How to configure security handler in embedded jetty after jetty start










0















I am trying to configure a security handler on ServletContext in Jetty after Jetty start.



Like this:



Handler contextHandlers = contexts.getHandlers();
for(Handler context : contextHandlers) {
if(context instanceof ServletContextHandler && ((ServletContextHandler) context).getContextPath().equals("/api"))
context.setSecurityHandler(securityHandler);
break;



But I get following exception:




java.lang.IllegalStateException: STARTED



at
org.eclipse.jetty.servlet.ServletContextHandler.setSecurityHandler(ServletContextHandler.java:483)




Why is this not possible?



Screenshot:



enter image description here



EDIT:



I looked at the source code & there it checks for isStarted flag. Is it a security flaw to add security handler after jetty start?:



public void setSecurityHandler(SecurityHandler securityHandler)

if (isStarted())
throw new IllegalStateException("STARTED");

if (_securityHandler!=null)
_securityHandler.setHandler(null);
_securityHandler = securityHandler;
relinkHandlers();



(Reason, I have to do this is a bit complicated but I will try to explain: I am running a keycloak server behind a proxy which is reachable though my Jetty server. Let's say Jetty s running on host1 and keycloak is running on host2. But at time of setting keycloak security hanlder, whichever host is configured , keycloak allows authentication on tokens generated from that domain only. Therefore I want to configure Jetty host in security handler, which is not available until Jetty start)










share|improve this question




























    0















    I am trying to configure a security handler on ServletContext in Jetty after Jetty start.



    Like this:



    Handler contextHandlers = contexts.getHandlers();
    for(Handler context : contextHandlers) {
    if(context instanceof ServletContextHandler && ((ServletContextHandler) context).getContextPath().equals("/api"))
    context.setSecurityHandler(securityHandler);
    break;



    But I get following exception:




    java.lang.IllegalStateException: STARTED



    at
    org.eclipse.jetty.servlet.ServletContextHandler.setSecurityHandler(ServletContextHandler.java:483)




    Why is this not possible?



    Screenshot:



    enter image description here



    EDIT:



    I looked at the source code & there it checks for isStarted flag. Is it a security flaw to add security handler after jetty start?:



    public void setSecurityHandler(SecurityHandler securityHandler)

    if (isStarted())
    throw new IllegalStateException("STARTED");

    if (_securityHandler!=null)
    _securityHandler.setHandler(null);
    _securityHandler = securityHandler;
    relinkHandlers();



    (Reason, I have to do this is a bit complicated but I will try to explain: I am running a keycloak server behind a proxy which is reachable though my Jetty server. Let's say Jetty s running on host1 and keycloak is running on host2. But at time of setting keycloak security hanlder, whichever host is configured , keycloak allows authentication on tokens generated from that domain only. Therefore I want to configure Jetty host in security handler, which is not available until Jetty start)










    share|improve this question


























      0












      0








      0








      I am trying to configure a security handler on ServletContext in Jetty after Jetty start.



      Like this:



      Handler contextHandlers = contexts.getHandlers();
      for(Handler context : contextHandlers) {
      if(context instanceof ServletContextHandler && ((ServletContextHandler) context).getContextPath().equals("/api"))
      context.setSecurityHandler(securityHandler);
      break;



      But I get following exception:




      java.lang.IllegalStateException: STARTED



      at
      org.eclipse.jetty.servlet.ServletContextHandler.setSecurityHandler(ServletContextHandler.java:483)




      Why is this not possible?



      Screenshot:



      enter image description here



      EDIT:



      I looked at the source code & there it checks for isStarted flag. Is it a security flaw to add security handler after jetty start?:



      public void setSecurityHandler(SecurityHandler securityHandler)

      if (isStarted())
      throw new IllegalStateException("STARTED");

      if (_securityHandler!=null)
      _securityHandler.setHandler(null);
      _securityHandler = securityHandler;
      relinkHandlers();



      (Reason, I have to do this is a bit complicated but I will try to explain: I am running a keycloak server behind a proxy which is reachable though my Jetty server. Let's say Jetty s running on host1 and keycloak is running on host2. But at time of setting keycloak security hanlder, whichever host is configured , keycloak allows authentication on tokens generated from that domain only. Therefore I want to configure Jetty host in security handler, which is not available until Jetty start)










      share|improve this question
















      I am trying to configure a security handler on ServletContext in Jetty after Jetty start.



