static SecurityHandler |
WebSecurity.allowAnonymous() |
If called, authentication failure will not abort request and will continue as anonymous (defaults to false).
|
SecurityHandler |
SecurityHandler.audit() |
Audit this request for any method.
|
static SecurityHandler |
WebSecurity.audit() |
Whether to audit this request - defaults to false for GET and HEAD methods, true otherwise.
|
SecurityHandler |
SecurityHandler.auditEventType(String eventType) |
Override for event-type, defaults to "request".
|
SecurityHandler |
SecurityHandler.auditMessageFormat(String messageFormat) |
Override for audit message format, defaults to "%3$s %1$s \"%2$s\" %5$s %6$s requested by %4$s".
|
SecurityHandler |
SecurityHandler.authenticate() |
If called, request will go through authentication process - (authentication is disabled by default - it may be enabled
as a side effect of other methods, such as rolesAllowed(String...). |
static SecurityHandler |
WebSecurity.authenticate() |
If called, request will go through authentication process - defaults to false (even if authorize is true).
|
SecurityHandler |
SecurityHandler.authenticationOptional() |
If called, authentication failure will not abort request and will continue as anonymous (authentication is not optional
by default).
|
SecurityHandler |
SecurityHandler.authenticator(String explicitAuthenticator) |
Use a named authenticator (as supported by security - if not defined, default authenticator is used).
|
static SecurityHandler |
WebSecurity.authenticator(String explicitAuthenticator) |
Use a named authenticator (as supported by security - if not defined, default authenticator is used).
|
SecurityHandler |
SecurityHandler.authorize() |
If called, request will go through authorization process - (authorization is disabled by default - it may be enabled
as a side effect of other methods, such as rolesAllowed(String...). |
static SecurityHandler |
WebSecurity.authorize() |
Enable authorization for this route.
|
SecurityHandler |
SecurityHandler.authorizer(String explicitAuthorizer) |
Use a named authorizer (as supported by security - if not defined, default authorizer is used, if none defined, all is
permitted).
|
static SecurityHandler |
WebSecurity.authorizer(String explicitAuthorizer) |
Use a named authorizer (as supported by security - if not defined, default authorizer is used, if none defined, all is
permitted).
|
SecurityHandler |
SecurityHandler.customObject(Object object) |
Register a custom object for security request(s).
|
static SecurityHandler |
WebSecurity.enforce() |
Return a default instance to create a default enforcement point (or modify the result further).
|
SecurityHandler |
SecurityHandler.queryParam(String queryParamName,
TokenHandler headerHandler) |
Add a query parameter extraction configuration.
|
SecurityHandler |
SecurityHandler.rolesAllowed(String... roles) |
An array of allowed roles for this path - must have a security provider supporting roles (either authentication
or authorization provider).
|
static SecurityHandler |
WebSecurity.rolesAllowed(String... roles) |
An array of allowed roles for this path - must have a security provider supporting roles.
|
static SecurityHandler |
WebSecurity.secure() |
Secure access using authentication and authorization.
|
SecurityHandler |
SecurityHandler.skipAudit() |
Disable auditing of this request.
|
SecurityHandler |
SecurityHandler.skipAuthentication() |
If called, request will NOT go through authentication process.
|
SecurityHandler |
SecurityHandler.skipAuthorization() |
Skip authorization for this route.
|