public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
Handler to enforce SecurityConstraints. This implementation is servlet spec 3.1 compliant and pre-computes the constraint combinations for runtime efficiency.
SecurityHandler.NotChecked
AbstractHandler.ErrorDispatchHandler
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
__NO_USER, __NOBODY
Constructor and Description |
---|
ConstraintSecurityHandler() |
Modifier and Type | Method and Description |
---|---|
void |
addConstraintMapping(ConstraintMapping mapping)
Add a Constraint Mapping.
|
void |
addRole(String role)
Add a Role definition.
|
boolean |
checkPathsWithUncoveredHttpMethods()
Servlet spec 3.1 pg.
|
static Constraint |
createConstraint() |
static Constraint |
createConstraint(Constraint constraint) |
static Constraint |
createConstraint(String name,
boolean authenticate,
String[] roles,
int dataConstraint)
Create a security constraint
|
static Constraint |
createConstraint(String name,
HttpConstraintElement element)
Create a Constraint
|
static Constraint |
createConstraint(String name,
String[] rolesAllowed,
ServletSecurity.EmptyRoleSemantic permitOrDeny,
ServletSecurity.TransportGuarantee transport)
Create Constraint
|
static List<ConstraintMapping> |
createConstraintsWithMappingsForPath(String name,
String pathSpec,
ServletSecurityElement securityElement)
Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
|
void |
dump(Appendable out,
String indent)
Dump this object (and children) into an Appendable using the provided indent after any new lines.
|
List<ConstraintMapping> |
getConstraintMappings() |
static List<ConstraintMapping> |
getConstraintMappingsForPath(String pathSpec,
List<ConstraintMapping> constraintMappings) |
Set<String> |
getPathsWithUncoveredHttpMethods()
Servlet spec 3.1 pg.
|
Set<String> |
getRoles() |
boolean |
isDenyUncoveredHttpMethods() |
static List<ConstraintMapping> |
removeConstraintMappingsForPath(String pathSpec,
List<ConstraintMapping> constraintMappings)
Take out of the constraint mappings those that match the
given path.
|
void |
setConstraintMappings(ConstraintMapping[] constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(List<ConstraintMapping> constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(List<ConstraintMapping> constraintMappings,
Set<String> roles)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setDenyUncoveredHttpMethods(boolean deny)
See Servlet Spec 31, sec 13.8.4, pg 145
When true, requests with http methods not explicitly covered either by inclusion or omissions
in constraints, will have access denied.
|
void |
setRoles(Set<String> roles)
Set the known roles.
|
getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getKnownAuthenticatorFactories, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication
destroy, getHandler, getHandlers, insertHandler, setHandler
findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
getServer
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, start, stop, stop
dumpContainer, dumpIterable, dumpMapEntries, dumpObjects, dumpSelf, named
public static Constraint createConstraint()
public static Constraint createConstraint(Constraint constraint)
public static Constraint createConstraint(String name, boolean authenticate, String[] roles, int dataConstraint)
name
- the name of the constraintauthenticate
- true to authenticateroles
- list of rolesdataConstraint
- the data constraintpublic static Constraint createConstraint(String name, HttpConstraintElement element)
name
- the nameelement
- the http constraint elementpublic static Constraint createConstraint(String name, String[] rolesAllowed, ServletSecurity.EmptyRoleSemantic permitOrDeny, ServletSecurity.TransportGuarantee transport)
name
- the namerolesAllowed
- the list of allowed rolespermitOrDeny
- the permission semantictransport
- the transport guaranteepublic static List<ConstraintMapping> getConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
public static List<ConstraintMapping> removeConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
pathSpec
- the path specconstraintMappings
- a new list minus the matching constraintspublic static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement)
name
- the namepathSpec
- the path specsecurityElement
- the servlet security elementpublic List<ConstraintMapping> getConstraintMappings()
getConstraintMappings
in interface ConstraintAware
public Set<String> getRoles()
getRoles
in interface ConstraintAware
public void setConstraintMappings(List<ConstraintMapping> constraintMappings)
constraintMappings
- The constraintMappings to set, from which the set of known roles
is determined.public void setConstraintMappings(ConstraintMapping[] constraintMappings)
constraintMappings
- The constraintMappings to set as array, from which the set of known roles
is determined. Needed to retain API compatibility for 7.xpublic void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles)
setConstraintMappings
in interface ConstraintAware
constraintMappings
- The constraintMappings to set.roles
- The known roles (or null to determine them from the mappings)public void setRoles(Set<String> roles)
setConstraintMappings(ConstraintMapping[])
or
setConstraintMappings(List, Set)
.roles
- The known roles (or null to determine them from the mappings)public void addConstraintMapping(ConstraintMapping mapping)
ConstraintAware
addConstraintMapping
in interface ConstraintAware
mapping
- the mappingConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
public void addRole(String role)
ConstraintAware
addRole
in interface ConstraintAware
role
- the roleConstraintAware.addRole(java.lang.String)
public void dump(Appendable out, String indent) throws IOException
Dumpable
dump
in interface Dumpable
dump
in class ContainerLifeCycle
out
- The appendable to dump toindent
- The indent to apply after any new lines.IOException
- if unable to write to Appendablepublic void setDenyUncoveredHttpMethods(boolean deny)
ConstraintAware
setDenyUncoveredHttpMethods
in interface ConstraintAware
deny
- true for denied method accessConstraintAware.setDenyUncoveredHttpMethods(boolean)
public boolean isDenyUncoveredHttpMethods()
isDenyUncoveredHttpMethods
in interface ConstraintAware
public boolean checkPathsWithUncoveredHttpMethods()
checkPathsWithUncoveredHttpMethods
in interface ConstraintAware
public Set<String> getPathsWithUncoveredHttpMethods()
Copyright © 2010 - 2020 Adobe. All Rights Reserved