public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
SecurityHandler.NotChecked
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
__NO_USER, __NOBODY
_handler
Constructor and Description |
---|
ConstraintSecurityHandler() |
Modifier and Type | Method and Description |
---|---|
void |
addConstraintMapping(ConstraintMapping mapping)
Add a Constraint Mapping.
|
void |
addRole(String role)
Add a Role definition.
|
boolean |
checkPathsWithUncoveredHttpMethods()
Servlet spec 3.1 pg.
|
protected boolean |
checkUserDataPermissions(String pathInContext,
Request request,
Response response,
RoleInfo roleInfo) |
protected boolean |
checkWebResourcePermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo,
UserIdentity userIdentity) |
protected void |
configureRoleInfo(RoleInfo ri,
ConstraintMapping mapping)
Initialize or update the RoleInfo from the constraint
|
static Constraint |
createConstraint() |
static Constraint |
createConstraint(Constraint constraint) |
static Constraint |
createConstraint(String name,
boolean authenticate,
String[] roles,
int dataConstraint)
Create a security constraint
|
static Constraint |
createConstraint(String name,
HttpConstraintElement element) |
static Constraint |
createConstraint(String name,
String[] rolesAllowed,
ServletSecurity.EmptyRoleSemantic permitOrDeny,
ServletSecurity.TransportGuarantee transport) |
static List<ConstraintMapping> |
createConstraintsWithMappingsForPath(String name,
String pathSpec,
ServletSecurityElement securityElement)
Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
|
protected void |
doStart()
Starts the managed lifecycle beans in the order they were added.
|
protected void |
doStop()
Stops the managed lifecycle beans in the reverse order they were added.
|
void |
dump(Appendable out,
String indent) |
List<ConstraintMapping> |
getConstraintMappings() |
static List<ConstraintMapping> |
getConstraintMappingsForPath(String pathSpec,
List<ConstraintMapping> constraintMappings) |
protected Set<String> |
getOmittedMethods(String omission)
Given a string of the form <method>.<method>.omission
split out the individual method names.
|
Set<String> |
getPathsWithUncoveredHttpMethods()
Servlet spec 3.1 pg.
|
Set<String> |
getRoles() |
protected boolean |
isAuthMandatory(Request baseRequest,
Response base_response,
Object constraintInfo) |
boolean |
isDenyUncoveredHttpMethods() |
protected boolean |
omissionsExist(String path,
Map<String,RoleInfo> methodMappings)
Check if any http method omissions exist in the list of method
to auth info mappings.
|
protected RoleInfo |
prepareConstraintInfo(String pathInContext,
Request request)
Find constraints that apply to the given path.
|
protected void |
processConstraintMapping(ConstraintMapping mapping)
Create and combine the constraint with the existing processed
constraints.
|
protected void |
processConstraintMappingWithMethodOmissions(ConstraintMapping mapping,
Map<String,RoleInfo> mappings)
Constraints that name method omissions are dealt with differently.
|
static List<ConstraintMapping> |
removeConstraintMappingsForPath(String pathSpec,
List<ConstraintMapping> constraintMappings)
Take out of the constraint mappings those that match the
given path.
|
void |
setConstraintMappings(ConstraintMapping[] constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(List<ConstraintMapping> constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(List<ConstraintMapping> constraintMappings,
Set<String> roles)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setDenyUncoveredHttpMethods(boolean deny)
See Servlet Spec 31, sec 13.8.4, pg 145
When true, requests with http methods not explicitly covered either by inclusion or omissions
in constraints, will have access denied.
|
void |
setRoles(Set<String> roles)
Set the known roles.
