org.eclipse.jetty.security
Class ConstraintSecurityHandler
java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.AggregateLifeCycle
org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandlerContainer
org.eclipse.jetty.server.handler.HandlerWrapper
org.eclipse.jetty.security.SecurityHandler
org.eclipse.jetty.security.ConstraintSecurityHandler
- All Implemented Interfaces:
- Authenticator.AuthConfiguration, ConstraintAware, Handler, HandlerContainer, Destroyable, Dumpable, LifeCycle
public class ConstraintSecurityHandler
- extends SecurityHandler
- implements ConstraintAware
Handler to enforce SecurityConstraints. This implementation is servlet spec
2.4 compliant and precomputes the constraint combinations for runtime
efficiency.
Method Summary |
void |
addConstraintMapping(ConstraintMapping mapping)
Add a Constraint Mapping. |
void |
addRole(String role)
Add a Role definition. |
protected boolean |
checkUserDataPermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo)
|
protected boolean |
checkWebResourcePermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo,
UserIdentity userIdentity)
|
protected void |
doStart()
|
protected void |
doStop()
|
void |
dump(Appendable out,
String indent)
|
List<ConstraintMapping> |
getConstraintMappings()
|
Set<String> |
getRoles()
|
protected boolean |
isAuthMandatory(Request baseRequest,
Response base_response,
Object constraintInfo)
|
boolean |
isStrict()
Get the strict mode. |
protected Object |
prepareConstraintInfo(String pathInContext,
Request request)
|
protected void |
processConstraintMapping(ConstraintMapping mapping)
|
void |
setConstraintMappings(ConstraintMapping[] constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class. |
void |
setConstraintMappings(List<ConstraintMapping> constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class. |
void |
setConstraintMappings(List<ConstraintMapping> constraintMappings,
Set<String> roles)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class. |
void |
setRoles(Set<String> roles)
Set the known roles. |
void |
setStrict(boolean strict)
Set the strict mode of the security handler. |
Methods inherited from class org.eclipse.jetty.security.SecurityHandler |
checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication |
Methods inherited from class org.eclipse.jetty.util.component.AggregateLifeCycle |
addBean, dump, dump, dump, dump, dumpStdErr, getBean, getBeans, getBeans, removeBean, removeBeans |
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle |
addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ConstraintSecurityHandler
public ConstraintSecurityHandler()
isStrict
public boolean isStrict()
- Get the strict mode.
- Returns:
- true if the security handler is running in strict mode.
setStrict
public void setStrict(boolean strict)
- Set the strict mode of the security handler.
When in strict mode (the default), the full servlet specification
will be implemented.
If not in strict mode, some additional flexibility in configuration
is allowed:
- All users do not need to have a role defined in the deployment descriptor
- The * role in a constraint applies to ANY role rather than all roles defined in
the deployment descriptor.
- Parameters:
strict
- the strict to set- See Also:
setRoles(Set)
,
setConstraintMappings(List, Set)
getConstraintMappings
public List<ConstraintMapping> getConstraintMappings()
- Specified by:
getConstraintMappings
in interface ConstraintAware
- Returns:
- Returns the constraintMappings.
getRoles
public Set<String> getRoles()
- Specified by:
getRoles
in interface ConstraintAware
setConstraintMappings
public void setConstraintMappings(List<ConstraintMapping> constraintMappings)
- Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
- Parameters:
constraintMappings
- The constraintMappings to set, from which the set of known roles
is determined.
setConstraintMappings
public void setConstraintMappings(ConstraintMapping[] constraintMappings)
- Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
- Parameters:
constraintMappings
- The constraintMappings to set as array, from which the set of known roles
is determined. Needed to retain API compatibility for 7.x
setConstraintMappings
public void setConstraintMappings(List<ConstraintMapping> constraintMappings,
Set<String> roles)
- Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
- Specified by:
setConstraintMappings
in interface ConstraintAware
- Parameters:
constraintMappings
- The constraintMappings to set.roles
- The known roles (or null to determine them from the mappings)
setRoles
public void setRoles(Set<String> roles)
- Set the known roles.
This may be overridden by a subsequent call to
setConstraintMappings(ConstraintMapping[])
or
setConstraintMappings(List, Set)
.
- Parameters:
roles
- The known roles (or null to determine them from the mappings)- See Also:
setStrict(boolean)
addConstraintMapping
public void addConstraintMapping(ConstraintMapping mapping)
- Description copied from interface:
ConstraintAware
- Add a Constraint Mapping.
May be called for running webapplication as an annotated servlet is instantiated.
- Specified by:
addConstraintMapping
in interface ConstraintAware
- See Also:
ConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
addRole
public void addRole(String role)
- Description copied from interface:
ConstraintAware
- Add a Role definition.
May be called on running webapplication as an annotated servlet is instantiated.
- Specified by:
addRole
in interface ConstraintAware
- See Also:
ConstraintAware.addRole(java.lang.String)
doStart
protected void doStart()
throws Exception
- Overrides:
doStart
in class SecurityHandler
- Throws:
Exception
- See Also:
SecurityHandler.doStart()
doStop
protected void doStop()
throws Exception
- Overrides:
doStop
in class SecurityHandler
- Throws:
Exception
- See Also:
HandlerWrapper.doStop()
processConstraintMapping
protected void processConstraintMapping(ConstraintMapping mapping)
prepareConstraintInfo
protected Object prepareConstraintInfo(String pathInContext,
Request request)
- Specified by:
prepareConstraintInfo
in class SecurityHandler
checkUserDataPermissions
protected boolean checkUserDataPermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo)
throws IOException
- Specified by:
checkUserDataPermissions
in class SecurityHandler
- Throws:
IOException
isAuthMandatory
protected boolean isAuthMandatory(Request baseRequest,
Response base_response,
Object constraintInfo)
- Specified by:
isAuthMandatory
in class SecurityHandler
checkWebResourcePermissions
protected boolean checkWebResourcePermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo,
UserIdentity userIdentity)
throws IOException
- Specified by:
checkWebResourcePermissions
in class SecurityHandler
- Throws:
IOException
dump
public void dump(Appendable out,
String indent)
throws IOException
- Specified by:
dump
in interface Dumpable
- Overrides:
dump
in class AbstractHandlerContainer
- Throws:
IOException
Copyright © 1995-2011 Mort Bay Consulting. All Rights Reserved.