Package org.eclipse.jetty.setuid

Class SetUIDListener

  • All Implemented Interfaces:
    java.util.EventListener, org.eclipse.jetty.util.component.LifeCycle.Listener
    public class SetUIDListener
extends java.lang.Object
implements org.eclipse.jetty.util.component.LifeCycle.Listener

    This LifeCycleListener may be added to a Server to make a JNI call to set the unix UID.

    This can be used to start the server as root so that privileged ports may be accessed and then switch to a non-root user for security. Depending on the value of setStartServerAsPrivileged(boolean), either the server will be started and then the UID set; or the Server.getConnectors() will be opened, the UID set and then the server is started. The latter is the default and avoids any web application code being run as a privileged user, but will not work if the application code also needs to open privileged ports.

    The configured umask is set before the server is started and the configured gid/uid is set after the server is started.

    • Constructor Detail

      • SetUIDListener

        public SetUIDListener()

    • Method Detail

      • setUsername

        public void setUsername​(java.lang.String username)

      • getUsername

        public java.lang.String getUsername()

      • setGroupname

        public void setGroupname​(java.lang.String groupname)

      • getGroupname

        public java.lang.String getGroupname()

      • getUmask

        public int getUmask()

      • getUmaskOctal

        public java.lang.String getUmaskOctal()

      • setUmask

        public void setUmask​(int umask)

      • setUmaskOctal

        public void setUmaskOctal​(java.lang.String umask)

      • getUid

        public int getUid()

      • setUid

        public void setUid​(int uid)

      • setGid

        public void setGid​(int gid)

      • getGid

        public int getGid()

      • setRLimitNoFiles

        public void setRLimitNoFiles​(RLimit rlimit)

      • getRLimitNoFiles

        public RLimit getRLimitNoFiles()

      • isClearSupplementalGroups

        public boolean isClearSupplementalGroups()

      • setClearSupplementalGroups

        public void setClearSupplementalGroups​(boolean clearSupplementalGroups)

      • setGidUid

        protected void setGidUid()

      • lifeCycleFailure

        public void lifeCycleFailure​(org.eclipse.jetty.util.component.LifeCycle server,
                             java.lang.Throwable cause)
        Specified by:
        lifeCycleFailure in interface org.eclipse.jetty.util.component.LifeCycle.Listener

      • lifeCycleStarted

        public void lifeCycleStarted​(org.eclipse.jetty.util.component.LifeCycle server)
        Specified by:
        lifeCycleStarted in interface org.eclipse.jetty.util.component.LifeCycle.Listener

      • lifeCycleStarting

        public void lifeCycleStarting​(org.eclipse.jetty.util.component.LifeCycle lifecycle)
        Specified by:
        lifeCycleStarting in interface org.eclipse.jetty.util.component.LifeCycle.Listener

      • lifeCycleStopped

        public void lifeCycleStopped​(org.eclipse.jetty.util.component.LifeCycle arg0)
        Specified by:
        lifeCycleStopped in interface org.eclipse.jetty.util.component.LifeCycle.Listener

      • lifeCycleStopping

        public void lifeCycleStopping​(org.eclipse.jetty.util.component.LifeCycle arg0)
        Specified by:
        lifeCycleStopping in interface org.eclipse.jetty.util.component.LifeCycle.Listener

      • isStartServerAsPrivileged

        public boolean isStartServerAsPrivileged()
        Returns:
        the startServerAsPrivileged

      • setStartServerAsPrivileged

        public void setStartServerAsPrivileged​(boolean startContextsAsPrivileged)
        Parameters:
        startContextsAsPrivileged - if true, the server is started and then the process UID is switched. If false, the connectors are opened, the UID is switched and then the server is started.