add javadoc
Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
parent
2770afb280
commit
be69598a48
|
@ -29,6 +29,12 @@ import org.eclipse.jetty.util.ajax.JSON;
|
|||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
||||
/**
|
||||
* Holds the configuration for an OpenID Connect service.
|
||||
*
|
||||
* This uses the OpenID Provider URL with the path {@link #CONFIG_PATH} to discover
|
||||
* the required information about the OIDC service.
|
||||
*/
|
||||
public class OpenIdConfiguration
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(OpenIdConfiguration.class);
|
||||
|
@ -44,6 +50,12 @@ public class OpenIdConfiguration
|
|||
|
||||
private List<String> scopes = new ArrayList<>();
|
||||
|
||||
/**
|
||||
* Create an OpenID configuration for a specific OIDC provider.
|
||||
* @param provider The URL of the OpenID provider.
|
||||
* @param clientId OAuth 2.0 Client Identifier valid at the Authorization Server.
|
||||
* @param clientSecret The client secret known only by the Client and the Authorization Server.
|
||||
*/
|
||||
public OpenIdConfiguration(String provider, String clientId, String clientSecret)
|
||||
{
|
||||
this.openIdProvider = provider;
|
||||
|
|
|
@ -32,6 +32,16 @@ import org.eclipse.jetty.util.ajax.JSON;
|
|||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
||||
/**
|
||||
* <p>The credentials of an user to be authenticated with OpenID Connect. This will contain
|
||||
* the OpenID ID Token and the OAuth 2.0 Access Token.</p>
|
||||
*
|
||||
* <p>
|
||||
* This is constructed with an authorization code from the authentication request. This authorization code
|
||||
* is then exchanged using {@link #redeemAuthCode()} for a response containing the ID Token and Access Token.
|
||||
* The response is then validated against the {@link OpenIdConfiguration}.
|
||||
* </p>
|
||||
*/
|
||||
public class OpenIdCredentials
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(OpenIdCredentials.class);
|
||||
|
|
|
@ -29,6 +29,13 @@ import org.eclipse.jetty.util.component.ContainerLifeCycle;
|
|||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.log.Logger;
|
||||
|
||||
/**
|
||||
* The implementation of {@link LoginService} required to use OpenID Connect.
|
||||
*
|
||||
* <p>
|
||||
* Can contain an optional wrapped {@link LoginService} which is used to store role information about users.
|
||||
* </p>
|
||||
*/
|
||||
public class OpenIdLoginService extends ContainerLifeCycle implements LoginService
|
||||
{
|
||||
private static final Logger LOG = Log.getLogger(OpenIdLoginService.class);
|
||||
|
@ -43,6 +50,13 @@ public class OpenIdLoginService extends ContainerLifeCycle implements LoginServi
|
|||
this(configuration, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Use a wrapped {@link LoginService} to store information about user roles.
|
||||
* Users in the wrapped loginService must be stored with their username as
|
||||
* the value of the sub (subject) Claim, and a credentials value of the empty string.
|
||||
* @param configuration the OpenID configuration to use.
|
||||
* @param loginService the wrapped LoginService to defer to for user roles.
|
||||
*/
|
||||
public OpenIdLoginService(OpenIdConfiguration configuration, LoginService loginService)
|
||||
{
|
||||
_configuration = configuration;
|
||||
|
@ -101,6 +115,15 @@ public class OpenIdLoginService extends ContainerLifeCycle implements LoginServi
|
|||
return identityService.newUserIdentity(subject, userPrincipal, new String[0]);
|
||||
}
|
||||
|
||||
/**
|
||||
* This setting is only meaningful if a wrapped {@link LoginService} has been set.
|
||||
* <p>
|
||||
* If set to true, any users not found by the wrapped {@link LoginService} will still
|
||||
* be authenticated but with no roles, if set to false users will not be
|
||||
* authenticated unless they are discovered by the wrapped {@link LoginService}.
|
||||
* </p>
|
||||
* @param authenticateNewUsers
|
||||
*/
|
||||
public void authenticateNewUsers(boolean authenticateNewUsers)
|
||||
{
|
||||
this.authenticateNewUsers = authenticateNewUsers;
|
||||
|
|
Loading…
Reference in New Issue