Example 16 with Response
use of org.eclipse.jetty.server.Response in project jetty.project by eclipse.
the class SecurityHandler method handle.
/* ------------------------------------------------------------ */
/*
* @see org.eclipse.jetty.server.Handler#handle(java.lang.String,
* javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, int)
*/
@Override
public void handle(String pathInContext, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
final Response base_response = baseRequest.getResponse();
final Handler handler = getHandler();
if (handler == null)
return;
final Authenticator authenticator = _authenticator;
if (checkSecurity(baseRequest)) {
//See Servlet Spec 3.1 sec 13.6.3
if (authenticator != null)
authenticator.prepareRequest(baseRequest);
RoleInfo roleInfo = prepareConstraintInfo(pathInContext, baseRequest);
// Check data constraints
if (!checkUserDataPermissions(pathInContext, baseRequest, base_response, roleInfo)) {
if (!baseRequest.isHandled()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// is Auth mandatory?
boolean isAuthMandatory = isAuthMandatory(baseRequest, base_response, roleInfo);
if (isAuthMandatory && authenticator == null) {
LOG.warn("No authenticator for: " + roleInfo);
if (!baseRequest.isHandled()) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
baseRequest.setHandled(true);
}
return;
}
// check authentication
Object previousIdentity = null;
try {
Authentication authentication = baseRequest.getAuthentication();
if (authentication == null || authentication == Authentication.NOT_CHECKED)
authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(request, response, isAuthMandatory);
if (authentication instanceof Authentication.Wrapped) {
request = ((Authentication.Wrapped) authentication).getHttpServletRequest();
response = ((Authentication.Wrapped) authentication).getHttpServletResponse();
}
if (authentication instanceof Authentication.ResponseSent) {
baseRequest.setHandled(true);
} else if (authentication instanceof Authentication.User) {
Authentication.User userAuth = (Authentication.User) authentication;
baseRequest.setAuthentication(authentication);
if (_identityService != null)
previousIdentity = _identityService.associate(userAuth.getUserIdentity());
if (isAuthMandatory) {
boolean authorized = checkWebResourcePermissions(pathInContext, baseRequest, base_response, roleInfo, userAuth.getUserIdentity());
if (!authorized) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "!role");
baseRequest.setHandled(true);
return;
}
}
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator != null)
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
} else if (authentication instanceof Authentication.Deferred) {
DeferredAuthentication deferred = (DeferredAuthentication) authentication;
baseRequest.setAuthentication(authentication);
try {
handler.handle(pathInContext, baseRequest, request, response);
} finally {
previousIdentity = deferred.getPreviousAssociation();
}
if (authenticator != null) {
Authentication auth = baseRequest.getAuthentication();
if (auth instanceof Authentication.User) {
Authentication.User userAuth = (Authentication.User) auth;
authenticator.secureResponse(request, response, isAuthMandatory, userAuth);
} else
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
} else {
baseRequest.setAuthentication(authentication);
if (_identityService != null)
previousIdentity = _identityService.associate(null);
handler.handle(pathInContext, baseRequest, request, response);
if (authenticator != null)
authenticator.secureResponse(request, response, isAuthMandatory, null);
}
} catch (ServerAuthException e) {
// jaspi 3.8.3 send HTTP 500 internal server error, with message
// from AuthException
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} finally {
if (_identityService != null)
_identityService.disassociate(previousIdentity);
}
} else
handler.handle(pathInContext, baseRequest, request, response);
}
Also used :
Handler(org.eclipse.jetty.server.Handler)
ContextHandler(org.eclipse.jetty.server.handler.ContextHandler)
DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication)
Response(org.eclipse.jetty.server.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
DeferredAuthentication(org.eclipse.jetty.security.authentication.DeferredAuthentication)
Authentication(org.eclipse.jetty.server.Authentication)
Aggregations
Response (org.eclipse.jetty.server.Response)16
HttpServletResponse (javax.servlet.http.HttpServletResponse)12
HttpServletRequest (javax.servlet.http.HttpServletRequest)6
Request (org.eclipse.jetty.server.Request)6
IOException (java.io.IOException)5
ServletException (javax.servlet.ServletException)4
HttpSession (javax.servlet.http.HttpSession)4
Authentication (org.eclipse.jetty.server.Authentication)4
HttpCookie (org.eclipse.jetty.http.HttpCookie)3
Server (org.eclipse.jetty.server.Server)3
URISyntaxException (java.net.URISyntaxException)2
RequestDispatcher (javax.servlet.RequestDispatcher)2
ServletRequest (javax.servlet.ServletRequest)2
ServletResponse (javax.servlet.ServletResponse)2
ServerAuthException (org.eclipse.jetty.security.ServerAuthException)2
UserAuthentication (org.eclipse.jetty.security.UserAuthentication)2
DeferredAuthentication (org.eclipse.jetty.security.authentication.DeferredAuthentication)2
User (org.eclipse.jetty.server.Authentication.User)2
Handler (org.eclipse.jetty.server.Handler)2
UserIdentity (org.eclipse.jetty.server.UserIdentity)2
