Package org.nuxeo.ecm.jwt
Class JWTAuthenticator
java.lang.Object
org.nuxeo.ecm.jwt.JWTAuthenticator
- All Implemented Interfaces:
NuxeoAuthenticationPlugin
JSON Web Token (JWT) Authentication Plugin.
The Authorization Bearer token from the headers is checked with the JWTService
for validity, and if it is
valid the authentication is done for the token's subject.
If an "aud" claim (JWTClaims.CLAIM_AUDIENCE
) is present in the token, it must be a prefix of the request HTTP
path info (excluding the web context). This allows limiting tokens for specific URL patterns.
- Since:
- 10.3
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected static String
getRequestPath
(javax.servlet.http.HttpServletRequest request) Gets the request path.Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.handleLoginPrompt
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL) Handles the Login Prompt.handleRetrieveIdentity
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Retrieves user identification information from the request.void
initPlugin
(Map<String, String> parameters) Initializes the Plugin from parameters set in the XML descriptor.protected static boolean
isEqualOrPathPrefix
(String path, String prefix) Compares path-wise a path with a prefix.needLoginPrompt
(javax.servlet.http.HttpServletRequest httpRequest) Defines if the authentication plugin needs to do a login prompt.protected String
retrieveToken
(javax.servlet.http.HttpServletRequest request)
-
Field Details
-
BEARER_SP
- See Also:
-
ACCESS_TOKEN
- See Also:
-
-
Constructor Details
-
JWTAuthenticator
public JWTAuthenticator()
-
-
Method Details
-
initPlugin
Description copied from interface:NuxeoAuthenticationPlugin
Initializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPlugin
in interfaceNuxeoAuthenticationPlugin
-
getUnAuthenticatedURLPrefix
Description copied from interface:NuxeoAuthenticationPlugin
Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefix
in interfaceNuxeoAuthenticationPlugin
-
needLoginPrompt
Description copied from interface:NuxeoAuthenticationPlugin
Defines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPrompt
in interfaceNuxeoAuthenticationPlugin
- Returns:
- true if LoginPrompt is used
-
handleLoginPrompt
public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL) Description copied from interface:NuxeoAuthenticationPlugin
Handles the Login Prompt.- Specified by:
handleLoginPrompt
in interfaceNuxeoAuthenticationPlugin
- Parameters:
httpRequest
- the requesthttpResponse
- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Description copied from interface:NuxeoAuthenticationPlugin
Retrieves user identification information from the request.- Specified by:
handleRetrieveIdentity
in interfaceNuxeoAuthenticationPlugin
- Parameters:
request
- the requestresponse
- the response
-
retrieveToken
-
getRequestPath
Gets the request path. The returned value never starts nor ends with a slash. -
isEqualOrPathPrefix
Compares path-wise a path with a prefix.
-