Class SecurityHandler

All Implemented Interfaces:
Authenticator.AuthConfiguration, Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle
Direct Known Subclasses:
ConstraintSecurityHandler

public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration
Abstract SecurityHandler.

Select and apply an Authenticator to a request.

The Authenticator may either be directly set on the handler or will be create during AbstractLifeCycle.start() with a call to either the default or set AuthenticatorFactory.

SecurityHandler has a set of initparameters that are used by the Authentication.Configuration. At startup, any context init parameters that start with "org.eclipse.jetty.security." that do not have values in the SecurityHandler init parameters, are copied.

  • Field Details

    • __NO_USER

      public static final Principal __NO_USER
    • __NOBODY

      public static final Principal __NOBODY
      Nobody user. The Nobody UserPrincipal is used to indicate a partial state of authentication. A request with a Nobody UserPrincipal will be allowed past all authentication constraints - but will not be considered an authenticated request. It can be used by Authenticators such as FormAuthenticator to allow access to logon and error pages within an authenticated URI tree.
  • Constructor Details

    • SecurityHandler

      protected SecurityHandler()
  • Method Details