org.mortbay.jetty.security
Class SecurityHandler

java.lang.Object
  org.mortbay.component.AbstractLifeCycle
      org.mortbay.jetty.handler.AbstractHandler
          org.mortbay.jetty.handler.WrappedHandler
              org.mortbay.jetty.security.SecurityHandler

All Implemented Interfaces:

LifeCycle, Handler

public class SecurityHandler
extends WrappedHandler

Handler to enforce SecurityConstraints.

Author:

Greg Wilkins (gregw)

Nested Class Summary

class

SecurityHandler.NotChecked

Field Summary

static Principal	__NO_USER
static Principal	__NOBODY Nobody user.
private Authenticator	_authenticator
private String	_authMethod
private PathMap	_constraintMap
private ConstraintMapping[]	_constraintMappings
private SecurityHandler.NotChecked	_notChecked
private UserRealm	_userRealm

Fields inherited from class org.mortbay.jetty.handler.AbstractHandler

_string

Fields inherited from interface org.mortbay.jetty.Handler

ALL, DEFAULT, ERROR, FORWARD, INCLUDE, REQUEST

Constructor Summary

SecurityHandler()

Method Summary

private boolean	check(Object constraints, Authenticator authenticator, UserRealm realm, String pathInContext, Request request, Response response) Check security contraints
private boolean	checkSecurityConstraints(String pathInContext, Request request, Response response)
void	doStart()
Authenticator	getAuthenticator()
String	getAuthMethod()
ConstraintMapping[]	getConstraintMappings()
UserRealm	getUserRealm()
boolean	handle(String target, HttpServletRequest request, HttpServletResponse response, int dispatch) Generic Jetty request handler.
void	setAuthenticator(Authenticator authenticator)
void	setAuthMethod(String method)
void	setConstraintMappings(ConstraintMapping[] constraintMappings)
void	setUserRealm(UserRealm userRealm)

Methods inherited from class org.mortbay.jetty.handler.WrappedHandler

doStop, getHandler, setHandler, setServer

Methods inherited from class org.mortbay.jetty.handler.AbstractHandler

getServer, toString

Methods inherited from class org.mortbay.component.AbstractLifeCycle

isFailed, isRunning, isStarted, isStarting, isStopping, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.mortbay.component.LifeCycle

isFailed, isRunning, isStarted, isStarting, isStopping, start, stop

Field Detail

_authMethod

private String _authMethod

_userRealm

private UserRealm _userRealm

_constraintMappings

private ConstraintMapping[] _constraintMappings

_constraintMap

private PathMap _constraintMap

_authenticator

private Authenticator _authenticator

_notChecked

private SecurityHandler.NotChecked _notChecked

__NO_USER

public static Principal __NO_USER

__NOBODY

public static Principal __NOBODY

Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

Constructor Detail

SecurityHandler

public SecurityHandler()

Method Detail

getAuthenticator

public Authenticator getAuthenticator()

Returns:

Returns the authenticator.

setAuthenticator

public void setAuthenticator(Authenticator authenticator)

Parameters:

authenticator - The authenticator to set.

getUserRealm

public UserRealm getUserRealm()

Returns:

Returns the userRealm.

setUserRealm

public void setUserRealm(UserRealm userRealm)

Parameters:

userRealm - The userRealm to set.

getConstraintMappings

public ConstraintMapping[] getConstraintMappings()

Returns:

Returns the contraintMappings.

setConstraintMappings

public void setConstraintMappings(ConstraintMapping[] constraintMappings)

Parameters:

contraintMappings - The contraintMappings to set.

getAuthMethod

public String getAuthMethod()

setAuthMethod

public void setAuthMethod(String method)

doStart

public void doStart()
             throws Exception

Overrides:

doStart in class WrappedHandler

Throws:

Exception

handle

public boolean handle(String target,
                      HttpServletRequest request,
                      HttpServletResponse response,
                      int dispatch)
               throws IOException,
                      ServletException

Description copied from interface: Handler

Generic Jetty request handler.

Specified by:

handle in interface Handler

Overrides:

handle in class WrappedHandler

Parameters:

target - The target of the request - either a URI or a name.

request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Request object if required.

response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Response object if required.

dispatch - The dispatch mode: Handler.REQUEST, Handler.FORWARD, Handler.INCLUDE, Handler.ERROR

Returns:

True if the request has been handled

Throws:

IOException

ServletException

checkSecurityConstraints

private boolean checkSecurityConstraints(String pathInContext,
                                         Request request,
                                         Response response)
                                  throws IOException

Throws:

IOException

check

private boolean check(Object constraints,
                      Authenticator authenticator,
                      UserRealm realm,
                      String pathInContext,
                      Request request,
                      Response response)
               throws IOException

Check security contraints

Parameters:

constraints -

authenticator -

realm -

pathInContext -

request -

response -

Returns:

false if the request has failed a security constraint or the authenticator has already sent a response.

Throws:

HttpException

IOException