org.eclipse.jetty.security
Class SecurityHandler

java.lang.Object
  extended by org.eclipse.jetty.util.component.AbstractLifeCycle
      extended by org.eclipse.jetty.util.component.AggregateLifeCycle
          extended by org.eclipse.jetty.server.handler.AbstractHandler
              extended by org.eclipse.jetty.server.handler.AbstractHandlerContainer
                  extended by org.eclipse.jetty.server.handler.HandlerWrapper
                      extended by org.eclipse.jetty.security.SecurityHandler
All Implemented Interfaces:
Authenticator.AuthConfiguration, Handler, HandlerContainer, Destroyable, Dumpable, LifeCycle
Direct Known Subclasses:
ConstraintSecurityHandler

public abstract class SecurityHandler
extends HandlerWrapper
implements Authenticator.AuthConfiguration

Abstract SecurityHandler. Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.


Nested Class Summary
 class SecurityHandler.NotChecked
           
 
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener
 
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
 
Field Summary
static Principal __NO_USER
           
static Principal __NOBODY
          Nobody user.
 
Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
_handler
 
Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING
 
Constructor Summary
protected SecurityHandler()
           
 
Method Summary
protected  boolean checkSecurity(Request request)
           
protected abstract  boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo)
           
protected abstract  boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity)
           
protected  void doStart()
           
protected  void doStop()
           
protected  IdentityService findIdentityService()
           
protected  LoginService findLoginService()
           
 Authenticator getAuthenticator()
           
 Authenticator.Factory getAuthenticatorFactory()
           
 String getAuthMethod()
           
static SecurityHandler getCurrentSecurityHandler()
           
 IdentityService getIdentityService()
          Get the identityService.
 String getInitParameter(String key)
          Get a SecurityHandler init parameter
 Set<String> getInitParameterNames()
          Get a SecurityHandler init parameter names
 LoginService getLoginService()
          Get the loginService.
 String getRealmName()
           
 void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response)
          Handle a request.
protected abstract  boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo)
           
 boolean isCheckWelcomeFiles()
           
 boolean isSessionRenewedOnAuthentication()
           
 void logout(Authentication.User user)
           
protected abstract  Object prepareConstraintInfo(String pathInContext, Request request)
           
 void setAuthenticator(Authenticator authenticator)
          Set the authenticator.
 void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
           
 void setAuthMethod(String authMethod)
           
 void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
           
 void setIdentityService(IdentityService identityService)
          Set the identityService.
 String setInitParameter(String key, String value)
          Set an initialization parameter.
 void setLoginService(LoginService loginService)
          Set the loginService.
 void setRealmName(String realmName)
           
 void setSessionRenewedOnAuthentication(boolean renew)
          Set renew the session on Authentication.
 
Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, getNestedHandlerByClass, setHandler, setServer
 
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer
dump, expandHandler, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass
 
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler
dumpThis, getServer
 
Methods inherited from class org.eclipse.jetty.util.component.AggregateLifeCycle
addBean, dump, dump, dump, dump, dumpStdErr, getBean, getBeans, getBeans, removeBean, removeBeans
 
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
 

Field Detail

__NO_USER

public static Principal __NO_USER

__NOBODY

public static Principal __NOBODY
Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

Constructor Detail

SecurityHandler

protected SecurityHandler()
Method Detail

getIdentityService

public IdentityService getIdentityService()
Get the identityService.

Specified by:
getIdentityService in interface Authenticator.AuthConfiguration
Returns:
the identityService

setIdentityService

public void setIdentityService(IdentityService identityService)
Set the identityService.

Parameters:
identityService - the identityService to set

getLoginService

public LoginService getLoginService()
Get the loginService.

Specified by:
getLoginService in interface Authenticator.AuthConfiguration
Returns:
the loginService

setLoginService

public void setLoginService(LoginService loginService)
Set the loginService.

Parameters:
loginService - the loginService to set

getAuthenticator

public Authenticator getAuthenticator()

setAuthenticator

public void setAuthenticator(Authenticator authenticator)
Set the authenticator.

