public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration
Authenticator to a request.
The Authenticator may either be directly set on the handler
or will be create during AbstractLifeCycle.start() with a call to
either the default or set AuthenticatorFactory.
SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
| Modifier and Type | Class and Description |
|---|---|
class |
SecurityHandler.NotChecked |
AbstractLifeCycle.AbstractLifeCycleListenerLifeCycle.Listener| Modifier and Type | Field and Description |
|---|---|
static Principal |
__NO_USER |
static Principal |
__NOBODY
Nobody user.
|
_handler_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING| Modifier | Constructor and Description |
|---|---|
protected |
SecurityHandler() |
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
checkSecurity(Request request) |
protected abstract boolean |
checkUserDataPermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo) |
protected abstract boolean |
checkWebResourcePermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo,
UserIdentity userIdentity) |
protected void |
doStart()
Start the managed lifecycle beans in the order they were added.
|
protected void |
doStop()
Stop the joined lifecycle beans in the reverse order they were added.
|
protected IdentityService |
findIdentityService() |
protected LoginService |
findLoginService() |
Authenticator |
getAuthenticator() |
Authenticator.Factory |
getAuthenticatorFactory() |
String |
getAuthMethod() |
static SecurityHandler |
getCurrentSecurityHandler() |
IdentityService |
getIdentityService()
Get the identityService.
|
String |
getInitParameter(String key)
Get a SecurityHandler init parameter
|
Set<String> |
getInitParameterNames()
Get a SecurityHandler init parameter names
|
LoginService |
getLoginService()
Get the loginService.
|
String |
getRealmName() |
void |
handle(String pathInContext,
Request baseRequest,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handle a request.
|
protected abstract boolean |
isAuthMandatory(Request baseRequest,
Response base_response,
Object constraintInfo) |
boolean |
isCheckWelcomeFiles() |
boolean |
isSessionRenewedOnAuthentication() |
void |
logout(Authentication.User user) |
protected abstract Object |
prepareConstraintInfo(String pathInContext,
Request request) |
void |
setAuthenticator(Authenticator authenticator)
Set the authenticator.
|
void |
setAuthenticatorFactory(Authenticator.Factory authenticatorFactory) |
void |
setAuthMethod(String authMethod) |
void |
setCheckWelcomeFiles(boolean authenticateWelcomeFiles) |
void |
setIdentityService(IdentityService identityService)
Set the identityService.
|
String |
setInitParameter(String key,
String value)
Set an initialization parameter.
|
void |
setLoginService(LoginService loginService)
Set the loginService.
|
void |
setRealmName(String realmName) |
void |
setSessionRenewedOnAuthentication(boolean renew)
Set renew the session on Authentication.
|
destroy, expandChildren, getHandler, getHandlers, getNestedHandlerByClass, setHandler, setServerdump, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClassdumpThis, getServeraddBean, addBean, contains, dump, dump, dump, dump, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanageaddLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stopclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitaddLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stoppublic static Principal __NO_USER
public static Principal __NOBODY
public IdentityService getIdentityService()
getIdentityService in interface Authenticator.AuthConfigurationpublic void setIdentityService(IdentityService identityService)
identityService - the identityService to setpublic LoginService getLoginService()
getLoginService in interface Authenticator.AuthConfigurationpublic void setLoginService(LoginService loginService)
loginService - the loginService to setpublic Authenticator getAuthenticator()
public void setAuthenticator(Authenticator authenticator)
authenticator - IllegalStateException - if the SecurityHandler is runningpublic Authenticator.Factory getAuthenticatorFactory()
public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
authenticatorFactory - the authenticatorFactory to setIllegalStateException - if the SecurityHandler is runningpublic String getRealmName()
getRealmName in interface Authenticator.AuthConfigurationpublic void setRealmName(String realmName)
realmName - the realmName to setIllegalStateException - if the SecurityHandler is runningpublic String getAuthMethod()
getAuthMethod in interface Authenticator.AuthConfigurationpublic void setAuthMethod(String authMethod)
authMethod - the authMethod to setIllegalStateException - if the SecurityHandler is runningpublic boolean isCheckWelcomeFiles()
public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
authenticateWelcomeFiles - True if forwards to welcome files are
authenticatedIllegalStateException - if the SecurityHandler is runningpublic String getInitParameter(String key)
Authenticator.AuthConfigurationgetInitParameter in interface Authenticator.AuthConfigurationkey - parameter namegetInitParameter(String)public Set<String> getInitParameterNames()
Authenticator.AuthConfigurationgetInitParameterNames in interface Authenticator.AuthConfigurationgetInitParameterNames()public String setInitParameter(String key, String value)
key - value - IllegalStateException - if the SecurityHandler is runningprotected LoginService findLoginService()
protected IdentityService findIdentityService()
protected void doStart()
throws Exception
AggregateLifeCycledoStart in class HandlerWrapperExceptionAbstractLifeCycle.doStart()protected void doStop()
throws Exception
AggregateLifeCycledoStop in class HandlerWrapperExceptionHandlerWrapper.doStop()protected boolean checkSecurity(Request request)
public boolean isSessionRenewedOnAuthentication()
isSessionRenewedOnAuthentication in interface Authenticator.AuthConfigurationAuthenticator.AuthConfiguration.isSessionRenewedOnAuthentication()public void setSessionRenewedOnAuthentication(boolean renew)
If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
public void handle(String pathInContext, Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, javax.servlet.ServletException
Handlerhandle in interface Handlerhandle in class HandlerWrapperpathInContext - The target of the request - either a URI or a name.baseRequest - The original unwrapped request object.request - The request either as the Request
object or a wrapper of that request. The AbstractHttpConnection.getCurrentConnection()
method can be used access the Request object if required.response - The response as the Response
object or a wrapper of that request. The AbstractHttpConnection.getCurrentConnection()
method can be used access the Response object if required.IOExceptionjavax.servlet.ServletExceptionpublic static SecurityHandler getCurrentSecurityHandler()
public void logout(Authentication.User user)
protected abstract Object prepareConstraintInfo(String pathInContext, Request request)
protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException
IOExceptionprotected abstract boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo)
protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException
IOExceptionCopyright © 1995-2015 Mort Bay Consulting. All Rights Reserved.