Package org.forgerock.jaspi.modules.session.jwt

Class JwtSessionModule

  • All Implemented Interfaces:
    AsyncServerAuthModule
    public class JwtSessionModule
extends AbstractJwtSessionModule<org.forgerock.jaspi.modules.session.jwt.CookieWrapper>
implements AsyncServerAuthModule
    A JASPI CHF Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response. Then on subsequent requests checks for the presents of the JWT as a Cookie on the request and validates the signature and decrypts it and checks the expiration time of the JWT.

    • Constructor Detail

      • JwtSessionModule

        public JwtSessionModule()
        Constructs an instance of the JwtSessionModule.

      • JwtSessionModule

        public JwtSessionModule​(JwtBuilderFactory jwtBuilderFactory)
        Constructs an instance of the JwtSessionModule.
        Parameters:
        jwtBuilderFactory - An instance of the jwtBuilderFactory.

      • JwtSessionModule

        public JwtSessionModule​(JwtBuilderFactory jwtBuilderFactory,
                        JwtCryptographyHandler jwtCryptographyHandler)
        Constructs an instance of the JwtSessionModule.
        Parameters:
        jwtBuilderFactory - An instance of the jwtBuilderFactory.
        jwtCryptographyHandler - The JwtCryptographyHandler to use.

    • Method Detail

      • getModuleId

        public String getModuleId()
        Description copied from interface: AsyncServerAuthModule
        Gets the ID of the module to be used in creating authentication audit logs to uniquely identify the authentication module and its outcome when processing a request message.
        Specified by:
        getModuleId in interface AsyncServerAuthModule
        Returns:
        The ID of the module.

      • initialize

        public void initialize​(javax.security.auth.message.MessagePolicy requestPolicy,
                       javax.security.auth.message.MessagePolicy responsePolicy,
                       CallbackHandler handler,
                       Map<String,​Object> options)
                throws AuthenticationException
        Description copied from interface: AsyncServerAuthModule

        Initialize this module with request and response message policies to enforce, a CallbackHandler, and any module specific configuration properties.

        The request policy and the response policy must not both be null.

        Specified by:
        initialize in interface AsyncServerAuthModule
        Parameters:
        requestPolicy - The request policy this module must enforce, or null.
        responsePolicy - The response policy this module must enforce, or null.
        handler - CallbackHandler used to request information.
        options - A Map of module-specific configuration properties.
        Throws:
        AuthenticationException - when module initialization fails, including for the case where the options argument contains elements that are not supported by the module.

      • getSupportedMessageTypes

        public Collection<Class<?>> getSupportedMessageTypes()
        Description copied from interface: AsyncServerAuthModule
        Gets the Collection of Class objects of the message types supported by the module.
        Specified by:
        getSupportedMessageTypes in interface AsyncServerAuthModule
        Returns:
        A Collection of Class objects, with at least on element defining the message type(s) supported by the module.

      • validateRequest

        public Promise<javax.security.auth.message.AuthStatus,​AuthenticationException> validateRequest​(MessageInfoContext messageInfo,
                                                                                                     Subject clientSubject,
                                                                                                     Subject serviceSubject)
        Description copied from interface: AsyncServerAuthModule
        Validates the incoming request message.
        Specified by:
        validateRequest in interface AsyncServerAuthModule
        Parameters:
        messageInfo - The message context info for this request.
        clientSubject - A Subject that represents the subject of this request.
        serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
        Returns:

        A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

        A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

        A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

        See Also:
        AuthStatus, ServerAuth.validateRequest( javax.security.auth.message.MessageInfo, Subject, Subject)

      • secureResponse

        public Promise<javax.security.auth.message.AuthStatus,​AuthenticationException> secureResponse​(MessageInfoContext messageInfo,
                                                                                                    Subject serviceSubject)
        Description copied from interface: AsyncServerAuthModule
        Secures the outgoing response message.
        Specified by:
        secureResponse in interface AsyncServerAuthModule
        Parameters:
        messageInfo - The message context info for this request.
        serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
        Returns:

        A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

        A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

        A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

        See Also:
        AuthStatus, ServerAuth.secureResponse( javax.security.auth.message.MessageInfo, Subject)

      • cleanSubject

        public Promise<Void,​AuthenticationException> cleanSubject​(MessageInfoContext messageInfo,
                                                                Subject clientSubject)
        Description copied from interface: AsyncServerAuthModule
        Removes any method specific principals and credentials from the client subject.
        Specified by:
        cleanSubject in interface AsyncServerAuthModule
        Parameters:
        messageInfo - The message context info for this request.
        clientSubject - A Subject that represents the subject of this request.
        Returns:
        A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.
        See Also:
        ServerAuth.cleanSubject( javax.security.auth.message.MessageInfo, Subject)