Package org.eclipse.jetty.security

Class SecurityHandler.PathMapped

java.lang.Object

org.eclipse.jetty.util.component.AbstractLifeCycle

org.eclipse.jetty.util.component.ContainerLifeCycle

org.eclipse.jetty.server.Handler.Abstract

org.eclipse.jetty.server.Handler.AbstractContainer

org.eclipse.jetty.server.Handler.Wrapper

org.eclipse.jetty.security.SecurityHandler

org.eclipse.jetty.security.SecurityHandler.PathMapped

All Implemented Interfaces:

Comparator<PathSpec>, Authenticator.Configuration, Handler, Handler.Container, Handler.Singleton, Request.Handler, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle, Invocable

Enclosing class:

SecurityHandler

public static class SecurityHandler.PathMapped
extends SecurityHandler
implements Comparator<PathSpec>

A concrete implementation of SecurityHandler that uses a PathMappings to match request to a list of Constraints, which are applied in the order of least significant to most significant.

An example of using this class is:

     SecurityHandler.PathMapped handler = new SecurityHandler.PathMapped();
     handler.put("/*", Constraint.combine(Constraint.FORBIDDEN, Constraint.SECURE_TRANSPORT);
     handler.put("", Constraint.ALLOWED);
     handler.put("/login", Constraint.ALLOWED);
     handler.put("*.png", Constraint.ANY_TRANSPORT);
     handler.put("/admin/*", Constraint.from("admin", "operator"));
     handler.put("/admin/super/*", Constraint.from("operator"));
     handler.put("/user/*", Constraint.ANY_USER);
     handler.put("*.xml", Constraint.FORBIDDEN);
 

When getConstraint(String, Request) is called, any matching constraints are sorted into least to most significant with compare(PathSpec, PathSpec), resulting in the order in which Constraint.combine(Constraint, Constraint) will be applied. For example:

• "/admin/index.html" matches "/*" and "/admin/*", resulting in a constraint of Constraint.Authorization.SPECIFIC_ROLE and Constraint.Transport.SECURE.
• "/admin/logo.png" matches "/*", "/admin/*" and "*.png", resulting in a constraint of Constraint.Authorization.SPECIFIC_ROLE and Constraint.Transport.ANY.
• "/admin/config.xml" matches "/*", "/admin/*" and "*.xml", resulting in a constraint of Constraint.Authorization.FORBIDDEN and Constraint.Transport.SECURE.
• "/admin/super/index.html" matches "/*", "/admin/*" and "/admin/super/*", resulting in a constraint of Constraint.Authorization.SPECIFIC_ROLE and Constraint.Transport.SECURE.

Nested Class Summary

Nested classes/interfaces inherited from class org.eclipse.jetty.security.SecurityHandler

SecurityHandler.NotChecked, SecurityHandler.PathMapped

Nested classes/interfaces inherited from class org.eclipse.jetty.server.Handler.Abstract

Handler.Abstract.NonBlocking

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException

Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator.Configuration

Authenticator.Configuration.Wrapper

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container

Container.InheritedListener, Container.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable

Dumpable.DumpableContainer

Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Handler

Handler.Abstract, Handler.AbstractContainer, Handler.Collection, Handler.Container, Handler.Sequence, Handler.Singleton, Handler.Wrapper

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.thread.Invocable

Invocable.Callable, Invocable.InvocationType, Invocable.ReadyTask, Invocable.Task

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Request.Handler

Request.Handler.AbortException

Field Summary

Fields inherited from class org.eclipse.jetty.security.SecurityHandler

SESSION_AUTHENTICATED_ATTRIBUTE

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

FAILED, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.util.component.Dumpable

KEY

Fields inherited from interface org.eclipse.jetty.util.thread.Invocable

__nonBlocking, NOOP

Constructor Summary

Constructors

Constructor	Description
PathMapped()
PathMapped(Handler handler)

