Package org.eclipse.jetty.security
Interface Constraint
public interface Constraint
A Security constraint that is applied to a request, which contain:
- A name
- Authorization to specify if authentication is needed and what roles are applicable
- An optional list of role names used for
Constraint.Authorization.KNOWN_ROLE - A Transport constraint, indicating if it must be secure or not.
The core constraint is not the same as the servlet specification AuthConstraint, but it is
sufficiently capable to represent servlet constraints.
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic enumThe Authorization applied to any authentication of the request/static classBuilder for Constraint.static enumThe constraints requirement for the transport -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final ConstraintA static Constraint that hasConstraint.Authorization.ALLOWEDandConstraint.Transport.INHERIT.static final ConstraintA static Constraint that hasConstraint.Authorization.ALLOWEDandConstraint.Transport.ANY.static final ConstraintA static Constraint that hasConstraint.Transport.ANYandConstraint.Authorization.INHERITstatic final ConstraintA static Constraint that hasConstraint.Authorization.ANY_USERandConstraint.Transport.INHERIT.static final ConstraintA static Constraint that hasConstraint.Authorization.FORBIDDENandConstraint.Transport.INHERIT.static final ConstraintA static Constraint that hasConstraint.Authorization.KNOWN_ROLEandConstraint.Transport.INHERIT.static final ConstraintA static Constraint that hasConstraint.Transport.SECUREandConstraint.Authorization.INHERIT -
Method Summary
Modifier and TypeMethodDescriptionstatic Constraintcombine(String name, Constraint leastSpecific, Constraint mostSpecific) Combine two Constraints by:static Constraintcombine(Constraint leastSpecific, Constraint mostSpecific) Combine two Constraints by usingcombine(String, Constraint, Constraint)with a generated name.static Constraintstatic Constraintfrom(String name, Constraint.Authorization authorization, String... roles) static Constraintfrom(String name, Constraint.Transport transport) static Constraintfrom(String name, Constraint.Transport transport, Constraint.Authorization authorization, Set<String> roles) static Constraintfrom(Constraint.Transport transport, Constraint.Authorization authorization, Set<String> roles) getName()getRoles()
-
Field Details
-
ALLOWED
A static Constraint that hasConstraint.Authorization.ALLOWEDandConstraint.Transport.INHERIT. -
FORBIDDEN
A static Constraint that hasConstraint.Authorization.FORBIDDENandConstraint.Transport.INHERIT. -
ANY_USER
A static Constraint that hasConstraint.Authorization.ANY_USERandConstraint.Transport.INHERIT. -
KNOWN_ROLE
A static Constraint that hasConstraint.Authorization.KNOWN_ROLEandConstraint.Transport.INHERIT. -
SECURE_TRANSPORT
A static Constraint that hasConstraint.Transport.SECUREandConstraint.Authorization.INHERIT -
ANY_TRANSPORT
A static Constraint that hasConstraint.Transport.ANYandConstraint.Authorization.INHERIT -
ALLOWED_ANY_TRANSPORT
A static Constraint that hasConstraint.Authorization.ALLOWEDandConstraint.Transport.ANY.
-
-
Method Details
-
getName
String getName()- Returns:
- The name for the
Constraintor "unnamed@hashcode" if not named
-
getTransport
Constraint.Transport getTransport()- Returns:
- The required
Constraint.Transportor null if the transport can be either.
-
getAuthorization
Constraint.Authorization getAuthorization()- Returns:
- The
Constraint.Authorizationcriteria applied by thisConstraintor null if this constraint does not have any authorization requirements.
-
getRoles
- Returns:
- The set of roles applied by this
Constraintor the empty set.
-
combine
Combine two Constraints by usingcombine(String, Constraint, Constraint)with a generated name.- Parameters:
leastSpecific- Constraint to combinemostSpecific- Constraint to combine- Returns:
- the combined constraint.
- See Also:
-
combine
Combine two Constraints by:
- if both constraints are
Null, thenALLOWEDis returned. - if either constraint is
Nullthe other is returned. - only if the
mostSpecificconstraint hasConstraint.Authorization.INHERITis theleastSpecificconstraint'sConstraint.Authorizationused, otherwise themostSpecific's is used. - if the combined constraint has
Constraint.Authorization.SPECIFIC_ROLE, then the role set from the constraint that specified theConstraint.Authorization.SPECIFIC_ROLEis used. - only if the
mostSpecificconstraint hasConstraint.Transport.INHERITis theleastSpecificconstraint'sConstraint.Transportused, otherwise themostSpecific's is used.
Typically the path of the constraint is used to determine which constraint is most specific. For example if the following paths mapped to Constraints as:
/* -> Authorization.FORBIDDEN,roles=[],Transport.SECURE /admin/* -> Authorization.SPECIFIC_ROLE,roles=["admin"],Transport.INHERITThe the
/admin/*constraint would be consider most specific and a request to/admin/filewould haveConstraint.Authorization.SPECIFIC_ROLEfrom the/admin/*constraint andConstraint.Transport.SECUREinherited from the/*constraint. For more examples seeSecurityHandler.PathMapped.Note that this combination is not equivalent to the combination done by the EE servlet specification.
- Parameters:
name- The name to use for the combined constraintleastSpecific- Constraint to combinemostSpecific- Constraint to combine- Returns:
- the combined constraint.
- if both constraints are
-
from
-
from
-
from
-
from
static Constraint from(Constraint.Transport transport, Constraint.Authorization authorization, Set<String> roles) -
from
static Constraint from(String name, Constraint.Transport transport, Constraint.Authorization authorization, Set<String> roles)
-