Class SecurityHandler

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.Handler.Abstract
org.eclipse.jetty.server.Handler.AbstractContainer
org.eclipse.jetty.server.Handler.Wrapper
org.eclipse.jetty.security.SecurityHandler
All Implemented Interfaces:
Authenticator.Configuration, org.eclipse.jetty.server.Handler, org.eclipse.jetty.server.Handler.Container, org.eclipse.jetty.server.Handler.Singleton, org.eclipse.jetty.server.Request.Handler, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.LifeCycle, org.eclipse.jetty.util.thread.Invocable
Direct Known Subclasses:
SecurityHandler.PathMapped, SecurityHandler.PathMethodMapped
public abstract class SecurityHandler extends org.eclipse.jetty.server.Handler.Wrapper implements Authenticator.Configuration
Abstract SecurityHandler.

Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or it will be created during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of parameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    class 
    SecurityHandler.NotChecked
     
    static class 
    SecurityHandler.PathMapped
    A concrete implementation of SecurityHandler that uses a PathMappings to match request to a list of Constraints, which are applied in the order of least significant to most significant.
    static class 
    SecurityHandler.PathMethodMapped
    A concrete implementation of SecurityHandler that uses a PathMappings to match request paths to a map of an HTTP method to a Constraint.

    Nested classes/interfaces inherited from class org.eclipse.jetty.server.Handler.Abstract

    org.eclipse.jetty.server.Handler.Abstract.NonBlocking

    Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener, org.eclipse.jetty.util.component.AbstractLifeCycle.StopException

    Nested classes/interfaces inherited from interface Authenticator.Configuration

    Authenticator.Configuration.Wrapper

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

    org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

    org.eclipse.jetty.util.component.Dumpable.DumpableContainer, org.eclipse.jetty.util.component.Dumpable.DumpAppendable

    Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Handler

    org.eclipse.jetty.server.Handler.Abstract, org.eclipse.jetty.server.Handler.AbstractContainer, org.eclipse.jetty.server.Handler.Collection, org.eclipse.jetty.server.Handler.Container, org.eclipse.jetty.server.Handler.Sequence, org.eclipse.jetty.server.Handler.Singleton, org.eclipse.jetty.server.Handler.Wrapper

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.thread.Invocable

    org.eclipse.jetty.util.thread.Invocable.Callable, org.eclipse.jetty.util.thread.Invocable.InvocationType, org.eclipse.jetty.util.thread.Invocable.ReadyTask, org.eclipse.jetty.util.thread.Invocable.Task

    Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

    org.eclipse.jetty.util.component.LifeCycle.Listener

    Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Request.Handler

    org.eclipse.jetty.server.Request.Handler.AbortException

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static String
    SESSION_AUTHENTICATED_ATTRIBUTE
     

    Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    FAILED, STARTED, STARTING, STOPPED, STOPPING

    Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

    LEGEND

    Fields inherited from interface org.eclipse.jetty.util.thread.Invocable

    __nonBlocking, NOOP

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    SecurityHandler()
     
    protected
    SecurityHandler(org.eclipse.jetty.server.Handler handler)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected void
    doStart()
     
    protected void
    doStop()
     
    protected IdentityService
    findIdentityService()
     
    protected LoginService
    findLoginService()
    Find an appropriate LoginService from the list returned by Container.getBeans(Class) called on the result of Handler.Abstract.getServer().
    String
    getAuthenticationType()
     
    Authenticator
    getAuthenticator()
     
    Authenticator.Factory
    getAuthenticatorFactory()
     
    protected abstract Constraint
    getConstraint(String pathInContext, org.eclipse.jetty.server.Request request)
     
    static SecurityHandler
    getCurrentSecurityHandler()
     
    IdentityService
    getIdentityService()
    Get the identityService.
    List<Authenticator.Factory>
    getKnownAuthenticatorFactories()
     
    protected Set<String>
    getKnownRoles()
     
