View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.embedded;
20  
21  import java.util.Collections;
22  
23  import org.eclipse.jetty.security.ConstraintMapping;
24  import org.eclipse.jetty.security.ConstraintSecurityHandler;
25  import org.eclipse.jetty.security.HashLoginService;
26  import org.eclipse.jetty.security.LoginService;
27  import org.eclipse.jetty.security.authentication.BasicAuthenticator;
28  import org.eclipse.jetty.server.Server;
29  import org.eclipse.jetty.util.security.Constraint;
30  
31  public class SecuredHelloHandler
32  {
33      public static void main( String[] args ) throws Exception
34      {
35          // Create a basic jetty server object that will listen on port 8080.
36          // Note that if you set this to port 0 then a randomly available port
37          // will be assigned that you can either look in the logs for the port,
38          // or programmatically obtain it for use in test cases.
39          Server server = new Server(8080);
40  
41          // Since this example is for our test webapp, we need to setup a
42          // LoginService so this shows how to create a very simple hashmap based
43          // one. The name of the LoginService needs to correspond to what is
44          // configured a webapp's web.xml and since it has a lifecycle of its own
45          // we register it as a bean with the Jetty server object so it can be
46          // started and stopped according to the lifecycle of the server itself.
47          // In this example the name can be whatever you like since we are not
48          // dealing with webapp realms.
49          LoginService loginService = new HashLoginService("MyRealm",
50                  "src/test/resources/realm.properties");
51          server.addBean(loginService);
52  
53          // A security handler is a jetty handler that secures content behind a
54          // particular portion of a url space. The ConstraintSecurityHandler is a
55          // more specialized handler that allows matching of urls to different
56          // constraints. The server sets this as the first handler in the chain,
57          // effectively applying these constraints to all subsequent handlers in
58          // the chain.
59          ConstraintSecurityHandler security = new ConstraintSecurityHandler();
60          server.setHandler(security);
61  
62          // This constraint requires authentication and in addition that an
63          // authenticated user be a member of a given set of roles for
64          // authorization purposes.
65          Constraint constraint = new Constraint();
66          constraint.setName("auth");
67          constraint.setAuthenticate(true);
68          constraint.setRoles(new String[] { "user", "admin" });
69  
70          // Binds a url pattern with the previously created constraint. The roles
71          // for this constraing mapping are mined from the Constraint itself
72          // although methods exist to declare and bind roles separately as well.
73          ConstraintMapping mapping = new ConstraintMapping();
74          mapping.setPathSpec("/*");
75          mapping.setConstraint(constraint);
76  
77          // First you see the constraint mapping being applied to the handler as
78          // a singleton list, however you can passing in as many security
79          // constraint mappings as you like so long as they follow the mapping
80          // requirements of the servlet api. Next we set a BasicAuthenticator
81          // instance which is the object that actually checks the credentials
82          // followed by the LoginService which is the store of known users, etc.
83          security.setConstraintMappings(Collections.singletonList(mapping));
84          security.setAuthenticator(new BasicAuthenticator());
85          security.setLoginService(loginService);
86  
87          // The Hello Handler is the handler we are securing so we create one,
88          // and then set it as the handler on the
89          // security handler to complain the simple handler chain.
90          HelloHandler hh = new HelloHandler();
91  
92          // chain the hello handler into the security handler
93          security.setHandler(hh);
94  
95          // Start things up!
96          server.start();
97  
98          // The use of server.join() the will make the current thread join and
99          // wait until the server is done executing.
100         // See
101         // http://docs.oracle.com/javase/7/docs/api/java/lang/Thread.html#join()
102         server.join();
103     }
104 }