Module org.eclipse.jetty.security
Package org.eclipse.jetty.security

Class SecurityHandler

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
org.eclipse.jetty.security.SecurityHandler
All Implemented Interfaces:
Authenticator.AuthConfiguration, org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle
Direct Known Subclasses:
ConstraintSecurityHandler
public abstract class SecurityHandler extends org.eclipse.jetty.server.handler.HandlerWrapper implements Authenticator.AuthConfiguration
Abstract SecurityHandler.

Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    class 
    SecurityHandler.NotChecked
     

    Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler

    org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler

    Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

    org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

    org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

    org.eclipse.jetty.util.component.LifeCycle.Listener

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Principal
    __NO_USER
     
    static final Principal
    __NOBODY
    Nobody user.

    Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

    _handler

    Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    FAILED, STARTED, STARTING, STOPPED, STOPPING

    Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

    KEY

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    SecurityHandler()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    checkSecurity(org.eclipse.jetty.server.Request request)
     
    protected abstract boolean
    checkUserDataPermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, RoleInfo constraintInfo)
     
    protected abstract boolean
    checkWebResourcePermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, Object constraintInfo, org.eclipse.jetty.server.UserIdentity userIdentity)
     
    protected void
    doStart()
     
    protected void
    doStop()
     
    protected IdentityService
    findIdentityService()
     
    protected LoginService
    findLoginService()
     
    Authenticator
    getAuthenticator()
     
    Authenticator.Factory
    getAuthenticatorFactory()
     
    String
    getAuthMethod()
     
    static SecurityHandler
    getCurrentSecurityHandler()
     
    IdentityService
    getIdentityService()
    Get the identityService.
    String
    getInitParameter(String key)
    Get a SecurityHandler init parameter
    Set<String>
    getInitParameterNames()
    Get a SecurityHandler init parameter names
    List<Authenticator.Factory>
    getKnownAuthenticatorFactories()
     
    LoginService
    getLoginService()
    Get the loginService.
    String
    getRealmName()
     
    void
    handle(String pathInContext, org.eclipse.jetty.server.Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
     
    protected abstract boolean
    isAuthMandatory(org.eclipse.jetty.server.Request baseRequest, org.eclipse.jetty.server.Response baseResponse, Object constraintInfo)
     
    boolean
    isCheckWelcomeFiles()
     
    boolean
    isSessionRenewedOnAuthentication()
     
    void
    logout(org.eclipse.jetty.server.Authentication.User user)
     
    protected abstract RoleInfo
    prepareConstraintInfo(String pathInContext, org.eclipse.jetty.server.Request request)
     
    void
    setAuthenticator(Authenticator authenticator)
    Set the authenticator.
    void
    setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
     
    void
    setAuthMethod(String authMethod)
     
    void
    setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
     
    void
    setIdentityService(IdentityService identityService)
    Set the identityService.
    String
    setInitParameter(String key, String value)
    Set an initialization parameter.
    void
    setLoginService(LoginService loginService)
    Set the loginService.
    void
    setRealmName(String realmName)
     
    void
    setSessionRenewedOnAuthentication(boolean renew)
    Set renew the session on Authentication.

    Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper

    destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler

    Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer

    expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer

    Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler

    doError, getServer

    Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

    addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

    Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface org.eclipse.jetty.util.component.Container

    getCachedBeans, getEventListeners

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

    dumpSelf

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    isDumpable

    Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

    addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

  • Field Details

    • __NO_USER

      public static final Principal __NO_USER

    • __NOBODY

      public static final Principal __NOBODY
      Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

  • Constructor Details

    • SecurityHandler

      protected SecurityHandler()

  • Method Details

    • getIdentityService

      public IdentityService getIdentityService()
      Get the identityService.
      Specified by:
      getIdentityService in interface Authenticator.AuthConfiguration
      Returns:
      the identityService

    • setIdentityService

      public void setIdentityService(IdentityService identityService)
      Set the identityService.
      Parameters:
      identityService - the identityService to set

    • getLoginService

      public LoginService getLoginService()
      Get the loginService.
      Specified by:
      getLoginService in interface Authenticator.AuthConfiguration
      Returns:
      the loginService

    • setLoginService

      public void setLoginService(LoginService loginService)
      Set the loginService.
      Parameters:
      loginService - the loginService to set

    • getAuthenticator

      public Authenticator getAuthenticator()

