Package io.undertow.security.impl
Class GSSAPIAuthenticationMechanism
- java.lang.Object
-
- io.undertow.security.impl.GSSAPIAuthenticationMechanism
-
- All Implemented Interfaces:
AuthenticationMechanism
public class GSSAPIAuthenticationMechanism extends Object implements AuthenticationMechanism
AuthenticationMechanismfor GSSAPI / SPNEGO based authentication.GSSAPI authentication is associated with the HTTP connection, as long as a connection is being re-used allow the authentication state to be re-used.
TODO - May consider an option to allow it to also be associated with the underlying session but that has it's own risks so would need to come with a warning.
- Author:
- Darran Lofthouse
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface io.undertow.security.api.AuthenticationMechanism
AuthenticationMechanism.AuthenticationMechanismOutcome, AuthenticationMechanism.ChallengeResult
-
-
Field Summary
Fields Modifier and Type Field Description static ExclusivityCheckerEXCLUSIVITY_CHECKER
-
Constructor Summary
Constructors Constructor Description GSSAPIAuthenticationMechanism(GSSAPIServerSubjectFactory subjectFactory)GSSAPIAuthenticationMechanism(GSSAPIServerSubjectFactory subjectFactory, IdentityManager identityManager, Oid... supportedMechanisms)GSSAPIAuthenticationMechanism(GSSAPIServerSubjectFactory subjectFactory, Oid... supportedMechanisms)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthenticationMechanism.AuthenticationMechanismOutcomeauthenticate(HttpServerExchange exchange, SecurityContext securityContext)Perform authentication of the request.AuthenticationMechanism.AuthenticationMechanismOutcomerunGSSAPI(HttpServerExchange exchange, ByteBuffer challenge, SecurityContext securityContext)AuthenticationMechanism.ChallengeResultsendChallenge(HttpServerExchange exchange, SecurityContext securityContext)Send an authentication challenge to the remote client.
-
-
-
Field Detail
-
EXCLUSIVITY_CHECKER
public static final ExclusivityChecker EXCLUSIVITY_CHECKER
-
-
Constructor Detail
-
GSSAPIAuthenticationMechanism
public GSSAPIAuthenticationMechanism(GSSAPIServerSubjectFactory subjectFactory, IdentityManager identityManager, Oid... supportedMechanisms)
-
GSSAPIAuthenticationMechanism
public GSSAPIAuthenticationMechanism(GSSAPIServerSubjectFactory subjectFactory, Oid... supportedMechanisms)
-
GSSAPIAuthenticationMechanism
public GSSAPIAuthenticationMechanism(GSSAPIServerSubjectFactory subjectFactory)
-
-
Method Detail
-
authenticate
public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange exchange, SecurityContext securityContext)
Description copied from interface:AuthenticationMechanismPerform authentication of the request. Any potentially blocking work should be performed in the handoff executor provided- Specified by:
authenticatein interfaceAuthenticationMechanism- Parameters:
exchange- The exchange- Returns:
-
sendChallenge
public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange exchange, SecurityContext securityContext)
Description copied from interface:AuthenticationMechanismSend an authentication challenge to the remote client.The individual mechanisms should update the response headers and body of the message as appropriate however they should not set the response code, instead that should be indicated in the
AuthenticationMechanism.ChallengeResultand the most appropriate overall response code will be selected. This method should not returnnull.- Specified by:
sendChallengein interfaceAuthenticationMechanism- Parameters:
exchange- The exchangesecurityContext- The security context- Returns:
- A
AuthenticationMechanism.ChallengeResultindicating if a challenge was sent and the desired response code.
-
runGSSAPI
public AuthenticationMechanism.AuthenticationMechanismOutcome runGSSAPI(HttpServerExchange exchange, ByteBuffer challenge, SecurityContext securityContext)
-
-