Module org.eclipse.jetty.security

Package org.eclipse.jetty.security

Class SecurityHandler

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.server.Handler.Abstract

org.eclipse.jetty.server.Handler.AbstractContainer

org.eclipse.jetty.server.Handler.Wrapper

org.eclipse.jetty.security.SecurityHandler

All Implemented Interfaces:

Authenticator.Configuration, org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.Handler.Container, org.eclipse.jetty.server.Handler.Singleton, org.eclipse.jetty.server.Request.Handler, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle, org.eclipse.jetty.util.thread.Invocable

Direct Known Subclasses:

SecurityHandler.PathMapped

public abstract class SecurityHandler
extends org.eclipse.jetty.server.Handler.Wrapper
implements Authenticator.Configuration

Abstract SecurityHandler.

Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or it will be created during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of parameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	SecurityHandler.NotChecked
static class	SecurityHandler.PathMapped	A concrete implementation of SecurityHandler that uses a PathMappings to match request to a list of Constraints, which are applied in the order of least significant to most significant.

Nested classes/interfaces inherited from class org.eclipse.jetty.server.Handler.Abstract

org.eclipse.jetty.server.Handler.Abstract.NonBlocking

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator.Configuration

Authenticator.Configuration.Wrapper

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

org.eclipse.jetty.util.component.Dumpable.DumpableContainer

Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Handler

org.eclipse.jetty.server.Handler.Abstract, org.eclipse.jetty.server.Handler.AbstractContainer, org.eclipse.jetty.server.Handler.Collection, org.eclipse.jetty.server.Handler.Container, org.eclipse.jetty.server.Handler.Sequence, org.eclipse.jetty.server.Handler.Singleton, org.eclipse.jetty.server.Handler.Wrapper

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.thread.Invocable

org.eclipse.jetty.util.thread.Invocable.Callable, org.eclipse.jetty.util.thread.Invocable.InvocationType, org.eclipse.jetty.util.thread.Invocable.ReadyTask, org.eclipse.jetty.util.thread.Invocable.Task

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

org.eclipse.jetty.util.component.LifeCycle.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Request.Handler

org.eclipse.jetty.server.Request.Handler.AbortException

Field Summary

Fields

Modifier and Type	Field	Description
static String	SESSION_AUTHENTICATED_ATTRIBUTE

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

KEY

Fields inherited from interface org.eclipse.jetty.util.thread.Invocable

__nonBlocking, NOOP

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SecurityHandler()
protected	SecurityHandler(org.eclipse.jetty.server.Handler handler)

Method Summary

Modifier and Type	Method	Description
protected void	doStart()
protected void	doStop()
protected IdentityService	findIdentityService()
protected LoginService	findLoginService()	Find an appropriate LoginService from the list returned by Container.getBeans(Class) called on the result of Handler.Abstract.getServer().
String	getAuthenticationType()
Authenticator	getAuthenticator()
Authenticator.Factory	getAuthenticatorFactory()
protected abstract Constraint	getConstraint(String pathInContext, org.eclipse.jetty.server.Request request)
static SecurityHandler	getCurrentSecurityHandler()
IdentityService	getIdentityService()	Get the identityService.
List<Authenticator.Factory>	getKnownAuthenticatorFactories()
protected Set<String>	getKnownRoles()
LoginService	getLoginService()	Get the loginService.
String	getParameter(String key)	Get a SecurityHandler init parameter
Set<String>	getParameterNames()	Get a SecurityHandler init parameter names
String	getRealmName()
int	getSessionMaxInactiveIntervalOnAuthentication()	Get the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated
boolean	handle(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback)
protected boolean	isAuthorized(Constraint constraint, AuthenticationState authenticationState)
boolean	isSessionRenewedOnAuthentication()	Should session ID be renewed on authentication.
protected void	redirectToSecure(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback)
void	setAuthenticationType(String authenticationType)
void	setAuthenticator(Authenticator authenticator)	Set the authenticator.
void	setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
void	setIdentityService(IdentityService identityService)	Set the identityService.
void	setLoginService(LoginService loginService)	Set the loginService.
String	setParameter(String key, String value)	Set an authentication parameter for retrieval via Authenticator.Configuration.getParameter(String)
void	setRealmName(String realmName)
void	setSessionMaxInactiveIntervalOnAuthentication(int seconds)	Set the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated.
void	setSessionRenewedOnAuthentication(boolean renew)	Set renew the session on Authentication.

Methods inherited from class org.eclipse.jetty.server.Handler.Wrapper

getHandler, getInvocationType, setHandler

Methods inherited from class org.eclipse.jetty.server.Handler.AbstractContainer

findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic, setServer

Methods inherited from class org.eclipse.jetty.server.Handler.Abstract

destroy, getServer

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.Container

getCachedBeans, getEventListeners

Methods inherited from interface org.eclipse.jetty.util.component.Destroyable

destroy

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dumpSelf

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

isDumpable

Methods inherited from interface org.eclipse.jetty.server.Handler

getServer, setServer

Methods inherited from interface org.eclipse.jetty.server.Handler.Container

getContainer, getDescendant, getDescendants, getDescendants

Methods inherited from interface org.eclipse.jetty.server.Handler.Singleton

getHandlers, getTail, insertHandler, setHandler

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

Field Details

SESSION_AUTHENTICATED_ATTRIBUTE

public static String SESSION_AUTHENTICATED_ATTRIBUTE

Constructor Details

SecurityHandler

protected SecurityHandler()

SecurityHandler

protected SecurityHandler(org.eclipse.jetty.server.Handler handler)

Method Details

getIdentityService

public IdentityService getIdentityService()

Get the identityService.

