org.eclipse.jetty.security

Class ConstraintSecurityHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AggregateLifeCycle

org.eclipse.jetty.server.handler.AbstractHandler

org.eclipse.jetty.server.handler.AbstractHandlerContainer

org.eclipse.jetty.server.handler.HandlerWrapper

org.eclipse.jetty.security.SecurityHandler

org.eclipse.jetty.security.ConstraintSecurityHandler

All Implemented Interfaces:

Authenticator.AuthConfiguration, ConstraintAware, Handler, HandlerContainer, Destroyable, Dumpable, LifeCycle

public class ConstraintSecurityHandler
extends SecurityHandler
implements ConstraintAware

Handler to enforce SecurityConstraints. This implementation is servlet spec 2.4 compliant and precomputes the constraint combinations for runtime efficiency.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.security.SecurityHandler

SecurityHandler.NotChecked

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Field Summary

Fields inherited from class org.eclipse.jetty.security.SecurityHandler

__NO_USER, __NOBODY

Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

_handler

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

Constructor Summary

Constructors

Constructor and Description
ConstraintSecurityHandler()

Method Summary

Methods

Modifier and Type	Method and Description
void	addConstraintMapping(ConstraintMapping mapping) Add a Constraint Mapping.
void	addRole(java.lang.String role) Add a Role definition.
protected boolean	checkUserDataPermissions(java.lang.String pathInContext, Request request, Response response, java.lang.Object constraintInfo)
protected boolean	checkWebResourcePermissions(java.lang.String pathInContext, Request request, Response response, java.lang.Object constraintInfo, UserIdentity userIdentity)
protected void	doStart() Start the managed lifecycle beans in the order they were added.
protected void	doStop() Stop the joined lifecycle beans in the reverse order they were added.
void	dump(java.lang.Appendable out, java.lang.String indent)
java.util.List<ConstraintMapping>	getConstraintMappings()
java.util.Set<java.lang.String>	getRoles()
protected boolean	isAuthMandatory(Request baseRequest, Response base_response, java.lang.Object constraintInfo)
boolean	isStrict() Get the strict mode.
protected java.lang.Object	prepareConstraintInfo(java.lang.String pathInContext, Request request)
protected void	processConstraintMapping(ConstraintMapping mapping)
void	setConstraintMappings(ConstraintMapping[] constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings, java.util.Set<java.lang.String> roles) Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
void	setRoles(java.util.Set<java.lang.String> roles) Set the known roles.
void	setStrict(boolean strict) Set the strict mode of the security handler.

Methods inherited from class org.eclipse.jetty.security.SecurityHandler

checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication

Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

destroy, expandChildren, getHandler, getHandlers, getNestedHandlerByClass, setHandler, setServer

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

dumpThis, getServer

Methods inherited from class org.eclipse.jetty.util.component.AggregateLifeCycle

addBean, addBean, contains, dump, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanage

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Constructor Detail

ConstraintSecurityHandler

public ConstraintSecurityHandler()

Method Detail

isStrict

public boolean isStrict()

Get the strict mode.

Returns:

true if the security handler is running in strict mode.

setStrict

public void setStrict(boolean strict)

Set the strict mode of the security handler.

When in strict mode (the default), the full servlet specification will be implemented. If not in strict mode, some additional flexibility in configuration is allowed:

• All users do not need to have a role defined in the deployment descriptor
• The * role in a constraint applies to ANY role rather than all roles defined in the deployment descriptor.

Parameters:

strict - the strict to set

See Also:

setRoles(Set), setConstraintMappings(List, Set)

getConstraintMappings

public java.util.List<ConstraintMapping> getConstraintMappings()

Specified by:

getConstraintMappings in interface ConstraintAware

Returns:

Returns the constraintMappings.

getRoles

public java.util.Set<java.lang.String> getRoles()

Specified by:

getRoles in interface ConstraintAware

setConstraintMappings

public void setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

Parameters:

constraintMappings - The constraintMappings to set, from which the set of known roles is determined.

setConstraintMappings

public void setConstraintMappings(ConstraintMapping[] constraintMappings)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

Parameters:

constraintMappings - The constraintMappings to set as array, from which the set of known roles is determined. Needed to retain API compatibility for 7.x

setConstraintMappings

public void setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings,
                         java.util.Set<java.lang.String> roles)

Process the constraints following the combining rules in Servlet 3.0 EA spec section 13.7.1 Note that much of the logic is in the RoleInfo class.

Specified by:

setConstraintMappings in interface ConstraintAware

Parameters:

constraintMappings - The constraintMappings to set.

roles - The known roles (or null to determine them from the mappings)

setRoles

public void setRoles(java.util.Set<java.lang.String> roles)

Set the known roles. This may be overridden by a subsequent call to setConstraintMappings(ConstraintMapping[]) or setConstraintMappings(List, Set).

Parameters:

roles - The known roles (or null to determine them from the mappings)

See Also:

setStrict(boolean)

addConstraintMapping

public void addConstraintMapping(ConstraintMapping mapping)

Description copied from interface: ConstraintAware

Add a Constraint Mapping. May be called for running webapplication as an annotated servlet is instantiated.

Specified by:

addConstraintMapping in interface ConstraintAware

See Also:

ConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)

addRole

public void addRole(java.lang.String role)

Description copied from interface: ConstraintAware

Add a Role definition. May be called on running webapplication as an annotated servlet is instantiated.

Specified by:

addRole in interface ConstraintAware

See Also:

ConstraintAware.addRole(java.lang.String)

doStart

protected void doStart()
                throws java.lang.Exception

Description copied from class: AggregateLifeCycle

Start the managed lifecycle beans in the order they were added.

Overrides:

doStart in class SecurityHandler

Throws:

java.lang.Exception

See Also:

SecurityHandler.doStart()

doStop

protected void doStop()
               throws java.lang.Exception

Description copied from class: AggregateLifeCycle

Stop the joined lifecycle beans in the reverse order they were added.

Overrides:

doStop in class SecurityHandler

Throws:

java.lang.Exception

See Also:

HandlerWrapper.doStop()

processConstraintMapping

protected void processConstraintMapping(ConstraintMapping mapping)

prepareConstraintInfo

protected java.lang.Object prepareConstraintInfo(java.lang.String pathInContext,
                                     Request request)

Specified by:

prepareConstraintInfo in class SecurityHandler

checkUserDataPermissions

protected boolean checkUserDataPermissions(java.lang.String pathInContext,
                               Request request,
                               Response response,
                               java.lang.Object constraintInfo)
                                    throws java.io.IOException

Specified by:

checkUserDataPermissions in class SecurityHandler

Throws:

java.io.IOException

isAuthMandatory

protected boolean isAuthMandatory(Request baseRequest,
                      Response base_response,
                      java.lang.Object constraintInfo)

Specified by:

isAuthMandatory in class SecurityHandler

checkWebResourcePermissions

protected boolean checkWebResourcePermissions(java.lang.String pathInContext,
                                  Request request,
                                  Response response,
                                  java.lang.Object constraintInfo,
                                  UserIdentity userIdentity)
                                       throws java.io.IOException

Specified by:

checkWebResourcePermissions in class SecurityHandler

Throws:

java.io.IOException

dump

public void dump(java.lang.Appendable out,
        java.lang.String indent)
          throws java.io.IOException

Specified by:

dump in interface Dumpable

Overrides:

dump in class AbstractHandlerContainer

Throws:

java.io.IOException