Package org.eclipse.jetty.security
Class SecurityHandler.PathMapped
java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.Handler.Abstract
org.eclipse.jetty.server.Handler.AbstractContainer
org.eclipse.jetty.server.Handler.Wrapper
org.eclipse.jetty.security.SecurityHandler
org.eclipse.jetty.security.SecurityHandler.PathMapped
- All Implemented Interfaces:
Comparator<PathSpec>,Authenticator.Configuration,Handler,Handler.Container,Handler.Singleton,Request.Handler,Container,Destroyable,Dumpable,Dumpable.DumpableContainer,LifeCycle,Invocable
- Enclosing class:
- SecurityHandler
public static class SecurityHandler.PathMapped
extends SecurityHandler
implements Comparator<PathSpec>
A concrete implementation of SecurityHandler that uses a PathMappings to
match request to a list of Constraints, which are applied in the order of
least significant to most significant.
An example of using this class is:
SecurityHandler.PathMapped handler = new SecurityHandler.PathMapped();
handler.put("/*", Constraint.combine(Constraint.FORBIDDEN, Constraint.SECURE_TRANSPORT));
handler.put("", Constraint.ALLOWED);
handler.put("/login", Constraint.ALLOWED);
handler.put("*.png", Constraint.ANY_TRANSPORT);
handler.put("/admin/*", Constraint.from("admin", "operator"));
handler.put("/admin/super/*", Constraint.from("operator"));
handler.put("/user/*", Constraint.ANY_USER);
handler.put("*.xml", Constraint.FORBIDDEN);
When getConstraint(String, Request) is called, any matching
constraints are sorted into least to most significant with
compare(PathSpec, PathSpec), resulting in the order in which
Constraint.combine(Constraint, Constraint) will be applied.
For example:
"/admin/index.html"matches"/*"and"/admin/*", resulting in a constraint ofConstraint.Authorization.SPECIFIC_ROLEandConstraint.Transport.SECURE."/admin/logo.png"matches"/*","/admin/*"and"*.png", resulting in a constraint ofConstraint.Authorization.SPECIFIC_ROLEandConstraint.Transport.ANY."/admin/config.xml"matches"/*","/admin/*"and"*.xml", resulting in a constraint ofConstraint.Authorization.FORBIDDENandConstraint.Transport.SECURE."/admin/super/index.html"matches"/*","/admin/*"and"/admin/super/*", resulting in a constraint ofConstraint.Authorization.SPECIFIC_ROLEandConstraint.Transport.SECURE.
If there is no match for the request path, then the constraint is assumed to be Constraint.ALLOWED.
It is therefore good practice to always explicitly configure a constraint for path /* or /.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.eclipse.jetty.security.SecurityHandler
SecurityHandler.NotChecked, SecurityHandler.PathMapped, SecurityHandler.PathMethodMappedNested classes/interfaces inherited from class org.eclipse.jetty.server.Handler.Abstract
Handler.Abstract.NonBlockingNested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopExceptionNested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator.Configuration
Authenticator.Configuration.WrapperNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.ListenerNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer, Dumpable.DumpAppendableNested classes/interfaces inherited from interface org.eclipse.jetty.server.Handler
Handler.Abstract, Handler.AbstractContainer, Handler.Collection, Handler.Container, Handler.Sequence, Handler.Singleton, Handler.WrapperNested classes/interfaces inherited from interface org.eclipse.jetty.util.thread.Invocable
Invocable.Callable, Invocable.InvocationType, Invocable.ReadyTask, Invocable.TaskNested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.ListenerNested classes/interfaces inherited from interface org.eclipse.jetty.server.Request.Handler
Request.Handler.AbortException -
Field Summary
Fields inherited from class org.eclipse.jetty.security.SecurityHandler
SESSION_AUTHENTICATED_ATTRIBUTEFields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
FAILED, STARTED, STARTING, STOPPED, STOPPINGFields inherited from interface org.eclipse.jetty.util.thread.Invocable
__nonBlocking, NOOP -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionintComparatormethod to sort paths from least specific to most specific.protected ConstraintgetConstraint(String pathInContext, Request request) protected intGet the relative precedence of aPathSpecGroupused bycompare(MappedResource, MappedResource)to sortConstraints.put(String pathSpec, Constraint constraint) Associates the specified request path pattern with the specifiedConstraint.put(PathSpec pathSpec, Constraint constraint) Associates the specified request path pattern with the specifiedConstraint.Methods inherited from class org.eclipse.jetty.security.SecurityHandler
doStart, doStop, findIdentityService, findLoginService, getAuthenticationType, getAuthenticator, getAuthenticatorFactory, getCurrentSecurityHandler, getIdentityService, getKnownAuthenticatorFactories, getLoginService, getParameter, getParameterNames, getRealmName, getSessionMaxInactiveIntervalOnAuthentication, handle, isAuthorized, isSessionRenewedOnAuthentication, redirectToSecure, setAuthenticationType, setAuthenticator, setAuthenticatorFactory, setIdentityService, setLoginService, setParameter, setRealmName, setSessionMaxInactiveIntervalOnAuthentication, setSessionRenewedOnAuthenticationMethods inherited from class org.eclipse.jetty.server.Handler.Wrapper
getHandler, getInvocationType, setHandlerMethods inherited from class org.eclipse.jetty.server.Handler.AbstractContainer
findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic, setServerMethods inherited from class org.eclipse.jetty.server.Handler.Abstract
destroy, getServerMethods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeansMethods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toStringMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface java.util.Comparator
equals, reversed, thenComparing, thenComparing, thenComparing, thenComparingDouble, thenComparingInt, thenComparingLongMethods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListenersMethods inherited from interface org.eclipse.jetty.util.component.Destroyable
destroyMethods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpableMethods inherited from interface org.eclipse.jetty.server.Handler.Container
getContainer, getDescendant, getDescendants, getDescendantsMethods inherited from interface org.eclipse.jetty.server.Handler.Singleton
getHandlers, getTail, insertHandler, setHandlerMethods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop
-
Constructor Details
-
PathMapped
public PathMapped() -
PathMapped
-
-
Method Details
-
put
Associates the specified request path pattern with the specified
Constraint.- Parameters:
pathSpec- the request path pattern to matchconstraint- the associatedConstraint- Returns:
- the previous
Constraintassociated with the request path pattern, ornullif there was no previous association
-
put
Associates the specified request path pattern with the specified
Constraint.- Parameters:
pathSpec- the request path pattern to matchconstraint- the associatedConstraint- Returns:
- the previous
Constraintassociated with the request path pattern, ornullif there was no previous association
-
get
-
remove
-
getConstraint
- Specified by:
getConstraintin classSecurityHandler
-
compare
Comparatormethod to sort paths from least specific to most specific. Using thepathSpecGroupPrecedence(PathSpecGroup)to rank different groups andPathSpec.getSpecLength()to rank within a group. This method may be overridden to provide different precedence between constraints.- Specified by:
comparein interfaceComparator<PathSpec>- Parameters:
ps1- the firstPathSpecto be compared.ps2- the secondPathSpecto be compared.- Returns:
- -1, 0 or 1
-
pathSpecGroupPrecedence
Get the relative precedence of aPathSpecGroupused bycompare(MappedResource, MappedResource)to sortConstraints. The precedence from most significant to least is:- Parameters:
group- The group to rank.- Returns:
- An integer representing relative precedence between
PathSpecGroups.
-
getKnownRoles
- Overrides:
getKnownRolesin classSecurityHandler
-