Class ServletJwtSessionModule

  • All Implemented Interfaces:
    javax.security.auth.message.module.ServerAuthModule, javax.security.auth.message.ServerAuth

    public class ServletJwtSessionModule
    extends AbstractJwtSessionModule<Cookie>
    implements javax.security.auth.message.module.ServerAuthModule
    A JASPI Servlet API Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response. Then on subsequent requests checks for the presents of the JWT as a Cookie on the request and validates the signature and decrypts it and checks the expiration time of the JWT.
    • Constructor Detail

      • ServletJwtSessionModule

        public ServletJwtSessionModule()
        Constructs an instance of the ServletJwtSessionModule.
      • ServletJwtSessionModule

        public ServletJwtSessionModule​(JwtBuilderFactory jwtBuilderFactory)
        Constructs an instance of the ServletJwtSessionModule.
        Parameters:
        jwtBuilderFactory - An instance of the jwtBuilderFactory.
      • ServletJwtSessionModule

        public ServletJwtSessionModule​(JwtCryptographyHandler jwtCryptographyHandler)
        Constructs an instance of the ServletJwtSessionModule.
        Parameters:
        jwtCryptographyHandler - The JwtCryptographyHandler to use.
      • ServletJwtSessionModule

        public ServletJwtSessionModule​(JwtBuilderFactory jwtBuilderFactory,
                                       JwtCryptographyHandler jwtCryptographyHandler)
        Constructs an instance of the ServletJwtSessionModule.
        Parameters:
        jwtBuilderFactory - An instance of the jwtBuilderFactory.
        jwtCryptographyHandler - The JwtCryptographyHandler to use.
    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.message.MessagePolicy requestPolicy,
                               javax.security.auth.message.MessagePolicy responsePolicy,
                               CallbackHandler callbackHandler,
                               Map options)
                        throws javax.security.auth.message.AuthException
        Specified by:
        initialize in interface javax.security.auth.message.module.ServerAuthModule
        Throws:
        javax.security.auth.message.AuthException
      • getSupportedMessageTypes

        public Class[] getSupportedMessageTypes()
        Specified by:
        getSupportedMessageTypes in interface javax.security.auth.message.module.ServerAuthModule
      • validateRequest

        public javax.security.auth.message.AuthStatus validateRequest​(javax.security.auth.message.MessageInfo messageInfo,
                                                                      Subject clientSubject,
                                                                      Subject serviceSubject)
                                                               throws javax.security.auth.message.AuthException
        Specified by:
        validateRequest in interface javax.security.auth.message.ServerAuth
        Throws:
        javax.security.auth.message.AuthException
      • validateJwtSessionCookie

        public Jwt validateJwtSessionCookie​(javax.security.auth.message.MessageInfo messageInfo)
        Description copied from class: AbstractJwtSessionModule
        Validates if the Jwt Session Cookie is valid and the idle timeout or max life has expired.
        Overrides:
        validateJwtSessionCookie in class AbstractJwtSessionModule<Cookie>
        Parameters:
        messageInfo - The MessageInfo instance.
        Returns:
        The Jwt if successfully validated otherwise null.
      • findJwtSessionCookie

        public Cookie findJwtSessionCookie​(javax.security.auth.message.MessageInfo messageInfo)
        Find a session cookie in the given message info.
        Parameters:
        messageInfo - The message info.
        Returns:
        The cookie, or null.
      • secureResponse

        public javax.security.auth.message.AuthStatus secureResponse​(javax.security.auth.message.MessageInfo messageInfo,
                                                                     Subject subject)
                                                              throws javax.security.auth.message.AuthException
        Specified by:
        secureResponse in interface javax.security.auth.message.ServerAuth
        Throws:
        javax.security.auth.message.AuthException
      • cleanSubject

        public void cleanSubject​(javax.security.auth.message.MessageInfo messageInfo,
                                 Subject subject)
        Specified by:
        cleanSubject in interface javax.security.auth.message.ServerAuth