View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.embedded;
20  
21  import java.util.Collections;
22  import java.util.HashSet;
23  import java.util.Set;
24  
25  import org.eclipse.jetty.security.ConstraintMapping;
26  import org.eclipse.jetty.security.ConstraintSecurityHandler;
27  import org.eclipse.jetty.security.HashLoginService;
28  import org.eclipse.jetty.security.LoginService;
29  import org.eclipse.jetty.security.authentication.BasicAuthenticator;
30  import org.eclipse.jetty.server.Server;
31  import org.eclipse.jetty.util.security.Constraint;
32  
33  public class SecuredHelloHandler
34  {
35      public static void main(String[] args) throws Exception
36      {
37          // Create a basic jetty server object that will listen on port 8080.  Note that if you set this to port 0
38          // then a randomly available port will be assigned that you can either look in the logs for the port,
39          // or programmatically obtain it for use in test cases.
40          Server server = new Server(8080);
41  
42          // Since this example is for our test webapp, we need to setup a LoginService so this shows how to create a
43          // very simple hashmap based one.  The name of the LoginService needs to correspond to what is configured a
44          // webapp's web.xml and since it has a lifecycle of its own we register it as a bean with the Jetty server
45          // object so it can be started and stopped according to the lifecycle of the server itself. In this example
46          // the name can be whatever you like since we are not dealing with webapp realms.
47          LoginService loginService = new HashLoginService("MyRealm","src/test/resources/realm.properties");
48          server.addBean(loginService); 
49  
50          // A security handler is a jetty handler that secures content behind a particular portion of a url space. The
51          // ConstraintSecurityHandler is a more specialized handler that allows matching of urls to different
52          // constraints. The server sets this as the first handler in the chain,
53          // effectively applying these constraints to all subsequent handlers in the chain.
54          ConstraintSecurityHandler security = new ConstraintSecurityHandler();
55          server.setHandler(security);
56  
57          // This constraint requires authentication and in addition that an authenticated user be a member of a given
58          // set of roles for authorization purposes.
59          Constraint constraint = new Constraint();
60          constraint.setName("auth");
61          constraint.setAuthenticate( true );
62          constraint.setRoles(new String[]{"user", "admin"});
63  
64          // Binds a url pattern with the previously created constraint. The roles for this constraing mapping are
65          // mined from the Constraint itself although methods exist to declare and bind roles separately as well.
66          ConstraintMapping mapping = new ConstraintMapping();
67          mapping.setPathSpec( "/*" );
68          mapping.setConstraint( constraint );
69  
70          // First you see the constraint mapping being applied to the handler as a singleton list,
71          // however you can passing in as many security constraint mappings as you like so long as they follow the
72          // mapping requirements of the servlet api. Next we set a BasicAuthenticator instance which is the object
73          // that actually checks the credentials followed by the LoginService which is the store of known users, etc.
74          security.setConstraintMappings(Collections.singletonList(mapping));
75          security.setAuthenticator(new BasicAuthenticator());
76          security.setLoginService(loginService);
77          security.setStrict(false);
78  
79          // The Hello Handler is the handler we are securing so we create one, and then set it as the handler on the
80          // security handler to complain the simple handler chain.
81          HelloHandler hh = new HelloHandler();
82  
83          // chain the hello handler into the security handler
84          security.setHandler(hh);
85  
86          // Start things up! By using the server.join() the server thread will join with the current thread.
87          // See "http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/Thread.html#join()" for more details.
88          server.start();
89          server.join();
90      }
91  }