Package org.eclipse.jetty.security

Class SecurityHandler

java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.util.component.ContainerLifeCycle
org.eclipse.jetty.server.Handler.Abstract
org.eclipse.jetty.server.Handler.AbstractContainer
org.eclipse.jetty.server.Handler.Wrapper
org.eclipse.jetty.security.SecurityHandler
All Implemented Interfaces:
Authenticator.Configuration, Handler, Handler.Container, Handler.Singleton, Request.Handler, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle, Invocable
Direct Known Subclasses:
ConstraintSecurityHandler, SecurityHandler.PathMapped
public abstract class SecurityHandler extends Handler.Wrapper implements Authenticator.Configuration
Abstract SecurityHandler.

Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or it will be created during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of parameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

  • Field Details

    • SESSION_AUTHENTICATED_ATTRIBUTE

      public static String SESSION_AUTHENTICATED_ATTRIBUTE

  • Constructor Details

    • SecurityHandler

      protected SecurityHandler()

    • SecurityHandler

      protected SecurityHandler(Handler handler)

  • Method Details

    • getIdentityService

      public IdentityService getIdentityService()
      Get the identityService.
      Specified by:
      getIdentityService in interface Authenticator.Configuration
      Returns:
      the identityService

    • setIdentityService

      public void setIdentityService(IdentityService identityService)
      Set the identityService.
      Parameters:
      identityService - the identityService to set

    • getLoginService

      public LoginService getLoginService()
      Get the loginService.
      Specified by:
      getLoginService in interface Authenticator.Configuration
      Returns:
      the loginService

    • setLoginService

      public void setLoginService(LoginService loginService)
      Set the loginService. If a LoginService is not set, or is set to null, then during doStart() the findLoginService() method is used to locate one.
      Parameters:
      loginService - the loginService to set

    • getAuthenticator

      public Authenticator getAuthenticator()

    • setAuthenticator

      public void setAuthenticator(Authenticator authenticator)
      Set the authenticator.
      Parameters:
      authenticator - the authenticator
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getAuthenticatorFactory

      public Authenticator.Factory getAuthenticatorFactory()
      Returns:
      the authenticatorFactory

    • setAuthenticatorFactory

      public void setAuthenticatorFactory(Authenticator.Factory authenticatorFactory)
      Parameters:
      authenticatorFactory - the authenticatorFactory to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getKnownAuthenticatorFactories

      public List<Authenticator.Factory> getKnownAuthenticatorFactories()
      Returns:
      the list of discovered authenticatorFactories

    • getRealmName

      public String getRealmName()
      Specified by:
      getRealmName in interface Authenticator.Configuration
      Returns:
      the realmName

    • setRealmName

      public void setRealmName(String realmName)
      Parameters:
      realmName - the realmName to set
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getAuthenticationType

      public String getAuthenticationType()
      Specified by:
      getAuthenticationType in interface Authenticator.Configuration
      Returns:
      the name of the Authenticator

    • setAuthenticationType

      public void setAuthenticationType(String authenticationType)
      Parameters:
      authenticationType - the name of the Authenticator to use
      Throws:
      IllegalStateException - if the SecurityHandler is running

    • getParameter

      public String getParameter(String key)
      Description copied from interface: Authenticator.Configuration
      Get a SecurityHandler init parameter
      Specified by:
      getParameter in interface Authenticator.Configuration
      Parameters:
      key - parameter name
      Returns:
      Parameter value or null

    • getParameterNames

      public Set<String> getParameterNames()
      Description copied from interface: Authenticator.Configuration
      Get a SecurityHandler init parameter names
      Specified by:
      getParameterNames in interface Authenticator.Configuration
      Returns:
      Set of parameter names

    • setParameter

      public String setParameter(String key, String value)
      Set an authentication parameter for retrieval via Authenticator.Configuration.getParameter(String)
      Parameters:
      key - the key
      value - the init value
      Returns:
      previous value
      Throws:
      IllegalStateException - if the SecurityHandler is started

    • findLoginService

      protected LoginService findLoginService()
      Find an appropriate LoginService from the list returned by Container.getBeans(Class) called on the result of Handler.Abstract.getServer(). A service is selected by:
      • if setRealmName(String) has been called, the first service with a matching name is used
      • if the list is size 1, that service is used
      • otherwise no service is selected.
      Returns:
      An appropriate LoginService or null

