org.eclipse.jetty.security

类 ConstraintSecurityHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.server.handler.AbstractHandler

org.eclipse.jetty.server.handler.AbstractHandlerContainer

org.eclipse.jetty.server.handler.HandlerWrapper

org.eclipse.jetty.security.SecurityHandler

org.eclipse.jetty.security.ConstraintSecurityHandler

所有已实现的接口:

Authenticator.AuthConfiguration, ConstraintAware, org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.LifeCycle

public class ConstraintSecurityHandler
extends SecurityHandler
implements ConstraintAware

ConstraintSecurityHandler

Handler to enforce SecurityConstraints. This implementation is servlet spec 3.1 compliant and pre-computes the constraint combinations for runtime efficiency.

嵌套类概要

从类继承的嵌套类/接口 org.eclipse.jetty.security.SecurityHandler

SecurityHandler.NotChecked

从类继承的嵌套类/接口 org.eclipse.jetty.server.handler.AbstractHandler

org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler

从类继承的嵌套类/接口 org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener

从接口继承的嵌套类/接口 org.eclipse.jetty.util.component.LifeCycle

org.eclipse.jetty.util.component.LifeCycle.Listener

从接口继承的嵌套类/接口 org.eclipse.jetty.util.component.Container

org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

字段概要

从类继承的字段 org.eclipse.jetty.security.SecurityHandler

__NO_USER, __NOBODY

从类继承的字段 org.eclipse.jetty.server.handler.HandlerWrapper

_handler

从类继承的字段 org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

构造器概要

构造器

构造器和说明
ConstraintSecurityHandler()

方法概要

限定符和类型	方法和说明
void	addConstraintMapping(ConstraintMapping mapping) Add a Constraint Mapping.
void	addRole(String role) Add a Role definition.
boolean	checkPathsWithUncoveredHttpMethods() Servlet spec 3.1 pg. 147.
protected boolean	checkUserDataPermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, RoleInfo roleInfo)
protected boolean	checkWebResourcePermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, Object constraintInfo, org.eclipse.jetty.server.UserIdentity userIdentity)
protected void	configureRoleInfo(RoleInfo ri, ConstraintMapping mapping) Initialize or update the RoleInfo from the constraint
static org.eclipse.jetty.util.security.Constraint	createConstraint()
static org.eclipse.jetty.util.security.Constraint	createConstraint(org.eclipse.jetty.util.security.Constraint constraint)
static org.eclipse.jetty.util.security.Constraint	createConstraint(String name, boolean authenticate, String[] roles, int dataConstraint) Create a security constraint
static org.eclipse.jetty.util.security.Constraint	createConstraint(String name, javax.servlet.HttpConstraintElement element) Create a Constraint
static org.eclipse.jetty.util.security.Constraint	createConstraint(String name, String[] rolesAllowed, javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic permitOrDeny, javax.servlet.annotation.ServletSecurity.TransportGuarantee transport) Create Constraint
static List<ConstraintMapping>	createConstraintsWithMappingsForPath(String name, String pathSpec, javax.servlet.ServletSecurityElement securityElement) Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
protected void	doStart()
protected void	doStop()
void	dump(Appendable out, String indent)
List<ConstraintMapping>	getConstraintMappings()
static List<ConstraintMapping>	getConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
protected Set<String>	getOmittedMethods(String omission) Given a string of the form <method>.
Set<String>	getPathsWithUncoveredHttpMethods() Servlet spec 3.1 pg. 147.
Set<String>	getRoles()
protected boolean	isAuthMandatory(org.eclipse.jetty.server.Request baseRequest, org.eclipse.jetty.server.Response base_response, Object constraintInfo)
boolean	isDenyUncoveredHttpMethods()
protected boolean	omissionsExist(String path, Map<String,RoleInfo> methodMappings) Check if any http method omissions exist in the list of method to auth info mappings.
protected RoleInfo	prepareConstraintInfo(String pathInContext, org.eclipse.jetty.server.Request request) Find constraints that apply to the given path.
protected void	processConstraintMapping(ConstraintMapping mapping) Create and combine the constraint with the existing processed constraints.
protected void	processConstraintMappingWithMethodOmissions(ConstraintMapping mapping, Map<String,RoleInfo> mappings) Constraints that name method omissions are dealt with differently.
static List<ConstraintMapping>	removeConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings) Take out of the constraint mappings those that match the given path.
void	setConstraintMappings(ConstraintMapping[] constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(List<ConstraintMapping> constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setDenyUncoveredHttpMethods(boolean deny) See Servlet Spec 31, sec 13.8.4, pg 145 When true, requests with http methods not explicitly covered either by inclusion or omissions in constraints, will have access denied.
void	setRoles(Set<String> roles) Set the known roles.

