public class WebAuthHandler
extends org.eclipse.jetty.server.handler.AbstractHandler
If the loginPath
is set, then that must be used to get an authentication token, which will then
be passed to any other request. The context will be destroyed when logout
is performed,
or on the configured timeout.
org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener
Modifier and Type | Field and Description |
---|---|
private WebServiceAuth |
auth
The authentication and authorization implementation.
|
private java.lang.String |
loginPath
The explicit login path (relative to basepath plus any address configured at the
LegacyService ). |
private java.lang.String |
logoutPath
The explicit logout path (relative to basepath plus any address configured at the
LegacyService ). |
Constructor and Description |
---|
WebAuthHandler(java.lang.String type,
java.lang.String authType,
java.lang.String loginPath,
java.lang.String logoutPath,
int timeout)
Initialize this instance.
|
Modifier and Type | Method and Description |
---|---|
java.lang.String |
authorize(java.lang.String target,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Authorize this request (it is known to have passed authentication).
|
void |
handle(java.lang.String target,
org.eclipse.jetty.server.Request baseRequest,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Check if this is a login or logout API call.
|
void |
postHandle(java.lang.String token)
Perform any post-handle logic.
|
private java.lang.String |
preparePath(java.lang.String path)
Prepare this path by ensuring it will always start with a '/' but not end with a '/'.
|
destroy, doError, doStart, doStop, getServer, setServer
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
private final WebServiceAuth auth
private final java.lang.String loginPath
LegacyService
).private final java.lang.String logoutPath
LegacyService
).public WebAuthHandler(java.lang.String type, java.lang.String authType, java.lang.String loginPath, java.lang.String logoutPath, int timeout)
type
- The web service type (REST, SOAP, WEBHANDLER).authType
- The authentication type (only "basic" is supported at this time).loginPath
- The login path.logoutPath
- The logout path.timeout
- The context timeout.public void handle(java.lang.String target, org.eclipse.jetty.server.Request baseRequest, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
WebServiceAuth.authenticate(javax.servlet.http.HttpServletRequest)
to
check if the request either has full authentication details, or a valid authentication token.
No authorization is performed at this time. authorize(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
will be called by the web service
implementation after the web service is resolved from the request.
handle
in interface org.eclipse.jetty.server.Handler
handle
in class org.eclipse.jetty.server.handler.AbstractHandler
target
- The target path.baseRequest
- The HTTP request, Jetty style.request
- The HTTP request.response
- The HTTP response.public void postHandle(java.lang.String token)
logout path
enforced.token
- The authentication token.public java.lang.String authorize(java.lang.String target, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
target
- The target path.request
- The HTTP request.response
- The HTTP response.null
if the request couldn't be authorized. Otherwise, the authentication token.private java.lang.String preparePath(java.lang.String path)
path
- The path to prepare.