    LoginService
    getLoginService()
    Get the loginService.
    String
    getParameter(String key)
    Get a SecurityHandler init parameter
    Set<String>
    getParameterNames()
    Get a SecurityHandler init parameter names
    String
    getRealmName()
     
    int
    getSessionMaxInactiveIntervalOnAuthentication()
    Get the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated
    boolean
    handle(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback)
     
    protected boolean
    isAuthorized(Constraint constraint, AuthenticationState authenticationState)
     
    boolean
    isSessionRenewedOnAuthentication()
    Should session ID be renewed on authentication.
    protected void
    redirectToSecure(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback)
     
    void
    setAuthenticationType(String authenticationType)
     
    void
    setAuthenticator(Authenticator authenticator)
    Set the authenticator.
    void
    setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
     
    void
    setIdentityService(IdentityService identityService)
    Set the identityService.
    void
    setLoginService(LoginService loginService)
    Set the loginService.
    String
    setParameter(String key, String value)
    Set an authentication parameter for retrieval via Authenticator.Configuration.getParameter(String)
    void
    setRealmName(String realmName)
     
    void
    setSessionMaxInactiveIntervalOnAuthentication(int seconds)
    Set the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated.
    void
    setSessionRenewedOnAuthentication(boolean renew)
    Set renew the session on Authentication.

    Methods inherited from class org.eclipse.jetty.server.Handler.Wrapper

    getHandler, getInvocationType, setHandler

    Methods inherited from class org.eclipse.jetty.server.Handler.AbstractContainer

    findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic, setServer

    Methods inherited from class org.eclipse.jetty.server.Handler.Abstract

    destroy, getServer

    Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

    addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

    Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

    getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    Methods inherited from interface org.eclipse.jetty.util.component.Container

    getCachedBeans, getEventListeners

    Methods inherited from interface org.eclipse.jetty.util.component.Destroyable

    destroy

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

    dumpSelf

    Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

    isDumpable

    Methods inherited from interface org.eclipse.jetty.server.Handler

    getServer, setServer

    Methods inherited from interface org.eclipse.jetty.server.Handler.Container

    getContainer, getDescendant, getDescendants, getDescendants

    Methods inherited from interface org.eclipse.jetty.server.Handler.Singleton

    getHandlers, getTail, insertHandler, setHandler

    Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

    addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

  • Field Details

    • SESSION_AUTHENTICATED_ATTRIBUTE

      public static String SESSION_AUTHENTICATED_ATTRIBUTE

  • Constructor Details

    • SecurityHandler

      protected SecurityHandler()

    • SecurityHandler

      protected SecurityHandler(org.eclipse.jetty.server.Handler handler)

  • Method Details

    • getIdentityService

      public IdentityService getIdentityService()
      Get the identityService.
      Specified by:
      getIdentityService in interface Authenticator.Configuration
      Returns:
      the identityService

    • setIdentityService

      public void setIdentityService(IdentityService identityService)
      Set the identityService.
      Parameters:
      identityService - the identityService to set

    • getLoginService

      public LoginService getLoginService()
      Get the loginService.
      Specified by:
      getLoginService in interface Authenticator.Configuration
      Returns:
      the loginService

    • setLoginService

      public void setLoginService(LoginService loginService)
      Set the loginService. If a LoginService is not set, or is set to null, then during doStart() the findLoginService() method is used to locate one.
      Parameters:
      loginService - the loginService to set

    • getAuthenticator

      public Authenticator getAuthenticator()

    • setAuthenticator

      public void setAuthenticator(Authenticator authenticator)
      Set the authenticator.
      Parameters:
      authenticator - the authenticator
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getAuthenticatorFactory

      public Authenticator.Factory getAuthenticatorFactory()
      Returns:
      the authenticatorFactory

    • setAuthenticatorFactory

      public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
      Parameters:
      authenticatorFactory - the authenticatorFactory to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getKnownAuthenticatorFactories

      public List<Authenticator.Factory> getKnownAuthenticatorFactories()
      Returns:
      the list of discovered authenticatorFactories

    • getRealmName

      public String getRealmName()
      Specified by:
      getRealmName in interface Authenticator.Configuration
      Returns:
      the realmName