Method Summary

Modifier and Type	Method	Description
int	compare(PathSpec ps1, PathSpec ps2)	Comparator method to sort paths from least specific to most specific.
Constraint	get(PathSpec pathSpec)
protected Constraint	getConstraint(String pathInContext, Request request)
protected Set<String>	getKnownRoles()
protected int	pathSpecGroupPrecedence(PathSpecGroup group)	Get the relative precedence of a PathSpecGroup used by compare(MappedResource, MappedResource) to sort Constraints.
Constraint	put(String pathSpec, Constraint constraint)
Constraint	put(PathSpec pathSpec, Constraint constraint)
Constraint	remove(PathSpec pathSpec)

Methods inherited from class org.eclipse.jetty.security.SecurityHandler

doStart, doStop, findIdentityService, findLoginService, getAuthenticationType, getAuthenticator, getAuthenticatorFactory, getCurrentSecurityHandler, getIdentityService, getKnownAuthenticatorFactories, getLoginService, getParameter, getParameterNames, getRealmName, getSessionMaxInactiveIntervalOnAuthentication, handle, isAuthorized, isSessionRenewedOnAuthentication, redirectToSecure, setAuthenticationType, setAuthenticator, setAuthenticatorFactory, setIdentityService, setLoginService, setParameter, setRealmName, setSessionMaxInactiveIntervalOnAuthentication, setSessionRenewedOnAuthentication

Methods inherited from class org.eclipse.jetty.server.Handler.Wrapper

getHandler, getInvocationType, setHandler

Methods inherited from class org.eclipse.jetty.server.Handler.AbstractContainer

findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic, setServer

Methods inherited from class org.eclipse.jetty.server.Handler.Abstract

destroy, getServer

Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle

addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.util.Comparator

equals, reversed, thenComparing, thenComparing, thenComparing, thenComparingDouble, thenComparingInt, thenComparingLong

Methods inherited from interface org.eclipse.jetty.util.component.Container

getCachedBeans, getEventListeners

Methods inherited from interface org.eclipse.jetty.util.component.Destroyable

destroy

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable

dumpSelf

Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer

isDumpable

Methods inherited from interface org.eclipse.jetty.server.Handler

getServer, setServer

Methods inherited from interface org.eclipse.jetty.server.Handler.Container

getContainer, getDescendant, getDescendants, getDescendants

Methods inherited from interface org.eclipse.jetty.server.Handler.Singleton

getHandlers, getTail, insertHandler, setHandler

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop

Constructor Details

PathMapped

public PathMapped()

PathMapped

public PathMapped(Handler handler)

Method Details

put

public Constraint put(String pathSpec,
 Constraint constraint)

put

public Constraint put(PathSpec pathSpec,
 Constraint constraint)

get

public Constraint get(PathSpec pathSpec)

remove

public Constraint remove(PathSpec pathSpec)

getConstraint

protected Constraint getConstraint(String pathInContext,
 Request request)

Specified by:

getConstraint in class SecurityHandler

compare

public int compare(PathSpec ps1,
 PathSpec ps2)

Comparator method to sort paths from least specific to most specific. Using the pathSpecGroupPrecedence(PathSpecGroup) to rank different groups and PathSpec.getSpecLength() to rank within a group. This method may be overridden to provide different precedence between constraints.

Specified by:

compare in interface Comparator<PathSpec>

Parameters:

ps1 - the first PathSpec to be compared.

ps2 - the second PathSpec to be compared.

Returns:

-1, 0 or 1

pathSpecGroupPrecedence

protected int pathSpecGroupPrecedence(PathSpecGroup group)

Get the relative precedence of a PathSpecGroup used by compare(MappedResource, MappedResource) to sort Constraints. The precedence from most significant to least is:

• PathSpecGroup.EXACT
• PathSpecGroup.ROOT
• PathSpecGroup.SUFFIX_GLOB
• PathSpecGroup.MIDDLE_GLOB
• PathSpecGroup.PREFIX_GLOB
• PathSpecGroup.DEFAULT

Parameters:

group - The group to rank.

Returns:

An integer representing relative precedence between PathSpecGroups.

getKnownRoles

protected Set<String> getKnownRoles()

Overrides:

getKnownRoles in class SecurityHandler