public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
Handler to enforce SecurityConstraints. This implementation is servlet spec 3.1 compliant and pre-computes the constraint combinations for runtime efficiency.
SecurityHandler.NotChecked
AbstractHandler.ErrorDispatchHandler
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
__NO_USER, __NOBODY
_handler
Constructor and Description |
---|
ConstraintSecurityHandler() |
Modifier and Type | Method and Description |
---|---|
void |
addConstraintMapping(ConstraintMapping mapping)
Add a Constraint Mapping.
|
void |
addRole(java.lang.String role)
Add a Role definition.
|
boolean |
checkPathsWithUncoveredHttpMethods()
Servlet spec 3.1 pg.
|
protected boolean |
checkUserDataPermissions(java.lang.String pathInContext,
Request request,
Response response,
RoleInfo roleInfo) |
protected boolean |
checkWebResourcePermissions(java.lang.String pathInContext,
Request request,
Response response,
java.lang.Object constraintInfo,
UserIdentity userIdentity) |
protected void |
configureRoleInfo(RoleInfo ri,
ConstraintMapping mapping)
Initialize or update the RoleInfo from the constraint
|
static Constraint |
createConstraint() |
static Constraint |
createConstraint(Constraint constraint) |
static Constraint |
createConstraint(java.lang.String name,
boolean authenticate,
java.lang.String[] roles,
int dataConstraint)
Create a security constraint
|
static Constraint |
createConstraint(java.lang.String name,
javax.servlet.HttpConstraintElement element)
Create a Constraint
|
static Constraint |
createConstraint(java.lang.String name,
java.lang.String[] rolesAllowed,
javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic permitOrDeny,
javax.servlet.annotation.ServletSecurity.TransportGuarantee transport)
Create Constraint
|
static java.util.List<ConstraintMapping> |
createConstraintsWithMappingsForPath(java.lang.String name,
java.lang.String pathSpec,
javax.servlet.ServletSecurityElement securityElement)
Generate Constraints and ContraintMappings for the given url pattern and ServletSecurityElement
|
protected void |
doStart()
Starts the managed lifecycle beans in the order they were added.
|
protected void |
doStop()
Stops the managed lifecycle beans in the reverse order they were added.
|
void |
dump(java.lang.Appendable out,
java.lang.String indent)
Dump this object (and children) into an Appendable using the provided indent after any new lines.
|
java.util.List<ConstraintMapping> |
getConstraintMappings() |
static java.util.List<ConstraintMapping> |
getConstraintMappingsForPath(java.lang.String pathSpec,
java.util.List<ConstraintMapping> constraintMappings) |
protected java.util.Set<java.lang.String> |
getOmittedMethods(java.lang.String omission)
Given a string of the form
<method>.<method>.omission
split out the individual method names. |
java.util.Set<java.lang.String> |
getPathsWithUncoveredHttpMethods()
Servlet spec 3.1 pg.
|
java.util.Set<java.lang.String> |
getRoles() |
protected boolean |
isAuthMandatory(Request baseRequest,
Response base_response,
java.lang.Object constraintInfo) |
boolean |
isDenyUncoveredHttpMethods() |
protected boolean |
omissionsExist(java.lang.String path,
java.util.Map<java.lang.String,RoleInfo> methodMappings)
Check if any http method omissions exist in the list of method
to auth info mappings.
|
protected RoleInfo |
prepareConstraintInfo(java.lang.String pathInContext,
Request request)
Find constraints that apply to the given path.
|
protected void |
processConstraintMapping(ConstraintMapping mapping)
Create and combine the constraint with the existing processed
constraints.
|
protected void |
processConstraintMappingWithMethodOmissions(ConstraintMapping mapping,
java.util.Map<java.lang.String,RoleInfo> mappings)
Constraints that name method omissions are dealt with differently.
|
static java.util.List<ConstraintMapping> |
removeConstraintMappingsForPath(java.lang.String pathSpec,
java.util.List<ConstraintMapping> constraintMappings)
Take out of the constraint mappings those that match the
given path.
|
void |
setConstraintMappings(ConstraintMapping[] constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings,
java.util.Set<java.lang.String> roles)
Process the constraints following the combining rules in Servlet 3.0 EA
spec section 13.7.1 Note that much of the logic is in the RoleInfo class.
|
void |
setDenyUncoveredHttpMethods(boolean deny)
See Servlet Spec 31, sec 13.8.4, pg 145
When true, requests with http methods not explicitly covered either by inclusion or omissions
in constraints, will have access denied.
|
void |
setRoles(java.util.Set<java.lang.String> roles)
Set the known roles.
