Package org.eclipse.jetty.security
Class SecurityHandler
- All Implemented Interfaces:
Authenticator.AuthConfiguration,Handler,HandlerContainer,Container,Destroyable,Dumpable,Dumpable.DumpableContainer,LifeCycle
- Direct Known Subclasses:
ConstraintSecurityHandler
public abstract class SecurityHandler
extends HandlerWrapper
implements Authenticator.AuthConfiguration
Abstract SecurityHandler.
Select and apply an Authenticator to a request.
The Authenticator may either be directly set on the handler
or will be create during AbstractLifeCycle.start() with a call to
either the default or set AuthenticatorFactory.
SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
-
Nested Class Summary
Nested ClassesNested classes/interfaces inherited from class org.eclipse.jetty.server.handler.AbstractHandler
AbstractHandler.ErrorDispatchHandlerNested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopExceptionNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.ListenerNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainerNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener -
Field Summary
FieldsFields inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
_handler -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleancheckSecurity(Request request) protected abstract booleancheckUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) protected abstract booleancheckWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) protected voiddoStart()Starts the managed lifecycle beans in the order they were added.protected voiddoStop()Stops the managed lifecycle beans in the reverse order they were added.protected IdentityServiceprotected LoginServicestatic SecurityHandlerGet the identityService.getInitParameter(String key) Get a SecurityHandler init parameterGet a SecurityHandler init parameter namesGet the loginService.intGet the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticatedvoidhandle(String pathInContext, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Handle a request.protected abstract booleanisAuthMandatory(Request baseRequest, Response baseResponse, Object constraintInfo) booleanbooleanShould session ID be renewed on authentication.voidlogout(Authentication.User user) protected abstract RoleInfoprepareConstraintInfo(String pathInContext, Request request) voidsetAuthenticator(Authenticator authenticator) Set the authenticator.voidsetAuthenticatorFactory(Authenticator.Factory authenticatorFactory) voidsetAuthMethod(String authMethod) voidsetCheckWelcomeFiles(boolean authenticateWelcomeFiles) voidsetIdentityService(IdentityService identityService) Set the identityService.setInitParameter(String key, String value) Set an initialization parameter.voidsetLoginService(LoginService loginService) Set the loginService.voidsetRealmName(String realmName) voidsetSessionMaxInactiveIntervalOnAuthentication(int seconds) Set the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticated.voidsetSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.Methods inherited from class org.eclipse.jetty.server.handler.HandlerWrapper
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandlerMethods inherited from class org.eclipse.jetty.server.handler.AbstractHandlerContainer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServerMethods inherited from class org.eclipse.jetty.server.handler.AbstractHandler
doError, getServerMethods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeansMethods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toStringMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListenersMethods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpableMethods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop
-
Field Details
-
__NO_USER
-
__NOBODY
Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.
-
-
Constructor Details
-
SecurityHandler
protected SecurityHandler()
-
-
Method Details
-
getIdentityService
Get the identityService.- Specified by:
getIdentityServicein interfaceAuthenticator.AuthConfiguration- Returns:
- the identityService
-
setIdentityService
Set the identityService.- Parameters:
identityService- the identityService to set
-
getLoginService
Get the loginService.- Specified by:
getLoginServicein interfaceAuthenticator.AuthConfiguration- Returns:
- the loginService
-
setLoginService
Set the loginService.- Parameters:
loginService- the loginService to set
-
getAuthenticator
-
setAuthenticator
Set the authenticator.- Parameters:
authenticator- the authenticator- Throws:
IllegalStateException- if the SecurityHandler is running
-
getAuthenticatorFactory
- Returns:
- the authenticatorFactory
-
setAuthenticatorFactory
- Parameters:
authenticatorFactory- the authenticatorFactory to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
