Class SecurityHandler

All Implemented Interfaces:
Authenticator.AuthConfiguration, Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle
Direct Known Subclasses:
ConstraintSecurityHandler

public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration
Abstract SecurityHandler.

Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

  • Field Details

    • __NO_USER

      public static final Principal __NO_USER
    • __NOBODY

      public static final Principal __NOBODY
      Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.
  • Constructor Details

    • SecurityHandler

      protected SecurityHandler()
  • Method Details

    • getIdentityService

      public IdentityService getIdentityService()
      Get the identityService.
      Specified by:
      getIdentityService in interface Authenticator.AuthConfiguration
      Returns:
      the identityService
    • setIdentityService

      public void setIdentityService(IdentityService identityService)
      Set the identityService.
      Parameters:
      identityService - the identityService to set
    • getLoginService

      public LoginService getLoginService()
      Get the loginService.
      Specified by:
      getLoginService in interface Authenticator.AuthConfiguration
      Returns:
      the loginService
    • setLoginService

      public void setLoginService(LoginService loginService)
      Set the loginService.
      Parameters:
      loginService - the loginService to set
    • getAuthenticator

      public Authenticator getAuthenticator()
    • setAuthenticator

      public void setAuthenticator(Authenticator authenticator)
      Set the authenticator.
      Parameters:
      authenticator - the authenticator
      Throws:
      IllegalStateException - if the SecurityHandler is running
    • getAuthenticatorFactory

      public Authenticator.Factory getAuthenticatorFactory()
      Returns:
      the authenticatorFactory
    • setAuthenticatorFactory

      public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
      Parameters:
      authenticatorFactory - the authenticatorFactory to set
      Throws:
      IllegalStateException - if the SecurityHandler is running
    • getKnownAuthenticatorFactories

      public List<Authenticator.Factory> getKnownAuthenticatorFactories()
      Returns:
      the list of discovered authenticatorFactories
    • getRealmName

      public String getRealmName()
      Specified by:
      getRealmName in interface Authenticator.AuthConfiguration
      Returns:
      the realmName
    • setRealmName

      public void setRealmName(String realmName)
      Parameters:
      realmName - the realmName to set
      Throws:
      IllegalStateException - if the SecurityHandler is running
    • getAuthMethod

      public String getAuthMethod()
      Specified by:
      getAuthMethod in interface Authenticator.AuthConfiguration
      Returns:
      the authMethod
    • setAuthMethod

      public void setAuthMethod(String authMethod)
      Parameters:
      authMethod - the authMethod to set
      Throws:
      IllegalStateException - if the SecurityHandler is running
    • isCheckWelcomeFiles

      public boolean isCheckWelcomeFiles()
      Returns:
      True if forwards to welcome files are authenticated
    • setCheckWelcomeFiles

      public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
      Parameters:
      authenticateWelcomeFiles - True if forwards to welcome files are authenticated
      Throws:
      IllegalStateException - if the SecurityHandler is running
    • getInitParameter

      public String getInitParameter(String key)
      Description copied from interface: Authenticator.AuthConfiguration
      Get a SecurityHandler init parameter
      Specified by:
      getInitParameter in interface Authenticator.AuthConfiguration
      Parameters:
      key - parameter name
      Returns:
      Parameter value or null
      See Also:
    • getInitParameterNames

      public Set<String> getInitParameterNames()
      Description copied from interface: Authenticator.AuthConfiguration
      Get a SecurityHandler init parameter names
      Specified by:
      getInitParameterNames in interface Authenticator.AuthConfiguration
      Returns:
      Set of parameter names
      See Also:
    • setInitParameter

      public String setInitParameter(String key, String value)
      Set an initialization parameter.
      Parameters:
      key - the init key
      value - the init value
      Returns:
      previous value
      Throws:
      IllegalStateException - if the SecurityHandler is started
    • findLoginService

      protected LoginService findLoginService() throws Exception
      Throws:
      Exception
    • findIdentityService

      protected IdentityService findIdentityService()
    • doStart

      protected void doStart() throws Exception
      Description copied from class: ContainerLifeCycle
      Starts the managed lifecycle beans in the order they were added.
      Overrides:
      doStart in class AbstractHandler
      Throws:
      AbstractLifeCycle.StopException - If thrown, the lifecycle will immediately be stopped.
      Exception - If there was a problem starting. Will cause a transition to FAILED state
    • doStop

      protected void doStop() throws Exception
      Description copied from class: ContainerLifeCycle
      Stops the managed lifecycle beans in the reverse order they were added.
      Overrides:
      doStop in class AbstractHandler
      Throws:
      Exception - If there was a problem stopping. Will cause a transition to FAILED state
    • checkSecurity

      protected boolean checkSecurity(Request request)
    • isSessionRenewedOnAuthentication

      public boolean isSessionRenewedOnAuthentication()
      Description copied from interface: Authenticator.AuthConfiguration
      Should session ID be renewed on authentication.
      Specified by:
      isSessionRenewedOnAuthentication in interface Authenticator.AuthConfiguration
      Returns:
      true if the session ID should be renewed on authentication
    • setSessionRenewedOnAuthentication

      public void setSessionRenewedOnAuthentication(boolean renew)
      Set renew the session on Authentication.

      If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

      Parameters:
      renew - true to renew the authentication on session
      See Also:
    • getSessionMaxInactiveIntervalOnAuthentication

      public int getSessionMaxInactiveIntervalOnAuthentication()
      Description copied from interface: Authenticator.AuthConfiguration
      Get the interval in seconds, which if non-zero, will be set with HttpSession.setMaxInactiveInterval(int) when a session is newly authenticated
      Specified by:
      getSessionMaxInactiveIntervalOnAuthentication in interface Authenticator.AuthConfiguration
      Returns:
      An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
    • setSessionMaxInactiveIntervalOnAuthentication

      public void setSessionMaxInactiveIntervalOnAuthentication(int seconds)
      Set the interval in seconds, which if non-zero, will be set with HttpSession.setMaxInactiveInterval(int) when a session is newly authenticated.
      Parameters:
      seconds - An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
    • handle

      public void handle(String pathInContext, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException
      Description copied from interface: Handler
      Handle a request.
      Specified by:
      handle in interface Handler
      Overrides:
      handle in class HandlerWrapper
      Parameters:
      pathInContext - The target of the request - either a URI or a name.
      baseRequest - The original unwrapped request object.
      request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
      response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
      Throws:
      IOException - if unable to handle the request or response processing
      jakarta.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue
    • getCurrentSecurityHandler

      public static SecurityHandler getCurrentSecurityHandler()
    • logout

      public void logout(Authentication.User user)
    • prepareConstraintInfo

      protected abstract RoleInfo prepareConstraintInfo(String pathInContext, Request request)
    • checkUserDataPermissions

      protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) throws IOException
      Throws:
      IOException
    • isAuthMandatory

      protected abstract boolean isAuthMandatory(Request baseRequest, Response baseResponse, Object constraintInfo)
    • checkWebResourcePermissions

      protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException
      Throws:
      IOException