Package org.eclipse.jetty.security

Class SecurityHandler.PathMethodMapped

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.Handler.Abstract
org.eclipse.jetty.server.Handler.AbstractContainer
org.eclipse.jetty.server.Handler.Wrapper
org.eclipse.jetty.security.SecurityHandler
org.eclipse.jetty.security.SecurityHandler.PathMethodMapped
All Implemented Interfaces:
Authenticator.Configuration, Handler, Handler.Container, Handler.Singleton, Request.Handler, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle, Invocable
Enclosing class:
SecurityHandler
public static class SecurityHandler.PathMethodMapped extends SecurityHandler

A concrete implementation of SecurityHandler that uses a PathMappings to match request paths to a map of an HTTP method to a Constraint.

The token * is used to indicate all HTTP methods.

Request path matches are sorted from the least significant to the most significant, and the associated constraints are combined in order.

For example:


 SecurityHandler.PathMethodMapped handler = new SecurityHandler.PathMethodMapped();
 handler.put(PathSpec.from("/*"), "*", Constraint.combine(Constraint.FORBIDDEN, Constraint.SECURE_TRANSPORT));
 handler.put(PathSpec.from("/releases/*"), "GET", Constraint.from("read"));
 handler.put(PathSpec.from("/releases/*"), "PUT", Constraint.from("write"));

For these request paths:

If there is no match for the request path, then the constraint is assumed to be Constraint.ALLOWED.

If there is no match for the request URI, or no match for the HTTP method, then the constraint is assumed to be Constraint.ALLOWED.

It is therefore good practice to always explicitly configure a constraint for path /* or / and HTTP method *.

  • Constructor Details

    • PathMethodMapped

      public PathMethodMapped()

    • PathMethodMapped

      public PathMethodMapped(Handler handler)

  • Method Details

    • put

      public Constraint put(String pathSpec, String method, Constraint constraint)

      Associates the given Constraint to the given request path patten and HTTP method.

      Parameters:
      pathSpec - the PathSpec associated to the given constraint
      method - the HTTP method associated to the given constraint, or null or * to indicate all HTTP methods
      constraint - the constraint to associate
      Returns:
      the previous constraint associated with the given path and HTTP method, or null is there was no association

    • put

      public Constraint put(PathSpec pathSpec, String method, Constraint constraint)

      Associates the given Constraint to the given request path pattern and HTTP method.

      Parameters:
      pathSpec - the PathSpec associated to the given constraint
      method - the HTTP method associated to the given constraint, or null or * to indicate all HTTP methods
      constraint - the constraint to associate
      Returns:
      the previous constraint associated with the given path and HTTP method, or null is there was no association

    • put

      public void put(PathSpec pathSpec, List<String> methods, Constraint constraint)

      Associates the given Constraint to the given request path pattern and HTTP methods.

      Parameters:
      pathSpec - the PathSpec associated to the given constraint
      methods - the list of HTTP methods associated to the given constraint
      constraint - the constraint to associate

    • getConstraint

      protected Constraint getConstraint(String pathInContext, Request request)
      Specified by:
      getConstraint in class SecurityHandler

    • getKnownRoles

      protected Set<String> getKnownRoles()
      Overrides:
      getKnownRoles in class SecurityHandler