Authenticator.AuthConfiguration
, ConstraintAware
, Handler
, HandlerContainer
, org.eclipse.jetty.util.component.Destroyable
, org.eclipse.jetty.util.component.LifeCycle
public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
Handler to enforce SecurityConstraints. This implementation is servlet spec 3.1 compliant and pre-computes the constraint combinations for runtime efficiency.
AbstractHandler.ErrorDispatchHandler
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener
org.eclipse.jetty.util.component.Container.InheritedListener, org.eclipse.jetty.util.component.Container.Listener
org.eclipse.jetty.util.component.LifeCycle.Listener
SecurityHandler.NotChecked
FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING
_handler
__NO_USER, __NOBODY
Constructor | Description |
---|---|
ConstraintSecurityHandler() |
Modifier and Type | Method | Description |
---|---|---|
void |
addConstraintMapping(ConstraintMapping mapping) |
Add a Constraint Mapping.
|
void |
addRole(java.lang.String role) |
Add a Role definition.
|
boolean |
checkPathsWithUncoveredHttpMethods() |
Servlet spec 3.1 pg.
|
protected boolean |
checkUserDataPermissions(java.lang.String pathInContext,
Request request,
Response response,
RoleInfo roleInfo) |
|
protected boolean |
checkWebResourcePermissions(java.lang.String pathInContext,
Request request,
Response response,
java.lang.Object constraintInfo,
UserIdentity userIdentity) |
|
protected void |
configureRoleInfo(RoleInfo ri,
ConstraintMapping mapping) |
Initialize or update the RoleInfo from the constraint
|
static org.eclipse.jetty.util.security.Constraint |
createConstraint() |
|
static org.eclipse.jetty.util.security.Constraint |
createConstraint(java.lang.String name,
boolean authenticate,
java.lang.String[] roles,
int dataConstraint) |
Create a security constraint
|
static org.eclipse.jetty.util.security.Constraint |
createConstraint(java.lang.String name,
java.lang.String[] rolesAllowed,
ServletSecurity.EmptyRoleSemantic permitOrDeny,
ServletSecurity.TransportGuarantee transport) |
Create Constraint
|
static org.eclipse.jetty.util.security.Constraint |
createConstraint(java.lang.String name,
HttpConstraintElement element) |
Create a Constraint
|
static org.eclipse.jetty.util.security.Constraint |
createConstraint(org.eclipse.jetty.util.security.Constraint constraint) |
|
static java.util.List<ConstraintMapping> |
createConstraintsWithMappingsForPath(java.lang.String name,
java.lang.String pathSpec,
ServletSecurityElement securityElement) |
Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
|
protected void |
doStart() |
|
protected void |
doStop() |
|
void |
dump(java.lang.Appendable out,
java.lang.String indent) |
|
java.util.List<ConstraintMapping> |
getConstraintMappings() |
|
static java.util.List<ConstraintMapping> |
getConstraintMappingsForPath(java.lang.String pathSpec,
java.util.List<ConstraintMapping> constraintMappings) |
|
protected java.util.Set<java.lang.String> |
getOmittedMethods(java.lang.String omission) |
Given a string of the form
<method>.<method>.omission
split out the individual method names. |
java.util.Set<java.lang.String> |
getPathsWithUncoveredHttpMethods() |
Servlet spec 3.1 pg.
|
java.util.Set<java.lang.String> |
getRoles() |
|
protected boolean |
isAuthMandatory(Request baseRequest,
Response base_response,
java.lang.Object constraintInfo) |
|
boolean |
isDenyUncoveredHttpMethods() |
|
protected boolean |
omissionsExist(java.lang.String path,
java.util.Map<java.lang.String,RoleInfo> methodMappings) |
Check if any http method omissions exist in the list of method
to auth info mappings.
|
protected RoleInfo |
prepareConstraintInfo(java.lang.String pathInContext,
Request request) |
Find constraints that apply to the given path.
|
protected void |
processConstraintMapping(ConstraintMapping mapping) |
Create and combine the constraint with the existing processed
constraints.
|
protected void |
processConstraintMappingWithMethodOmissions(ConstraintMapping mapping,
java.util.Map<java.lang.String,RoleInfo> mappings) |
Constraints that name method omissions are dealt with differently.
|
static java.util.List<ConstraintMapping> |
removeConstraintMappingsForPath(java.lang.String pathSpec,
java.util.List<ConstraintMapping> constraintMappings) |
Take out of the constraint mappings those that match the
given path.
|
void |
setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings) |
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings,
java.util.Set<java.lang.String> roles) |
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(ConstraintMapping[] constraintMappings) |
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setDenyUncoveredHttpMethods(boolean deny) |
See Servlet Spec 31, sec 13.8.4, pg 145
When true, requests with http methods not explicitly covered either by inclusion or omissions
in constraints, will have access denied.
|
void |
setRoles(java.util.Set<java.lang.String> roles) |
Set the known roles.