从类继承的方法 org.eclipse.jetty.security.SecurityHandler

checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication

从类继承的方法 org.eclipse.jetty.server.handler.HandlerWrapper

destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler

从类继承的方法 org.eclipse.jetty.server.handler.AbstractHandlerContainer

expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer

从类继承的方法 org.eclipse.jetty.server.handler.AbstractHandler

doError, dumpThis, getServer

从类继承的方法 org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpBeans, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans

从类继承的方法 org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

从接口继承的方法 org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

构造器详细资料

ConstraintSecurityHandler

public ConstraintSecurityHandler()

方法详细资料

createConstraint

public static org.eclipse.jetty.util.security.Constraint createConstraint()

createConstraint

public static org.eclipse.jetty.util.security.Constraint createConstraint(org.eclipse.jetty.util.security.Constraint constraint)

createConstraint

public static org.eclipse.jetty.util.security.Constraint createConstraint(String name,
                                                                          boolean authenticate,
                                                                          String[] roles,
                                                                          int dataConstraint)

Create a security constraint

参数:

name - the name of the constraint

authenticate - true to authenticate

roles - list of roles

dataConstraint - the data constraint

返回:

the constraint

createConstraint

public static org.eclipse.jetty.util.security.Constraint createConstraint(String name,
                                                                          javax.servlet.HttpConstraintElement element)

Create a Constraint

参数:

name - the name

element - the http constraint element

返回:

the created constraint

createConstraint

public static org.eclipse.jetty.util.security.Constraint createConstraint(String name,
                                                                          String[] rolesAllowed,
                                                                          javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic permitOrDeny,
                                                                          javax.servlet.annotation.ServletSecurity.TransportGuarantee transport)

Create Constraint

参数:

name - the name

rolesAllowed - the list of allowed roles

permitOrDeny - the permission semantic

transport - the transport guarantee

返回:

the created constraint

getConstraintMappingsForPath

public static List<ConstraintMapping> getConstraintMappingsForPath(String pathSpec,
                                                                   List<ConstraintMapping> constraintMappings)

removeConstraintMappingsForPath

public static List<ConstraintMapping> removeConstraintMappingsForPath(String pathSpec,
                                                                      List<ConstraintMapping> constraintMappings)

Take out of the constraint mappings those that match the given path.

参数:

pathSpec - the path spec

constraintMappings - a new list minus the matching constraints

返回:

the list of constraint mappings

createConstraintsWithMappingsForPath

public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name,
                                                                           String pathSpec,
                                                                           javax.servlet.ServletSecurityElement securityElement)

Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement

参数:

name - the name

pathSpec - the path spec

securityElement - the servlet security element

返回:

the list of constraint mappings

getConstraintMappings

public List<ConstraintMapping> getConstraintMappings()

指定者:

getConstraintMappings 在接口中 ConstraintAware

返回:

Returns the constraintMappings.

getRoles

public Set<String> getRoles()

指定者:

getRoles 在接口中 ConstraintAware

setConstraintMappings

public void setConstraintMappings(List<ConstraintMapping> constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

参数:

constraintMappings - The constraintMappings to set, from which the set of known roles is determined.

setConstraintMappings

public void setConstraintMappings(ConstraintMapping[] constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

参数:

constraintMappings - The constraintMappings to set as array, from which the set of known roles is determined. Needed to retain API compatibility for 7.x

setConstraintMappings

public void setConstraintMappings(List<ConstraintMapping> constraintMappings,
                                  Set<String> roles)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

指定者:

setConstraintMappings 在接口中 ConstraintAware

参数:

constraintMappings - The constraintMappings to set.

roles - The known roles (or null to determine them from the mappings)

setRoles

public void setRoles(Set<String> roles)

Set the known roles. This may be overridden by a subsequent call to setConstraintMappings(ConstraintMapping[]) or setConstraintMappings(List, Set).

参数:

roles - The known roles (or null to determine them from the mappings)

addConstraintMapping

public void addConstraintMapping(ConstraintMapping mapping)

从接口复制的说明: ConstraintAware

Add a Constraint Mapping. May be called for running webapplication as an annotated servlet is instantiated.

指定者:

addConstraintMapping 在接口中 ConstraintAware

参数:

mapping - the mapping

另请参阅:

ConstraintAware.addConstraintMapping(ConstraintMapping)

addRole

public void addRole(String role)

从接口复制的说明: ConstraintAware

Add a Role definition. May be called on running webapplication as an annotated servlet is instantiated.

指定者:

addRole 在接口中 ConstraintAware

参数:

role - the role

另请参阅:

ConstraintAware.addRole(String)

doStart

protected void doStart()
                throws Exception

覆盖:

doStart 在类中 SecurityHandler

抛出:

Exception

另请参阅:

SecurityHandler.doStart()

doStop

protected void doStop()
               throws Exception

覆盖:

doStop 在类中 SecurityHandler

抛出:

Exception

processConstraintMapping

protected void processConstraintMapping(ConstraintMapping mapping)

Create and combine the constraint with the existing processed constraints.

