public interface CustomWebAuthenticator
CustomWebAuthenticator.authenticateWeb(WebAuthenticationContext)
method gets invoked for requests to the return endpoint (see
CustomWebAuthenticatorInitContext.getReturnEndpoint()
).
A custom web authenticator is an implementation of this interface.
There are several alternatives to implementing this interface:
CustomAuthenticator
is a suitable option.PostAuthenticationFilter
may be used.PostAuthenticationFilter
and
possibly a custom JAAS Login Module
CustomAuthenticator
interface (and configure it accordingly).
Implementations of this interface must be thread-safe and reentrant.
CustomAuthenticator
,
NamePasswordLoginModule
,
PostAuthenticationFilter
Modifier and Type | Method and Description |
---|---|
CustomWebAuthenticatorResult |
authenticateWeb(WebAuthenticationContext authContext)
Performs authentication based on the provided
WebAuthenticationContext . |
java.lang.String |
getAuthenticationEndpoint(java.util.Map sessionContext,
java.lang.String providerName,
java.lang.String targetUrl)
Returns an absolute URL to the authentication endpoint of the identity provider with the given name, including all
relevant request parameters.
|
java.util.List |
getProviders()
Returns a non-empty list of
descriptions of available providers. |
default void |
init(CustomWebAuthenticatorInitContext initContext)
Initializes this
CustomWebAuthenticator . |
default void init(CustomWebAuthenticatorInitContext initContext) throws CustomAuthenticatorException
CustomWebAuthenticator
.
The default implementation does nothing.
initContext
- an initialization context containing parameters and other information that may be used by the
implementing classCustomAuthenticatorException
- if the initialization failedjava.util.List getProviders()
descriptions
of available providers. The information
may be displayed on the login page.java.lang.String getAuthenticationEndpoint(java.util.Map sessionContext, java.lang.String providerName, java.lang.String targetUrl) throws CustomAuthenticatorException
The targetUrl
may be associated with the authentication attempt (stored in the sessionContext
or
included in the returned URL) so that the user can be redirected to the right target once authenticated. If the
implementor has no good way of storing the targetUrl
it may be ignored (in which case the user will be
redirected to the landing page after successful authentication).
Note that there may be several authentication attempts ongoing at the same time so be careful what you store in the
session context. For example do not store the targetUrl
unless you give it a key that is unique for this
authentication attempt.
Requests within the same session are serialized during the authentication phase so the session context can be used without any further synchronization.
sessionContext
- the session contextproviderName
- providerName the name of the provider to return a URL to, or null
if the default
provider should be used (typically the case when there is only one provider available)targetUrl
- the URL of the resource the user originally tried to accessnull
if there is no provider with the given name (may happen when combined with some
other form of web authentication such as OpenID Connect)CustomAuthenticatorException
- if an error occursWebAuthenticationContext.getSessionContext()
CustomWebAuthenticatorResult authenticateWeb(WebAuthenticationContext authContext) throws CustomWebAuthenticatorException
WebAuthenticationContext
. If the method returns a
result
(with a principal), the Spotfire Server will use this identity without
performing any further authentication. If the method throws an exception, the Spotfire server will not attempt to
perform authentication using any other authentication method and the user's browser will be redirected to an error
page.authContext
- the context in which the authentication takes place, containing information mainly from the
HttpServletRequest
CustomWebAuthenticatorException
- if the authentication failedCopyright © 2000-2020 TIBCO Software Inc. All Rights Reserved.