Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimone Bordet2012-08-13 05:41:16 -0400
committerSimone Bordet2012-08-13 05:46:09 -0400
commit360bdfa051e7c42484da4585dc5978b58acf1304 (patch)
tree0a7dd0c3f91a81632b56874bc7d677e191dc14ce /jetty-security/src/main/java
parentc84b496330bd9c575e5326eadf55592d4f5b0d69 (diff)
downloadorg.eclipse.jetty.project-360bdfa051e7c42484da4585dc5978b58acf1304.tar.gz
org.eclipse.jetty.project-360bdfa051e7c42484da4585dc5978b58acf1304.tar.xz
org.eclipse.jetty.project-360bdfa051e7c42484da4585dc5978b58acf1304.zip
Jetty9 - Code cleanups: using generics, diamond operator, removed warnings, etc.
Diffstat (limited to 'jetty-security/src/main/java')
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java54
-rw-r--r--jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java105
2 files changed, 75 insertions, 84 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
index c8bb0e2cce..10f0050e68 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintSecurityHandler.java
@@ -15,7 +15,6 @@ package org.eclipse.jetty.security;
import java.io.IOException;
import java.util.Arrays;
-import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
@@ -37,16 +36,16 @@ import org.eclipse.jetty.util.security.Constraint;
/* ------------------------------------------------------------ */
/**
* Handler to enforce SecurityConstraints. This implementation is servlet spec
- * 2.4 compliant and precomputes the constraint combinations for runtime
+ * 2.4 compliant and pre-computes the constraint combinations for runtime
* efficiency.
*
*/
public class ConstraintSecurityHandler extends SecurityHandler implements ConstraintAware
{
private static final String ALL_METHODS = "*";
- private final List<ConstraintMapping> _constraintMappings= new CopyOnWriteArrayList<ConstraintMapping>();
- private final Set<String> _roles = new CopyOnWriteArraySet<String>();
- private final PathMap _constraintMap = new PathMap();
+ private final List<ConstraintMapping> _constraintMappings= new CopyOnWriteArrayList<>();
+ private final Set<String> _roles = new CopyOnWriteArraySet<>();
+ private final PathMap<Map<String, RoleInfo>> _constraintMap = new PathMap<>();
private boolean _strict = true;
/* ------------------------------------------------------------ */
@@ -139,7 +138,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
if (roles==null)
{
- roles = new HashSet<String>();
+ roles = new HashSet<>();
for (ConstraintMapping cm : constraintMappings)
{
String[] cmr = cm.getConstraint().getRoles();
@@ -197,10 +196,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
public void addRole(String role)
{
boolean modified = _roles.add(role);
- if (isStarted() && modified && _strict)
+ if (isStarted() && modified && isStrict())
{
// Add the new role to currently defined any role role infos
- for (Map<String,RoleInfo> map : (Collection<Map<String,RoleInfo>>)_constraintMap.values())
+ for (Map<String,RoleInfo> map : _constraintMap.values())
{
for (RoleInfo info : map.values())
{
@@ -240,10 +239,10 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
protected void processConstraintMapping(ConstraintMapping mapping)
{
- Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.get(mapping.getPathSpec());
+ Map<String, RoleInfo> mappings = _constraintMap.get(mapping.getPathSpec());
if (mappings == null)
{
- mappings = new StringMap();
+ mappings = new StringMap<>();
_constraintMap.put(mapping.getPathSpec(),mappings);
}
RoleInfo allMethodsRoleInfo = mappings.get(ALL_METHODS);
@@ -323,9 +322,9 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
}
}
- protected Object prepareConstraintInfo(String pathInContext, Request request)
+ protected RoleInfo prepareConstraintInfo(String pathInContext, Request request)
{
- Map<String, RoleInfo> mappings = (Map<String, RoleInfo>)_constraintMap.match(pathInContext);
+ Map<String, RoleInfo> mappings = _constraintMap.match(pathInContext);
if (mappings != null)
{
@@ -339,31 +338,28 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
return null;
}
- protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException
+ @Override
+ protected boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo roleInfo) throws IOException
{
- if (constraintInfo == null)
+ if (roleInfo == null)
return true;
- RoleInfo roleInfo = (RoleInfo)constraintInfo;
if (roleInfo.isForbidden())
return false;
-
UserDataConstraint dataConstraint = roleInfo.getUserDataConstraint();
if (dataConstraint == null || dataConstraint == UserDataConstraint.None)
- {
return true;
- }
-
- HttpConfiguration connector = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
+
+ HttpConfiguration httpConfiguration = HttpChannel.getCurrentHttpChannel().getHttpConfiguration();
if (dataConstraint == UserDataConstraint.Integral)
{
- if (connector.isIntegral(request))
+ if (httpConfiguration.isIntegral(request))
return true;
- if (connector.getIntegralPort() > 0)
+ if (httpConfiguration.getIntegralPort() > 0)
{
- String url = connector.getIntegralScheme() + "://" + request.getServerName() + ":" + connector.getIntegralPort() + request.getRequestURI();