|
doError, dumpThis, getServer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpBeans, dumpObject, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isManaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, start, stop, stop
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication
public static org.eclipse.jetty.util.security.Constraint createConstraint()
public static org.eclipse.jetty.util.security.Constraint createConstraint(org.eclipse.jetty.util.security.Constraint constraint)
public static org.eclipse.jetty.util.security.Constraint createConstraint(java.lang.String name, boolean authenticate, java.lang.String[] roles, int dataConstraint)
name
- the name of the constraintauthenticate
- true to authenticateroles
- list of rolesdataConstraint
- the data constraintpublic static org.eclipse.jetty.util.security.Constraint createConstraint(java.lang.String name, HttpConstraintElement element)
name
- the nameelement
- the http constraint elementpublic static org.eclipse.jetty.util.security.Constraint createConstraint(java.lang.String name, java.lang.String[] rolesAllowed, ServletSecurity.EmptyRoleSemantic permitOrDeny, ServletSecurity.TransportGuarantee transport)
name
- the namerolesAllowed
- the list of allowed rolespermitOrDeny
- the permission semantictransport
- the transport guaranteepublic static java.util.List<ConstraintMapping> getConstraintMappingsForPath(java.lang.String pathSpec, java.util.List<ConstraintMapping> constraintMappings)
public static java.util.List<ConstraintMapping> removeConstraintMappingsForPath(java.lang.String pathSpec, java.util.List<ConstraintMapping> constraintMappings)
pathSpec
- the path specconstraintMappings
- a new list minus the matching constraintspublic static java.util.List<ConstraintMapping> createConstraintsWithMappingsForPath(java.lang.String name, java.lang.String pathSpec, ServletSecurityElement securityElement)
name
- the namepathSpec
- the path specsecurityElement
- the servlet security elementpublic java.util.List<ConstraintMapping> getConstraintMappings()
getConstraintMappings
in interface ConstraintAware
public java.util.Set<java.lang.String> getRoles()
getRoles
in interface ConstraintAware
public void setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings)
constraintMappings
- The constraintMappings to set, from which the set of known roles
is determined.public void setConstraintMappings(ConstraintMapping[] constraintMappings)
constraintMappings
- The constraintMappings to set as array, from which the set of known roles
is determined. Needed to retain API compatibility for 7.xpublic void setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings, java.util.Set<java.lang.String> roles)
setConstraintMappings
in interface ConstraintAware
constraintMappings
- The constraintMappings to set.roles
- The known roles (or null to determine them from the mappings)public void setRoles(java.util.Set<java.lang.String> roles)
setConstraintMappings(ConstraintMapping[])
or
setConstraintMappings(List, Set)
.roles
- The known roles (or null to determine them from the mappings)public void addConstraintMapping(ConstraintMapping mapping)
ConstraintAware
addConstraintMapping
in interface ConstraintAware
mapping
- the mappingConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
public void addRole(java.lang.String role)
ConstraintAware
addRole
in interface ConstraintAware
role
- the roleConstraintAware.addRole(java.lang.String)
protected void doStart() throws java.lang.Exception
doStart
in class SecurityHandler
java.lang.Exception
SecurityHandler.doStart()
protected void doStop() throws java.lang.Exception
doStop
in class SecurityHandler
java.lang.Exception
protected void processConstraintMapping(ConstraintMapping mapping)
mapping
- the constraint mappingprotected void processConstraintMappingWithMethodOmissions(ConstraintMapping mapping, java.util.Map<java.lang.String,RoleInfo> mappings)
mapping
- the constraint mappingmappings
- the mappings of rolesprotected void configureRoleInfo(RoleInfo ri, ConstraintMapping mapping)
ri
- the role infomapping
- the constraint mappingprotected RoleInfo prepareConstraintInfo(java.lang.String pathInContext, Request request)
prepareConstraintInfo
in class SecurityHandler
SecurityHandler.prepareConstraintInfo(java.lang.String, org.eclipse.jetty.server.Request)
protected boolean checkUserDataPermissions(java.lang.String pathInContext, Request request, Response response, RoleInfo roleInfo) throws java.io.IOException
checkUserDataPermissions
in class SecurityHandler
java.io.IOException
protected boolean isAuthMandatory(Request baseRequest, Response base_response, java.lang.Object constraintInfo)
isAuthMandatory
in class SecurityHandler
protected boolean checkWebResourcePermissions(java.lang.String pathInContext, Request request, Response response, java.lang.Object constraintInfo, UserIdentity userIdentity) throws java.io.IOException
checkWebResourcePermissions
in class SecurityHandler
java.io.IOException
SecurityHandler.checkWebResourcePermissions(java.lang.String, org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object, org.eclipse.jetty.server.UserIdentity)
public void dump(java.lang.Appendable out, java.lang.String indent) throws java.io.IOException
dump
in class org.eclipse.jetty.util.component.ContainerLifeCycle
java.io.IOException
public void setDenyUncoveredHttpMethods(boolean deny)
ConstraintAware
setDenyUncoveredHttpMethods
in interface ConstraintAware
deny
- true for denied method accessConstraintAware.setDenyUncoveredHttpMethods(boolean)
public boolean isDenyUncoveredHttpMethods()
isDenyUncoveredHttpMethods
in interface ConstraintAware
public boolean checkPathsWithUncoveredHttpMethods()
checkPathsWithUncoveredHttpMethods
in interface ConstraintAware
public java.util.Set<java.lang.String> getPathsWithUncoveredHttpMethods()
protected boolean omissionsExist(java.lang.String path, java.util.Map<java.lang.String,RoleInfo> methodMappings)
path
- the pathmethodMappings
- the method mappingsprotected java.util.Set<java.lang.String> getOmittedMethods(java.lang.String omission)
<method>.<method>.omission
split out the individual method names.omission
- the methodCopyright © 1995–2018 Webtide. All rights reserved.