Module org.eclipse.jetty.security
Package org.eclipse.jetty.security

Class SecurityHandler

  • All Implemented Interfaces:
    Authenticator.AuthConfiguration, org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.LifeCycle
    Direct Known Subclasses:
    ConstraintSecurityHandler
    public abstract class SecurityHandler
extends org.eclipse.jetty.server.handler.HandlerWrapper
implements Authenticator.AuthConfiguration
    Abstract SecurityHandler.

    Select and apply an Authenticator to a request.

    The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

    SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      class  SecurityHandler.NotChecked  

      • Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler

        org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler

      • Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

        org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

      • Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

        org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

      • Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

        org.eclipse.jetty.util.component.LifeCycle.Listener

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.security.Principal __NO_USER  
      static java.security.Principal __NOBODY
      Nobody user.

      • Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

        _handler

      • Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

        FAILED, STARTED, STARTING, STOPPED, STOPPING

      • Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

        KEY

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      protected SecurityHandler()  

    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      protected boolean checkSecurity​(org.eclipse.jetty.server.Request request)  
      protected abstract boolean checkUserDataPermissions​(java.lang.String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, RoleInfo constraintInfo)  
      protected abstract boolean checkWebResourcePermissions​(java.lang.String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, java.lang.Object constraintInfo, org.eclipse.jetty.server.UserIdentity userIdentity)  
      protected void doStart()  
      protected void doStop()  
      protected IdentityService findIdentityService()  
      protected LoginService findLoginService()  
      Authenticator getAuthenticator()  
      Authenticator.Factory getAuthenticatorFactory()  
      java.lang.String getAuthMethod()  
      static SecurityHandler getCurrentSecurityHandler()  
      IdentityService getIdentityService()
      Get the identityService.
      java.lang.String getInitParameter​(java.lang.String key)
      Get a SecurityHandler init parameter
      java.util.Set<java.lang.String> getInitParameterNames()
      Get a SecurityHandler init parameter names
      java.util.List<Authenticator.Factory> getKnownAuthenticatorFactories()  
      LoginService getLoginService()
      Get the loginService.
      java.lang.String getRealmName()  
      void handle​(java.lang.String pathInContext, org.eclipse.jetty.server.Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)  
      protected abstract boolean isAuthMandatory​(org.eclipse.jetty.server.Request baseRequest, org.eclipse.jetty.server.Response baseResponse, java.lang.Object constraintInfo)  
      boolean isCheckWelcomeFiles()  
      boolean isSessionRenewedOnAuthentication()  
      void logout​(org.eclipse.jetty.server.Authentication.User user)  
      protected abstract RoleInfo prepareConstraintInfo​(java.lang.String pathInContext, org.eclipse.jetty.server.Request request)  
      void setAuthenticator​(Authenticator authenticator)
      Set the authenticator.
      void setAuthenticatorFactory​(Authenticator.Factory authenticatorFactory)  
      void setAuthMethod​(java.lang.String authMethod)  
      void setCheckWelcomeFiles​(boolean authenticateWelcomeFiles)  
      void setIdentityService​(IdentityService identityService)
      Set the identityService.
      java.lang.String setInitParameter​(java.lang.String key, java.lang.String value)
      Set an initialization parameter.
      void setLoginService​(LoginService loginService)
      Set the loginService.
      void setRealmName​(java.lang.String realmName)  
      void setSessionRenewedOnAuthentication​(boolean renew)
      Set renew the session on Authentication.

      • Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

        destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler

      • Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

        expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer

      • Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

        doError, getServer

      • Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

        addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans

      • Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

        getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

      • Methods inherited from interface org.eclipse.jetty.util.component.Container

        getCachedBeans, getEventListeners

      • Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

        dumpSelf

      • Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

        addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

    • Field Detail

      • __NO_USER

        public static final java.security.Principal __NO_USER

      • __NOBODY

        public static final java.security.Principal __NOBODY
        Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

    • Constructor Detail

      • SecurityHandler

        protected SecurityHandler()

    • Method Detail

      • setIdentityService

        public void setIdentityService​(IdentityService identityService)
        Set the identityService.
        Parameters:
        identityService - the identityService to set

