org.eclipse.jetty.security

Class ConstraintSecurityHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.server.handler.AbstractHandler

org.eclipse.jetty.server.handler.AbstractHandlerContainer

org.eclipse.jetty.server.handler.HandlerWrapper

org.eclipse.jetty.security.SecurityHandler

org.eclipse.jetty.security.ConstraintSecurityHandler

All Implemented Interfaces:

Authenticator.AuthConfiguration, ConstraintAware, Handler, HandlerContainer, Container, Destroyable, Dumpable, LifeCycle

public class ConstraintSecurityHandler
extends SecurityHandler
implements ConstraintAware

ConstraintSecurityHandler

Handler to enforce SecurityConstraints. This implementation is servlet spec 3.1 compliant and pre-computes the constraint combinations for runtime efficiency.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.security.SecurityHandler

SecurityHandler.NotChecked

Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler

AbstractHandler.ErrorDispatchHandler

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

Container.InheritedListener, Container.Listener

Field Summary

Fields inherited from class org.eclipse.jetty.security.SecurityHandler

__NO_USER, __NOBODY

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

KEY

Constructor Summary

Constructors

Constructor and Description
ConstraintSecurityHandler()

Method Summary

Modifier and Type	Method and Description
void	addConstraintMapping(ConstraintMapping mapping) Add a Constraint Mapping.
void	addRole(String role) Add a Role definition.
boolean	checkPathsWithUncoveredHttpMethods() Servlet spec 3.1 pg.
static Constraint	createConstraint()
static Constraint	createConstraint(Constraint constraint)
static Constraint	createConstraint(String name, boolean authenticate, String[] roles, int dataConstraint) Create a security constraint
static Constraint	createConstraint(String name, HttpConstraintElement element) Create a Constraint
static Constraint	createConstraint(String name, String[] rolesAllowed, ServletSecurity.EmptyRoleSemantic permitOrDeny, ServletSecurity.TransportGuarantee transport) Create Constraint
static List<ConstraintMapping>	createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement) Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
void	dump(Appendable out, String indent) Dump this object (and children) into an Appendable using the provided indent after any new lines.
List<ConstraintMapping>	getConstraintMappings()
static List<ConstraintMapping>	getConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
Set<String>	getPathsWithUncoveredHttpMethods() Servlet spec 3.1 pg.
Set<String>	getRoles()
boolean	isDenyUncoveredHttpMethods()
static List<ConstraintMapping>	removeConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings) Take out of the constraint mappings those that match the given path.
void	setConstraintMappings(ConstraintMapping[] constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(List<ConstraintMapping> constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setDenyUncoveredHttpMethods(boolean deny) See Servlet Spec 31, sec 13.8.4, pg 145 When true, requests with http methods not explicitly covered either by inclusion or omissions in constraints, will have access denied.
void	setRoles(Set<String> roles) Set the known roles.

Methods inherited from class org.eclipse.jetty.security.SecurityHandler

getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getKnownAuthenticatorFactories, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication

Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

destroy, getHandler, getHandlers, insertHandler, setHandler

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

getServer

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, unmanage, updateBean, updateBean, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, start, stop, stop

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dumpContainer, dumpIterable, dumpMapEntries, dumpObjects, dumpSelf, named

Constructor Detail

ConstraintSecurityHandler

public ConstraintSecurityHandler()

Method Detail

createConstraint

public static Constraint createConstraint()

createConstraint

public static Constraint createConstraint(Constraint constraint)

createConstraint

public static Constraint createConstraint(String name,
                                          boolean authenticate,
                                          String[] roles,
                                          int dataConstraint)

Create a security constraint

Parameters:

name - the name of the constraint

authenticate - true to authenticate

roles - list of roles

dataConstraint - the data constraint

Returns:

the constraint

createConstraint

public static Constraint createConstraint(String name,
                                          HttpConstraintElement element)

Create a Constraint

Parameters:

name - the name

element - the http constraint element

Returns:

the created constraint

createConstraint

public static Constraint createConstraint(String name,
                                          String[] rolesAllowed,
                                          ServletSecurity.EmptyRoleSemantic permitOrDeny,
                                          ServletSecurity.TransportGuarantee transport)

Create Constraint

Parameters:

name - the name

rolesAllowed - the list of allowed roles

permitOrDeny - the permission semantic

transport - the transport guarantee

Returns:

the created constraint

getConstraintMappingsForPath

public static List<ConstraintMapping> getConstraintMappingsForPath(String pathSpec,
                                                                   List<ConstraintMapping> constraintMappings)

removeConstraintMappingsForPath

public static List<ConstraintMapping> removeConstraintMappingsForPath(String pathSpec,
                                                                      List<ConstraintMapping> constraintMappings)

Take out of the constraint mappings those that match the given path.

