org.eclipse.jetty.security
类 ConstraintSecurityHandler

java.lang.Object
  org.eclipse.jetty.util.component.AbstractLifeCycle
      org.eclipse.jetty.util.component.AggregateLifeCycle
          org.eclipse.jetty.server.handler.AbstractHandler
              org.eclipse.jetty.server.handler.AbstractHandlerContainer
                  org.eclipse.jetty.server.handler.HandlerWrapper
                      org.eclipse.jetty.security.SecurityHandler
                          org.eclipse.jetty.security.ConstraintSecurityHandler

所有已实现的接口：

Authenticator.AuthConfiguration, ConstraintAware, Handler, HandlerContainer, Destroyable, Dumpable, LifeCycle

public class ConstraintSecurityHandler
extends SecurityHandler
implements ConstraintAware

Handler to enforce SecurityConstraints. This implementation is servlet spec 3.0 compliant and precomputes the constraint combinations for runtime efficiency.

嵌套类摘要

从类 org.eclipse.jetty.security.SecurityHandler 继承的嵌套类/接口

SecurityHandler.NotChecked

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的嵌套类/接口

AbstractLifeCycle.AbstractLifeCycleListener

从接口 org.eclipse.jetty.util.component.LifeCycle 继承的嵌套类/接口

LifeCycle.Listener

字段摘要

从类 org.eclipse.jetty.security.SecurityHandler 继承的字段

__NO_USER, __NOBODY

从类 org.eclipse.jetty.server.handler.HandlerWrapper 继承的字段

_handler

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的字段

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

构造方法摘要

ConstraintSecurityHandler()

方法摘要

void	addConstraintMapping(ConstraintMapping mapping) Add a Constraint Mapping.
void	addRole(String role) Add a Role definition.
protected boolean	checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo)
protected boolean	checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity)
protected void	configureRoleInfo(RoleInfo ri, ConstraintMapping mapping) Initialize or update the RoleInfo from the constraint
static Constraint	createConstraint()
static Constraint	createConstraint(Constraint constraint)
static Constraint	createConstraint(String name, boolean authenticate, String[] roles, int dataConstraint) Create a security constraint
static Constraint	createConstraint(String name, HttpConstraintElement element)
static Constraint	createConstraint(String name, String[] rolesAllowed, ServletSecurity.EmptyRoleSemantic permitOrDeny, ServletSecurity.TransportGuarantee transport)
static List<ConstraintMapping>	createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement) Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
protected void	doStart() Start the managed lifecycle beans in the order they were added.
protected void	doStop() Stop the joined lifecycle beans in the reverse order they were added.
void	dump(Appendable out, String indent)
List<ConstraintMapping>	getConstraintMappings()
static List<ConstraintMapping>	getConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
Set<String>	getRoles()
protected boolean	isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo)
boolean	isStrict() Get the strict mode.
protected Object	prepareConstraintInfo(String pathInContext, Request request) Find constraints that apply to the given path.
protected void	processConstraintMapping(ConstraintMapping mapping) Create and combine the constraint with the existing processed constraints.
protected void	processConstraintMappingWithMethodOmissions(ConstraintMapping mapping, Map<String,RoleInfo> mappings) Constraints that name method omissions are dealt with differently.
static List<ConstraintMapping>	removeConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings) Take out of the constraint mappings those that match the given path.
void	setConstraintMappings(ConstraintMapping[] constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(List<ConstraintMapping> constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setRoles(Set<String> roles) Set the known roles.
void	setStrict(boolean strict) Set the strict mode of the security handler.

