public class AuthHandler
extends org.eclipse.jetty.server.handler.AbstractHandler
org.eclipse.jetty.server.handler.AbstractHandler.ErrorDispatchHandler
org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener
Modifier and Type | Field and Description |
---|---|
private java.lang.String |
authorizationCookieName
Authorization cookie name
|
private java.lang.String |
authorizationToken
Authorization token
|
private java.lang.String |
cookieToken
Cookie token
|
private static java.util.logging.Logger |
LOG
Logger.
|
Constructor and Description |
---|
AuthHandler(java.lang.String authorizationToken)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
private boolean |
checkCookies(javax.servlet.http.HttpServletRequest request)
Check cookies list for a cookie that match the expected value.
|
private boolean |
checkQueryParam(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Check authorization token PARAM_TOKEN.
|
void |
handle(java.lang.String target,
org.eclipse.jetty.server.Request base,
javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Handle the request.
|
private boolean |
isAuthorized(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Check authorization.
|
destroy, doError, doStart, doStop, getServer, setServer
addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpObjects, dumpStdErr, dumpThis, getBean, getBeans, getBeans, getContainedBeans, getContainedBeans, isAuto, isManaged, isUnmanaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop, toString
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
private static final java.util.logging.Logger LOG
private java.lang.String authorizationCookieName
private java.lang.String cookieToken
private java.lang.String authorizationToken
public AuthHandler(java.lang.String authorizationToken)
authorizationToken
- Authorization token.public void handle(java.lang.String target, org.eclipse.jetty.server.Request base, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
handle
in interface org.eclipse.jetty.server.Handler
handle
in class org.eclipse.jetty.server.handler.AbstractHandler
target
- The target of the request - either a URI or a name.base
- The base request.request
- The object or a wrapper of the request.response
- The object or a wrapper of the response.private boolean isAuthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
If query parameter is missing check the browser cookies list for a cookie having an authorization token that match the expected cookie. If found the request is authorized otherwise the request is denied. This should happen after initial redirection whenever the page is reloaded.
request
- HttpServletRequest instance.response
- HttpServletResponse instance.true
if authorized false
otherwise.private boolean checkQueryParam(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
request
- HttpServletRequest instance.response
- HttpServletResponse instance.true
if authorized false
otherwise.private boolean checkCookies(javax.servlet.http.HttpServletRequest request)
request
- HttpServletRequest instance.true
if authorized false
otherwise.