2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.security;
21 import javax.servlet.ServletContext;
23 import org.eclipse.jetty.security.Authenticator.AuthConfiguration;
24 import org.eclipse.jetty.security.authentication.BasicAuthenticator;
25 import org.eclipse.jetty.security.authentication.ClientCertAuthenticator;
26 import org.eclipse.jetty.security.authentication.DigestAuthenticator;
27 import org.eclipse.jetty.security.authentication.FormAuthenticator;
28 import org.eclipse.jetty.security.authentication.SpnegoAuthenticator;
29 import org.eclipse.jetty.server.Server;
30 import org.eclipse.jetty.util.security.Constraint;
32 /* ------------------------------------------------------------ */
34 * The Default Authenticator Factory.
35 * Uses the {@link AuthConfiguration#getAuthMethod()} to select an {@link Authenticator} from: <ul>
36 * <li>{@link org.eclipse.jetty.security.authentication.BasicAuthenticator}</li>
37 * <li>{@link org.eclipse.jetty.security.authentication.DigestAuthenticator}</li>
38 * <li>{@link org.eclipse.jetty.security.authentication.FormAuthenticator}</li>
39 * <li>{@link org.eclipse.jetty.security.authentication.ClientCertAuthenticator}</li>
41 * All authenticators derived from {@link org.eclipse.jetty.security.authentication.LoginAuthenticator} are
42 * wrapped with a {@link org.eclipse.jetty.security.authentication.DeferredAuthentication}
43 * instance, which is used if authentication is not mandatory.
45 * The Authentications from the {@link org.eclipse.jetty.security.authentication.FormAuthenticator} are always wrapped in a
46 * {@link org.eclipse.jetty.security.authentication.SessionAuthentication}
48 * If a {@link LoginService} has not been set on this factory, then
49 * the service is selected by searching the {@link Server#getBeans(Class)} results for
50 * a service that matches the realm name, else the first LoginService found is used.
53 public class DefaultAuthenticatorFactory implements Authenticator.Factory
55 LoginService _loginService;
57 public Authenticator getAuthenticator(Server server, ServletContext context, AuthConfiguration configuration, IdentityService identityService, LoginService loginService)
59 String auth=configuration.getAuthMethod();
60 Authenticator authenticator=null;
62 if (auth==null || Constraint.__BASIC_AUTH.equalsIgnoreCase(auth))
63 authenticator=new BasicAuthenticator();
64 else if (Constraint.__DIGEST_AUTH.equalsIgnoreCase(auth))
65 authenticator=new DigestAuthenticator();
66 else if (Constraint.__FORM_AUTH.equalsIgnoreCase(auth))
67 authenticator=new FormAuthenticator();
68 else if ( Constraint.__SPNEGO_AUTH.equalsIgnoreCase(auth) )
69 authenticator = new SpnegoAuthenticator();
70 else if ( Constraint.__NEGOTIATE_AUTH.equalsIgnoreCase(auth) ) // see Bug #377076
71 authenticator = new SpnegoAuthenticator(Constraint.__NEGOTIATE_AUTH);
72 if (Constraint.__CERT_AUTH.equalsIgnoreCase(auth)||Constraint.__CERT_AUTH2.equalsIgnoreCase(auth))
73 authenticator=new ClientCertAuthenticator();
78 /* ------------------------------------------------------------ */
80 * @return the loginService
82 public LoginService getLoginService()
87 /* ------------------------------------------------------------ */
89 * @param loginService the loginService to set
91 public void setLoginService(LoginService loginService)
93 _loginService = loginService;