Merge branch 'jetty-9.3.x'

Conflicts:
	jetty-plus/src/main/java/org/eclipse/jetty/plus/security/DataSourceLoginService.java
	jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
	jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java

4 files changed, 28 insertions, 41 deletions

diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
index 423fcad941..c509f3741f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/Authenticator.java
@@ -43,7 +43,8 @@ public interface Authenticator
     /* ------------------------------------------------------------ */
     /**
      * Configure the Authenticator
-     * @param configuration
+     * 
+     * @param configuration the configuration
      */
     void setConfiguration(AuthConfiguration configuration);
 
@@ -64,13 +65,16 @@ public interface Authenticator
      * where the http method of the original request causing authentication
      * is not the same as the http method resulting from the redirect
      * after authentication.
-     * @param request
+     * 
+     * @param request the request to manipulate
      */
     void prepareRequest(ServletRequest request);
     
 
     /* ------------------------------------------------------------ */
-    /** Validate a request
+    /** 
+     * Validate a request
+     * 
      * @param request The request
      * @param response The response
      * @param mandatory True if authentication is mandatory.
@@ -79,18 +83,20 @@ public interface Authenticator
      * implement {@link org.eclipse.jetty.server.Authentication.ResponseSent}.  If Authentication is not manditory, then a
      * {@link org.eclipse.jetty.server.Authentication.Deferred} may be returned.
      *
-     * @throws ServerAuthException
+     * @throws ServerAuthException if unable to validate request
      */
     Authentication validateRequest(ServletRequest request, ServletResponse response, boolean mandatory) throws ServerAuthException;
 
     /* ------------------------------------------------------------ */
     /**
-     * @param request
-     * @param response
-     * @param mandatory
-     * @param validatedUser
+     * is response secure
+     * 
+     * @param request the request 
+     * @param response the response
+     * @param mandatory if security is mandator
+     * @param validatedUser the user that was validated
      * @return true if response is secure
-     * @throws ServerAuthException
+     * @throws ServerAuthException if unable to test response
      */
     boolean secureResponse(ServletRequest request, ServletResponse response, boolean mandatory, User validatedUser) throws ServerAuthException;
 
@@ -106,7 +112,8 @@ public interface Authenticator
         String getAuthMethod();
         String getRealmName();
 
-        /** Get a SecurityHandler init parameter
+        /** 
+         * Get a SecurityHandler init parameter
          * @see SecurityHandler#getInitParameter(String)
          * @param param parameter name
          * @return Parameter value or null
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
index 15f64dc430..d06898e845 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/ConstraintAware.java
@@ -29,15 +29,15 @@ public interface ConstraintAware
     /* ------------------------------------------------------------ */
     /** Set Constraint Mappings and roles.
      * Can only be called during initialization.
-     * @param constraintMappings
-     * @param roles
+     * @param constraintMappings the mappings
+     * @param roles the roles
      */
     void setConstraintMappings(List<ConstraintMapping> constraintMappings, Set<String> roles);
     
     /* ------------------------------------------------------------ */
     /** Add a Constraint Mapping.
      * May be called for running webapplication as an annotated servlet is instantiated.
-     * @param mapping
+     * @param mapping the mapping
      */
     void addConstraintMapping(ConstraintMapping mapping);
     
@@ -45,7 +45,7 @@ public interface ConstraintAware
     /* ------------------------------------------------------------ */
     /** Add a Role definition.
      * May be called on running webapplication as an annotated servlet is instantiated.
-     * @param role
+     * @param role the role
      */
     void addRole(String role);
     
@@ -53,7 +53,7 @@ public interface ConstraintAware
      * See Servlet Spec 31, sec 13.8.4, pg 145
      * When true, requests with http methods not explicitly covered either by inclusion or omissions
      * in constraints, will have access denied.
-     * @param deny
+     * @param deny true for denied method access
      */
     void setDenyUncoveredHttpMethods(boolean deny);
     
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
index f0774a707d..108ca0ad6f 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/HashLoginService.java
@@ -57,8 +57,6 @@ public class HashLoginService extends AbstractLoginService
     protected Resource _configResource;
     protected boolean hotReload = false; // default is not to reload
     
-    
-    
 
     /* ------------------------------------------------------------ */
     public HashLoginService()
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
index 09b5df9512..ab0f763dde 100644
--- a/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
+++ b/jetty-security/src/main/java/org/eclipse/jetty/security/JDBCLoginService.java
@@ -41,24 +41,17 @@ import org.eclipse.jetty.util.security.Credential;
 /* ------------------------------------------------------------ */
 /**
  * HashMapped User Realm with JDBC as data source. 
- * The login() method checks the inherited Map for the user. If the user is not
+ * The {@link #login(String, Object, ServletRequest)} method checks the inherited Map for the user. If the user is not
  * found, it will fetch details from the database and populate the inherited
- * Map. It then calls the superclass login() method to perform the actual
+ * Map. It then calls the superclass {@link #login(String, Object, ServletRequest)} method to perform the actual
  * authentication. Periodically (controlled by configuration parameter),
  * internal hashes are cleared. Caching can be disabled by setting cache refresh
  * interval to zero. Uses one database connection that is initialized at
- * startup. Reconnect on failures. authenticate() is 'synchronized'.
- * 
+ * startup. Reconnect on failures.
+ * <p> 
  * An example properties file for configuration is in
- * $JETTY_HOME/etc/jdbcRealm.properties
- * 
- * @version $Id: JDBCLoginService.java 4792 2009-03-18 21:55:52Z gregw $
- * 
- * 
- * 
- * 
+ * <code>${jetty.home}/etc/jdbcRealm.properties</code>
  */
-
 public class JDBCLoginService extends AbstractLoginService
 {
     private static final Logger LOG = Log.getLogger(JDBCLoginService.class);
@@ -78,17 +71,11 @@ public class JDBCLoginService extends AbstractLoginService
     
     /**
      * JDBCKnownUser
-     *
-     *
      */
     public class JDBCUserPrincipal extends UserPrincipal
     {
         int _userKey;
         
-        /**
-         * @param name
-         * @param credential
-         */
         public JDBCUserPrincipal(String name, Credential credential, int key)
         {
             super(name, credential);
@@ -237,7 +224,6 @@ public class JDBCLoginService extends AbstractLoginService
     /* ------------------------------------------------------------ */
     /** 
      * @see org.eclipse.jetty.security.MappedLoginService#loadUserInfo(java.lang.String)
-     * @Override
      */
     public UserPrincipal loadUserInfo (String username)
     {
@@ -277,7 +263,6 @@ public class JDBCLoginService extends AbstractLoginService
     /* ------------------------------------------------------------ */
     /** 
      * @see org.eclipse.jetty.security.MappedLoginService#loadRoleInfo(org.eclipse.jetty.security.UserPrincipal.KnownUser)
-     * @Override
      */
     public String[] loadRoleInfo (UserPrincipal user)
     {
@@ -314,9 +299,7 @@ public class JDBCLoginService extends AbstractLoginService
         return null;
     }
     
-   
-    
-    
+
     /* ------------------------------------------------------------ */
     /** 
      * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStop()
@@ -341,5 +324,4 @@ public class JDBCLoginService extends AbstractLoginService
         }
         _con = null;
     }
-
 }