    • setRealmName

      public void setRealmName(String realmName)
      Parameters:
      realmName - the realmName to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getAuthenticationType

      public String getAuthenticationType()
      Specified by:
      getAuthenticationType in interface Authenticator.Configuration
      Returns:
      the name of the Authenticator

    • setAuthenticationType

      public void setAuthenticationType(String authenticationType)
      Parameters:
      authenticationType - the name of the Authenticator to use
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getParameter

      public String getParameter(String key)
      Description copied from interface: Authenticator.Configuration
      Get a SecurityHandler init parameter
      Specified by:
      getParameter in interface Authenticator.Configuration
      Parameters:
      key - parameter name
      Returns:
      Parameter value or null

    • getParameterNames

      public Set<String> getParameterNames()
      Description copied from interface: Authenticator.Configuration
      Get a SecurityHandler init parameter names
      Specified by:
      getParameterNames in interface Authenticator.Configuration
      Returns:
      Set of parameter names

    • setParameter

      public String setParameter(String key, String value)
      Set an authentication parameter for retrieval via Authenticator.Configuration.getParameter(String)
      Parameters:
      key - the key
      value - the init value
      Returns:
      previous value
      Throws:
      IllegalStateException - if the SecurityHandler is started

    • findLoginService

      protected LoginService findLoginService()
      Find an appropriate LoginService from the list returned by Container.getBeans(Class) called on the result of Handler.Abstract.getServer(). A service is selected by:
      • if setRealmName(String) has been called, the first service with a matching name is used
      • if the list is size 1, that service is used
      • otherwise no service is selected.
      Returns:
      An appropriate LoginService or null

    • findIdentityService

      protected IdentityService findIdentityService()

    • doStart

      protected void doStart() throws Exception
      Overrides:
      doStart in class org.eclipse.jetty.server.Handler.Abstract
      Throws:
      Exception

    • doStop

      protected void doStop() throws Exception
      Overrides:
      doStop in class org.eclipse.jetty.server.Handler.Abstract
      Throws:
      Exception

    • isSessionRenewedOnAuthentication

      public boolean isSessionRenewedOnAuthentication()
      Description copied from interface: Authenticator.Configuration
      Should session ID be renewed on authentication.
      Specified by:
      isSessionRenewedOnAuthentication in interface Authenticator.Configuration
      Returns:
      true if the session ID should be renewed on authentication

    • setSessionRenewedOnAuthentication

      public void setSessionRenewedOnAuthentication(boolean renew)
      Set renew the session on Authentication.

      If set to true, then on authentication, the session associated with a request is invalidated and replaced with a new session.

      Parameters:
      renew - true to renew the authentication on session
      See Also:

    • getSessionMaxInactiveIntervalOnAuthentication

      public int getSessionMaxInactiveIntervalOnAuthentication()
      Description copied from interface: Authenticator.Configuration
      Get the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated
      Specified by:
      getSessionMaxInactiveIntervalOnAuthentication in interface Authenticator.Configuration
      Returns:
      An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.

    • setSessionMaxInactiveIntervalOnAuthentication

      public void setSessionMaxInactiveIntervalOnAuthentication(int seconds)
      Set the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated.
      Parameters:
      seconds - An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
      See Also:

    • handle

      public boolean handle(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback) throws Exception
      Specified by:
      handle in interface org.eclipse.jetty.server.Request.Handler
      Overrides:
      handle in class org.eclipse.jetty.server.Handler.Wrapper
      Throws:
      Exception

    • getCurrentSecurityHandler

      public static SecurityHandler getCurrentSecurityHandler()

    • getConstraint

      protected abstract Constraint getConstraint(String pathInContext, org.eclipse.jetty.server.Request request)

    • redirectToSecure

      protected void redirectToSecure(org.eclipse.jetty.server.Request request, org.eclipse.jetty.server.Response response, org.eclipse.jetty.util.Callback callback)

    • isAuthorized

      protected boolean isAuthorized(Constraint constraint, AuthenticationState authenticationState)

    • getKnownRoles

      protected Set<String> getKnownRoles()