    • setAuthenticator

      public void setAuthenticator(Authenticator authenticator)
      Set the authenticator.
      Parameters:
      authenticator - the authenticator
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getAuthenticatorFactory

      public Authenticator.Factory getAuthenticatorFactory()
      Returns:
      the authenticatorFactory

    • setAuthenticatorFactory

      public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
      Parameters:
      authenticatorFactory - the authenticatorFactory to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getKnownAuthenticatorFactories

      public List<Authenticator.Factory> getKnownAuthenticatorFactories()
      Returns:
      the list of discovered authenticatorFactories

    • getRealmName

      public String getRealmName()
      Specified by:
      getRealmName in interface Authenticator.AuthConfiguration
      Returns:
      the realmName

    • setRealmName

      public void setRealmName(String realmName)
      Parameters:
      realmName - the realmName to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getAuthMethod

      public String getAuthMethod()
      Specified by:
      getAuthMethod in interface Authenticator.AuthConfiguration
      Returns:
      the authMethod

    • setAuthMethod

      public void setAuthMethod(String authMethod)
      Parameters:
      authMethod - the authMethod to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • isCheckWelcomeFiles

      public boolean isCheckWelcomeFiles()
      Returns:
      True if forwards to welcome files are authenticated

    • setCheckWelcomeFiles

      public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
      Parameters:
      authenticateWelcomeFiles - True if forwards to welcome files are authenticated
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getInitParameter

      public String getInitParameter(String key)
      Description copied from interface: Authenticator.AuthConfiguration
      Get a SecurityHandler init parameter
      Specified by:
      getInitParameter in interface Authenticator.AuthConfiguration
      Parameters:
      key - parameter name
      Returns:
      Parameter value or null
      See Also:

    • getInitParameterNames

      public Set<String> getInitParameterNames()
      Description copied from interface: Authenticator.AuthConfiguration
      Get a SecurityHandler init parameter names
      Specified by:
      getInitParameterNames in interface Authenticator.AuthConfiguration
      Returns:
      Set of parameter names
      See Also:

    • setInitParameter

      public String setInitParameter(String key, String value)
      Set an initialization parameter.
      Parameters:
      key - the init key
      value - the init value
      Returns:
      previous value
      Throws:
      IllegalStateException - if the SecurityHandler is started

    • findLoginService

      protected LoginService findLoginService() throws Exception
      Throws:
      Exception

    • findIdentityService

      protected IdentityService findIdentityService()

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class org.eclipse.jetty.server.handler.AbstractHandler
      Throws:
      Exception

    • doStop

      protected void doStop() throws Exception
      Overrides:
      doStop in class org.eclipse.jetty.server.handler.AbstractHandler
      Throws:
      Exception

    • checkSecurity

      protected boolean checkSecurity(org.eclipse.jetty.server.Request request)

    • isSessionRenewedOnAuthentication

      public boolean isSessionRenewedOnAuthentication()
      Specified by:
      isSessionRenewedOnAuthentication in interface Authenticator.AuthConfiguration

    • setSessionRenewedOnAuthentication

      public void setSessionRenewedOnAuthentication(boolean renew)
      Set renew the session on Authentication.

      If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

      Parameters:
      renew - true to renew the authentication on session
      See Also:

    • handle

      public void handle(String pathInContext, org.eclipse.jetty.server.Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
      Specified by:
      handle in interface org.eclipse.jetty.server.Handler
      Overrides:
      handle in class org.eclipse.jetty.server.handler.HandlerWrapper
      Throws:
      IOException
      jakarta.servlet.ServletException

    • getCurrentSecurityHandler

      public static SecurityHandler getCurrentSecurityHandler()

    • logout

      public void logout(org.eclipse.jetty.server.Authentication.User user)

    • prepareConstraintInfo

      protected abstract RoleInfo prepareConstraintInfo(String pathInContext, org.eclipse.jetty.server.Request request)

    • checkUserDataPermissions

      protected abstract boolean checkUserDataPermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, RoleInfo constraintInfo) throws IOException
      Throws:
      IOException

    • isAuthMandatory

      protected abstract boolean isAuthMandatory(org.eclipse.jetty.server.Request baseRequest, org.eclipse.jetty.server.Response baseResponse, Object constraintInfo)

    • checkWebResourcePermissions

      protected abstract boolean checkWebResourcePermissions(String pathInContext, org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, Object constraintInfo, org.eclipse.jetty.server.UserIdentity userIdentity) throws IOException
      Throws:
      IOException