      • setLoginService

        public void setLoginService​(LoginService loginService)
        Set the loginService.
        Parameters:
        loginService - the loginService to set

      • setAuthenticator

        public void setAuthenticator​(Authenticator authenticator)
        Set the authenticator.
        Parameters:
        authenticator - the authenticator
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • getAuthenticatorFactory

        public Authenticator.Factory getAuthenticatorFactory()
        Returns:
        the authenticatorFactory

      • setAuthenticatorFactory

        public void setAuthenticatorFactory​(Authenticator.Factory authenticatorFactory)
        Parameters:
        authenticatorFactory - the authenticatorFactory to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • getKnownAuthenticatorFactories

        public java.util.List<Authenticator.Factory> getKnownAuthenticatorFactories()
        Returns:
        the list of discovered authenticatorFactories

      • setRealmName

        public void setRealmName​(java.lang.String realmName)
        Parameters:
        realmName - the realmName to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • setAuthMethod

        public void setAuthMethod​(java.lang.String authMethod)
        Parameters:
        authMethod - the authMethod to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • isCheckWelcomeFiles

        public boolean isCheckWelcomeFiles()
        Returns:
        True if forwards to welcome files are authenticated

      • setCheckWelcomeFiles

        public void setCheckWelcomeFiles​(boolean authenticateWelcomeFiles)
        Parameters:
        authenticateWelcomeFiles - True if forwards to welcome files are authenticated
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • setInitParameter

        public java.lang.String setInitParameter​(java.lang.String key,
                                         java.lang.String value)
        Set an initialization parameter.
        Parameters:
        key - the init key
        value - the init value
        Returns:
        previous value
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is started

      • findLoginService

        protected LoginService findLoginService()
                                 throws java.lang.Exception
        Throws:
        java.lang.Exception

      • doStart

        protected void doStart()
                throws java.lang.Exception
        Overrides:
        doStart in class org.eclipse.jetty.server.handler.AbstractHandler
        Throws:
        java.lang.Exception

      • doStop

        protected void doStop()
               throws java.lang.Exception
        Overrides:
        doStop in class org.eclipse.jetty.server.handler.AbstractHandler
        Throws:
        java.lang.Exception

      • checkSecurity

        protected boolean checkSecurity​(org.eclipse.jetty.server.Request request)

      • setSessionRenewedOnAuthentication

        public void setSessionRenewedOnAuthentication​(boolean renew)
        Set renew the session on Authentication.

        If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

        Parameters:
        renew - true to renew the authentication on session
        See Also:
        Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

      • handle

        public void handle​(java.lang.String pathInContext,
                   org.eclipse.jetty.server.Request baseRequest,
                   javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws java.io.IOException,
                   javax.servlet.ServletException
        Specified by:
        handle in interface org.eclipse.jetty.server.Handler
        Overrides:
        handle in class org.eclipse.jetty.server.handler.HandlerWrapper
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • getCurrentSecurityHandler

        public static SecurityHandler getCurrentSecurityHandler()

      • logout

        public void logout​(org.eclipse.jetty.server.Authentication.User user)

      • prepareConstraintInfo

        protected abstract RoleInfo prepareConstraintInfo​(java.lang.String pathInContext,
                                                  org.eclipse.jetty.server.Request request)

      • checkUserDataPermissions

        protected abstract boolean checkUserDataPermissions​(java.lang.String pathInContext,
                                                    org.eclipse.jetty.server.Request request,
                                                    org.eclipse.jetty.server.Response response,
                                                    RoleInfo constraintInfo)
                                             throws java.io.IOException
        Throws:
        java.io.IOException

      • isAuthMandatory

        protected abstract boolean isAuthMandatory​(org.eclipse.jetty.server.Request baseRequest,
                                           org.eclipse.jetty.server.Response baseResponse,
                                           java.lang.Object constraintInfo)

      • checkWebResourcePermissions

        protected abstract boolean checkWebResourcePermissions​(java.lang.String pathInContext,
                                                       org.eclipse.jetty.server.Request request,
                                                       org.eclipse.jetty.server.Response response,
                                                       java.lang.Object constraintInfo,
                                                       org.eclipse.jetty.server.UserIdentity userIdentity)
                                                throws java.io.IOException
        Throws:
        java.io.IOException