|
checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication
destroy, expandChildren, getHandler, getHandlers, setHandler, setServer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass
dumpThis, getServer
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpBeans, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
public static Constraint createConstraint()
public static Constraint createConstraint(Constraint constraint)
constraint
- public static Constraint createConstraint(String name, boolean authenticate, String[] roles, int dataConstraint)
name
- authenticate
- roles
- dataConstraint
- public static Constraint createConstraint(String name, HttpConstraintElement element)
name
- element
- public static Constraint createConstraint(String name, String[] rolesAllowed, ServletSecurity.EmptyRoleSemantic permitOrDeny, ServletSecurity.TransportGuarantee transport)
name
- rolesAllowed
- permitOrDeny
- transport
- public static List<ConstraintMapping> getConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
pathSpec
- constraintMappings
- public static List<ConstraintMapping> removeConstraintMappingsForPath(String pathSpec, List<ConstraintMapping> constraintMappings)
pathSpec
- constraintMappings
- a new list minus the matching constraintspublic static List<ConstraintMapping> createConstraintsWithMappingsForPath(String name, String pathSpec, ServletSecurityElement securityElement)
name
- pathSpec
- securityElement
- public List<ConstraintMapping> getConstraintMappings()
getConstraintMappings
in interface ConstraintAware
public Set<String> getRoles()
getRoles
in interface ConstraintAware
public void setConstraintMappings(List<ConstraintMapping> constraintMappings)
constraintMappings
- The constraintMappings to set, from which the set of known roles
is determined.public void setConstraintMappings(ConstraintMapping[] constraintMappings)
constraintMappings
- The constraintMappings to set as array, from which the set of known roles
is determined. Needed to retain API compatibility for 7.xpublic void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles)
setConstraintMappings
in interface ConstraintAware
constraintMappings
- The constraintMappings to set.roles
- The known roles (or null to determine them from the mappings)public void setRoles(Set<String> roles)
setConstraintMappings(ConstraintMapping[])
or
setConstraintMappings(List, Set)
.roles
- The known roles (or null to determine them from the mappings)public void addConstraintMapping(ConstraintMapping mapping)
ConstraintAware
addConstraintMapping
in interface ConstraintAware
ConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
public void addRole(String role)
ConstraintAware
addRole
in interface ConstraintAware
ConstraintAware.addRole(java.lang.String)
protected void doStart() throws Exception
ContainerLifeCycle
doStart
in class SecurityHandler
Exception
SecurityHandler.doStart()
protected void doStop() throws Exception
ContainerLifeCycle
doStop
in class SecurityHandler
Exception
protected void processConstraintMapping(ConstraintMapping mapping)
mapping
- protected void processConstraintMappingWithMethodOmissions(ConstraintMapping mapping, Map<String,RoleInfo> mappings)
mapping
- mappings
- protected void configureRoleInfo(RoleInfo ri, ConstraintMapping mapping)
ri
- mapping
- protected RoleInfo prepareConstraintInfo(String pathInContext, Request request)
prepareConstraintInfo
in class SecurityHandler
SecurityHandler.prepareConstraintInfo(java.lang.String, org.eclipse.jetty.server.Request)
protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo roleInfo) throws IOException
checkUserDataPermissions
in class SecurityHandler
IOException
protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo)
isAuthMandatory
in class SecurityHandler
protected boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException
public void dump(Appendable out, String indent) throws IOException
dump
in interface Dumpable
dump
in class ContainerLifeCycle
IOException
public void setDenyUncoveredHttpMethods(boolean deny)
ConstraintAware
setDenyUncoveredHttpMethods
in interface ConstraintAware
ConstraintAware.setDenyUncoveredHttpMethods(boolean)
public boolean isDenyUncoveredHttpMethods()
isDenyUncoveredHttpMethods
in interface ConstraintAware
public boolean checkPathsWithUncoveredHttpMethods()
checkPathsWithUncoveredHttpMethods
in interface ConstraintAware
public Set<String> getPathsWithUncoveredHttpMethods()
protected boolean omissionsExist(String path, Map<String,RoleInfo> methodMappings)
path
- methodMappings
- Copyright © 1995-2015 Webtide. All Rights Reserved.