参数:

mapping - the constraint mapping

processConstraintMappingWithMethodOmissions

protected void processConstraintMappingWithMethodOmissions(ConstraintMapping mapping,
                                                           Map<String,RoleInfo> mappings)

Constraints that name method omissions are dealt with differently. We create an entry in the mappings with key "<method>.omission". This entry is only ever combined with other omissions for the same method to produce a consolidated RoleInfo. Then, when we wish to find the relevant constraints for a given Request (in prepareConstraintInfo()), we consult 3 types of entries in the mappings: an entry that names the method of the Request specifically, an entry that names constraints that apply to all methods, entries of the form <method>.omission, where the method of the Request is not named in the omission.

参数:

mapping - the constraint mapping

mappings - the mappings of roles

configureRoleInfo

protected void configureRoleInfo(RoleInfo ri,
                                 ConstraintMapping mapping)

Initialize or update the RoleInfo from the constraint

参数:

ri - the role info

mapping - the constraint mapping

prepareConstraintInfo

protected RoleInfo prepareConstraintInfo(String pathInContext,
                                         org.eclipse.jetty.server.Request request)

Find constraints that apply to the given path. In order to do this, we consult 3 different types of information stored in the mappings for each path - each mapping represents a merged set of user data constraints, roles etc -:

1. A mapping of an exact method name
2. A mapping with key * that matches every method name
3. Mappings with keys of the form "<method>.<method>.<method>.omission" that indicates it will match every method name EXCEPT those given

指定者:

prepareConstraintInfo 在类中 SecurityHandler

另请参阅:

SecurityHandler.prepareConstraintInfo(String, Request)

checkUserDataPermissions

protected boolean checkUserDataPermissions(String pathInContext,
                                           org.eclipse.jetty.server.Request request,
                                           org.eclipse.jetty.server.Response response,
                                           RoleInfo roleInfo)
                                    throws IOException

指定者:

checkUserDataPermissions 在类中 SecurityHandler

抛出:

IOException

isAuthMandatory

protected boolean isAuthMandatory(org.eclipse.jetty.server.Request baseRequest,
                                  org.eclipse.jetty.server.Response base_response,
                                  Object constraintInfo)

指定者:

isAuthMandatory 在类中 SecurityHandler

checkWebResourcePermissions

protected boolean checkWebResourcePermissions(String pathInContext,
                                              org.eclipse.jetty.server.Request request,
                                              org.eclipse.jetty.server.Response response,
                                              Object constraintInfo,
                                              org.eclipse.jetty.server.UserIdentity userIdentity)
                                       throws IOException

指定者:

checkWebResourcePermissions 在类中 SecurityHandler

抛出:

IOException

另请参阅:

SecurityHandler.checkWebResourcePermissions(String, Request, Response, Object, UserIdentity)

dump

public void dump(Appendable out,
                 String indent)
          throws IOException

指定者:

dump 在接口中 org.eclipse.jetty.util.component.Dumpable

覆盖:

dump 在类中 org.eclipse.jetty.util.component.ContainerLifeCycle

抛出:

IOException

setDenyUncoveredHttpMethods

public void setDenyUncoveredHttpMethods(boolean deny)

从接口复制的说明: ConstraintAware

See Servlet Spec 31, sec 13.8.4, pg 145 When true, requests with http methods not explicitly covered either by inclusion or omissions in constraints, will have access denied.

指定者:

setDenyUncoveredHttpMethods 在接口中 ConstraintAware

参数:

deny - true for denied method access

另请参阅:

ConstraintAware.setDenyUncoveredHttpMethods(boolean)

isDenyUncoveredHttpMethods

public boolean isDenyUncoveredHttpMethods()

指定者:

isDenyUncoveredHttpMethods 在接口中 ConstraintAware

checkPathsWithUncoveredHttpMethods

public boolean checkPathsWithUncoveredHttpMethods()

Servlet spec 3.1 pg. 147.

指定者:

checkPathsWithUncoveredHttpMethods 在接口中 ConstraintAware

返回:

true if urls with uncovered http methods

getPathsWithUncoveredHttpMethods

public Set<String> getPathsWithUncoveredHttpMethods()

Servlet spec 3.1 pg. 147. The container must check all the combined security constraint information and log any methods that are not protected and the urls at which they are not protected

返回:

list of paths for which there are uncovered methods

omissionsExist

protected boolean omissionsExist(String path,
                                 Map<String,RoleInfo> methodMappings)

Check if any http method omissions exist in the list of method to auth info mappings.

参数:

path - the path

methodMappings - the method mappings

返回:

true if ommision exist

getOmittedMethods

protected Set<String> getOmittedMethods(String omission)

Given a string of the form <method>.<method>.omission split out the individual method names.

参数:

omission - the method

返回:

the list of strings