Package org.eclipse.jetty.security

Class SecurityHandler

  • All Implemented Interfaces:
    Authenticator.AuthConfiguration, Handler, HandlerContainer, org.eclipse.jetty.util.component.Container, org.eclipse.jetty.util.component.Destroyable, org.eclipse.jetty.util.component.Dumpable, org.eclipse.jetty.util.component.LifeCycle
    Direct Known Subclasses:
    ConstraintSecurityHandler
    public abstract class SecurityHandler
extends HandlerWrapper
implements Authenticator.AuthConfiguration
    Abstract SecurityHandler.

    Select and apply an Authenticator to a request.

    The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

    SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

    • Field Detail

      • __NO_USER

        public static final java.security.Principal __NO_USER

      • __NOBODY

        public static final java.security.Principal __NOBODY
        Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

    • Constructor Detail

      • SecurityHandler

        protected SecurityHandler()

    • Method Detail

      • setIdentityService

        public void setIdentityService​(IdentityService identityService)
        Set the identityService.
        Parameters:
        identityService - the identityService to set

      • setLoginService

        public void setLoginService​(LoginService loginService)
        Set the loginService.
        Parameters:
        loginService - the loginService to set

      • setAuthenticator

        public void setAuthenticator​(Authenticator authenticator)
        Set the authenticator.
        Parameters:
        authenticator - the authenticator
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • getAuthenticatorFactory

        public Authenticator.Factory getAuthenticatorFactory()
        Returns:
        the authenticatorFactory

      • setAuthenticatorFactory

        public void setAuthenticatorFactory​(Authenticator.Factory authenticatorFactory)
        Parameters:
        authenticatorFactory - the authenticatorFactory to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • getKnownAuthenticatorFactories

        public java.util.List<Authenticator.Factory> getKnownAuthenticatorFactories()
        Returns:
        the list of discovered authenticatorFactories

      • setRealmName

        public void setRealmName​(java.lang.String realmName)
        Parameters:
        realmName - the realmName to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • setAuthMethod

        public void setAuthMethod​(java.lang.String authMethod)
        Parameters:
        authMethod - the authMethod to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • isCheckWelcomeFiles

        public boolean isCheckWelcomeFiles()
        Returns:
        True if forwards to welcome files are authenticated

      • setCheckWelcomeFiles

        public void setCheckWelcomeFiles​(boolean authenticateWelcomeFiles)
        Parameters:
        authenticateWelcomeFiles - True if forwards to welcome files are authenticated
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • setInitParameter

        public java.lang.String setInitParameter​(java.lang.String key,
                                         java.lang.String value)
        Set an initialization parameter.
        Parameters:
        key - the init key
        value - the init value
        Returns:
        previous value
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is started

      • findLoginService

        protected LoginService findLoginService()
                                 throws java.lang.Exception
        Throws:
        java.lang.Exception

      • doStart

        protected void doStart()
                throws java.lang.Exception
        Overrides:
        doStart in class AbstractHandler
        Throws:
        java.lang.Exception

      • doStop

        protected void doStop()
               throws java.lang.Exception
        Overrides:
        doStop in class AbstractHandler
        Throws:
        java.lang.Exception

      • checkSecurity

        protected boolean checkSecurity​(Request request)

      • setSessionRenewedOnAuthentication

        public void setSessionRenewedOnAuthentication​(boolean renew)
        Set renew the session on Authentication.

        If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

        Parameters:
        renew - true to renew the authentication on session
        See Also:
        Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

      • handle

        public void handle​(java.lang.String pathInContext,
                   Request baseRequest,
                   javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws java.io.IOException,
                   javax.servlet.ServletException
        Specified by:
        handle in interface Handler
        Overrides:
        handle in class HandlerWrapper
        Throws:
        java.io.IOException
        javax.servlet.ServletException

      • getCurrentSecurityHandler

        public static SecurityHandler getCurrentSecurityHandler()

      • prepareConstraintInfo

        protected abstract RoleInfo prepareConstraintInfo​(java.lang.String pathInContext,
                                                  Request request)

      • checkUserDataPermissions

        protected abstract boolean checkUserDataPermissions​(java.lang.String pathInContext,
                                                    Request request,
                                                    Response response,
                                                    RoleInfo constraintInfo)
                                             throws java.io.IOException
        Throws:
        java.io.IOException

      • isAuthMandatory

        protected abstract boolean isAuthMandatory​(Request baseRequest,
                                           Response baseResponse,
                                           java.lang.Object constraintInfo)

      • checkWebResourcePermissions

        protected abstract boolean checkWebResourcePermissions​(java.lang.String pathInContext,
                                                       Request request,
                                                       Response response,
                                                       java.lang.Object constraintInfo,
                                                       UserIdentity userIdentity)
                                                throws java.io.IOException
        Throws:
        java.io.IOException