java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.ee8.nested.AbstractHandler
org.eclipse.jetty.ee8.nested.AbstractHandlerContainer
org.eclipse.jetty.ee8.nested.HandlerWrapper
org.eclipse.jetty.ee8.security.SecurityHandler
- All Implemented Interfaces:
org.eclipse.jetty.ee8.nested.Handler,org.eclipse.jetty.ee8.nested.HandlerContainer,Authenticator.AuthConfiguration,org.eclipse.jetty.util.component.Container,org.eclipse.jetty.util.component.Destroyable,org.eclipse.jetty.util.component.Dumpable,org.eclipse.jetty.util.component.Dumpable.DumpableContainer,org.eclipse.jetty.util.component.LifeCycle
- Direct Known Subclasses:
ConstraintSecurityHandler
public abstract class SecurityHandler
extends org.eclipse.jetty.ee8.nested.HandlerWrapper
implements Authenticator.AuthConfiguration
Select and apply an
Authenticator to a request.
The Authenticator may either be directly set on the handler
or will be created during AbstractLifeCycle.start() with a call to
either the default or set AuthenticatorFactory.
SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class org.eclipse.jetty.ee8.nested.AbstractHandler
org.eclipse.jetty.ee8.nested.AbstractHandler.ErrorDispatchHandlerNested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopExceptionNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.ListenerNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
org.eclipse.jetty.util.component.Dumpable.DumpableContainerNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
org.eclipse.jetty.util.component.LifeCycle.Listener -
Field Summary
FieldsFields inherited from class org.eclipse.jetty.ee8.nested.HandlerWrapper
_handlerFields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
FAILED, STARTED, STARTING, STOPPED, STOPPINGFields inherited from interface org.eclipse.jetty.util.component.Dumpable
KEY -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleancheckSecurity(org.eclipse.jetty.ee8.nested.Request request) protected abstract booleancheckUserDataPermissions(String pathInContext, org.eclipse.jetty.ee8.nested.Request request, org.eclipse.jetty.ee8.nested.Response response, RoleInfo constraintInfo) protected abstract booleancheckWebResourcePermissions(String pathInContext, org.eclipse.jetty.ee8.nested.Request request, org.eclipse.jetty.ee8.nested.Response response, Object constraintInfo, org.eclipse.jetty.security.UserIdentity userIdentity) protected voiddoStart()protected voiddoStop()protected org.eclipse.jetty.security.IdentityServiceprotected org.eclipse.jetty.security.LoginServicestatic SecurityHandlerorg.eclipse.jetty.security.IdentityServiceGet the identityService.getInitParameter(String key) Get a SecurityHandler init parameterGet a SecurityHandler init parameter namesorg.eclipse.jetty.security.LoginServiceGet the loginService.intGet the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticatedvoidhandle(String pathInContext, org.eclipse.jetty.ee8.nested.Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) protected abstract booleanisAuthMandatory(org.eclipse.jetty.ee8.nested.Request baseRequest, org.eclipse.jetty.ee8.nested.Response baseResponse, Object constraintInfo) booleanbooleanShould session ID be renewed on authentication.voidlogout(org.eclipse.jetty.ee8.nested.Authentication.User user) protected abstract RoleInfoprepareConstraintInfo(String pathInContext, org.eclipse.jetty.ee8.nested.Request request) voidsetAuthenticator(Authenticator authenticator) Set the authenticator.voidsetAuthenticatorFactory(Authenticator.Factory authenticatorFactory) voidsetAuthMethod(String authMethod) voidsetCheckWelcomeFiles(boolean authenticateWelcomeFiles) voidsetIdentityService(org.eclipse.jetty.security.IdentityService identityService) Set the identityService.setInitParameter(String key, String value) Set an initialization parameter.voidsetLoginService(org.eclipse.jetty.security.LoginService loginService) Set the loginService.voidsetRealmName(String realmName) voidsetSessionMaxInactiveIntervalOnAuthentication(int seconds) Set the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticated.voidsetSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.Methods inherited from class org.eclipse.jetty.ee8.nested.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, getTail, insertHandler, setAsParent, setHandlerMethods inherited from class org.eclipse.jetty.ee8.nested.AbstractHandlerContainer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServerMethods inherited from class org.eclipse.jetty.ee8.nested.AbstractHandler
doError, getServerMethods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeansMethods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toStringMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListenersMethods inherited from interface org.eclipse.jetty.util.component.Dumpable
dumpSelfMethods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpableMethods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop
-
Field Details
-
__NO_USER
-
__NOBODY
Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.