从类 org.eclipse.jetty.security.SecurityHandler 继承的方法

checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication

从类 org.eclipse.jetty.server.handler.HandlerWrapper 继承的方法

destroy, expandChildren, getHandler, getHandlers, getNestedHandlerByClass, setHandler, setServer

从类 org.eclipse.jetty.server.handler.AbstractHandlerContainer 继承的方法

expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass

从类 org.eclipse.jetty.server.handler.AbstractHandler 继承的方法

dumpThis, getServer

从类 org.eclipse.jetty.util.component.AggregateLifeCycle 继承的方法

addBean, addBean, contains, dump, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanage

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的方法

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

从类 java.lang.Object 继承的方法

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

从接口 org.eclipse.jetty.util.component.LifeCycle 继承的方法

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

构造方法详细信息

ConstraintSecurityHandler

public ConstraintSecurityHandler()

方法详细信息

createConstraint

public static Constraint createConstraint()

返回：

createConstraint

public static Constraint createConstraint(Constraint constraint)

参数：

constraint -

返回：

createConstraint

public static Constraint createConstraint(String name,
                                          boolean authenticate,
                                          String[] roles,
                                          int dataConstraint)

Create a security constraint

参数：

name -

authenticate -

roles -

dataConstraint -

返回：

createConstraint

public static Constraint createConstraint(String name,
                                          HttpConstraintElement element)

参数：

name -

element -

返回：

createConstraint

public static Constraint createConstraint(String name,
                                          String[] rolesAllowed,
                                          ServletSecurity.EmptyRoleSemantic permitOrDeny,
                                          ServletSecurity.TransportGuarantee transport)

参数：

name -

rolesAllowed -

permitOrDeny -

transport -

返回：

getConstraintMappingsForPath

public static List<ConstraintMapping> getConstraintMappingsForPath(String pathSpec,
                                                                   List<ConstraintMapping> constraintMappings)

参数：

pathSpec -

constraintMappings -

返回：

removeConstraintMappingsForPath

public static List<ConstraintMapping> removeConstraintMappingsForPath(String pathSpec,
                                                                      List<ConstraintMapping> constraintMappings)

Take out of the constraint mappings those that match the given path.

参数：

pathSpec -

constraintMappings - a new list minus the matching constraints

返回：

createConstraintsWithMappingsForPath

public static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name,
                                                                           String pathSpec,
                                                                           ServletSecurityElement securityElement)

Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement

参数：

name -

pathSpec -

securityElement -

返回：

isStrict

public boolean isStrict()

Get the strict mode.

返回：

true if the security handler is running in strict mode.

setStrict

public void setStrict(boolean strict)

Set the strict mode of the security handler.

When in strict mode (the default), the full servlet specification will be implemented. If not in strict mode, some additional flexibility in configuration is allowed:

• All users do not need to have a role defined in the deployment descriptor
• The * role in a constraint applies to ANY role rather than all roles defined in the deployment descriptor.

参数：

strict - the strict to set

另请参见：

setRoles(Set), setConstraintMappings(List, Set)

getConstraintMappings

public List<ConstraintMapping> getConstraintMappings()

指定者：

接口 ConstraintAware 中的 getConstraintMappings

返回：

Returns the constraintMappings.

getRoles

public Set<String> getRoles()

指定者：

接口 ConstraintAware 中的 getRoles

setConstraintMappings

public void setConstraintMappings(List<ConstraintMapping> constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

参数：

constraintMappings - The constraintMappings to set, from which the set of known roles is determined.

setConstraintMappings

public void setConstraintMappings(ConstraintMapping[] constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

参数：

constraintMappings - The constraintMappings to set as array, from which the set of known roles is determined. Needed to retain API compatibility for 7.x

setConstraintMappings

public void setConstraintMappings(List<ConstraintMapping> constraintMappings,
                                  Set<String> roles)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

指定者：

接口 ConstraintAware 中的 setConstraintMappings

参数：

constraintMappings - The constraintMappings to set.

roles - The known roles (or null to determine them from the mappings)

setRoles

public void setRoles(Set<String> roles)

Set the known roles. This may be overridden by a subsequent call to setConstraintMappings(ConstraintMapping[]) or setConstraintMappings(List, Set).

参数：

roles - The known roles (or null to determine them from the mappings)

另请参见：

setStrict(boolean)

addConstraintMapping

public void addConstraintMapping(ConstraintMapping mapping)

从接口 ConstraintAware 复制的描述

Add a Constraint Mapping. May be called for running webapplication as an annotated servlet is instantiated.

