Package org.eclipse.jetty.security
Class SecurityHandler
- All Implemented Interfaces:
Authenticator.AuthConfiguration
,Handler
,HandlerContainer
,Container
,Destroyable
,Dumpable
,Dumpable.DumpableContainer
,LifeCycle
- Direct Known Subclasses:
ConstraintSecurityHandler
public abstract class SecurityHandler
extends HandlerWrapper
implements Authenticator.AuthConfiguration
Abstract SecurityHandler.
Select and apply an Authenticator
to a request.
The Authenticator may either be directly set on the handler
or will be create during AbstractLifeCycle.start()
with a call to
either the default or set AuthenticatorFactory.
SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler
AbstractHandler.ErrorDispatchHandler
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
-
Field Summary
Fields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
_handler
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
checkSecurity
(Request request) protected abstract boolean
checkUserDataPermissions
(String pathInContext, Request request, Response response, RoleInfo constraintInfo) protected abstract boolean
checkWebResourcePermissions
(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) protected void
doStart()
Starts the managed lifecycle beans in the order they were added.protected void
doStop()
Stops the managed lifecycle beans in the reverse order they were added.protected IdentityService
protected LoginService
static SecurityHandler
Get the identityService.getInitParameter
(String key) Get a SecurityHandler init parameterGet a SecurityHandler init parameter namesGet the loginService.int
Get the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)
when a session is newly authenticatedvoid
handle
(String pathInContext, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Handle a request.protected abstract boolean
isAuthMandatory
(Request baseRequest, Response baseResponse, Object constraintInfo) boolean
boolean
Should session ID be renewed on authentication.void
logout
(Authentication.User user) protected abstract RoleInfo
prepareConstraintInfo
(String pathInContext, Request request) void
setAuthenticator
(Authenticator authenticator) Set the authenticator.void
setAuthenticatorFactory
(Authenticator.Factory authenticatorFactory) void
setAuthMethod
(String authMethod) void
setCheckWelcomeFiles
(boolean authenticateWelcomeFiles) void
setIdentityService
(IdentityService identityService) Set the identityService.setInitParameter
(String key, String value) Set an initialization parameter.void
setLoginService
(LoginService loginService) Set the loginService.void
setRealmName
(String realmName) void
setSessionMaxInactiveIntervalOnAuthentication
(int seconds) Set the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)
when a session is newly authenticated.void
setSessionRenewedOnAuthentication
(boolean renew) Set renew the session on Authentication.Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
Methods inherited from class org.eclipse.jetty.server.handler.AbstractHandler
doError, getServer
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListeners
Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable
Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop
-
Field Details
-
__NO_USER
-
__NOBODY
Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.
-
-
Constructor Details
-
SecurityHandler
protected SecurityHandler()
-
-
Method Details
-
getIdentityService
Get the identityService.- Specified by:
getIdentityService
in interfaceAuthenticator.AuthConfiguration
- Returns:
- the identityService
-
setIdentityService
Set the identityService.- Parameters:
identityService
- the identityService to set
-
getLoginService
Get the loginService.- Specified by:
getLoginService
in interfaceAuthenticator.AuthConfiguration
- Returns:
- the loginService
-
setLoginService
Set the loginService.- Parameters:
loginService
- the loginService to set
-
getAuthenticator
-
setAuthenticator
Set the authenticator.- Parameters:
authenticator
- the authenticator- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getAuthenticatorFactory
- Returns:
- the authenticatorFactory
-
setAuthenticatorFactory
- Parameters:
authenticatorFactory
- the authenticatorFactory to set- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getKnownAuthenticatorFactories
- Returns:
- the list of discovered authenticatorFactories
-
getRealmName
- Specified by:
getRealmName
in interfaceAuthenticator.AuthConfiguration
- Returns:
- the realmName
-
setRealmName
- Parameters:
realmName
- the realmName to set- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getAuthMethod
