ConfigurableSpnegoAuthenticator (Jetty :: Project 9.4.16.v20190411 API)

java.lang.Object
- org.eclipse.jetty.security.authentication.LoginAuthenticator
- - org.eclipse.jetty.security.authentication.ConfigurableSpnegoAuthenticator

All Implemented Interfaces:

Authenticator
```
public class ConfigurableSpnegoAuthenticator
extends LoginAuthenticator
```
A LoginAuthenticator that uses SPNEGO and the GSS API to authenticate requests.

A successful authentication from a client is cached for a configurable duration using the HTTP session; this avoids that the client is asked to authenticate for every request.

See Also:

ConfigurableSpnegoLoginService

Nested Class Summary
- Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator
  Authenticator.AuthConfiguration, Authenticator.Factory

Field Summary
- Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
  _identityService, _loginService

Constructor Summary

Constructors
Constructor and Description
`ConfigurableSpnegoAuthenticator()`
`ConfigurableSpnegoAuthenticator(java.lang.String authMethod)` Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`java.time.Duration`	`getAuthenticationDuration()`
`java.lang.String`	`getAuthMethod()`
`boolean`	`secureResponse(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, boolean mandatory, Authentication.User validatedUser)` is response secure
`void`	`setAuthenticationDuration(java.time.Duration authenticationDuration)` Sets the duration of the authentication.
`Authentication`	`validateRequest(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, boolean mandatory)` Validate a request

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator
getLoginService, login, logout, prepareRequest, renewSession, setConfiguration

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - ConfigurableSpnegoAuthenticator
```
public ConfigurableSpnegoAuthenticator()
```
  - ConfigurableSpnegoAuthenticator
```
public ConfigurableSpnegoAuthenticator(java.lang.String authMethod)
```
    Allow for a custom authMethod value to be set for instances where SPNEGO may not be appropriate
    
    Parameters:
    
    authMethod - the auth method
- Method Detail
  - getAuthMethod
```
public java.lang.String getAuthMethod()
```
    Returns:
    
    The name of the authentication method
  - getAuthenticationDuration
```
public java.time.Duration getAuthenticationDuration()
```
    Returns:
    
    the authentication duration
  - setAuthenticationDuration
```
public void setAuthenticationDuration(java.time.Duration authenticationDuration)
```
    Sets the duration of the authentication.
    
    A negative duration means that the authentication is only valid for the current request.
    
    A zero duration means that the authentication is valid forever.
    
    A positive value means that the authentication is valid for the specified duration.
    
    Parameters:
    
    authenticationDuration - the authentication duration
  - validateRequest
```
public Authentication validateRequest(javax.servlet.ServletRequest req,
                                      javax.servlet.ServletResponse res,
                                      boolean mandatory)
                               throws ServerAuthException
```
    Description copied from interface: Authenticator
    
    Validate a request
    
    Parameters:
    
    req - The request
    
    res - The response
    
    mandatory - True if authentication is mandatory.
    
    Returns:
    
    An Authentication. If Authentication is successful, this will be a Authentication.User. If a response has been sent by the Authenticator (which can be done for both successful and unsuccessful authentications), then the result will implement Authentication.ResponseSent. If Authentication is not mandatory, then a Authentication.Deferred may be returned.
    
    Throws:
    
    ServerAuthException - if unable to validate request
  - secureResponse
```
public boolean secureResponse(javax.servlet.ServletRequest request,
                              javax.servlet.ServletResponse response,
                              boolean mandatory,
                              Authentication.User validatedUser)
```
    Description copied from interface: Authenticator
    
    is response secure
    
    Parameters:
    
    request - the request
    
    response - the response
    
    mandatory - if security is mandator
    
    validatedUser - the user that was validated
    
    Returns:
    
    true if response is secure

Class ConfigurableSpnegoAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator

Field Summary

Fields inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

Constructor Summary

Method Summary

Methods inherited from class org.eclipse.jetty.security.authentication.LoginAuthenticator

Methods inherited from class java.lang.Object

Constructor Detail

ConfigurableSpnegoAuthenticator

ConfigurableSpnegoAuthenticator

Method Detail

getAuthMethod

getAuthenticationDuration

setAuthenticationDuration

validateRequest

secureResponse