org.eclipse.jetty.security

Class SecurityHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AggregateLifeCycle

org.eclipse.jetty.server.handler.AbstractHandler

org.eclipse.jetty.server.handler.AbstractHandlerContainer

org.eclipse.jetty.server.handler.HandlerWrapper

org.eclipse.jetty.security.SecurityHandler

All Implemented Interfaces:

Authenticator.AuthConfiguration, Handler, HandlerContainer, Destroyable, Dumpable, LifeCycle

Direct Known Subclasses:

ConstraintSecurityHandler

public abstract class SecurityHandler
extends HandlerWrapper
implements Authenticator.AuthConfiguration

Abstract SecurityHandler. Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	SecurityHandler.NotChecked

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Field Summary

Fields

Modifier and Type	Field and Description
static java.security.Principal	__NO_USER
static java.security.Principal	__NOBODY Nobody user.

Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

_handler

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SecurityHandler()

Method Summary

Methods

Modifier and Type	Method and Description
protected boolean	checkSecurity(Request request)
protected abstract boolean	checkUserDataPermissions(java.lang.String pathInContext, Request request, Response response, java.lang.Object constraintInfo)
protected abstract boolean	checkWebResourcePermissions(java.lang.String pathInContext, Request request, Response response, java.lang.Object constraintInfo, UserIdentity userIdentity)
protected void	doStart() Start the managed lifecycle beans in the order they were added.
protected void	doStop() Stop the joined lifecycle beans in the reverse order they were added.
protected IdentityService	findIdentityService()
protected LoginService	findLoginService()
Authenticator	getAuthenticator()
Authenticator.Factory	getAuthenticatorFactory()
java.lang.String	getAuthMethod()
static SecurityHandler	getCurrentSecurityHandler()
IdentityService	getIdentityService() Get the identityService.
java.lang.String	getInitParameter(java.lang.String key) Get a SecurityHandler init parameter
java.util.Set<java.lang.String>	getInitParameterNames() Get a SecurityHandler init parameter names
LoginService	getLoginService() Get the loginService.
java.lang.String	getRealmName()
void	handle(java.lang.String pathInContext, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handle a request.
protected abstract boolean	isAuthMandatory(Request baseRequest, Response base_response, java.lang.Object constraintInfo)
boolean	isCheckWelcomeFiles()
boolean	isSessionRenewedOnAuthentication()
void	logout(Authentication.User user)
protected abstract java.lang.Object	prepareConstraintInfo(java.lang.String pathInContext, Request request)
void	setAuthenticator(Authenticator authenticator) Set the authenticator.
void	setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
void	setAuthMethod(java.lang.String authMethod)
void	setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
void	setIdentityService(IdentityService identityService) Set the identityService.
java.lang.String	setInitParameter(java.lang.String key, java.lang.String value) Set an initialization parameter.
void	setLoginService(LoginService loginService) Set the loginService.
void	setRealmName(java.lang.String realmName)
void	setSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.

Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

destroy, expandChildren, getHandler, getHandlers, getNestedHandlerByClass, setHandler, setServer

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

dump, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass

Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

dumpThis, getServer

Methods inherited from class org.eclipse.jetty.util.component.AggregateLifeCycle

addBean, addBean, contains, dump, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanage

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Field Detail

__NO_USER

public static java.security.Principal __NO_USER

__NOBODY

public static java.security.Principal __NOBODY

Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

Constructor Detail

SecurityHandler

protected SecurityHandler()

Method Detail

getIdentityService

public IdentityService getIdentityService()

Get the identityService.

Specified by:

getIdentityService in interface Authenticator.AuthConfiguration

Returns:

the identityService

setIdentityService

public void setIdentityService(IdentityService identityService)

Set the identityService.

Parameters:

identityService - the identityService to set

getLoginService

public LoginService getLoginService()

Get the loginService.

Specified by:

getLoginService in interface Authenticator.AuthConfiguration

Returns:

the loginService

setLoginService

public void setLoginService(LoginService loginService)

Set the loginService.

Parameters:

loginService - the loginService to set

getAuthenticator

public Authenticator getAuthenticator()

setAuthenticator

public void setAuthenticator(Authenticator authenticator)

Set the authenticator.

