public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration
Authenticator
to a request.
The Authenticator may either be directly set on the handler
or will be create during AbstractLifeCycle.start()
with a call to
either the default or set AuthenticatorFactory.
SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.
Modifier and Type | Class and Description |
---|---|
class |
SecurityHandler.NotChecked |
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
Modifier and Type | Field and Description |
---|---|
static Principal |
__NO_USER |
static Principal |
__NOBODY
Nobody user.
|
_handler
Modifier | Constructor and Description |
---|---|
protected |
SecurityHandler() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
checkSecurity(Request request) |
protected abstract boolean |
checkUserDataPermissions(String pathInContext,
Request request,
Response response,
RoleInfo constraintInfo) |
protected abstract boolean |
checkWebResourcePermissions(String pathInContext,
Request request,
Response response,
Object constraintInfo,
UserIdentity userIdentity) |
protected void |
doStart()
Starts the managed lifecycle beans in the order they were added.
|
protected void |
doStop()
Stops the managed lifecycle beans in the reverse order they were added.
|
protected IdentityService |
findIdentityService() |
protected LoginService |
findLoginService() |
Authenticator |
getAuthenticator() |
Authenticator.Factory |
getAuthenticatorFactory() |
String |
getAuthMethod() |
static SecurityHandler |
getCurrentSecurityHandler() |
IdentityService |
getIdentityService()
Get the identityService.
|
String |
getInitParameter(String key)
Get a SecurityHandler init parameter
|
Set<String> |
getInitParameterNames()
Get a SecurityHandler init parameter names
|
LoginService |
getLoginService()
Get the loginService.
|
String |
getRealmName() |
void |
handle(String pathInContext,
Request baseRequest,
HttpServletRequest request,
HttpServletResponse response)
Handle a request.
|
protected abstract boolean |
isAuthMandatory(Request baseRequest,
Response base_response,
Object constraintInfo) |
boolean |
isCheckWelcomeFiles() |
boolean |
isSessionRenewedOnAuthentication() |
void |
logout(Authentication.User user) |
protected abstract RoleInfo |
prepareConstraintInfo(String pathInContext,
Request request) |
void |
setAuthenticator(Authenticator authenticator)
Set the authenticator.
|
void |
setAuthenticatorFactory(Authenticator.Factory authenticatorFactory) |
void |
setAuthMethod(String authMethod) |
void |
setCheckWelcomeFiles(boolean authenticateWelcomeFiles) |
void |
setIdentityService(IdentityService identityService)
Set the identityService.
|
String |
setInitParameter(String key,
String value)
Set an initialization parameter.
|
void |
setLoginService(LoginService loginService)
Set the loginService.
|
void |
setRealmName(String realmName) |
void |
setSessionRenewedOnAuthentication(boolean renew)
Set renew the session on Authentication.
|
destroy, expandChildren, getHandler, getHandlers, setHandler, setServer
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass
dumpThis, getServer
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
public static final Principal __NO_USER
public static final Principal __NOBODY
public IdentityService getIdentityService()
getIdentityService
in interface Authenticator.AuthConfiguration
public void setIdentityService(IdentityService identityService)
identityService
- the identityService to setpublic LoginService getLoginService()
getLoginService
in interface Authenticator.AuthConfiguration
public void setLoginService(LoginService loginService)
loginService
- the loginService to setpublic Authenticator getAuthenticator()
public void setAuthenticator(Authenticator authenticator)
authenticator
- IllegalStateException
- if the SecurityHandler is runningpublic Authenticator.Factory getAuthenticatorFactory()
public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
authenticatorFactory
- the authenticatorFactory to setIllegalStateException
- if the SecurityHandler is runningpublic String getRealmName()
getRealmName
in interface Authenticator.AuthConfiguration
public void setRealmName(String realmName)
realmName
- the realmName to setIllegalStateException
- if the SecurityHandler is runningpublic String getAuthMethod()
getAuthMethod
in interface Authenticator.AuthConfiguration
public void setAuthMethod(String authMethod)
authMethod
- the authMethod to setIllegalStateException
- if the SecurityHandler is runningpublic boolean isCheckWelcomeFiles()
public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
authenticateWelcomeFiles
- True if forwards to welcome files are
authenticatedIllegalStateException
- if the SecurityHandler is runningpublic String getInitParameter(String key)
Authenticator.AuthConfiguration
getInitParameter
in interface Authenticator.AuthConfiguration
key
- parameter namegetInitParameter(String)
public Set<String> getInitParameterNames()
Authenticator.AuthConfiguration
getInitParameterNames
in interface Authenticator.AuthConfiguration
getInitParameterNames()
public String setInitParameter(String key, String value)
key
- value
- IllegalStateException
- if the SecurityHandler is runningprotected LoginService findLoginService() throws Exception
Exception
protected IdentityService findIdentityService()
protected void doStart() throws Exception
ContainerLifeCycle
doStart
in class AbstractHandler
Exception
protected void doStop() throws Exception
ContainerLifeCycle
doStop
in class AbstractHandler
Exception
protected boolean checkSecurity(Request request)
public boolean isSessionRenewedOnAuthentication()
isSessionRenewedOnAuthentication
in interface Authenticator.AuthConfiguration
Authenticator.AuthConfiguration.isSessionRenewedOnAuthentication()
public void setSessionRenewedOnAuthentication(boolean renew)
If set to true, then on authentication, the session associated with a reqeuest is invalidated and replaced with a new session.
public void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
Handler
handle
in interface Handler
handle
in class HandlerWrapper
pathInContext
- The target of the request - either a URI or a name.baseRequest
- The original unwrapped request object.request
- The request either as the Request
object or a wrapper of that request. The HttpChannel.getCurrentHttpChannel()
method can be used access the Request object if required.response
- The response as the Response
object or a wrapper of that request. The HttpChannel.getCurrentHttpChannel()
method can be used access the Response object if required.IOException
ServletException
public static SecurityHandler getCurrentSecurityHandler()
public void logout(Authentication.User user)
protected abstract RoleInfo prepareConstraintInfo(String pathInContext, Request request)
protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) throws IOException
IOException
protected abstract boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo)
protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo, UserIdentity userIdentity) throws IOException
IOException
Copyright © 1995-2015 Webtide. All Rights Reserved.