1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.embedded; 20 21 import java.util.Collections; 22 23 import org.eclipse.jetty.security.ConstraintMapping; 24 import org.eclipse.jetty.security.ConstraintSecurityHandler; 25 import org.eclipse.jetty.security.HashLoginService; 26 import org.eclipse.jetty.security.LoginService; 27 import org.eclipse.jetty.security.authentication.BasicAuthenticator; 28 import org.eclipse.jetty.server.Server; 29 import org.eclipse.jetty.util.security.Constraint; 30 31 public class SecuredHelloHandler 32 { 33 public static void main( String[] args ) throws Exception 34 { 35 // Create a basic jetty server object that will listen on port 8080. 36 // Note that if you set this to port 0 then a randomly available port 37 // will be assigned that you can either look in the logs for the port, 38 // or programmatically obtain it for use in test cases. 39 Server server = new Server(8080); 40 41 // Since this example is for our test webapp, we need to setup a 42 // LoginService so this shows how to create a very simple hashmap based 43 // one. The name of the LoginService needs to correspond to what is 44 // configured a webapp's web.xml and since it has a lifecycle of its own 45 // we register it as a bean with the Jetty server object so it can be 46 // started and stopped according to the lifecycle of the server itself. 47 // In this example the name can be whatever you like since we are not 48 // dealing with webapp realms. 49 LoginService loginService = new HashLoginService("MyRealm", 50 "src/test/resources/realm.properties"); 51 server.addBean(loginService); 52 53 // A security handler is a jetty handler that secures content behind a 54 // particular portion of a url space. The ConstraintSecurityHandler is a 55 // more specialized handler that allows matching of urls to different 56 // constraints. The server sets this as the first handler in the chain, 57 // effectively applying these constraints to all subsequent handlers in 58 // the chain. 59 ConstraintSecurityHandler security = new ConstraintSecurityHandler(); 60 server.setHandler(security); 61 62 // This constraint requires authentication and in addition that an 63 // authenticated user be a member of a given set of roles for 64 // authorization purposes. 65 Constraint constraint = new Constraint(); 66 constraint.setName("auth"); 67 constraint.setAuthenticate(true); 68 constraint.setRoles(new String[] { "user", "admin" }); 69 70 // Binds a url pattern with the previously created constraint. The roles 71 // for this constraing mapping are mined from the Constraint itself 72 // although methods exist to declare and bind roles separately as well. 73 ConstraintMapping mapping = new ConstraintMapping(); 74 mapping.setPathSpec("/*"); 75 mapping.setConstraint(constraint); 76 77 // First you see the constraint mapping being applied to the handler as 78 // a singleton list, however you can passing in as many security 79 // constraint mappings as you like so long as they follow the mapping 80 // requirements of the servlet api. Next we set a BasicAuthenticator 81 // instance which is the object that actually checks the credentials 82 // followed by the LoginService which is the store of known users, etc. 83 security.setConstraintMappings(Collections.singletonList(mapping)); 84 security.setAuthenticator(new BasicAuthenticator()); 85 security.setLoginService(loginService); 86 87 // The Hello Handler is the handler we are securing so we create one, 88 // and then set it as the handler on the 89 // security handler to complain the simple handler chain. 90 HelloHandler hh = new HelloHandler(); 91 92 // chain the hello handler into the security handler 93 security.setHandler(hh); 94 95 // Start things up! 96 server.start(); 97 98 // The use of server.join() the will make the current thread join and 99 // wait until the server is done executing. 100 // See 101 // http://docs.oracle.com/javase/7/docs/api/java/lang/Thread.html#join() 102 server.join(); 103 } 104 }