Package org.eclipse.jetty.security
Class SecurityHandler
- java.lang.Object
-
- org.eclipse.jetty.util.component.AbstractLifeCycle
-
- org.eclipse.jetty.util.component.ContainerLifeCycle
-
- org.eclipse.jetty.server.handler.AbstractHandler
-
- org.eclipse.jetty.server.handler.AbstractHandlerContainer
-
- org.eclipse.jetty.server.handler.HandlerWrapper
-
- org.eclipse.jetty.security.SecurityHandler
-
- All Implemented Interfaces:
Authenticator.AuthConfiguration,org.eclipse.jetty.server.Handler,org.eclipse.jetty.server.HandlerContainer,org.eclipse.jetty.util.component.Container,org.eclipse.jetty.util.component.Destroyable,org.eclipse.jetty.util.component.Dumpable,org.eclipse.jetty.util.component.LifeCycle
- Direct Known Subclasses:
ConstraintSecurityHandler
public abstract class SecurityHandler extends org.eclipse.jetty.server.handler.HandlerWrapper implements Authenticator.AuthConfiguration
Abstract SecurityHandler.Select and apply an
Authenticatorto a request.The Authenticator may either be directly set on the handler or will be create during
AbstractLifeCycle.start()with a call to either the default or set AuthenticatorFactory.SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description classSecurityHandler.NotChecked-
Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler
-
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedSecurityHandler()
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected booleancheckSecurity(org.eclipse.jetty.server.Request request)protected abstract booleancheckUserDataPermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, RoleInfo constraintInfo)protected abstract booleancheckWebResourcePermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, Object constraintInfo, org.eclipse.jetty.server.UserIdentity userIdentity)protected voiddoStart()protected voiddoStop()protected IdentityServicefindIdentityService()protected LoginServicefindLoginService()AuthenticatorgetAuthenticator()Authenticator.FactorygetAuthenticatorFactory()StringgetAuthMethod()static SecurityHandlergetCurrentSecurityHandler()IdentityServicegetIdentityService()Get the identityService.StringgetInitParameter(String key)Get a SecurityHandler init parameterSet<String>getInitParameterNames()Get a SecurityHandler init parameter namesLoginServicegetLoginService()Get the loginService.StringgetRealmName()voidhandle(String pathInContext, org.eclipse.jetty.server.Request baseRequest, HttpServletRequest request, HttpServletResponse response)protected abstract booleanisAuthMandatory(org.eclipse.jetty.server.Request baseRequest, org.eclipse.jetty.server.Response base_response, Object constraintInfo)booleanisCheckWelcomeFiles()booleanisSessionRenewedOnAuthentication()voidlogout(org.eclipse.jetty.server.Authentication.User user)protected abstract RoleInfoprepareConstraintInfo(String pathInContext, org.eclipse.jetty.server.Request request)voidsetAuthenticator(Authenticator authenticator)Set the authenticator.voidsetAuthenticatorFactory(Authenticator.Factory authenticatorFactory)voidsetAuthMethod(String authMethod)voidsetCheckWelcomeFiles(boolean authenticateWelcomeFiles)voidsetIdentityService(IdentityService identityService)Set the identityService.StringsetInitParameter(String key, String value)Set an initialization parameter.voidsetLoginService(LoginService loginService)Set the loginService.voidsetRealmName(String realmName)voidsetSessionRenewedOnAuthentication(boolean renew)Set renew the session on Authentication.-
Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
-
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer
doShutdown, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
-
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
-
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
-
-
-
-
Field Detail
-
__NO_USER
public static final Principal __NO_USER
-
__NOBODY
public static final Principal __NOBODY
Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.