+ String url = httpConfiguration.getIntegralScheme() + "://" + request.getServerName() + ":" + httpConfiguration.getIntegralPort() + request.getRequestURI();
if (request.getQueryString() != null)
url += "?" + request.getQueryString();
response.setContentLength(0);
@@ -377,12 +373,12 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
}
else if (dataConstraint == UserDataConstraint.Confidential)
{
- if (connector.isConfidential(request))
+ if (httpConfiguration.isConfidential(request))
return true;
- if (connector.getConfidentialPort() > 0)
+ if (httpConfiguration.getConfidentialPort() > 0)
{
- String url = connector.getConfidentialScheme() + "://" + request.getServerName() + ":" + connector.getConfidentialPort()
+ String url = httpConfiguration.getConfidentialScheme() + "://" + request.getServerName() + ":" + httpConfiguration.getConfidentialPort()
+ request.getRequestURI();
if (request.getQueryString() != null)
url += "?" + request.getQueryString();
@@ -405,11 +401,7 @@ public class ConstraintSecurityHandler extends SecurityHandler implements Constr
protected boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo)
{
- if (constraintInfo == null)
- {
- return false;
- }
- return ((RoleInfo)constraintInfo).isChecked();
+ return constraintInfo != null && ((RoleInfo)constraintInfo).isChecked();
}
@Override
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
index d6f69bbb91..0baeef255b 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/SecurityHandler.java
@@ -4,11 +4,11 @@
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
-// The Eclipse Public License is available at
+// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
-// You may elect to redistribute this code under either of these licenses.
+// You may elect to redistribute this code under either of these licenses.
// ========================================================================
package org.eclipse.jetty.security;
@@ -20,7 +20,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -46,11 +45,11 @@ import org.eclipse.jetty.util.log.Logger;
* or will be create during {@link #start()} with a call to
* either the default or set AuthenticatorFactory.
* <p>
- * SecurityHandler has a set of initparameters that are used by the
+ * SecurityHandler has a set of initparameters that are used by the
* Authentication.Configuration. At startup, any context init parameters
- * that start with "org.eclipse.jetty.security." that do not have
- * values in the SecurityHandler init parameters, are copied.
- *
+ * that start with "org.eclipse.jetty.security." that do not have
+ * values in the SecurityHandler init parameters, are copied.
+ *
*/
public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration
{
@@ -62,7 +61,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
private Authenticator.Factory _authenticatorFactory=new DefaultAuthenticatorFactory();
private String _realmName;
private String _authMethod;
- private final Map<String,String> _initParameters=new HashMap<String,String>();
+ private final Map<String,String> _initParameters=new HashMap<>();
private LoginService _loginService;
private boolean _loginServiceShared;
private IdentityService _identityService;
@@ -72,7 +71,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
protected SecurityHandler()
{
}
-
+
/* ------------------------------------------------------------ */
/** Get the identityService.
* @return the identityService
@@ -195,7 +194,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
throw new IllegalStateException("running");
_authMethod = authMethod;
}
-
+
/* ------------------------------------------------------------ */
/**
* @return True if forwards to welcome files are authenticated
@@ -223,13 +222,13 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
return _initParameters.get(key);
}
-
+
/* ------------------------------------------------------------ */
public Set<String> getInitParameterNames()
{
return _initParameters.keySet();
}
-
+
/* ------------------------------------------------------------ */
/** Set an initialization parameter.
* @param key
@@ -243,12 +242,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
throw new IllegalStateException("running");
return _initParameters.put(key,value);
}
-
+
/* ------------------------------------------------------------ */
protected LoginService findLoginService()
{
List<LoginService> list = getServer().getBeans(LoginService.class);
-
+
String realm=getRealmName();
if (realm!=null)
{
@@ -260,15 +259,15 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
return list.get(0);
return null;
}
-
+
/* ------------------------------------------------------------ */
protected IdentityService findIdentityService()
{
return getServer().getBean(IdentityService.class);
}
-
+
/* ------------------------------------------------------------ */
- /**
+ /**
*/
@Override
protected void doStart()
@@ -287,17 +286,17 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
setInitParameter(name,context.getInitParameter(name));
}
}
-
+
// complicated resolution of login and identity service to handle
// many different ways these can be constructed and injected.
