Issue #5442 - add MultiAuthenticator to support multiple authentication options #12393
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…entication options Signed-off-by: Lachlan Roberts <[email protected]>
Signed-off-by: Lachlan Roberts <[email protected]>
Signed-off-by: Lachlan Roberts <[email protected]>
Signed-off-by: Lachlan Roberts <[email protected]>
gregw
requested changes
Oct 22, 2024
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/MultiAuthenticator.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/MultiAuthenticator.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/MultiAuthenticator.java
Show resolved
Hide resolved
...tty-security/src/main/java/org/eclipse/jetty/security/authentication/LoginAuthenticator.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AnyUserLoginService.java
Show resolved
Hide resolved
...ore/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java
Show resolved
Hide resolved
Signed-off-by: Lachlan Roberts <[email protected]>
gregw
requested changes
Oct 24, 2024
...ore/jetty-security/src/main/java/org/eclipse/jetty/security/DefaultAuthenticatorFactory.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/MultiAuthenticator.java
Show resolved
Hide resolved
Signed-off-by: Lachlan Roberts <[email protected]>
gregw
approved these changes
Nov 4, 2024
sbordet
requested changes
Dec 12, 2024
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AnyUserLoginService.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AnyUserLoginService.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/MultiAuthenticator.java
Show resolved
Hide resolved
jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/MultiAuthenticator.java
Show resolved
Hide resolved
| if (session == null) | ||
| return false; | ||
|
|
||
| synchronized (session) |
There was a problem hiding this comment.
This is unnecessary, following the discussion on #10392.
I'd remove all the synchronized blocks around the session, as I understand from @janbartel that it is going to be a different instance for every request in any case, so synchronization is useless.
There was a problem hiding this comment.
@sbordet that's not what I said. I said iff you use the NullSessionCache, every request will have their own copy of the session. This is not true for the DefaultSessionCache, which - as the name implies - is the default situation. If you're doing authentication, then you shouldn't be using the NullSessionCache, and the documentation makes abundantly clear that if you are writing to the session in any way, then you should not use it.
There was a problem hiding this comment.
And so the authenticators should still synchronize on the session when neccessary.
| assertThat(response.getContentAsString(), containsString("<h1>Multi Login Page</h1>")); | ||
| assertThat(response.getContentAsString(), containsString("/login/openid")); | ||
| assertThat(response.getContentAsString(), containsString("/login/form")); | ||
| } |
There was a problem hiding this comment.
I would like to see:
- for this test, the access to a protected resource should be tried for both authentications.
- a new test for failed authentication, protected resources are not accessible
- a test where one authentication succeeds but the other fails -- can I still access the resource? Basically I would like to know if "multi" has "and" semantic (all authentications but must successful), or "or" semantic (one successful authentication is enough).
Signed-off-by: Lachlan Roberts <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #5442
Introduces the
MultiAuthenticatorclass which can be used to support multiple authentication options simultaneously for the same webapp.For example you could have an app with the options to login with FORM, OpenID or Ethereum.