org.hawkular.accounts.websocket

Class Authenticator

java.lang.Object

org.hawkular.accounts.websocket.Authenticator

@ApplicationScoped
public class Authenticator
extends Object

Helper integration for Server Web Socket Endpoints. Each message coming to a Web Socket should be passed to this authenticator first. If authentication data can be derived for the connection or from the message, processing continues. Otherwise, the exception WebsocketAuthenticationException is thrown.

This authenticator includes a cache for sessions, so that if a session and message fulfills the following conditions, the message is accepted and the session is understood as sufficiently authenticated:

• The current message has no authentication data, but a previous one did have valid auth data
• The current message has no persona in the authentication, or is the same as the original persona.
• The expiration timestamp for the original token has not elapsed yet.

Author:

Juraci Paixão Kröhling

Constructor Summary

Constructors

Constructor and Description
Authenticator()

Method Summary

Modifier and Type	Method and Description
void	authenticateWithCredentials(String username, String password, String personaId, javax.websocket.Session session) Authenticates the user/persona that sent the message based on the credentials or based on previous messages (looked up via the session ID).
void	authenticateWithMessage(String message, javax.websocket.Session session) Authenticates the user/persona that sent the message based on either the message itself or based on previous messages (looked up via the session ID).
void	authenticateWithToken(String token, String personaId, javax.websocket.Session session) Authenticates the user/persona that sent the message based on the token or based on previous messages (looked up via the session ID).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Authenticator

public Authenticator()

Method Detail

authenticateWithMessage

public void authenticateWithMessage(String message,
                                    javax.websocket.Session session)
                             throws WebsocketAuthenticationException

Authenticates the user/persona that sent the message based on either the message itself or based on previous messages (looked up via the session ID).

Sample messages:
With token - {"authentication": {"token": "abc123def"}, "mypayload": {"message":"hello world"}}
User/pass - {"authentication": {"login": {"username": "jdoe", "password":"securepass"}}, "mypayload":{"message":"hello world"}}

Parameters:

message - JSON message with an authentication object, which should include either a token object or username and password.

session - the Web Socket session for this message.

Throws:

WebsocketAuthenticationException - if authentication cannot be inferred from the message nor from the session.

authenticateWithToken

public void authenticateWithToken(String token,
                                  String personaId,
                                  javax.websocket.Session session)
                           throws WebsocketAuthenticationException

Authenticates the user/persona that sent the message based on the token or based on previous messages (looked up via the session ID).

Parameters:

token - the bearer token to be validated

session - the Web Socket session

Throws:

WebsocketAuthenticationException - if authentication cannot be inferred from the token nor from the session.

authenticateWithCredentials

public void authenticateWithCredentials(String username,
                                        String password,
                                        String personaId,
                                        javax.websocket.Session session)
                                 throws WebsocketAuthenticationException

Authenticates the user/persona that sent the message based on the credentials or based on previous messages (looked up via the session ID).

Parameters:

username - the username

password - the password

session - the Web Socket session

Throws:

WebsocketAuthenticationException - if authentication cannot be inferred from the credentials nor from the session.