0
# Authentication
1
2
Jedis provides comprehensive authentication support including traditional Redis AUTH, Redis ACL, and advanced token-based authentication with AuthX integration.
3
4
## Capabilities
5
6
### Authentication Manager
7
8
Core authentication management for token-based authentication systems.
9
10
```java { .api }
11
/**
12
* Manager for AuthX token-based authentication
13
*/
14
public class AuthXManager {
15
/**
16
* Create authentication manager with credentials provider
17
* @param credentialsProvider Provider for credentials
18
*/
19
public AuthXManager(RedisCredentialsProvider credentialsProvider);
20
21
/**
22
* Authenticate a connection
23
* @param connection Connection to authenticate
24
* @throws JedisAuthenticationException if authentication fails
25
*/
26
public void authenticate(Connection connection);
27
28
/**
29
* Refresh authentication token
30
* @throws JedisAuthenticationException if refresh fails
31
*/
32
public void refreshToken();
33
34
/**
35
* Check if token needs refresh
36
* @return true if token should be refreshed
37
*/
38
public boolean shouldRefreshToken();
39
40
/**
41
* Get current token expiration time
42
* @return Expiration timestamp in milliseconds
43
*/
44
public long getTokenExpiration();
45
}
46
```
47
48
### Token Credentials
49
50
Implementation of RedisCredentials for token-based authentication.
51
52
```java { .api }
53
/**
54
* Token-based credentials implementation
55
*/
56
public class TokenCredentials implements RedisCredentials {
57
/**
58
* Create token credentials
59
* @param token Authentication token
60
*/
61
public TokenCredentials(String token);
62
63
/**
64
* Get the authentication token
65
* @return Authentication token
66
*/
67
public String getToken();
68
69
/**
70
* Get user name (may be null for token auth)
71
* @return User name or null
72
*/
73
public String getUser();
74
75
/**
76
* Get password (returns token)
77
* @return Authentication token
78
*/
79
public String getPassword();
80
}
81
```
82
83
### Authentication Exception
84
85
Exception thrown for authentication-related errors.
86
87
```java { .api }
88
/**
89
* Exception for authentication failures
90
*/
91
public class JedisAuthenticationException extends JedisException {
92
/**
93
* Create authentication exception
94
* @param message Error message
95
*/
96
public JedisAuthenticationException(String message);
97
98
/**
99
* Create authentication exception with cause
100
* @param message Error message
101
* @param cause Underlying cause
102
*/
103
public JedisAuthenticationException(String message, Throwable cause);
104
}
105
```
106
107
### Authentication Event Listener
108
109
Interface for handling authentication events.
110
111
```java { .api }
112
/**
113
* Listener for authentication events
114
*/
115
public interface AuthXEventListener {
116
/**
117
* Called when authentication succeeds
118
* @param connection Authenticated connection
119
*/
120
void onAuthenticationSuccess(Connection connection);
121
122
/**
123
* Called when authentication fails
124
* @param connection Connection that failed
125
* @param exception Authentication exception
126
*/
127
void onAuthenticationFailure(Connection connection, JedisAuthenticationException exception);
128
129
/**
130
* Called when token is refreshed
131
* @param newToken New authentication token
132
*/
133
void onTokenRefresh(String newToken);
134
}
135
```
136
137
## Usage Examples
138
139
### Basic Authentication
140
141
```java
142
import redis.clients.jedis.*;
143
144
// Traditional AUTH with password
145
Jedis jedis = new Jedis("localhost", 6379,
146
DefaultJedisClientConfig.builder()
147
.password("mypassword")
148
.build());
149
150
// Redis ACL with username and password
151
Jedis jedis = new Jedis("localhost", 6379,
152
DefaultJedisClientConfig.builder()
153
.user("myuser")
154
.password("mypassword")
155
.build());
156
```
157
158
### Token-Based Authentication
159
160
```java
161
import redis.clients.jedis.authentication.*;
162
163
// Create token credentials
164
