Class SecurityHandler
- All Implemented Interfaces:
Authenticator.Configuration
,Handler
,Handler.Container
,Handler.Singleton
,Request.Handler
,Container
,Destroyable
,Dumpable
,Dumpable.DumpableContainer
,LifeCycle
,Invocable
- Direct Known Subclasses:
ConstraintSecurityHandler
,SecurityHandler.PathMapped
Select and apply an Authenticator
to a request.
The Authenticator may either be directly set on the handler
or it will be created during AbstractLifeCycle.start()
with a call to
either the default or set AuthenticatorFactory.
SecurityHandler has a set of parameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
-
Nested Class Summary
Modifier and TypeClassDescriptionclass
static class
A concrete implementation ofSecurityHandler
that uses aPathMappings
to match request to a list ofConstraint
s, which are applied in the order of least significant to most significant.Nested classes/interfaces inherited from class org.eclipse.jetty.server.Handler.Abstract
Handler.Abstract.NonBlocking
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener, AbstractLifeCycle.StopException
Nested classes/interfaces inherited from interface org.eclipse.jetty.security.Authenticator.Configuration
Authenticator.Configuration.Wrapper
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Container
Container.InheritedListener, Container.Listener
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.Dumpable
Dumpable.DumpableContainer
Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Handler
Handler.Abstract, Handler.AbstractContainer, Handler.Collection, Handler.Container, Handler.Sequence, Handler.Singleton, Handler.Wrapper
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.thread.Invocable
Invocable.Callable, Invocable.InvocationType, Invocable.ReadyTask, Invocable.Task
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle
LifeCycle.Listener
Nested classes/interfaces inherited from interface org.eclipse.jetty.server.Request.Handler
Request.Handler.AbortException
-
Field Summary
Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
FAILED, STARTED, STARTING, STOPPED, STOPPING
Fields inherited from interface org.eclipse.jetty.util.thread.Invocable
__nonBlocking, NOOP
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
doStart()
Starts the managed lifecycle beans in the order they were added.protected void
doStop()
Stops the managed lifecycle beans in the reverse order they were added.protected IdentityService
protected LoginService
Find an appropriateLoginService
from the list returned byContainer.getBeans(Class)
called on the result ofHandler.Abstract.getServer()
.protected abstract Constraint
getConstraint
(String pathInContext, Request request) static SecurityHandler
Get the identityService.Get the loginService.getParameter
(String key) Get a SecurityHandler init parameterGet a SecurityHandler init parameter namesint
Get the interval in seconds, which if non-zero, will be set withSession.setMaxInactiveInterval(int)
when a session is newly authenticatedboolean
Invoked to handle the passed HTTP request and response.protected boolean
isAuthorized
(Constraint constraint, AuthenticationState authenticationState) boolean
Should session ID be renewed on authentication.protected void
redirectToSecure
(Request request, Response response, Callback callback) void
setAuthenticationType
(String authenticationType) void
setAuthenticator
(Authenticator authenticator) Set the authenticator.void
setAuthenticatorFactory
(Authenticator.Factory authenticatorFactory) void
setIdentityService
(IdentityService identityService) Set the identityService.void
setLoginService
(LoginService loginService) Set the loginService.setParameter
(String key, String value) Set an authentication parameter for retrieval viaAuthenticator.Configuration.getParameter(String)
void
setRealmName
(String realmName) void
setSessionMaxInactiveIntervalOnAuthentication
(int seconds) Set the interval in seconds, which if non-zero, will be set withSession.setMaxInactiveInterval(int)
when a session is newly authenticated.void
setSessionRenewedOnAuthentication
(boolean renew) Set renew the session on Authentication.Methods inherited from class org.eclipse.jetty.server.Handler.Wrapper
getHandler, getInvocationType, setHandler
Methods inherited from class org.eclipse.jetty.server.Handler.AbstractContainer
findContainerOf, getDescendant, getDescendants, isDynamic, setDynamic, setServer
Methods inherited from class org.eclipse.jetty.server.Handler.Abstract
destroy, getServer
Methods inherited from class org.eclipse.jetty.util.component.ContainerLifeCycle
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dumpObjects, dumpStdErr, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, installBean, installBean, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, start, stop, unmanage, updateBean, updateBean, updateBeans, updateBeans
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle
getEventListeners, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, setEventListeners, start, stop, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.eclipse.jetty.util.component.Container
getCachedBeans, getEventListeners
Methods inherited from interface org.eclipse.jetty.util.component.Destroyable
destroy
Methods inherited from interface org.eclipse.jetty.util.component.Dumpable.DumpableContainer
isDumpable
Methods inherited from interface org.eclipse.jetty.server.Handler.Container
getContainer, getDescendant, getDescendants, getDescendants
Methods inherited from interface org.eclipse.jetty.server.Handler.Singleton
getHandlers, getTail, insertHandler, setHandler
Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle
addEventListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeEventListener, start, stop
-
Field Details
-
SESSION_AUTHENTICATED_ATTRIBUTE
-
-
Constructor Details
-
SecurityHandler
protected SecurityHandler() -
SecurityHandler
-
-
Method Details
-
getIdentityService
Get the identityService.- Specified by:
getIdentityService
in interfaceAuthenticator.Configuration
- Returns:
- the identityService
-
setIdentityService
Set the identityService.- Parameters:
identityService
- the identityService to set
-
getLoginService
Get the loginService.- Specified by:
getLoginService
in interfaceAuthenticator.Configuration
- Returns:
- the loginService
-
setLoginService
Set the loginService. If aLoginService
