Package org.forgerock.jaspi.modules.session.jwt

Class ServletJwtSessionModule

java.lang.Object
org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule<Cookie>
org.forgerock.jaspi.modules.session.jwt.ServletJwtSessionModule
All Implemented Interfaces:
javax.security.auth.message.module.ServerAuthModule, javax.security.auth.message.ServerAuth
public class ServletJwtSessionModule extends AbstractJwtSessionModule<Cookie> implements javax.security.auth.message.module.ServerAuthModule
A JASPI Servlet API Session Module which creates a JWT when securing the response from a successful authentication and sets it as a Cookie on the response. Then on subsequent requests checks for the presents of the JWT as a Cookie on the request and validates the signature and decrypts it and checks the expiration time of the JWT.

  • Constructor Details

    • ServletJwtSessionModule

      public ServletJwtSessionModule()
      Constructs an instance of the ServletJwtSessionModule.

    • ServletJwtSessionModule

      public ServletJwtSessionModule(JwtBuilderFactory jwtBuilderFactory)
      Constructs an instance of the ServletJwtSessionModule.
      Parameters:
      jwtBuilderFactory - An instance of the jwtBuilderFactory.

    • ServletJwtSessionModule

      public ServletJwtSessionModule(JwtCryptographyHandler jwtCryptographyHandler)
      Constructs an instance of the ServletJwtSessionModule.
      Parameters:
      jwtCryptographyHandler - The JwtCryptographyHandler to use.

    • ServletJwtSessionModule

      public ServletJwtSessionModule(JwtBuilderFactory jwtBuilderFactory, JwtCryptographyHandler jwtCryptographyHandler)
      Constructs an instance of the ServletJwtSessionModule.
      Parameters:
      jwtBuilderFactory - An instance of the jwtBuilderFactory.
      jwtCryptographyHandler - The JwtCryptographyHandler to use.

  • Method Details

    • initialize

      public void initialize(javax.security.auth.message.MessagePolicy requestPolicy, javax.security.auth.message.MessagePolicy responsePolicy, CallbackHandler callbackHandler, Map options) throws javax.security.auth.message.AuthException
      Specified by:
      initialize in interface javax.security.auth.message.module.ServerAuthModule
      Throws:
      javax.security.auth.message.AuthException

    • getSupportedMessageTypes

      public Class[] getSupportedMessageTypes()
      Specified by:
      getSupportedMessageTypes in interface javax.security.auth.message.module.ServerAuthModule

    • validateRequest

      public javax.security.auth.message.AuthStatus validateRequest(javax.security.auth.message.MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws javax.security.auth.message.AuthException
      Specified by:
      validateRequest in interface javax.security.auth.message.ServerAuth
      Throws:
      javax.security.auth.message.AuthException

    • validateJwtSessionCookie

      public Jwt validateJwtSessionCookie(javax.security.auth.message.MessageInfo messageInfo)
      Description copied from class: AbstractJwtSessionModule
      Validates if the Jwt Session Cookie is valid and the idle timeout or max life has expired.
      Overrides:
      validateJwtSessionCookie in class AbstractJwtSessionModule<Cookie>
      Parameters:
      messageInfo - The MessageInfo instance.
      Returns:
      The Jwt if successfully validated otherwise null.

    • findJwtSessionCookie

      public Cookie findJwtSessionCookie(javax.security.auth.message.MessageInfo messageInfo)
      Find a session cookie in the given message info.
      Parameters:
      messageInfo - The message info.
      Returns:
      The cookie, or null.

    • secureResponse

      public javax.security.auth.message.AuthStatus secureResponse(javax.security.auth.message.MessageInfo messageInfo, Subject subject) throws javax.security.auth.message.AuthException
      Specified by:
      secureResponse in interface javax.security.auth.message.ServerAuth
      Throws:
      javax.security.auth.message.AuthException

    • cleanSubject

      public void cleanSubject(javax.security.auth.message.MessageInfo messageInfo, Subject subject)
      Specified by:
      cleanSubject in interface javax.security.auth.message.ServerAuth