getKnownAuthenticatorFactories
- Returns:
- the list of discovered authenticatorFactories
-
getRealmName
- Specified by:
getRealmNamein interfaceAuthenticator.AuthConfiguration- Returns:
- the realmName
-
setRealmName
- Parameters:
realmName- the realmName to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
getAuthMethod
- Specified by:
getAuthMethodin interfaceAuthenticator.AuthConfiguration- Returns:
- the authMethod
-
setAuthMethod
- Parameters:
authMethod- the authMethod to set- Throws:
IllegalStateException- if the SecurityHandler is running
-
isCheckWelcomeFiles
public boolean isCheckWelcomeFiles()- Returns:
- True if forwards to welcome files are authenticated
-
setCheckWelcomeFiles
public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles) - Parameters:
authenticateWelcomeFiles- True if forwards to welcome files are authenticated- Throws:
IllegalStateException- if the SecurityHandler is running
-
getInitParameter
Description copied from interface:Authenticator.AuthConfigurationGet a SecurityHandler init parameter- Specified by:
getInitParameterin interfaceAuthenticator.AuthConfiguration- Parameters:
key- parameter name- Returns:
- Parameter value or null
- See Also:
-
getInitParameterNames
Description copied from interface:Authenticator.AuthConfigurationGet a SecurityHandler init parameter names- Specified by:
getInitParameterNamesin interfaceAuthenticator.AuthConfiguration- Returns:
- Set of parameter names
- See Also:
-
setInitParameter
Set an initialization parameter.- Parameters:
key- the init keyvalue- the init value- Returns:
- previous value
- Throws:
IllegalStateException- if the SecurityHandler is started
-
findLoginService
- Throws:
Exception
-
findIdentityService
-
doStart
Description copied from class:ContainerLifeCycleStarts the managed lifecycle beans in the order they were added.- Overrides:
doStartin classAbstractHandler- Throws:
Exception- If there was a problem starting. Will cause a transition to FAILED state
-
doStop
Description copied from class:ContainerLifeCycleStops the managed lifecycle beans in the reverse order they were added.- Overrides:
doStopin classAbstractHandler- Throws:
Exception- If there was a problem stopping. Will cause a transition to FAILED state
-
checkSecurity
-
isSessionRenewedOnAuthentication
public boolean isSessionRenewedOnAuthentication()Description copied from interface:Authenticator.AuthConfigurationShould session ID be renewed on authentication.- Specified by:
isSessionRenewedOnAuthenticationin interfaceAuthenticator.AuthConfiguration- Returns:
- true if the session ID should be renewed on authentication
-
setSessionRenewedOnAuthentication
public void setSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
- Parameters:
renew- true to renew the authentication on session- See Also:
-
getSessionMaxInactiveIntervalOnAuthentication
public int getSessionMaxInactiveIntervalOnAuthentication()Description copied from interface:Authenticator.AuthConfigurationGet the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticated- Specified by:
getSessionMaxInactiveIntervalOnAuthenticationin interfaceAuthenticator.AuthConfiguration- Returns:
- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
setSessionMaxInactiveIntervalOnAuthentication
public void setSessionMaxInactiveIntervalOnAuthentication(int seconds) Set the interval in seconds, which if non-zero, will be set withHttpSession.setMaxInactiveInterval(int)when a session is newly authenticated.- Parameters:
seconds- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
handle
public void handle(String pathInContext, Request baseRequest, jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws IOException, jakarta.servlet.ServletException Description copied from interface:HandlerHandle a request.- Specified by:
handlein interfaceHandler- Overrides:
handlein classHandlerWrapper- Parameters:
pathInContext- The target of the request - either a URI or a name.baseRequest- The original unwrapped request object.request- The request either as theRequestobject or a wrapper of that request. TheHttpConnection.getCurrentConnection().getHttpChannel().getRequest()response- The response as theResponseobject or a wrapper of that request. TheHttpConnection.getCurrentConnection().getHttpChannel().getResponse()- Throws:
IOException- if unable to handle the request or response processingjakarta.servlet.ServletException- if unable to handle the request or response due to underlying servlet issue
-
getCurrentSecurityHandler
-
logout
-
prepareConstraintInfo
-
checkUserDataPermissions
protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) throws IOException - Throws:
IOException
-
isAuthMandatory
-
checkWebResourcePermissions
protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException - Throws:
IOException
-