public class JWTAuthenticator extends Object implements NuxeoAuthenticationPlugin
The Authorization Bearer token from the headers is checked with the JWTService
for validity, and if it is
valid the authentication is done for the token's subject.
If an "aud" claim (JWTClaims.CLAIM_AUDIENCE
) is present in the token, it must be a prefix of the request HTTP
path info (excluding the web context). This allows limiting tokens for specific URL patterns.
Modifier and Type | Field and Description |
---|---|
protected static String |
ACCESS_TOKEN |
protected static String |
BEARER_SP |
Constructor and Description |
---|
JWTAuthenticator() |
Modifier and Type | Method and Description |
---|---|
protected static String |
getRequestPath(javax.servlet.http.HttpServletRequest request)
Gets the request path.
|
List<String> |
getUnAuthenticatedURLPrefix()
Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
|
Boolean |
handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest,
javax.servlet.http.HttpServletResponse httpResponse,
String baseURL)
Handles the Login Prompt.
|
UserIdentificationInfo |
handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Retrieves user identification information from the request.
|
void |
initPlugin(Map<String,String> parameters)
Initializes the Plugin from parameters set in the XML descriptor.
|
protected static boolean |
isEqualOrPathPrefix(String path,
String prefix)
Compares path-wise a path with a prefix.
|
Boolean |
needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)
Defines if the authentication plugin needs to do a login prompt.
|
protected String |
retrieveToken(javax.servlet.http.HttpServletRequest request) |
protected static final String BEARER_SP
protected static final String ACCESS_TOKEN
public JWTAuthenticator()
public void initPlugin(Map<String,String> parameters)
NuxeoAuthenticationPlugin
initPlugin
in interface NuxeoAuthenticationPlugin
public List<String> getUnAuthenticatedURLPrefix()
NuxeoAuthenticationPlugin
getUnAuthenticatedURLPrefix
in interface NuxeoAuthenticationPlugin
public Boolean needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)
NuxeoAuthenticationPlugin
needLoginPrompt
in interface NuxeoAuthenticationPlugin
public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL)
NuxeoAuthenticationPlugin
handleLoginPrompt
in interface NuxeoAuthenticationPlugin
httpRequest
- the requesthttpResponse
- the responsepublic UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
NuxeoAuthenticationPlugin
handleRetrieveIdentity
in interface NuxeoAuthenticationPlugin
request
- the requestresponse
- the responseprotected String retrieveToken(javax.servlet.http.HttpServletRequest request)
protected static String getRequestPath(javax.servlet.http.HttpServletRequest request)
protected static boolean isEqualOrPathPrefix(String path, String prefix)
Copyright © 2019 Nuxeo. All rights reserved.