-
-
Method Detail
-
getIdentityService
public IdentityService getIdentityService()
Get the identityService.- Specified by:
getIdentityServicein interfaceAuthenticator.AuthConfiguration- Returns:
- the identityService
-
setIdentityService
public void setIdentityService(IdentityService identityService)
Set the identityService.- Parameters:
identityService- the identityService to set
-
getLoginService
public LoginService getLoginService()
Get the loginService.- Specified by:
getLoginServicein interfaceAuthenticator.AuthConfiguration- Returns:
- the loginService
-
setLoginService
public void setLoginService(LoginService loginService)
Set the loginService.- Parameters:
loginService- the loginService to set
-
getAuthenticator
public Authenticator getAuthenticator()
-
setAuthenticator
public void setAuthenticator(Authenticator authenticator)
Set the authenticator.- Parameters:
authenticator- the authenticator- Throws:
IllegalStateException- if the SecurityHandler is running
-
getAuthenticatorFactory
public Authenticator.Factory getAuthenticatorFactory()
- Returns:
- the authenticatorFactory
-
setAuthenticatorFactory
public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
- Parameters:
authenticatorFactory- the authenticatorFactory to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
getRealmName
public String getRealmName()
- Specified by:
getRealmNamein interfaceAuthenticator.AuthConfiguration- Returns:
- the realmName
-
setRealmName
public void setRealmName(String realmName)
- Parameters:
realmName- the realmName to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
getAuthMethod
public String getAuthMethod()
- Specified by:
getAuthMethodin interfaceAuthenticator.AuthConfiguration- Returns:
- the authMethod
-
setAuthMethod
public void setAuthMethod(String authMethod)
- Parameters:
authMethod- the authMethod to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
isCheckWelcomeFiles
public boolean isCheckWelcomeFiles()
- Returns:
- True if forwards to welcome files are authenticated
-
setCheckWelcomeFiles
public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
- Parameters:
authenticateWelcomeFiles- True if forwards to welcome files are authenticated- Throws:
IllegalStateException- if the SecurityHandler is running
-
getInitParameter
public String getInitParameter(String key)
Description copied from interface:Authenticator.AuthConfigurationGet a SecurityHandler init parameter- Specified by:
getInitParameterin interfaceAuthenticator.AuthConfiguration- Parameters:
key- parameter name- Returns:
- Parameter value or null
- See Also:
getInitParameter(String)
-
getInitParameterNames
public Set<String> getInitParameterNames()
Description copied from interface:Authenticator.AuthConfigurationGet a SecurityHandler init parameter names- Specified by:
getInitParameterNamesin interfaceAuthenticator.AuthConfiguration- Returns:
- Set of parameter names
- See Also:
getInitParameterNames()
-
setInitParameter
public String setInitParameter(String key, String value)
Set an initialization parameter.- Parameters:
key- the init keyvalue- the init value- Returns:
- previous value
- Throws:
IllegalStateException- if the SecurityHandler is running
-
findLoginService
protected LoginService findLoginService() throws Exception
- Throws:
Exception
-
findIdentityService
protected IdentityService findIdentityService()
-
doStart
protected void doStart() throws Exception- Overrides:
doStartin classorg.eclipse.jetty.server.handler.AbstractHandler- Throws:
Exception
-
doStop
protected void doStop() throws Exception- Overrides:
doStopin classorg.eclipse.jetty.server.handler.AbstractHandler- Throws:
Exception
-
checkSecurity
protected boolean checkSecurity(org.eclipse.jetty.server.Request request)
-
isSessionRenewedOnAuthentication
public boolean isSessionRenewedOnAuthentication()
- Specified by:
isSessionRenewedOnAuthenticationin interfaceAuthenticator.AuthConfiguration- See Also:
Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()
-
setSessionRenewedOnAuthentication
public void setSessionRenewedOnAuthentication(boolean renew)
Set renew the session on Authentication.If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
- Parameters:
renew- true to renew the authentication on session- See Also:
Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()
-
handle
public void handle(String pathInContext, org.eclipse.jetty.server.Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
- Specified by:
handlein interfaceorg.eclipse.jetty.server.Handler- Overrides:
handlein classorg.eclipse.jetty.server.handler.HandlerWrapper- Throws:
IOExceptionServletException
-
getCurrentSecurityHandler
public static SecurityHandler getCurrentSecurityHandler()
-
logout
public void logout(org.eclipse.jetty.server.Authentication.User user)
-
prepareConstraintInfo
protected abstract RoleInfo prepareConstraintInfo(String pathInContext, org.eclipse.jetty.server.Request request)
-
checkUserDataPermissions
protected abstract boolean checkUserDataPermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, RoleInfo constraintInfo) throws IOException
- Throws:
IOException
-
isAuthMandatory
protected abstract boolean isAuthMandatory(org.eclipse.jetty.server.Request baseRequest, org.eclipse.jetty.server.Response base_response, Object constraintInfo)
-
checkWebResourcePermissions
protected abstract boolean checkWebResourcePermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, Object constraintInfo, org.eclipse.jetty.server.UserIdentity userIdentity) throws IOException
- Throws:
IOException
-
-