- Specified by:
getAuthMethod
in interfaceAuthenticator.AuthConfiguration
- Returns:
- the authMethod
-
setAuthMethod
- Parameters:
authMethod
- the authMethod to set- Throws:
IllegalStateException
- if the SecurityHandler is running
-
isCheckWelcomeFiles
public boolean isCheckWelcomeFiles()- Returns:
- True if forwards to welcome files are authenticated
-
setCheckWelcomeFiles
public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles) - Parameters:
authenticateWelcomeFiles
- True if forwards to welcome files are authenticated- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getInitParameter
Description copied from interface:Authenticator.AuthConfiguration
Get a SecurityHandler init parameter- Specified by:
getInitParameter
in interfaceAuthenticator.AuthConfiguration
- Parameters:
key
- parameter name- Returns:
- Parameter value or null
- See Also:
-
getInitParameterNames
Description copied from interface:Authenticator.AuthConfiguration
Get a SecurityHandler init parameter names- Specified by:
getInitParameterNames
in interfaceAuthenticator.AuthConfiguration
- Returns:
- Set of parameter names
- See Also:
-
setInitParameter
Set an initialization parameter.- Parameters:
key
- the init keyvalue
- the init value- Returns:
- previous value
- Throws:
IllegalStateException
- if the SecurityHandler is started
-
findLoginService
- Throws:
Exception
-
findIdentityService
-
doStart
Description copied from class:ContainerLifeCycle
Starts the managed lifecycle beans in the order they were added.- Overrides:
doStart
in classAbstractHandler
- Throws:
AbstractLifeCycle.StopException
- If thrown, the lifecycle will immediately be stopped.Exception
- If there was a problem starting. Will cause a transition to FAILED state
-
doStop
Description copied from class:ContainerLifeCycle
Stops the managed lifecycle beans in the reverse order they were added.- Overrides:
doStop
in classAbstractHandler
- Throws:
Exception
- If there was a problem stopping. Will cause a transition to FAILED state
-
checkSecurity
-
isSessionRenewedOnAuthentication
public boolean isSessionRenewedOnAuthentication()Description copied from interface:Authenticator.AuthConfiguration
Should session ID be renewed on authentication.- Specified by:
isSessionRenewedOnAuthentication
in interfaceAuthenticator.AuthConfiguration
- Returns:
- true if the session ID should be renewed on authentication
-
setSessionRenewedOnAuthentication
public void setSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
- Parameters:
renew
- true to renew the authentication on session- See Also:
-
getSessionMaxInactiveIntervalOnAuthentication
public int getSessionMaxInactiveIntervalOnAuthentication()Description copied from interface:Authenticator.AuthConfiguration
Get the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)
when a session is newly authenticated- Specified by:
getSessionMaxInactiveIntervalOnAuthentication
in interfaceAuthenticator.AuthConfiguration
- Returns:
- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
setSessionMaxInactiveIntervalOnAuthentication
public void setSessionMaxInactiveIntervalOnAuthentication(int seconds) Set the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)
when a session is newly authenticated.- Parameters:
seconds
- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
handle
public void handle(String pathInContext, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException Description copied from interface:Handler
Handle a request.- Specified by:
handle
in interfaceHandler
- Overrides:
handle
in classHandlerWrapper
- Parameters:
pathInContext
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as theRequest
object or a wrapper of that request. The
method can be used access the Request object if required.HttpConnection.getCurrentConnection()
.getHttpChannel()
.getRequest()
response
- The response as theResponse
object or a wrapper of that request. The
method can be used access the Response object if required.HttpConnection.getCurrentConnection()
.getHttpChannel()
.getResponse()
- Throws:
IOException
- if unable to handle the request or response processingjakarta.servlet.ServletException
- if unable to handle the request or response due to underlying servlet issue
-
getCurrentSecurityHandler
-
logout
-
prepareConstraintInfo
-
checkUserDataPermissions
protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) throws IOException - Throws:
IOException
-
isAuthMandatory
-
checkWebResourcePermissions
protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException - Throws:
IOException
-