Class JWTAuthenticator

java.lang.Object
org.nuxeo.ecm.jwt.JWTAuthenticator
All Implemented Interfaces:
NuxeoAuthenticationPlugin

public class JWTAuthenticator extends Object implements NuxeoAuthenticationPlugin
JSON Web Token (JWT) Authentication Plugin.

The Authorization Bearer token from the headers is checked with the JWTService for validity, and if it is valid the authentication is done for the token's subject.

If an "aud" claim (JWTClaims.CLAIM_AUDIENCE) is present in the token, it must be a prefix of the request HTTP path info (excluding the web context). This allows limiting tokens for specific URL patterns.

Since:
10.3
  • Field Details

  • Constructor Details

    • JWTAuthenticator

      public JWTAuthenticator()
  • Method Details

    • initPlugin

      public void initPlugin(Map<String,String> parameters)
      Description copied from interface: NuxeoAuthenticationPlugin
      Initializes the Plugin from parameters set in the XML descriptor.
      Specified by:
      initPlugin in interface NuxeoAuthenticationPlugin
    • getUnAuthenticatedURLPrefix

      public List<String> getUnAuthenticatedURLPrefix()
      Description copied from interface: NuxeoAuthenticationPlugin
      Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
      Specified by:
      getUnAuthenticatedURLPrefix in interface NuxeoAuthenticationPlugin
    • needLoginPrompt

      public Boolean needLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest)
      Description copied from interface: NuxeoAuthenticationPlugin
      Defines if the authentication plugin needs to do a login prompt.
      Specified by:
      needLoginPrompt in interface NuxeoAuthenticationPlugin
      Returns:
      true if LoginPrompt is used
    • handleLoginPrompt

      public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL)
      Description copied from interface: NuxeoAuthenticationPlugin
      Handles the Login Prompt.
      Specified by:
      handleLoginPrompt in interface NuxeoAuthenticationPlugin
      Parameters:
      httpRequest - the request
      httpResponse - the response
      Returns:
      true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
    • handleRetrieveIdentity

      public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Description copied from interface: NuxeoAuthenticationPlugin
      Retrieves user identification information from the request.
      Specified by:
      handleRetrieveIdentity in interface NuxeoAuthenticationPlugin
      Parameters:
      request - the request
      response - the response
    • retrieveToken

      protected String retrieveToken(javax.servlet.http.HttpServletRequest request)
    • getRequestPath

      protected static String getRequestPath(javax.servlet.http.HttpServletRequest request)
      Gets the request path. The returned value never starts nor ends with a slash.
    • isEqualOrPathPrefix

      protected static boolean isEqualOrPathPrefix(String path, String prefix)
      Compares path-wise a path with a prefix.