is not set, or is set to null, then duringdoStart()
thefindLoginService()
method is used to locate one.- Parameters:
loginService
- the loginService to set
-
getAuthenticator
-
setAuthenticator
Set the authenticator.- Parameters:
authenticator
- the authenticator- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getAuthenticatorFactory
- Returns:
- the authenticatorFactory
-
setAuthenticatorFactory
- Parameters:
authenticatorFactory
- the authenticatorFactory to set- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getKnownAuthenticatorFactories
- Returns:
- the list of discovered authenticatorFactories
-
getRealmName
- Specified by:
getRealmName
in interfaceAuthenticator.Configuration
- Returns:
- the realmName
-
setRealmName
- Parameters:
realmName
- the realmName to set- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getAuthenticationType
- Specified by:
getAuthenticationType
in interfaceAuthenticator.Configuration
- Returns:
- the name of the Authenticator
-
setAuthenticationType
- Parameters:
authenticationType
- the name of the Authenticator to use- Throws:
IllegalStateException
- if the SecurityHandler is running
-
getParameter
Description copied from interface:Authenticator.Configuration
Get a SecurityHandler init parameter- Specified by:
getParameter
in interfaceAuthenticator.Configuration
- Parameters:
key
- parameter name- Returns:
- Parameter value or null
-
getParameterNames
Description copied from interface:Authenticator.Configuration
Get a SecurityHandler init parameter names- Specified by:
getParameterNames
in interfaceAuthenticator.Configuration
- Returns:
- Set of parameter names
-
setParameter
Set an authentication parameter for retrieval viaAuthenticator.Configuration.getParameter(String)
- Parameters:
key
- the keyvalue
- the init value- Returns:
- previous value
- Throws:
IllegalStateException
- if the SecurityHandler is started
-
findLoginService
Find an appropriateLoginService
from the list returned byContainer.getBeans(Class)
called on the result ofHandler.Abstract.getServer()
. A service is selected by:- if
setRealmName(String)
has been called, the first service with a matching name is used - if the list is size 1, that service is used
- otherwise no service is selected.
- Returns:
- An appropriate
LoginService
or null
- if
-
findIdentityService
-
doStart
Description copied from class:ContainerLifeCycle
Starts the managed lifecycle beans in the order they were added.- Overrides:
doStart
in classHandler.Abstract
- Throws:
AbstractLifeCycle.StopException
- If thrown, the lifecycle will immediately be stopped.Exception
- If there was a problem starting. Will cause a transition to FAILED state
-
doStop
Description copied from class:ContainerLifeCycle
Stops the managed lifecycle beans in the reverse order they were added.- Overrides:
doStop
in classHandler.Abstract
- Throws:
Exception
- If there was a problem stopping. Will cause a transition to FAILED state
-
isSessionRenewedOnAuthentication
public boolean isSessionRenewedOnAuthentication()Description copied from interface:Authenticator.Configuration
Should session ID be renewed on authentication.- Specified by:
isSessionRenewedOnAuthentication
in interfaceAuthenticator.Configuration
- Returns:
- true if the session ID should be renewed on authentication
-
setSessionRenewedOnAuthentication
public void setSessionRenewedOnAuthentication(boolean renew) Set renew the session on Authentication.If set to true, then on authentication, the session associated with a request is invalidated and replaced with a new session.
- Parameters:
renew
- true to renew the authentication on session- See Also:
-
getSessionMaxInactiveIntervalOnAuthentication
public int getSessionMaxInactiveIntervalOnAuthentication()Description copied from interface:Authenticator.Configuration
Get the interval in seconds, which if non-zero, will be set withSession.setMaxInactiveInterval(int)
when a session is newly authenticated- Specified by:
getSessionMaxInactiveIntervalOnAuthentication
in interfaceAuthenticator.Configuration
- Returns:
- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
-
setSessionMaxInactiveIntervalOnAuthentication
public void setSessionMaxInactiveIntervalOnAuthentication(int seconds) Set the interval in seconds, which if non-zero, will be set withSession.setMaxInactiveInterval(int)
when a session is newly authenticated.- Parameters:
seconds
- An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.- See Also:
-
handle
Description copied from interface:Request.Handler
Invoked to handle the passed HTTP request and response.
The request is accepted by returning true, then handling must be concluded by completing the passed callback. The handling may be asynchronous, i.e. this method may return true and complete the given callback later, possibly from a different thread. If this method returns false, then the callback must not be invoked and any mutation on the response reversed.
Exceptions thrown by this method may be subsequently handled by an error
Request.Handler
, if present, otherwise a default HTTP 500 error is generated and the callback completed while writing the error response.The simplest implementation is:
public boolean handle(Request request, Response response, Callback callback) { callback.succeeded(); return true; }
A HelloWorld implementation is:
public boolean handle(Request request, Response response, Callback callback) { response.write(true, ByteBuffer.wrap("Hello World\n".getBytes(StandardCharsets.UTF_8)), callback); return true; }
- Specified by:
handle
in interfaceRequest.Handler
- Overrides:
handle
in classHandler.Wrapper
- Parameters:
request
- the HTTP request to handleresponse
- the HTTP response to handlecallback
- the callback to complete when the handling is complete- Returns:
- True if and only if the request will be handled, a response generated and the callback eventually called. This may occur within the scope of the call to this method, or asynchronously some time later. If false is returned, then this method must not generate a response, nor complete the callback.
- Throws:
Exception
- if there is a failure during the handling. Catchers cannot assume that the callback will be called and thus should attempt to complete the request as if a false had been returned.- See Also:
-
getCurrentSecurityHandler
-
getConstraint
-
redirectToSecure
-
isAuthorized
-
getKnownRoles
-