Package org.eclipse.jetty.security

Class SecurityHandler

    • Field Detail

      • __NO_USER

        public static final java.security.Principal __NO_USER

      • __NOBODY

        public static final java.security.Principal __NOBODY
        Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

    • Constructor Detail

      • SecurityHandler

        protected SecurityHandler()

    • Method Detail

      • setIdentityService

        public void setIdentityService​(IdentityService identityService)
        Set the identityService.
        Parameters:
        identityService - the identityService to set

      • setLoginService

        public void setLoginService​(LoginService loginService)
        Set the loginService.
        Parameters:
        loginService - the loginService to set

      • setAuthenticator

        public void setAuthenticator​(Authenticator authenticator)
        Set the authenticator.
        Parameters:
        authenticator - the authenticator
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • getAuthenticatorFactory

        public Authenticator.Factory getAuthenticatorFactory()
        Returns:
        the authenticatorFactory

      • setAuthenticatorFactory

        public void setAuthenticatorFactory​(Authenticator.Factory authenticatorFactory)
        Parameters:
        authenticatorFactory - the authenticatorFactory to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • getKnownAuthenticatorFactories

        public java.util.List<Authenticator.Factory> getKnownAuthenticatorFactories()
        Returns:
        the list of discovered authenticatorFactories

      • setRealmName

        public void setRealmName​(java.lang.String realmName)
        Parameters:
        realmName - the realmName to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • setAuthMethod

        public void setAuthMethod​(java.lang.String authMethod)
        Parameters:
        authMethod - the authMethod to set
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • isCheckWelcomeFiles

        public boolean isCheckWelcomeFiles()
        Returns:
        True if forwards to welcome files are authenticated

      • setCheckWelcomeFiles

        public void setCheckWelcomeFiles​(boolean authenticateWelcomeFiles)
        Parameters:
        authenticateWelcomeFiles - True if forwards to welcome files are authenticated
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is running

      • setInitParameter

        public java.lang.String setInitParameter​(java.lang.String key,
                                         java.lang.String value)
        Set an initialization parameter.
        Parameters:
        key - the init key
        value - the init value
        Returns:
        previous value
        Throws:
        java.lang.IllegalStateException - if the SecurityHandler is started

      • findLoginService

        protected LoginService findLoginService()
                                 throws java.lang.Exception
        Throws:
        java.lang.Exception

      • doStart

        protected void doStart()
                throws java.lang.Exception
        Description copied from class: ContainerLifeCycle
        Starts the managed lifecycle beans in the order they were added.
        Overrides:
        doStart in class AbstractHandler
        Throws:
        java.lang.Exception

      • doStop

        protected void doStop()
               throws java.lang.Exception
        Description copied from class: ContainerLifeCycle
        Stops the managed lifecycle beans in the reverse order they were added.
        Overrides:
        doStop in class AbstractHandler
        Throws:
        java.lang.Exception

      • checkSecurity

        protected boolean checkSecurity​(Request request)

      • setSessionRenewedOnAuthentication

        public void setSessionRenewedOnAuthentication​(boolean renew)
        Set renew the session on Authentication.

        If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.

        Parameters:
        renew - true to renew the authentication on session
        See Also:
        Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()

      • handle

        public void handle​(java.lang.String pathInContext,
                   Request baseRequest,
                   javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)
            throws java.io.IOException,
                   javax.servlet.ServletException
        Description copied from interface: Handler
        Handle a request.
        Specified by:
        handle in interface Handler
        Overrides:
        handle in class HandlerWrapper
        Parameters:
        pathInContext - The target of the request - either a URI or a name.
        baseRequest - The original unwrapped request object.
        request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
        response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
        Throws:
        java.io.IOException - if unable to handle the request or response processing
        javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue

      • getCurrentSecurityHandler

        public static SecurityHandler getCurrentSecurityHandler()

      • prepareConstraintInfo

        protected abstract RoleInfo prepareConstraintInfo​(java.lang.String pathInContext,
                                                  Request request)

      • checkUserDataPermissions

        protected abstract boolean checkUserDataPermissions​(java.lang.String pathInContext,
                                                    Request request,
                                                    Response response,
                                                    RoleInfo constraintInfo)
                                             throws java.io.IOException
        Throws:
        java.io.IOException

      • isAuthMandatory

        protected abstract boolean isAuthMandatory​(Request baseRequest,
                                           Response baseResponse,
                                           java.lang.Object constraintInfo)

      • checkWebResourcePermissions

        protected abstract boolean checkWebResourcePermissions​(java.lang.String pathInContext,
                                                       Request request,
                                                       Response response,
                                                       java.lang.Object constraintInfo,
                                                       UserIdentity userIdentity)
                                                throws java.io.IOException
        Throws:
        java.io.IOException