指定者：

接口 ConstraintAware 中的 addConstraintMapping

另请参见：

ConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)

addRole

public void addRole(String role)

从接口 ConstraintAware 复制的描述

Add a Role definition. May be called on running webapplication as an annotated servlet is instantiated.

指定者：

接口 ConstraintAware 中的 addRole

另请参见：

ConstraintAware.addRole(java.lang.String)

doStart

protected void doStart()
                throws Exception

从类 AggregateLifeCycle 复制的描述

Start the managed lifecycle beans in the order they were added.

覆盖：

类 SecurityHandler 中的 doStart

抛出：

Exception

另请参见：

SecurityHandler.doStart()

doStop

protected void doStop()
               throws Exception

从类 AggregateLifeCycle 复制的描述

Stop the joined lifecycle beans in the reverse order they were added.

覆盖：

类 SecurityHandler 中的 doStop

抛出：

Exception

另请参见：

HandlerWrapper.doStop()

processConstraintMapping

protected void processConstraintMapping(ConstraintMapping mapping)

Create and combine the constraint with the existing processed constraints.

参数：

mapping -

processConstraintMappingWithMethodOmissions

protected void processConstraintMappingWithMethodOmissions(ConstraintMapping mapping,
                                                           Map<String,RoleInfo> mappings)

Constraints that name method omissions are dealt with differently. We create an entry in the mappings with key "method.omission". This entry is only ever combined with other omissions for the same method to produce a consolidated RoleInfo. Then, when we wish to find the relevant constraints for a given Request (in prepareConstraintInfo()), we consult 3 types of entries in the mappings: an entry that names the method of the Request specifically, an entry that names constraints that apply to all methods, entries of the form method.omission, where the method of the Request is not named in the omission.

参数：

mapping -

mappings -

configureRoleInfo

protected void configureRoleInfo(RoleInfo ri,
                                 ConstraintMapping mapping)

Initialize or update the RoleInfo from the constraint

参数：

ri -

mapping -

prepareConstraintInfo

protected Object prepareConstraintInfo(String pathInContext,
                                       Request request)

Find constraints that apply to the given path. In order to do this, we consult 3 different types of information stored in the mappings for each path - each mapping represents a merged set of user data constraints, roles etc -:

1. A mapping of an exact method name
2. A mapping will null key that matches every method name
3. Mappings with keys of the form "method.omission" that indicates it will match every method name EXCEPT that given

指定者：

类 SecurityHandler 中的 prepareConstraintInfo

另请参见：

SecurityHandler.prepareConstraintInfo(java.lang.String, org.eclipse.jetty.server.Request)

checkUserDataPermissions

protected boolean checkUserDataPermissions(String pathInContext,
                                           Request request,
                                           Response response,
                                           Object constraintInfo)
                                    throws IOException

指定者：

类 SecurityHandler 中的 checkUserDataPermissions

抛出：

IOException

另请参见：

SecurityHandler.checkUserDataPermissions(java.lang.String, org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object)

isAuthMandatory

protected boolean isAuthMandatory(Request baseRequest,
                                  Response base_response,
                                  Object constraintInfo)

指定者：

类 SecurityHandler 中的 isAuthMandatory

另请参见：

SecurityHandler.isAuthMandatory(org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object)

checkWebResourcePermissions

protected boolean checkWebResourcePermissions(String pathInContext,
                                              Request request,
                                              Response response,
                                              Object constraintInfo,
                                              UserIdentity userIdentity)
                                       throws IOException

指定者：

类 SecurityHandler 中的 checkWebResourcePermissions

抛出：

IOException

另请参见：

SecurityHandler.checkWebResourcePermissions(java.lang.String, org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object, org.eclipse.jetty.server.UserIdentity)

dump

public void dump(Appendable out,
                 String indent)
          throws IOException

指定者：

接口 Dumpable 中的 dump

覆盖：

类 AbstractHandlerContainer 中的 dump

抛出：

IOException