|
checkSecurity, findIdentityService, findLoginService, getAuthenticator, getAuthenticatorFactory, getAuthMethod, getCurrentSecurityHandler, getIdentityService, getInitParameter, getInitParameterNames, getLoginService, getRealmName, handle, isCheckWelcomeFiles, isSessionRenewedOnAuthentication, logout, setAuthenticator, setAuthenticatorFactory, setAuthMethod, setCheckWelcomeFiles, setIdentityService, setInitParameter, setLoginService, setRealmName, setSessionRenewedOnAuthentication
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
doShutdown, expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
doError, getServer
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, start, stop, stop
dumpObjects, dumpSelf
public static Constraint createConstraint()
public static Constraint createConstraint(Constraint constraint)
public static Constraint createConstraint(java.lang.String name, boolean authenticate, java.lang.String[] roles, int dataConstraint)
name
- the name of the constraintauthenticate
- true to authenticateroles
- list of rolesdataConstraint
- the data constraintpublic static Constraint createConstraint(java.lang.String name, javax.servlet.HttpConstraintElement element)
name
- the nameelement
- the http constraint elementpublic static Constraint createConstraint(java.lang.String name, java.lang.String[] rolesAllowed, javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic permitOrDeny, javax.servlet.annotation.ServletSecurity.TransportGuarantee transport)
name
- the namerolesAllowed
- the list of allowed rolespermitOrDeny
- the permission semantictransport
- the transport guaranteepublic static java.util.List<ConstraintMapping> getConstraintMappingsForPath(java.lang.String pathSpec, java.util.List<ConstraintMapping> constraintMappings)
public static java.util.List<ConstraintMapping> removeConstraintMappingsForPath(java.lang.String pathSpec, java.util.List<ConstraintMapping> constraintMappings)
pathSpec
- the path specconstraintMappings
- a new list minus the matching constraintspublic static java.util.List<ConstraintMapping> createConstraintsWithMappingsForPath(java.lang.String name, java.lang.String pathSpec, javax.servlet.ServletSecurityElement securityElement)
name
- the namepathSpec
- the path specsecurityElement
- the servlet security elementpublic java.util.List<ConstraintMapping> getConstraintMappings()
getConstraintMappings
in interface ConstraintAware
public java.util.Set<java.lang.String> getRoles()
getRoles
in interface ConstraintAware
public void setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings)
constraintMappings
- The constraintMappings to set, from which the set of known roles
is determined.public void setConstraintMappings(ConstraintMapping[] constraintMappings)
constraintMappings
- The constraintMappings to set as array, from which the set of known roles
is determined. Needed to retain API compatibility for 7.xpublic void setConstraintMappings(java.util.List<ConstraintMapping> constraintMappings, java.util.Set<java.lang.String> roles)
setConstraintMappings
in interface ConstraintAware
constraintMappings
- The constraintMappings to set.roles
- The known roles (or null to determine them from the mappings)public void setRoles(java.util.Set<java.lang.String> roles)
setConstraintMappings(ConstraintMapping[])
or
setConstraintMappings(List, Set)
.roles
- The known roles (or null to determine them from the mappings)public void addConstraintMapping(ConstraintMapping mapping)
ConstraintAware
addConstraintMapping
in interface ConstraintAware
mapping
- the mappingConstraintAware.addConstraintMapping(org.eclipse.jetty.security.ConstraintMapping)
public void addRole(java.lang.String role)
ConstraintAware
addRole
in interface ConstraintAware
role
- the roleConstraintAware.addRole(java.lang.String)
protected void doStart() throws java.lang.Exception
ContainerLifeCycle
doStart
in class SecurityHandler
java.lang.Exception
SecurityHandler.doStart()
protected void doStop() throws java.lang.Exception
ContainerLifeCycle
doStop
in class SecurityHandler
java.lang.Exception
protected void processConstraintMapping(ConstraintMapping mapping)
mapping
- the constraint mappingprotected void processConstraintMappingWithMethodOmissions(ConstraintMapping mapping, java.util.Map<java.lang.String,RoleInfo> mappings)
mapping
- the constraint mappingmappings
- the mappings of rolesprotected void configureRoleInfo(RoleInfo ri, ConstraintMapping mapping)
ri
- the role infomapping
- the constraint mappingprotected RoleInfo prepareConstraintInfo(java.lang.String pathInContext, Request request)
prepareConstraintInfo
in class SecurityHandler
SecurityHandler.prepareConstraintInfo(java.lang.String, org.eclipse.jetty.server.Request)
protected boolean checkUserDataPermissions(java.lang.String pathInContext, Request request, Response response, RoleInfo roleInfo) throws java.io.IOException
checkUserDataPermissions
in class SecurityHandler
java.io.IOException
protected boolean isAuthMandatory(Request baseRequest, Response base_response, java.lang.Object constraintInfo)
isAuthMandatory
in class SecurityHandler
protected boolean checkWebResourcePermissions(java.lang.String pathInContext, Request request, Response response, java.lang.Object constraintInfo, UserIdentity userIdentity) throws java.io.IOException
checkWebResourcePermissions
in class SecurityHandler
java.io.IOException
SecurityHandler.checkWebResourcePermissions(java.lang.String, org.eclipse.jetty.server.Request, org.eclipse.jetty.server.Response, java.lang.Object, org.eclipse.jetty.server.UserIdentity)
public void dump(java.lang.Appendable out, java.lang.String indent) throws java.io.IOException
Dumpable
dump
in interface Dumpable
dump
in class ContainerLifeCycle
out
- The appendable to dump toindent
- The indent to apply after any new lines.java.io.IOException
- if unable to write to Appendablepublic void setDenyUncoveredHttpMethods(boolean deny)
ConstraintAware
setDenyUncoveredHttpMethods
in interface ConstraintAware
deny
- true for denied method accessConstraintAware.setDenyUncoveredHttpMethods(boolean)
public boolean isDenyUncoveredHttpMethods()
isDenyUncoveredHttpMethods
in interface ConstraintAware
public boolean checkPathsWithUncoveredHttpMethods()
checkPathsWithUncoveredHttpMethods
in interface ConstraintAware
public java.util.Set<java.lang.String> getPathsWithUncoveredHttpMethods()
protected boolean omissionsExist(java.lang.String path, java.util.Map<java.lang.String,RoleInfo> methodMappings)
path
- the pathmethodMappings
- the method mappingsprotected java.util.Set<java.lang.String> getOmittedMethods(java.lang.String omission)
<method>.<method>.omission
split out the individual method names.omission
- the methodCopyright © 1995–2023 Webtide. All rights reserved.