org.mortbay.jetty.security

Class SecurityHandler

java.lang.Object

org.mortbay.component.AbstractLifeCycle

org.mortbay.jetty.handler.AbstractHandler

org.mortbay.jetty.handler.AbstractHandlerContainer

org.mortbay.jetty.handler.HandlerWrapper

org.mortbay.jetty.security.SecurityHandler

All Implemented Interfaces:

org.mortbay.component.LifeCycle, Handler, HandlerContainer

Direct Known Subclasses:

HTAccessHandler

public class SecurityHandler
extends HandlerWrapper

Handler to enforce SecurityConstraints.

Author:

Greg Wilkins (gregw)

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	SecurityHandler.NotChecked

Nested classes/interfaces inherited from interface org.mortbay.component.LifeCycle

org.mortbay.component.LifeCycle.Listener

Field Summary

Fields

Modifier and Type	Field and Description
static Principal	__NO_USER
static Principal	__NOBODY Nobody user.

Fields inherited from class org.mortbay.jetty.handler.AbstractHandler

_string

Fields inherited from class org.mortbay.component.AbstractLifeCycle

_listeners

Fields inherited from interface org.mortbay.jetty.Handler

ALL, DEFAULT, ERROR, FORWARD, INCLUDE, REQUEST

Constructor Summary

Constructors

Constructor and Description
SecurityHandler()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	checkSecurityConstraints(String pathInContext, Request request, Response response)
void	doStart()
Authenticator	getAuthenticator()
String	getAuthMethod()
ConstraintMapping[]	getConstraintMappings()
UserRealm	getUserRealm()
void	handle(String target, HttpServletRequest request, HttpServletResponse response, int dispatch) Handle a request.
boolean	hasConstraints()
boolean	isCheckWelcomeFiles()
void	setAuthenticator(Authenticator authenticator)
void	setAuthMethod(String method)
void	setCheckWelcomeFiles(boolean authenticateWelcomeFiles)
void	setConstraintMappings(ConstraintMapping[] constraintMappings)
void	setUserRealm(UserRealm userRealm)

Methods inherited from class org.mortbay.jetty.handler.HandlerWrapper

addHandler, doStop, expandChildren, getHandler, removeHandler, setHandler, setServer

Methods inherited from class org.mortbay.jetty.handler.AbstractHandlerContainer

expandHandler, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass

Methods inherited from class org.mortbay.jetty.handler.AbstractHandler

destroy, getServer, toString

Methods inherited from class org.mortbay.component.AbstractLifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.mortbay.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Field Detail

__NO_USER

public static Principal __NO_USER

__NOBODY

public static Principal __NOBODY

Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.

Constructor Detail

SecurityHandler

public SecurityHandler()

Method Detail

getAuthenticator

public Authenticator getAuthenticator()

Returns:

Returns the authenticator.

setAuthenticator

public void setAuthenticator(Authenticator authenticator)

Parameters:

authenticator - The authenticator to set.

getUserRealm

public UserRealm getUserRealm()

Returns:

Returns the userRealm.

setUserRealm

public void setUserRealm(UserRealm userRealm)

Parameters:

userRealm - The userRealm to set.

getConstraintMappings

public ConstraintMapping[] getConstraintMappings()

Returns:

Returns the contraintMappings.

setConstraintMappings

public void setConstraintMappings(ConstraintMapping[] constraintMappings)

Parameters:

contraintMappings - The contraintMappings to set.

getAuthMethod

public String getAuthMethod()

setAuthMethod

public void setAuthMethod(String method)

hasConstraints

public boolean hasConstraints()

isCheckWelcomeFiles

public boolean isCheckWelcomeFiles()

Returns:

True if forwards to welcome files are authenticated

setCheckWelcomeFiles

public void setCheckWelcomeFiles(boolean authenticateWelcomeFiles)

Parameters:

authenticateWelcomeFiles - True if forwards to welcome files are authenticated

doStart

public void doStart()
             throws Exception

Overrides:

doStart in class HandlerWrapper

Throws:

Exception

handle

public void handle(String target,
          HttpServletRequest request,
          HttpServletResponse response,
          int dispatch)
            throws IOException,
                   ServletException

Description copied from interface: Handler

Handle a request.

Specified by:

handle in interface Handler

Overrides:

handle in class HandlerWrapper

Parameters:

target - The target of the request - either a URI or a name.

request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Request object if required.

response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection() method can be used access the Response object if required.

dispatch - The dispatch mode: Handler.REQUEST, Handler.FORWARD, Handler.INCLUDE, Handler.ERROR

Throws:

IOException

ServletException

checkSecurityConstraints

public boolean checkSecurityConstraints(String pathInContext,
                               Request request,
                               Response response)
                                 throws IOException

Throws:

IOException