public static final String __J_URI

See Also:

Constant Field Values

__J_POST

public static final String __J_POST

See Also:

Constant Field Values

__J_METHOD

public static final String __J_METHOD

See Also:

Constant Field Values

__J_SECURITY_CHECK

public static final String __J_SECURITY_CHECK

See Also:

Constant Field Values

__J_USERNAME

public static final String __J_USERNAME

See Also:

Constant Field Values

__J_PASSWORD

public static final String __J_PASSWORD

See Also:

Constant Field Values

Constructor Detail

FormAuthenticator

public FormAuthenticator()

FormAuthenticator

public FormAuthenticator(String login,
                 String error,
                 boolean dispatch)

Method Detail

setAlwaysSaveUri

public void setAlwaysSaveUri(boolean alwaysSave)

If true, uris that cause a redirect to a login page will always be remembered. If false, only the first uri that leads to a login page redirect is remembered. See https://bugs.eclipse.org/bugs/show_bug.cgi?id=379909

Parameters:

alwaysSave -

getAlwaysSaveUri

public boolean getAlwaysSaveUri()

setConfiguration

public void setConfiguration(Authenticator.AuthConfiguration configuration)

Description copied from interface: Authenticator

Configure the Authenticator

Specified by:

setConfiguration in interface Authenticator

Overrides:

setConfiguration in class LoginAuthenticator

See Also:

LoginAuthenticator.setConfiguration(org.eclipse.jetty.security.Authenticator.AuthConfiguration)

getAuthMethod

public String getAuthMethod()

Returns:

The name of the authentication method

login

public UserIdentity login(String username,
                 Object password,
                 ServletRequest request)

Overrides:

login in class LoginAuthenticator

prepareRequest

public void prepareRequest(ServletRequest request)

Description copied from interface: Authenticator

Called prior to validateRequest. The authenticator can manipulate the request to update it with information that can be inspected prior to validateRequest being called. The primary purpose of this method is to satisfy the Servlet Spec 3.1 section 13.6.3 on handling Form authentication where the http method of the original request causing authentication is not the same as the http method resulting from the redirect after authentication.

Specified by:

prepareRequest in interface Authenticator

Overrides:

prepareRequest in class LoginAuthenticator

validateRequest

public Authentication validateRequest(ServletRequest req,
                             ServletResponse res,
                             boolean mandatory)
                               throws ServerAuthException

Description copied from interface: Authenticator

Validate a request

Parameters:

req - The request

res - The response

mandatory - True if authentication is mandatory.

Returns:

An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not manditory, then a Authentication.Deferred may be returned.

Throws:

ServerAuthException

isJSecurityCheck

public boolean isJSecurityCheck(String uri)

isLoginOrErrorPage

public boolean isLoginOrErrorPage(String pathInContext)

secureResponse

public boolean secureResponse(ServletRequest req,
                     ServletResponse res,
                     boolean mandatory,
                     Authentication.User validatedUser)
                       throws ServerAuthException

Returns:

true if response is secure

Throws:

ServerAuthException