java.lang.Object
- org.nuxeo.ecm.jwt.JWTAuthenticator

All Implemented Interfaces:

NuxeoAuthenticationPlugin
```
public class JWTAuthenticator
extends Object
implements NuxeoAuthenticationPlugin
```
JSON Web Token (JWT) Authentication Plugin.
The Authorization Bearer token from the headers is checked with the JWTService for validity, and if it is valid the authentication is done for the token's subject.
If an "aud" claim (JWTClaims.CLAIM_AUDIENCE) is present in the token, it must be a prefix of the request HTTP path info (excluding the web context). This allows limiting tokens for specific URL patterns.

Since:

10.3

Field Summary

Fields
Modifier and Type Field Description

protected static String ACCESS_TOKEN

protected static String BEARER_SP

Constructor Summary

Constructors
Constructor Description

JWTAuthenticator()

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected static String`	`getRequestPath(javax.servlet.http.HttpServletRequest request)`	Gets the request path.
`List<String>`	`getUnAuthenticatedURLPrefix()`	Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
`Boolean`	`handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL)`	Handles the Login Prompt.
`UserIdentificationInfo`	`handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)`	Retrieves user identification information from the request.
`void`	`initPlugin(Map<String,String> parameters)`	Initializes the Plugin from parameters set in the XML descriptor.
`protected static boolean`	`isEqualOrPathPrefix(String path, String prefix)`	Compares path-wise a path with a prefix.
`Boolean`	`needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)`	Defines if the authentication plugin needs to do a login prompt.
`protected String`	`retrieveToken(javax.servlet.http.HttpServletRequest request)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - BEARER_SP
```
protected static final String BEARER_SP
```
    See Also:
    
    Constant Field Values
  - ACCESS_TOKEN
```
protected static final String ACCESS_TOKEN
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - JWTAuthenticator
```
public JWTAuthenticator()
```
- Method Detail
  - initPlugin
```
public void initPlugin(Map<String,String> parameters)
```
    Description copied from interface: NuxeoAuthenticationPlugin
    
    Initializes the Plugin from parameters set in the XML descriptor.
    
    Specified by:
    
    initPlugin in interface NuxeoAuthenticationPlugin
  - getUnAuthenticatedURLPrefix
```
public List<String> getUnAuthenticatedURLPrefix()
```
    Description copied from interface: NuxeoAuthenticationPlugin
    
    Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
    
    Specified by:
    
    getUnAuthenticatedURLPrefix in interface NuxeoAuthenticationPlugin
  - needLoginPrompt
```
public Boolean needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)
```
    Description copied from interface: NuxeoAuthenticationPlugin
    
    Defines if the authentication plugin needs to do a login prompt.
    
    Specified by:
    
    needLoginPrompt in interface NuxeoAuthenticationPlugin
    
    Returns:
    
    true if LoginPrompt is used
  - handleLoginPrompt
```
public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest,
                                 javax.servlet.http.HttpServletResponse httpResponse,
                                 String baseURL)
```
    Description copied from interface: NuxeoAuthenticationPlugin
    
    Handles the Login Prompt.
    
    Specified by:
    
    handleLoginPrompt in interface NuxeoAuthenticationPlugin
    
    Parameters:
    
    httpRequest - the request
    
    httpResponse - the response
    
    Returns:
    
    true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
  - handleRetrieveIdentity
```
public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request,
                                                     javax.servlet.http.HttpServletResponse response)
```
    Description copied from interface: NuxeoAuthenticationPlugin
    
    Retrieves user identification information from the request.
    
    Specified by:
    
    handleRetrieveIdentity in interface NuxeoAuthenticationPlugin
    
    Parameters:
    
    request - the request
    
    response - the response
  - retrieveToken
```
protected String retrieveToken(javax.servlet.http.HttpServletRequest request)
```
  - getRequestPath
```
protected static String getRequestPath(javax.servlet.http.HttpServletRequest request)
```
    Gets the request path. The returned value never starts nor ends with a slash.
  - isEqualOrPathPrefix
```
protected static boolean isEqualOrPathPrefix(String path,
                                             String prefix)
```
    Compares path-wise a path with a prefix.

Modifier and Type	Field	Description
`protected static String`	`ACCESS_TOKEN`
`protected static String`	`BEARER_SP`

Class JWTAuthenticator

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

BEARER_SP

ACCESS_TOKEN

Constructor Detail

JWTAuthenticator

Method Detail

initPlugin

getUnAuthenticatedURLPrefix

needLoginPrompt

handleLoginPrompt

handleRetrieveIdentity

retrieveToken

getRequestPath

isEqualOrPathPrefix