Package org.forgerock.jaspi.modules.session.jwt

Class JwtSessionModule

java.lang.Object
org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule<org.forgerock.jaspi.modules.session.jwt.CookieWrapper>
org.forgerock.jaspi.modules.session.jwt.JwtSessionModule
All Implemented Interfaces:
AsyncServerAuthModule
public class JwtSessionModule extends AbstractJwtSessionModule<org.forgerock.jaspi.modules.session.jwt.CookieWrapper> implements AsyncServerAuthModule
A JASPI CHF Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response. Then on subsequent requests checks for the presents of the JWT as a Cookie on the request and validates the signature and decrypts it and checks the expiration time of the JWT.

  • Constructor Details

    • JwtSessionModule

      public JwtSessionModule()
      Constructs an instance of the JwtSessionModule.

    • JwtSessionModule

      public JwtSessionModule(JwtBuilderFactory jwtBuilderFactory)
      Constructs an instance of the JwtSessionModule.
      Parameters:
      jwtBuilderFactory - An instance of the jwtBuilderFactory.

    • JwtSessionModule

      public JwtSessionModule(JwtCryptographyHandler jwtCryptographyHandler)
      Constructs an instance of the JwtSessionModule.
      Parameters:
      jwtCryptographyHandler - The JwtCryptographyHandler to use.

    • JwtSessionModule

      public JwtSessionModule(JwtBuilderFactory jwtBuilderFactory, JwtCryptographyHandler jwtCryptographyHandler)
      Constructs an instance of the JwtSessionModule.
      Parameters:
      jwtBuilderFactory - An instance of the jwtBuilderFactory.
      jwtCryptographyHandler - The JwtCryptographyHandler to use.

  • Method Details

    • getModuleId

      public String getModuleId()
      Description copied from interface: AsyncServerAuthModule
      Gets the ID of the module to be used in creating authentication audit logs to uniquely identify the authentication module and its outcome when processing a request message.
      Specified by:
      getModuleId in interface AsyncServerAuthModule
      Returns:
      The ID of the module.

    • initialize

      public void initialize(javax.security.auth.message.MessagePolicy requestPolicy, javax.security.auth.message.MessagePolicy responsePolicy, CallbackHandler handler, Map<String,Object> options) throws AuthenticationException
      Description copied from interface: AsyncServerAuthModule

      Initialize this module with request and response message policies to enforce, a CallbackHandler, and any module specific configuration properties.

      The request policy and the response policy must not both be null.

      Specified by:
      initialize in interface AsyncServerAuthModule
      Parameters:
      requestPolicy - The request policy this module must enforce, or null.
      responsePolicy - The response policy this module must enforce, or null.
      handler - CallbackHandler used to request information.
      options - A Map of module-specific configuration properties.
      Throws:
      AuthenticationException - when module initialization fails, including for the case where the options argument contains elements that are not supported by the module.

    • getSupportedMessageTypes

      public Collection<Class<?>> getSupportedMessageTypes()
      Description copied from interface: AsyncServerAuthModule
      Gets the Collection of Class objects of the message types supported by the module.
      Specified by:
      getSupportedMessageTypes in interface AsyncServerAuthModule
      Returns:
      A Collection of Class objects, with at least on element defining the message type(s) supported by the module.

    • validateRequest

      public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> validateRequest(MessageInfoContext messageInfo, Subject clientSubject, Subject serviceSubject)
      Description copied from interface: AsyncServerAuthModule
      Validates the incoming request message.
      Specified by:
      validateRequest in interface AsyncServerAuthModule
      Parameters:
      messageInfo - The message context info for this request.
      clientSubject - A Subject that represents the subject of this request.
      serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
      Returns:

      A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

      A successfully completed Promise will contain an AuthStatus representing the completion status of the message processing. See ServerAuth.validateRequest(javax.security.auth.message.MessageInfo, Subject, Subject) for the allowed AuthStatus values.

      A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

      See Also:
      • AuthStatus
      • ServerAuth.validateRequest(javax.security.auth.message.MessageInfo, Subject, Subject)

    • secureResponse

      public Promise<javax.security.auth.message.AuthStatus,AuthenticationException> secureResponse(MessageInfoContext messageInfo, Subject serviceSubject)
      Description copied from interface: AsyncServerAuthModule
      Secures the outgoing response message.
      Specified by:
      secureResponse in interface AsyncServerAuthModule
      Parameters:
      messageInfo - The message context info for this request.
      serviceSubject - A Subject that represents the subject for the server or null. It may be used to secure the message response.
      Returns:

      A Promise that will be completed, as some point in the future, with either a successful value or a failure value.

      A successfully completed Promise will contain an AuthStatus representing the completion status of the processing. See ServerAuth.secureResponse(javax.security.auth.message.MessageInfo, Subject) for the allowed AuthStatus values. Note AuthStatus.SEND_CONTINUE is not supported by this interface

      A failed completed Promise will contain an AuthenticationException when the message processing failed without establishing a failure response message in the MessageContextInfo.

      See Also:
      • AuthStatus
      • ServerAuth.secureResponse(javax.security.auth.message.MessageInfo, Subject)

    • cleanSubject

      public Promise<Void,AuthenticationException> cleanSubject(MessageInfoContext messageInfo, Subject clientSubject)
      Description copied from interface: AsyncServerAuthModule
      Removes any method specific principals and credentials from the client subject.
      Specified by:
      cleanSubject in interface AsyncServerAuthModule
      Parameters:
      messageInfo - The message context info for this request.
      clientSubject - A Subject that represents the subject of this request.
      Returns:
      A Promise that will be completed, as some point in the future, with either a successful value or a failure value. A successfully completed Promise will contain no value and a failed completed Promise will contain an AuthenticationException if an error occurs during the Subject processing.
      See Also:
      • ServerAuth.cleanSubject(javax.security.auth.message.MessageInfo, Subject)