Parameters:

authenticator -

Throws:

java.lang.IllegalStateException - if the SecurityHandler is running

getAuthenticatorFactory

public Authenticator.Factory getAuthenticatorFactory()

Returns:

the authenticatorFactory

setAuthenticatorFactory

public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)

Parameters:

authenticatorFactory - the authenticatorFactory to set

Throws:

java.lang.IllegalStateException - if the SecurityHandler is running

getRealmName

public java.lang.String getRealmName()

Specified by:

getRealmName in interface Authenticator.AuthConfiguration

Returns:

the realmName

setRealmName

public void setRealmName(java.lang.String realmName)

Parameters:

realmName - the realmName to set

Throws:

java.lang.IllegalStateException - if the SecurityHandler is running

getAuthMethod

public java.lang.String getAuthMethod()

Specified by:

getAuthMethod in interface Authenticator.AuthConfiguration

Returns:

the authMethod

setAuthMethod

public void setAuthMethod(java.lang.String authMethod)

Parameters:

authMethod - the authMethod to set

Throws:

java.lang.IllegalStateException - if the SecurityHandler is running

isCheckWelcomeFiles

public boolean isCheckWelcomeFiles()

Returns:

True if forwards to welcome files are authenticated

setCheckWelcomeFiles

public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)

Parameters:

authenticateWelcomeFiles - True if forwards to welcome files are authenticated

Throws:

java.lang.IllegalStateException - if the SecurityHandler is running

getInitParameter

public java.lang.String getInitParameter(java.lang.String key)

Description copied from interface: Authenticator.AuthConfiguration

Get a SecurityHandler init parameter

Specified by:

getInitParameter in interface Authenticator.AuthConfiguration

Parameters:

key - parameter name

Returns:

Parameter value or null

See Also:

getInitParameter(String)

getInitParameterNames

public java.util.Set<java.lang.String> getInitParameterNames()

Description copied from interface: Authenticator.AuthConfiguration

Get a SecurityHandler init parameter names

Specified by:

getInitParameterNames in interface Authenticator.AuthConfiguration

Returns:

Set of parameter names

See Also:

getInitParameterNames()

setInitParameter

public java.lang.String setInitParameter(java.lang.String key,
                                java.lang.String value)

Set an initialization parameter.

Parameters:

key -

value -

Returns:

previous value

Throws:

java.lang.IllegalStateException - if the SecurityHandler is running

findLoginService

protected LoginService findLoginService()

findIdentityService

protected IdentityService findIdentityService()

doStart

protected void doStart()
                throws java.lang.Exception

Description copied from class: AggregateLifeCycle

Start the managed lifecycle beans in the order they were added.

Overrides:

doStart in class HandlerWrapper

Throws:

java.lang.Exception

See Also:

AbstractLifeCycle.doStart()

doStop

protected void doStop()
               throws java.lang.Exception

Description copied from class: AggregateLifeCycle

Stop the joined lifecycle beans in the reverse order they were added.

Overrides:

doStop in class HandlerWrapper

Throws:

java.lang.Exception

See Also:

HandlerWrapper.doStop()

checkSecurity

protected boolean checkSecurity(Request request)

isSessionRenewedOnAuthentication

public boolean isSessionRenewedOnAuthentication()

Specified by:

isSessionRenewedOnAuthentication in interface Authenticator.AuthConfiguration

See Also:

Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

setSessionRenewedOnAuthentication

public void setSessionRenewedOnAuthentication(boolean renew)

Set renew the session on Authentication.

If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

See Also:

Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

handle

public void handle(java.lang.String pathInContext,
          Request baseRequest,
          javax.servlet.http.HttpServletRequest request,
          javax.servlet.http.HttpServletResponse response)
            throws java.io.IOException,
                   javax.servlet.ServletException

Description copied from interface: Handler

Handle a request.

Specified by:

handle in interface Handler

Overrides:

handle in class HandlerWrapper

Parameters:

pathInContext - The target of the request - either a URI or a name.

baseRequest - The original unwrapped request object.

request - The request either as the Request object or a wrapper of that request. The AbstractHttpConnection.getCurrentConnection() method can be used access the Request object if required.

response - The response as the Response object or a wrapper of that request. The AbstractHttpConnection.getCurrentConnection() method can be used access the Response object if required.

Throws:

java.io.IOException

javax.servlet.ServletException

getCurrentSecurityHandler

public static SecurityHandler getCurrentSecurityHandler()

logout

public void logout(Authentication.User user)

prepareConstraintInfo

protected abstract java.lang.Object prepareConstraintInfo(java.lang.String pathInContext,
                                     Request request)

checkUserDataPermissions

protected abstract boolean checkUserDataPermissions(java.lang.String pathInContext,
                               Request request,
                               Response response,
                               java.lang.Object constraintInfo)
                                             throws java.io.IOException

Throws:

java.io.IOException

isAuthMandatory

protected abstract boolean isAuthMandatory(Request baseRequest,
                      Response base_response,
                      java.lang.Object constraintInfo)

checkWebResourcePermissions

protected abstract boolean checkWebResourcePermissions(java.lang.String pathInContext,
                                  Request request,
                                  Response response,
                                  java.lang.Object constraintInfo,
                                  UserIdentity userIdentity)
                                                throws java.io.IOException

Throws:

java.io.IOException