public class TokenAuthenticationScheme extends Object implements HttpAuthenticationScheme<TokenAuthenticationConfiguration>
A custom HttpAuthenticationScheme
that knows how to extract a header from
the request containing a token to authenticate/re-authenticate an user.
Tokens are issued by providing specific credentials for the primary authentication scheme. This scheme will be used to validate user's credentials (eg.: username/password over BASIC) and if successful, issue a token.
By default, the primary authentication scheme is BasicAuthenticationScheme
. In order to
change it, subclasses may override the getPrimaryAuthenticationScheme
method.
Once a token is issued, it will be written to the HttpServletResponse
using a JSON format. In order to
change how tokens are returned to clients, subclasses may override the writeToken(String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
.
This scheme is used by the SecurityFilter
, which is configured in the web application
deployment descriptor (web.xml).
Modifier and Type | Field and Description |
---|---|
static String |
AUTHENTICATION_SCHEME_NAME |
static String |
AUTHORIZATION_TOKEN_HEADER_NAME |
static String |
REQUIRES_AUTHENTICATION_HEADER_NAME |
Constructor and Description |
---|
TokenAuthenticationScheme() |
Modifier and Type | Method and Description |
---|---|
void |
challengeClient(HttpServletRequest request,
HttpServletResponse response)
We use a 401 http status code to sinalize to clients that authentication is required.
|
protected TokenCredential |
createCredential(String extractedToken)
Creates a
TokenCredential using the token previously extracted from the request. |
void |
extractCredential(HttpServletRequest request,
DefaultLoginCredentials creds)
Extracts the credentials from the given
HttpServletRequest and populates the
DefaultLoginCredentials with them. |
protected String |
extractTokenFromRequest(HttpServletRequest request)
Extracts the token from the
HttpServletRequest . |
protected DefaultLoginCredentials |
getCredentials()
Returns the current
DefaultLoginCredentials associated with the request. |
protected Identity |
getIdentity()
Returns the current
Identity associated with the request. |
protected HttpAuthenticationScheme |
getPrimaryAuthenticationScheme()
Returns the primary
HttpAuthenticationScheme that will be used to validate user's
credential before issuing a new token. |
protected Token.Consumer |
getTokenConsumer() |
protected Token.Provider |
getTokenProvider() |
void |
initialize(TokenAuthenticationConfiguration config)
Called one time during initialization.
|
protected String |
issueToken(HttpServletRequest request,
HttpServletResponse response)
Issues a token for a previously authenticated
Account using the
configured Token.Provider . |
void |
onPostAuthentication(HttpServletRequest request,
HttpServletResponse response)
Performs any post-authentication logic regarding of the authentication result.
|
protected void |
writeToken(String issuedToken,
HttpServletRequest request,
HttpServletResponse response)
Writes the
issuedToken to the HttpServletResponse . |
public static final String AUTHORIZATION_TOKEN_HEADER_NAME
public static final String AUTHENTICATION_SCHEME_NAME
public static final String REQUIRES_AUTHENTICATION_HEADER_NAME
public void initialize(TokenAuthenticationConfiguration config)
HttpAuthenticationScheme
initialize
in interface HttpAuthenticationScheme<TokenAuthenticationConfiguration>
config
- The configuration.public void extractCredential(HttpServletRequest request, DefaultLoginCredentials creds)
HttpAuthenticationScheme
HttpServletRequest
and populates the
DefaultLoginCredentials
with them. If the request is not an authentication attempt (as defined by the
implementation), then creds
is not affected.extractCredential
in interface HttpAuthenticationScheme<TokenAuthenticationConfiguration>
request
- The current request, to examine for authentication information.creds
- The credentials instance that will be populated with the credentials found in the request, if any.public void challengeClient(HttpServletRequest request, HttpServletResponse response)
We use a 401 http status code to sinalize to clients that authentication is required.
We only challenge clients if the authentication failed. In other words, if there is a token in the request bu it is invalid.
challengeClient
in interface HttpAuthenticationScheme<TokenAuthenticationConfiguration>
request
- response
- IOException
public void onPostAuthentication(HttpServletRequest request, HttpServletResponse response)
HttpAuthenticationScheme
onPostAuthentication
in interface HttpAuthenticationScheme<TokenAuthenticationConfiguration>
request
- The current request, which may be used to obtain a RequestDispatcher
if needed.response
- The current response, which can be used to send an HTTP response, or a redirect.protected DefaultLoginCredentials getCredentials()
Returns the current DefaultLoginCredentials
associated with the request.
protected Identity getIdentity()
Returns the current Identity
associated with the request.
protected HttpAuthenticationScheme getPrimaryAuthenticationScheme()
Returns the primary HttpAuthenticationScheme
that will be used to validate user's
credential before issuing a new token.
Default authentication scheme is BasicAuthenticationScheme
.
protected String extractTokenFromRequest(HttpServletRequest request)
Extracts the token from the HttpServletRequest
.
Subclasses can override this method to customize how tokens are extracted from the request.
request
- protected TokenCredential createCredential(String extractedToken)
Creates a TokenCredential
using the token previously extracted from the request.
Subclasses can override this method to customize how the credential is created. Defaults to an instance of TokenCredential
.
extractedToken
- The token previously extracted from the request.protected String issueToken(HttpServletRequest request, HttpServletResponse response)
Issues a token for a previously authenticated Account
using the
configured Token.Provider
.
request
- response
- protected void writeToken(String issuedToken, HttpServletRequest request, HttpServletResponse response)
Writes the issuedToken
to the HttpServletResponse
.
issuedToken
- request
- response
- protected Token.Provider getTokenProvider()
protected Token.Consumer getTokenConsumer()
Copyright © 2018 JBoss by Red Hat. All rights reserved.