-
-
Constructor Details
-
SecurityHandler
protected SecurityHandler()
-
-
Method Details
-
getIdentityService
public org.eclipse.jetty.security.IdentityService getIdentityService()Get the identityService.- Specified by:
getIdentityServicein interfaceAuthenticator.AuthConfiguration- Returns:
- the identityService
-
setIdentityService
public void setIdentityService(org.eclipse.jetty.security.IdentityService identityService) Set the identityService.- Parameters:
identityService- the identityService to set
-
getLoginService
public org.eclipse.jetty.security.LoginService getLoginService()Get the loginService.- Specified by:
getLoginServicein interfaceAuthenticator.AuthConfiguration- Returns:
- the loginService
-
setLoginService
public void setLoginService(org.eclipse.jetty.security.LoginService loginService) Set the loginService.- Parameters:
loginService- the loginService to set
-
getAuthenticator
-
setAuthenticator
Set the authenticator.- Parameters:
authenticator- the authenticator- Throws:
IllegalStateException- if the SecurityHandler is running
-
getAuthenticatorFactory
- Returns:
- the authenticatorFactory
-
setAuthenticatorFactory
- Parameters:
authenticatorFactory- the authenticatorFactory to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
getKnownAuthenticatorFactories
- Returns:
- the list of discovered authenticatorFactories
-
getRealmName
- Specified by:
getRealmNamein interfaceAuthenticator.AuthConfiguration- Returns:
- the realmName
-
setRealmName
- Parameters:
realmName- the realmName to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
getAuthMethod
- Specified by:
getAuthMethodin interfaceAuthenticator.AuthConfiguration- Returns:
- the authMethod
-
setAuthMethod
- Parameters:
authMethod- the authMethod to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
isCheckWelcomeFiles
public boolean isCheckWelcomeFiles()- Returns:
- True if forwards to welcome files are authenticated
-
setCheckWelcomeFiles
public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles) - Parameters:
authenticateWelcomeFiles- True if forwards to welcome files are authenticated- Throws:
IllegalStateException- if the SecurityHandler is running
-
getInitParameter
Description copied from interface:Authenticator.AuthConfigurationGet a SecurityHandler init parameter- Specified by:
getInitParameterin interfaceAuthenticator.AuthConfiguration- Parameters:
key- parameter name- Returns:
- Parameter value or null
- See Also:
-
getInitParameterNames
Description copied from interface:Authenticator.AuthConfigurationGet a SecurityHandler init parameter names- Specified by:
getInitParameterNamesin interfaceAuthenticator.AuthConfiguration- Returns:
- Set of parameter names
- See Also:
-
setInitParameter
Set an initialization parameter.- Parameters:
key- the init keyvalue- the init value- Returns:
- previous value
- Throws:
IllegalStateException- if the SecurityHandler is started
-
findLoginService
-
findIdentityService
protected org.eclipse.jetty.security.IdentityService findIdentityService() -
doStart
-
doStop
-
checkSecurity
protected boolean checkSecurity(org.eclipse.jetty.ee8.nested.Request request) -
isSessionRenewedOnAuthentication
public boolean isSessionRenewedOnAuthentication()Description copied from interface:Authenticator.AuthConfigurationShould session ID be renewed on authentication.- Specified by:
isSessionRenewedOnAuthenticationin interfaceAuthenticator.AuthConfiguration- Returns:
- true if the session ID should be renewed on authentication
-
setSessionRenewedOnAuthentication
public void setSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
- Parameters:
renew- true to renew the authentication on session- See Also:
-
getSessionMaxInactiveIntervalOnAuthentication
public int getSessionMaxInactiveIntervalOnAuthentication()Description copied from interface:Authenticator.AuthConfigurationGet the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticated- Specified by:
getSessionMaxInactiveIntervalOnAuthenticationin interfaceAuthenticator.AuthConfiguration- Returns:
- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
setSessionMaxInactiveIntervalOnAuthentication
public void setSessionMaxInactiveIntervalOnAuthentication(int seconds) Set the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticated.- Parameters:
seconds- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
handle
public void handle(String pathInContext, org.eclipse.jetty.ee8.nested.Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException - Specified by:
handlein interfaceorg.eclipse.jetty.ee8.nested.Handler- Overrides:
handlein classorg.eclipse.jetty.ee8.nested.HandlerWrapper- Throws:
IOExceptionjavax.servlet.ServletException
-
getCurrentSecurityHandler
-
logout
public void logout(org.eclipse.jetty.ee8.nested.Authentication.User user) -
prepareConstraintInfo
-
checkUserDataPermissions
protected abstract boolean checkUserDataPermissions(String pathInContext, org.eclipse.jetty.ee8.nested.Request request, org.eclipse.jetty.ee8.nested.Response response, RoleInfo constraintInfo) throws IOException - Throws:
IOException
-
isAuthMandatory
protected abstract boolean isAuthMandatory(org.eclipse.jetty.ee8.nested.Request baseRequest, org.eclipse.jetty.ee8.nested.Response baseResponse, Object constraintInfo) -
checkWebResourcePermissions
protected abstract boolean checkWebResourcePermissions(String pathInContext, org.eclipse.jetty.ee8.nested.Request request, org.eclipse.jetty.ee8.nested.Response response, Object constraintInfo, org.eclipse.jetty.security.UserIdentity userIdentity) throws IOException - Throws:
IOException
-