      Like this:



      Handler contextHandlers = contexts.getHandlers();
      for(Handler context : contextHandlers) {
      if(context instanceof ServletContextHandler && ((ServletContextHandler) context).getContextPath().equals("/api"))
      context.setSecurityHandler(securityHandler);
      break;



      But I get following exception:




      java.lang.IllegalStateException: STARTED



      at
      org.eclipse.jetty.servlet.ServletContextHandler.setSecurityHandler(ServletContextHandler.java:483)




      Why is this not possible?



      Screenshot:



      enter image description here



      EDIT:



      I looked at the source code & there it checks for isStarted flag. Is it a security flaw to add security handler after jetty start?:



      public void setSecurityHandler(SecurityHandler securityHandler)

      if (isStarted())
      throw new IllegalStateException("STARTED");

      if (_securityHandler!=null)
      _securityHandler.setHandler(null);
      _securityHandler = securityHandler;
      relinkHandlers();



      (Reason, I have to do this is a bit complicated but I will try to explain: I am running a keycloak server behind a proxy which is reachable though my Jetty server. Let's say Jetty s running on host1 and keycloak is running on host2. But at time of setting keycloak security hanlder, whichever host is configured , keycloak allows authentication on tokens generated from that domain only. Therefore I want to configure Jetty host in security handler, which is not available until Jetty start)







      java jetty keycloak embedded-jetty






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 14 '18 at 5:57







      tryingToLearn

















      asked Nov 14 '18 at 4:20









      tryingToLearntryingToLearn

      2,60222750




      2,60222750






















          1 Answer
          1






          active

          oldest

          votes


















          1














          You cannot modify the SecurityHandler on a running (started) webapp.



          This is mostly due to the nature of the Servlet initialization lifecycle, and the myriad of components that need access to the Security layer and its configuration.



          You cannot yank that layer out and change it after the fact.



          You'll have to call:



          myWebAppContext.stop();
          myWebAppContext.setSecurityHandler(mySuperDooperSecurityHandler);
          myWebAppContext.start();





          share|improve this answer






















            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53293147%2fhow-to-configure-security-handler-in-embedded-jetty-after-jetty-start%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            You cannot modify the SecurityHandler on a running (started) webapp.



            This is mostly due to the nature of the Servlet initialization lifecycle, and the myriad of components that need access to the Security layer and its configuration.



            You cannot yank that layer out and change it after the fact.



            You'll have to call:



            myWebAppContext.stop();
            myWebAppContext.setSecurityHandler(mySuperDooperSecurityHandler);
            myWebAppContext.start();





            share|improve this answer



























              1














              You cannot modify the SecurityHandler on a running (started) webapp.



              This is mostly due to the nature of the Servlet initialization lifecycle, and the myriad of components that need access to the Security layer and its configuration.



              You cannot yank that layer out and change it after the fact.



              You'll have to call:



              myWebAppContext.stop();
              myWebAppContext.setSecurityHandler(mySuperDooperSecurityHandler);
              myWebAppContext.start();





              share|improve this answer

























                1












                1








                1







                You cannot modify the SecurityHandler on a running (started) webapp.



                This is mostly due to the nature of the Servlet initialization lifecycle, and the myriad of components that need access to the Security layer and its configuration.



                You cannot yank that layer out and change it after the fact.



                You'll have to call:



                myWebAppContext.stop();
                myWebAppContext.setSecurityHandler(mySuperDooperSecurityHandler);
                myWebAppContext.start();





                share|improve this answer













                You cannot modify the SecurityHandler on a running (started) webapp.



                This is mostly due to the nature of the Servlet initialization lifecycle, and the myriad of components that need access to the Security layer and its configuration.



                You cannot yank that layer out and change it after the fact.



                You'll have to call:



                myWebAppContext.stop();
                myWebAppContext.setSecurityHandler(mySuperDooperSecurityHandler);
                myWebAppContext.start();






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 14 '18 at 12:28









                Joakim ErdfeltJoakim Erdfelt

                32.6k45795




                32.6k45795



























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53293147%2fhow-to-configure-security-handler-in-embedded-jetty-after-jetty-start%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    How to read a connectionString WITH PROVIDER in .NET Core?

                    Museum of Modern and Contemporary Art of Trento and Rovereto

                    In R, how to develop a multiplot heatmap.2 figure showing key labels successfully