1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.embedded; 20 21 import java.util.Collections; 22 import java.util.HashSet; 23 import java.util.Set; 24 25 import org.eclipse.jetty.security.ConstraintMapping; 26 import org.eclipse.jetty.security.ConstraintSecurityHandler; 27 import org.eclipse.jetty.security.HashLoginService; 28 import org.eclipse.jetty.security.LoginService; 29 import org.eclipse.jetty.security.authentication.BasicAuthenticator; 30 import org.eclipse.jetty.server.Server; 31 import org.eclipse.jetty.util.security.Constraint; 32 33 public class SecuredHelloHandler 34 { 35 public static void main(String[] args) throws Exception 36 { 37 // Create a basic jetty server object that will listen on port 8080. Note that if you set this to port 0 38 // then a randomly available port will be assigned that you can either look in the logs for the port, 39 // or programmatically obtain it for use in test cases. 40 Server server = new Server(8080); 41 42 // Since this example is for our test webapp, we need to setup a LoginService so this shows how to create a 43 // very simple hashmap based one. The name of the LoginService needs to correspond to what is configured a 44 // webapp's web.xml and since it has a lifecycle of its own we register it as a bean with the Jetty server 45 // object so it can be started and stopped according to the lifecycle of the server itself. In this example 46 // the name can be whatever you like since we are not dealing with webapp realms. 47 LoginService loginService = new HashLoginService("MyRealm","src/test/resources/realm.properties"); 48 server.addBean(loginService); 49 50 // A security handler is a jetty handler that secures content behind a particular portion of a url space. The 51 // ConstraintSecurityHandler is a more specialized handler that allows matching of urls to different 52 // constraints. The server sets this as the first handler in the chain, 53 // effectively applying these constraints to all subsequent handlers in the chain. 54 ConstraintSecurityHandler security = new ConstraintSecurityHandler(); 55 server.setHandler(security); 56 57 // This constraint requires authentication and in addition that an authenticated user be a member of a given 58 // set of roles for authorization purposes. 59 Constraint constraint = new Constraint(); 60 constraint.setName("auth"); 61 constraint.setAuthenticate( true ); 62 constraint.setRoles(new String[]{"user", "admin"}); 63 64 // Binds a url pattern with the previously created constraint. The roles for this constraing mapping are 65 // mined from the Constraint itself although methods exist to declare and bind roles separately as well. 66 ConstraintMapping mapping = new ConstraintMapping(); 67 mapping.setPathSpec( "/*" ); 68 mapping.setConstraint( constraint ); 69 70 // First you see the constraint mapping being applied to the handler as a singleton list, 71 // however you can passing in as many security constraint mappings as you like so long as they follow the 72 // mapping requirements of the servlet api. Next we set a BasicAuthenticator instance which is the object 73 // that actually checks the credentials followed by the LoginService which is the store of known users, etc. 74 security.setConstraintMappings(Collections.singletonList(mapping)); 75 security.setAuthenticator(new BasicAuthenticator()); 76 security.setLoginService(loginService); 77 security.setStrict(false); 78 79 // The Hello Handler is the handler we are securing so we create one, and then set it as the handler on the 80 // security handler to complain the simple handler chain. 81 HelloHandler hh = new HelloHandler(); 82 83 // chain the hello handler into the security handler 84 security.setHandler(hh); 85 86 // Start things up! By using the server.join() the server thread will join with the current thread. 87 // See "http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/Thread.html#join()" for more details. 88 server.start(); 89 server.join(); 90 } 91 }