Specified by:

getIdentityService in interface Authenticator.Configuration

Returns:

the identityService

setIdentityService

public void setIdentityService(IdentityService identityService)

Set the identityService.

Parameters:

identityService - the identityService to set

getLoginService

public LoginService getLoginService()

Get the loginService.

Specified by:

getLoginService in interface Authenticator.Configuration

Returns:

the loginService

setLoginService

public void setLoginService(LoginService loginService)

Set the loginService. If a LoginService is not set, or is set to null, then during doStart() the findLoginService() method is used to locate one.

Parameters:

loginService - the loginService to set

getAuthenticator

public Authenticator getAuthenticator()

setAuthenticator

public void setAuthenticator(Authenticator authenticator)

Set the authenticator.

Parameters:

authenticator - the authenticator

Throws:

IllegalStateException - if the SecurityHandler is running

getAuthenticatorFactory

public Authenticator.Factory getAuthenticatorFactory()

Returns:

the authenticatorFactory

setAuthenticatorFactory

public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)

Parameters:

authenticatorFactory - the authenticatorFactory to set

Throws:

IllegalStateException - if the SecurityHandler is running

getKnownAuthenticatorFactories

public List<Authenticator.Factory> getKnownAuthenticatorFactories()

Returns:

the list of discovered authenticatorFactories

getRealmName

public String getRealmName()

Specified by:

getRealmName in interface Authenticator.Configuration

Returns:

the realmName

setRealmName

public void setRealmName(String realmName)

Parameters:

realmName - the realmName to set

Throws:

IllegalStateException - if the SecurityHandler is running

getAuthenticationType

public String getAuthenticationType()

Specified by:

getAuthenticationType in interface Authenticator.Configuration

Returns:

the name of the Authenticator

setAuthenticationType

public void setAuthenticationType(String authenticationType)

Parameters:

authenticationType - the name of the Authenticator to use

Throws:

IllegalStateException - if the SecurityHandler is running

getParameter

public String getParameter(String key)

Description copied from interface: Authenticator.Configuration

Get a SecurityHandler init parameter

Specified by:

getParameter in interface Authenticator.Configuration

Parameters:

key - parameter name

Returns:

Parameter value or null

getParameterNames

public Set<String> getParameterNames()

Description copied from interface: Authenticator.Configuration

Get a SecurityHandler init parameter names

Specified by:

getParameterNames in interface Authenticator.Configuration

Returns:

Set of parameter names

setParameter

public String setParameter(String key,
 String value)

Set an authentication parameter for retrieval via Authenticator.Configuration.getParameter(String)

Parameters:

key - the key

value - the init value

Returns:

previous value

Throws:

IllegalStateException - if the SecurityHandler is started

findLoginService

protected LoginService findLoginService()

Find an appropriate LoginService from the list returned by Container.getBeans(Class) called on the result of Handler.Abstract.getServer(). A service is selected by:

• if setRealmName(String) has been called, the first service with a matching name is used
• if the list is size 1, that service is used
• otherwise no service is selected.

Returns:

An appropriate LoginService or null

findIdentityService

protected IdentityService findIdentityService()

doStart

protected void doStart()
                throws Exception

Overrides:

doStart in class org.eclipse.jetty.server.Handler.Abstract

Throws:

Exception

doStop

protected void doStop()
               throws Exception

Overrides:

doStop in class org.eclipse.jetty.server.Handler.Abstract

Throws:

Exception

isSessionRenewedOnAuthentication

public boolean isSessionRenewedOnAuthentication()

Description copied from interface: Authenticator.Configuration

Should session ID be renewed on authentication.

Specified by:

isSessionRenewedOnAuthentication in interface Authenticator.Configuration

Returns:

true if the session ID should be renewed on authentication

setSessionRenewedOnAuthentication

public void setSessionRenewedOnAuthentication(boolean renew)

Set renew the session on Authentication.

If set to true, then on authentication, the session associated with a request is invalidated and replaced with a new session.

Parameters:

renew - true to renew the authentication on session

See Also:

• Authenticator.Configuration.isSessionRenewedOnAuthentication()

getSessionMaxInactiveIntervalOnAuthentication

public int getSessionMaxInactiveIntervalOnAuthentication()

Description copied from interface: Authenticator.Configuration

Get the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated

Specified by:

getSessionMaxInactiveIntervalOnAuthentication in interface Authenticator.Configuration

Returns:

An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.

setSessionMaxInactiveIntervalOnAuthentication

public void setSessionMaxInactiveIntervalOnAuthentication(int seconds)

Set the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated.

Parameters:

seconds - An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.

See Also:

• Authenticator.Configuration.getSessionMaxInactiveIntervalOnAuthentication()

handle

public boolean handle(org.eclipse.jetty.server.Request request,
 org.eclipse.jetty.server.Response response,
 org.eclipse.jetty.util.Callback callback)
               throws Exception

Specified by:

handle in interface org.eclipse.jetty.server.Request.Handler

Overrides:

handle in class org.eclipse.jetty.server.Handler.Wrapper

Throws:

Exception

getCurrentSecurityHandler

public static SecurityHandler getCurrentSecurityHandler()

getConstraint

protected abstract Constraint getConstraint(String pathInContext,
 org.eclipse.jetty.server.Request request)

redirectToSecure

protected void redirectToSecure(org.eclipse.jetty.server.Request request,
 org.eclipse.jetty.server.Response response,
 org.eclipse.jetty.util.Callback callback)

isAuthorized

protected boolean isAuthorized(Constraint constraint,
 AuthenticationState authenticationState)

getKnownRoles

protected Set<String> getKnownRoles()