Class JwtSessionModule

  • All Implemented Interfaces:
    AsyncServerAuthModule

    public class JwtSessionModule
    extends AbstractJwtSessionModule<org.forgerock.jaspi.modules.session.jwt.CookieWrapper>
    implements AsyncServerAuthModule
    A JASPI CHF Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response. Then on subsequent requests checks for the presents of the JWT as a Cookie on the request and validates the signature and decrypts it and checks the expiration time of the JWT.
    • Constructor Detail

      • JwtSessionModule

        public JwtSessionModule()
        Constructs an instance of the JwtSessionModule.
      • JwtSessionModule

        public JwtSessionModule​(JwtBuilderFactory jwtBuilderFactory)
        Constructs an instance of the JwtSessionModule.
        Parameters:
        jwtBuilderFactory - An instance of the jwtBuilderFactory.
      • JwtSessionModule

        public JwtSessionModule​(JwtBuilderFactory jwtBuilderFactory,
                                JwtCryptographyHandler jwtCryptographyHandler)
        Constructs an instance of the JwtSessionModule.
        Parameters:
        jwtBuilderFactory - An instance of the jwtBuilderFactory.
        jwtCryptographyHandler - The JwtCryptographyHandler to use.
    • Method Detail

      • getModuleId

        public String getModuleId()
        Description copied from interface: AsyncServerAuthModule
        Gets the ID of the module to be used in creating authentication audit logs to uniquely identify the authentication module and its outcome when processing a request message.
        Specified by:
        getModuleId in interface AsyncServerAuthModule
        Returns:
        The ID of the module.
      • initialize

        public void initialize​(javax.security.auth.message.MessagePolicy requestPolicy,
                               javax.security.auth.message.MessagePolicy responsePolicy,
                               CallbackHandler handler,
                               Map<String,​Object> options)
                        throws AuthenticationException
        Description copied from interface: AsyncServerAuthModule

        Initialize this module with request and response message policies to enforce, a CallbackHandler, and any module specific configuration properties.

        The request policy and the response policy must not both be null.

        Specified by:
        initialize in interface AsyncServerAuthModule
        Parameters:
        requestPolicy - The request policy this module must enforce, or null.
        responsePolicy - The response policy this module must enforce, or null.
        handler - CallbackHandler used to request information.
        options - A Map of module-specific configuration properties.
        Throws:
        AuthenticationException - when module initialization fails, including for the case where the options argument contains elements that are not supported by the module.
      • getSupportedMessageTypes

        public Collection<Class<?>> getSupportedMessageTypes()
        Description copied from interface: AsyncServerAuthModule
        Gets the Collection of Class objects of the message types supported by the module.
        Specified by:
        getSupportedMessageTypes in interface AsyncServerAuthModule
        Returns:
        A Collection of Class objects, with at least on element defining the message type(s) supported by the module.
      • validateRequest

        public Promise<javax.security.auth.message.AuthStatus,​AuthenticationException> validateRequest​(MessageInfoContext messageInfo,
                                                                                                             Subject clientSubject,
                                                                                                             Subject serviceSubject)
        Description copied from interface: AsyncServerAuthModule
        Validates the incoming request message.
        Specified by:
        validateRequest in interface AsyncServerAuthModule
        Parameters:
        messageInfo - The message context info for this request.
        clientSubject - A Subject that represents the subject of this request.
        serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
        Returns:

        A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

        A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

        A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

        See Also:
        AuthStatus, ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject)
      • secureResponse

        public Promise<javax.security.auth.message.AuthStatus,​AuthenticationException> secureResponse​(MessageInfoContext messageInfo,
                                                                                                            Subject serviceSubject)
        Description copied from interface: AsyncServerAuthModule
        Secures the outgoing response message.
        Specified by:
        secureResponse in interface AsyncServerAuthModule
        Parameters:
        messageInfo - The message context info for this request.
        serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
        Returns:

        A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

        A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

        A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

        See Also:
        AuthStatus, ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject)
      • cleanSubject

        public Promise<Void,​AuthenticationException> cleanSubject​(MessageInfoContext messageInfo,
                                                                        Subject clientSubject)
        Description copied from interface: AsyncServerAuthModule
        Removes any method specific principals and credentials from the client subject.
        Specified by:
        cleanSubject in interface AsyncServerAuthModule
        Parameters:
        messageInfo - The message context info for this request.
        clientSubject - A Subject that represents the subject of this request.
        Returns:
        A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.
        See Also:
        ServerAuth.cleanSubject( javax.security.auth.message.MessageInfo, Subject)