TokenCredentials tokenCreds = new TokenCredentials("jwt_token_here");
165
166
// Create credentials provider
167
RedisCredentialsProvider provider = new DefaultRedisCredentialsProvider(tokenCreds);
168
169
// Create authentication manager
170
AuthXManager authManager = new AuthXManager(provider);
171
172
// Use with Jedis client
173
JedisClientConfig config = DefaultJedisClientConfig.builder()
174
.credentialsProvider(provider)
175
.build();
176
177
Jedis jedis = new Jedis("localhost", 6379, config);
178
```
179
180
### Authentication with Event Handling
181
182
```java
183
import redis.clients.jedis.authentication.*;
184
185
// Create event listener
186
AuthXEventListener listener = new AuthXEventListener() {
187
@Override
188
public void onAuthenticationSuccess(Connection connection) {
189
System.out.println("Authentication successful");
190
}
191
192
@Override
193
public void onAuthenticationFailure(Connection connection, JedisAuthenticationException exception) {
194
System.err.println("Authentication failed: " + exception.getMessage());
195
}
196
197
@Override
198
public void onTokenRefresh(String newToken) {
199
System.out.println("Token refreshed");
200
}
201
};
202
203
// Configure authentication with event handling
204
AuthXManager authManager = new AuthXManager(provider);
205
// Note: Event listener integration depends on implementation
206
```
207
208
### Microsoft EntraID Integration
209
210
Jedis includes built-in support for Microsoft EntraID (formerly Azure AD) through the extension library:
211
212
```java
213
// Microsoft EntraID authentication (requires redis-authx-entraid dependency)
214
// This example shows the general pattern - actual implementation may vary
215
import redis.clients.authentication.entraid.*;
216
217
// Configure EntraID credentials
218
EntraIDCredentialsProvider entraProvider = new EntraIDCredentialsProvider()
219
.tenantId("your-tenant-id")
220
.clientId("your-client-id")
221
.clientSecret("your-client-secret");
222
223
// Use with Jedis
224
JedisClientConfig config = DefaultJedisClientConfig.builder()
225
.credentialsProvider(entraProvider)
226
.build();
227
228
Jedis jedis = new Jedis("redis-enterprise-server", 6379, config);
229
```
230
231
### Connection Pool with Authentication
232
233
```java
234
// Pool with authentication
235
JedisPoolConfig poolConfig = new JedisPoolConfig();
236
poolConfig.setMaxTotal(20);
237
238
JedisClientConfig clientConfig = DefaultJedisClientConfig.builder()
239
.user("myuser")
240
.password("mypassword")
241
.build();
242
243
JedisPool pool = new JedisPool(poolConfig, "localhost", 6379, clientConfig);
244
245
try (Jedis jedis = pool.getResource()) {
246
jedis.set("key", "value");
247
}
248
```
249
250
### SSL with Authentication
251
252
```java
253
// SSL connection with authentication
254
JedisClientConfig sslConfig = DefaultJedisClientConfig.builder()
255
.ssl(true)
256
.user("myuser")
257
.password("mypassword")
258
.build();
259
260
Jedis jedis = new Jedis("redis-ssl-server", 6380, sslConfig);
261
```
262
263
## Error Handling
264
265
```java
266
try {
267
Jedis jedis = new Jedis("localhost", 6379,
268
DefaultJedisClientConfig.builder()
269
.password("wrong_password")
270
.build());
271
jedis.ping();
272
} catch (JedisAuthenticationException e) {
273
System.err.println("Authentication failed: " + e.getMessage());
274
} catch (JedisConnectionException e) {
275
System.err.println("Connection failed: " + e.getMessage());
276
}
277
```
278
279
## Best Practices
280
281
1. **Use Connection Pooling**: Always use connection pools in production for authenticated connections
282
2. **Secure Token Storage**: Store authentication tokens securely and rotate them regularly
283
3. **Handle Token Expiration**: Implement proper token refresh logic for long-running applications
284
4. **Use SSL**: Always use SSL/TLS with authentication in production environments
285
5. **Monitor Authentication**: Log authentication events for security monitoring
286
6. **Least Privilege**: Use Redis ACL to grant minimum required permissions