-
+
if (_loginService==null)
{
_loginService=findLoginService();
if (_loginService!=null)
_loginServiceShared=true;
}
-
+
if (_identityService==null)
{
if (_loginService!=null)
@@ -305,11 +304,11 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
if (_identityService==null)
_identityService=findIdentityService();
-
+
if (_identityService==null && _realmName!=null)
_identityService=new DefaultIdentityService();
}
-
+
if (_loginService!=null)
{
if (_loginService.getIdentityService()==null)
@@ -319,11 +318,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
}
if (!_loginServiceShared && _loginService instanceof LifeCycle)
- ((LifeCycle)_loginService).start();
-
- if (_authenticator==null && _authenticatorFactory!=null && _identityService!=null)
+ ((LifeCycle)_loginService).start();
+
+ Authenticator.Factory authenticatorFactory = getAuthenticatorFactory();
+ if (_authenticator==null && authenticatorFactory!=null && _identityService!=null)
{
- _authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService);
+ _authenticator=authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this, _identityService, _loginService);
if (_authenticator!=null)
_authMethod=_authenticator.getAuthMethod();
}
@@ -354,10 +354,10 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
protected void doStop() throws Exception
{
super.doStop();
-
+
if (!_loginServiceShared && _loginService instanceof LifeCycle)
((LifeCycle)_loginService).stop();
-
+
}
/* ------------------------------------------------------------ */
@@ -369,7 +369,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
case ASYNC:
return true;
case FORWARD:
- if (_checkWelcomeFiles && request.getAttribute("org.eclipse.jetty.server.welcome") != null)
+ if (isCheckWelcomeFiles() && request.getAttribute("org.eclipse.jetty.server.welcome") != null)
{
request.removeAttribute("org.eclipse.jetty.server.welcome");
return true;
@@ -379,7 +379,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
return false;
}
}
-
+
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication()
@@ -388,7 +388,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
return _renewSession;
}
-
+
/* ------------------------------------------------------------ */
/** Set renew the session on Authentication.
* <p>
@@ -399,7 +399,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
_renewSession=renew;
}
-
+
/* ------------------------------------------------------------ */
/*
* @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
@@ -411,18 +411,18 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
final Response base_response = baseRequest.getResponse();
final Handler handler=getHandler();
-
+
if (handler==null)
return;
final Authenticator authenticator = _authenticator;
-
+
if (checkSecurity(baseRequest))
{
- Object constraintInfo = prepareConstraintInfo(pathInContext, baseRequest);
-
+ RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);
+
// Check data constraints
- if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, constraintInfo))
+ if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo))
{
if (!baseRequest.isHandled())
{
@@ -433,12 +433,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
}
// is Auth mandatory?
- boolean isAuthMandatory =
- isAuthMandatory(baseRequest, base_response, constraintInfo);
+ boolean isAuthMandatory =
+ isAuthMandatory(baseRequest, base_response, roleInfo);
if (isAuthMandatory && authenticator==null)
{
- LOG.warn("No authenticator for: "+constraintInfo);
+ LOG.warn("No authenticator for: "+roleInfo);
if (!baseRequest.isHandled())
{
response.sendError(Response.SC_FORBIDDEN);
@@ -446,7 +446,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
}
return;
}
-
+
// check authentication
Object previousIdentity = null;
try
@@ -474,7 +474,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
if (isAuthMandatory)
{
- boolean authorized=checkWebResourcePermissions(pathInContext, baseRequest, base_response, constraintInfo, userAuth.getUserIdentity());
+ boolean authorized=checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
if (!authorized)
{
response.sendError(Response.SC_FORBIDDEN, "!role");
@@ -482,7 +482,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
return;
}
}
-
+
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator!=null)
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
@@ -549,9 +549,8 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
Context context = ContextHandler.getCurrentContext();
if (context==null)
return null;
-
- SecurityHandler security = context.getContextHandler().getChildHandlerByClass(SecurityHandler.class);
- return security;
+
+ return context.getContextHandler().getChildHandlerByClass(SecurityHandler.class);
}
/* ------------------------------------------------------------ */
@@ -563,7 +562,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
{
login_service.logout(user.getUserIdentity());
}
-
+
IdentityService identity_service=getIdentityService();
if (identity_service!=null)
{
@@ -572,12 +571,12 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
identity_service.disassociate(previous);
}
}
-
+
/* ------------------------------------------------------------ */
- protected abstract Object prepareConstraintInfo(String pathInContext, Request request);
+ protected abstract RoleInfo prepareConstraintInfo(String pathInContext, Request request);
/* ------------------------------------------------------------ */
- protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, Object constraintInfo) throws IOException;
+ protected abstract boolean checkUserDataPermissions(String pathInContext, Request request, Response response, RoleInfo constraintInfo) throws IOException;
/* ------------------------------------------------------------ */
protected abstract boolean isAuthMandatory(Request baseRequest, Response base_response, Object constraintInfo);
@@ -586,7 +585,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
protected abstract boolean checkWebResourcePermissions(String pathInContext, Request request, Response response, Object constraintInfo,
UserIdentity userIdentity) throws IOException;
-
+
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
public class NotChecked implements Principal
@@ -608,7 +607,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
}
}
-
+
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
public static Principal __NO_USER = new Principal()
@@ -624,7 +623,7 @@ public abstract class SecurityHandler extends HandlerWrapper implements Authenti
return "No User";
}
};
-
+
/* ------------------------------------------------------------ */
/* ------------------------------------------------------------ */
/**

Back to the top