Parameters:
authenticator -
Throws:
IllegalStateException - if the SecurityHandler is running

getAuthenticatorFactory

public Authenticator.Factory getAuthenticatorFactory()
Returns:
the authenticatorFactory

setAuthenticatorFactory

public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
Parameters:
authenticatorFactory - the authenticatorFactory to set
Throws:
IllegalStateException - if the SecurityHandler is running

getRealmName

public String getRealmName()
Specified by:
getRealmName in interface Authenticator.AuthConfiguration
Returns:
the realmName

setRealmName

public void setRealmName(String realmName)
Parameters:
realmName - the realmName to set
Throws:
IllegalStateException - if the SecurityHandler is running

getAuthMethod

public String getAuthMethod()
Specified by:
getAuthMethod in interface Authenticator.AuthConfiguration
Returns:
the authMethod

setAuthMethod

public void setAuthMethod(String authMethod)
Parameters:
authMethod - the authMethod to set
Throws:
IllegalStateException - if the SecurityHandler is running

isCheckWelcomeFiles

public boolean isCheckWelcomeFiles()
Returns:
True if forwards to welcome files are authenticated

setCheckWelcomeFiles

public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
Parameters:
authenticateWelcomeFiles - True if forwards to welcome files are authenticated
Throws:
IllegalStateException - if the SecurityHandler is running

getInitParameter

public String getInitParameter(String key)
Description copied from interface: Authenticator.AuthConfiguration
Get a SecurityHandler init parameter

Specified by:
getInitParameter in interface Authenticator.AuthConfiguration
Parameters:
key - parameter name
Returns:
Parameter value or null
See Also:
getInitParameter(String)

getInitParameterNames

public Set<String> getInitParameterNames()
Description copied from interface: Authenticator.AuthConfiguration
Get a SecurityHandler init parameter names

Specified by:
getInitParameterNames in interface Authenticator.AuthConfiguration
Returns:
Set of parameter names
See Also:
getInitParameterNames()

setInitParameter

public String setInitParameter(String key,
                               String value)
Set an initialization parameter.

Parameters:
key -
value -
Returns:
previous value
Throws:
IllegalStateException - if the SecurityHandler is running

findLoginService

protected LoginService findLoginService()

findIdentityService

protected IdentityService findIdentityService()

doStart

protected void doStart()
                throws Exception
Overrides:
doStart in class HandlerWrapper
Throws:
Exception

doStop

protected void doStop()
               throws Exception
Overrides:
doStop in class HandlerWrapper
Throws:
Exception
See Also:
HandlerWrapper.doStop()

checkSecurity

protected boolean checkSecurity(Request request)

isSessionRenewedOnAuthentication

public boolean isSessionRenewedOnAuthentication()
Specified by:
isSessionRenewedOnAuthentication in interface Authenticator.AuthConfiguration
See Also:
Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

setSessionRenewedOnAuthentication

public void setSessionRenewedOnAuthentication(boolean renew)
Set renew the session on Authentication.

If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

See Also:
Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

handle

public void handle(String pathInContext,
                   Request baseRequest,
                   HttpServletRequest request,
                   HttpServletResponse response)
            throws IOException,
                   ServletException
Description copied from interface: Handler
Handle a request.

Specified by:
handle in interface Handler
Overrides:
handle in class HandlerWrapper
Parameters:
pathInContext - The target of the request - either a URI or a name.
baseRequest - The original unwrapped request object.
request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Request object if required.
response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Response object if required.
Throws:
IOException
ServletException

getCurrentSecurityHandler

public static SecurityHandler getCurrentSecurityHandler()

logout

public void logout(Authentication.User user)

prepareConstraintInfo

protected abstract Object prepareConstraintInfo(String pathInContext,
                                                Request request)

checkUserDataPermissions

protected abstract boolean checkUserDataPermissions(String pathInContext,
                                                    Request request,
                                                    Response response,
                                                    Object constraintInfo)
                                             throws IOException
Throws:
IOException

isAuthMandatory

protected abstract boolean isAuthMandatory(Request baseRequest,
                                           Response base_response,
                                           Object constraintInfo)

checkWebResourcePermissions

protected abstract boolean checkWebResourcePermissions(String pathInContext,
                                                       Request request,
                                                       Response response,
                                                       Object constraintInfo,
                                                       UserIdentity userIdentity)
                                                throws IOException
Throws:
IOException


Copyright © 1995-2011 Mort Bay Consulting. All Rights Reserved.