View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.embedded;
20  
21  import java.util.Collections;
22  
23  import org.eclipse.jetty.security.ConstraintMapping;
24  import org.eclipse.jetty.security.ConstraintSecurityHandler;
25  import org.eclipse.jetty.security.HashLoginService;
26  import org.eclipse.jetty.security.LoginService;
27  import org.eclipse.jetty.security.authentication.BasicAuthenticator;
28  import org.eclipse.jetty.server.Server;
29  import org.eclipse.jetty.util.security.Constraint;
30  
31  public class SecuredHelloHandler
32  {
33      public static void main(String[] args) throws Exception
34      {
35          // Create a basic jetty server object that will listen on port 8080.  Note that if you set this to port 0
36          // then a randomly available port will be assigned that you can either look in the logs for the port,
37          // or programmatically obtain it for use in test cases.
38          Server server = new Server(8080);
39  
40          // Since this example is for our test webapp, we need to setup a LoginService so this shows how to create a
41          // very simple hashmap based one.  The name of the LoginService needs to correspond to what is configured a
42          // webapp's web.xml and since it has a lifecycle of its own we register it as a bean with the Jetty server
43          // object so it can be started and stopped according to the lifecycle of the server itself. In this example
44          // the name can be whatever you like since we are not dealing with webapp realms.
45          LoginService loginService = new HashLoginService("MyRealm","src/test/resources/realm.properties");
46          server.addBean(loginService); 
47  
48          // A security handler is a jetty handler that secures content behind a particular portion of a url space. The
49          // ConstraintSecurityHandler is a more specialized handler that allows matching of urls to different
50          // constraints. The server sets this as the first handler in the chain,
51          // effectively applying these constraints to all subsequent handlers in the chain.
52          ConstraintSecurityHandler security = new ConstraintSecurityHandler();
53          server.setHandler(security);
54  
55          // This constraint requires authentication and in addition that an authenticated user be a member of a given
56          // set of roles for authorization purposes.
57          Constraint constraint = new Constraint();
58          constraint.setName("auth");
59          constraint.setAuthenticate( true );
60          constraint.setRoles(new String[]{"user", "admin"});
61  
62          // Binds a url pattern with the previously created constraint. The roles for this constraing mapping are
63          // mined from the Constraint itself although methods exist to declare and bind roles separately as well.
64          ConstraintMapping mapping = new ConstraintMapping();
65          mapping.setPathSpec( "/*" );
66          mapping.setConstraint( constraint );
67  
68          // First you see the constraint mapping being applied to the handler as a singleton list,
69          // however you can passing in as many security constraint mappings as you like so long as they follow the
70          // mapping requirements of the servlet api. Next we set a BasicAuthenticator instance which is the object
71          // that actually checks the credentials followed by the LoginService which is the store of known users, etc.
72          security.setConstraintMappings(Collections.singletonList(mapping));
73          security.setAuthenticator(new BasicAuthenticator());
74          security.setLoginService(loginService);
75  
76          // The Hello Handler is the handler we are securing so we create one, and then set it as the handler on the
77          // security handler to complain the simple handler chain.
78          HelloHandler hh = new HelloHandler();
79  
80          // chain the hello handler into the security handler
81          security.setHandler(hh);
82  
83          // Start things up! By using the server.join() the server thread will join with the current thread.
84          // See "http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/Thread.html#join()" for more details.
85          server.start();
86          server.join();
87      }
88  }