    • findIdentityService

      protected IdentityService findIdentityService()

    • doStart

      protected void doStart() throws Exception
      Description copied from class: ContainerLifeCycle
      Starts the managed lifecycle beans in the order they were added.
      Overrides:
      doStart in class Handler.Abstract
      Throws:
      Exception - If there was a problem starting. Will cause a transition to FAILED state

    • doStop

      protected void doStop() throws Exception
      Description copied from class: ContainerLifeCycle
      Stops the managed lifecycle beans in the reverse order they were added.
      Overrides:
      doStop in class Handler.Abstract
      Throws:
      Exception - If there was a problem stopping. Will cause a transition to FAILED state

    • isSessionRenewedOnAuthentication

      public boolean isSessionRenewedOnAuthentication()
      Description copied from interface: Authenticator.Configuration
      Should session ID be renewed on authentication.
      Specified by:
      isSessionRenewedOnAuthentication in interface Authenticator.Configuration
      Returns:
      true if the session ID should be renewed on authentication

    • setSessionRenewedOnAuthentication

      public void setSessionRenewedOnAuthentication(boolean renew)
      Set renew the session on Authentication.

      If set to true, then on authentication, the session associated with a request is invalidated and replaced with a new session.

      Parameters:
      renew - true to renew the authentication on session
      See Also:

    • getSessionMaxInactiveIntervalOnAuthentication

      public int getSessionMaxInactiveIntervalOnAuthentication()
      Description copied from interface: Authenticator.Configuration
      Get the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated
      Specified by:
      getSessionMaxInactiveIntervalOnAuthentication in interface Authenticator.Configuration
      Returns:
      An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.

    • setSessionMaxInactiveIntervalOnAuthentication

      public void setSessionMaxInactiveIntervalOnAuthentication(int seconds)
      Set the interval in seconds, which if non-zero, will be set with Session.setMaxInactiveInterval(int) when a session is newly authenticated.
      Parameters:
      seconds - An interval in seconds; or 0 to not set the interval on authentication; or a negative number to make the session never timeout after authentication.
      See Also:

    • handle

      public boolean handle(Request request, Response response, Callback callback) throws Exception
      Description copied from interface: Request.Handler

      Invoked to handle the passed HTTP request and response.

      The request is accepted by returning true, then handling must be concluded by completing the passed callback. The handling may be asynchronous, i.e. this method may return true and complete the given callback later, possibly from a different thread. If this method returns false, then the callback must not be invoked and any mutation on the response reversed.

      Exceptions thrown by this method may be subsequently handled by an error Request.Handler, if present, otherwise a default HTTP 500 error is generated and the callback completed while writing the error response.

      The simplest implementation is:

       public boolean handle(Request request, Response response, Callback callback)
 {
     callback.succeeded();
     return true;
 }

      A HelloWorld implementation is:

       public boolean handle(Request request, Response response, Callback callback)
 {
     response.write(true, ByteBuffer.wrap("Hello World\n".getBytes(StandardCharsets.UTF_8)), callback);
     return true;
 }
      Specified by:
      handle in interface Request.Handler
      Overrides:
      handle in class Handler.Wrapper
      Parameters:
      request - the HTTP request to handle
      response - the HTTP response to handle
      callback - the callback to complete when the handling is complete
      Returns:
      True if and only if the request will be handled, a response generated and the callback eventually called. This may occur within the scope of the call to this method, or asynchronously some time later. If false is returned, then this method must not generate a response, nor complete the callback.
      Throws:
      Exception - if there is a failure during the handling. Catchers cannot assume that the callback will be called and thus should attempt to complete the request as if a false had been returned.

    • getCurrentSecurityHandler

      public static SecurityHandler getCurrentSecurityHandler()

    • getConstraint

      protected abstract Constraint getConstraint(String pathInContext, Request request)

    • redirectToSecure

      protected void redirectToSecure(Request request, Response response, Callback callback)

    • isAuthorized

      protected boolean isAuthorized(Constraint constraint, AuthenticationState authenticationState)

    • getKnownRoles

      protected Set<String> getKnownRoles()