Parameters:

pathSpec - the path spec

constraintMappings - a new list minus the matching constraints

Returns:

the list of constraint mappings

createConstraintsWithMappingsForPath

public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name,
                                                                           String pathSpec,
                                                                           ServletSecurityElement securityElement)

Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement

Parameters:

name - the name

pathSpec - the path spec

securityElement - the servlet security element

Returns:

the list of constraint mappings

getConstraintMappings

public List<ConstraintMapping> getConstraintMappings()

Specified by:

getConstraintMappings in interface ConstraintAware

Returns:

Returns the constraintMappings.

getRoles

public Set<String> getRoles()

Specified by:

getRoles in interface ConstraintAware

setConstraintMappings

public void setConstraintMappings(List<ConstraintMapping> constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

Parameters:

constraintMappings - The constraintMappings to set, from which the set of known roles is determined.

setConstraintMappings

public void setConstraintMappings(ConstraintMapping[] constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

Parameters:

constraintMappings - The constraintMappings to set as array, from which the set of known roles is determined. Needed to retain API compatibility for 7.x

setConstraintMappings

public void setConstraintMappings(List<ConstraintMapping> constraintMappings,
                                  Set<String> roles)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

Specified by:

setConstraintMappings in interface ConstraintAware

Parameters:

constraintMappings - The constraintMappings to set.

roles - The known roles (or null to determine them from the mappings)

setRoles

public void setRoles(Set<String> roles)

Set the known roles. This may be overridden by a subsequent call to setConstraintMappings(ConstraintMapping[]) or setConstraintMappings(List, Set).

Parameters:

roles - The known roles (or null to determine them from the mappings)

addConstraintMapping

public void addConstraintMapping(ConstraintMapping mapping)

Description copied from interface: ConstraintAware

Add a Constraint Mapping. May be called for running webapplication as an annotated servlet is instantiated.

Specified by:

addConstraintMapping in interface ConstraintAware

Parameters:

mapping - the mapping

See Also:

ConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)

addRole

public void addRole(String role)

Description copied from interface: ConstraintAware

Add a Role definition. May be called on running webapplication as an annotated servlet is instantiated.

Specified by:

addRole in interface ConstraintAware

Parameters:

role - the role

See Also:

ConstraintAware.addRole(java.lang.String)

dump

public void dump(Appendable out,
                 String indent)
          throws IOException

Description copied from interface: Dumpable

Dump this object (and children) into an Appendable using the provided indent after any new lines. The indent should not be applied to the first object dumped.

Specified by:

dump in interface Dumpable

Overrides:

dump in class ContainerLifeCycle

Parameters:

out - The appendable to dump to

indent - The indent to apply after any new lines.

Throws:

IOException - if unable to write to Appendable

setDenyUncoveredHttpMethods

public void setDenyUncoveredHttpMethods(boolean deny)

Description copied from interface: ConstraintAware

See Servlet Spec 31, sec 13.8.4, pg 145 When true, requests with http methods not explicitly covered either by inclusion or omissions in constraints, will have access denied.

Specified by:

setDenyUncoveredHttpMethods in interface ConstraintAware

Parameters:

deny - true for denied method access

See Also:

ConstraintAware.setDenyUncoveredHttpMethods(boolean)

isDenyUncoveredHttpMethods

public boolean isDenyUncoveredHttpMethods()

Specified by:

isDenyUncoveredHttpMethods in interface ConstraintAware

checkPathsWithUncoveredHttpMethods

public boolean checkPathsWithUncoveredHttpMethods()

Servlet spec 3.1 pg. 147.

Specified by:

checkPathsWithUncoveredHttpMethods in interface ConstraintAware

Returns:

true if urls with uncovered http methods

getPathsWithUncoveredHttpMethods

public Set<String> getPathsWithUncoveredHttpMethods()

Servlet spec 3.1 pg. 147. The container must check all the combined security constraint information and log any methods that are not protected and the urls at which they are not protected

Returns:

list of paths for which there are uncovered methods