I have setup a simple Jetty 12 server to render dynamic content using Handler.Abstract and the Freemarker template engine. The code snippet is as shown below:

PathMappingsHandler pathMappingsHandler = new PathMappingsHandler();
pathMappingsHandler.addMapping(PathSpec.from("/"), new IndexHandler());
pathMappingsHandler.addMapping(PathSpec.from("/users"), new UsersHandler());

Handler.Sequence handlers = new Handler.Sequence();
handlers.addHandler(pathMappingsHandler);
handlers.addHandler(new DefaultHandler());

server.setHandler(handlers);

public class UsersHandler extends Handler.Abstract {
    private static final Configuration cfg = FreeMarkerUtil.getFreeMarkerCfgInstance();

    @Override
    public boolean handle(Request request, Response response, Callback callback) throws Exception {
        Template fmtemplate = cfg.getTemplate("users.html");
        Map<String, Object> datamap = new HashMap<>();
        List<AppUser> users = getData();
        datamap.put("users", users);

        StringWriter writer = new StringWriter();
        fmtemplate.process(datamap, writer);
        String msg = writer.toString();

        response.setStatus(200);
        response.getHeaders().put(HttpHeader.CONTENT_TYPE, "text/html; charset=UTF-8");
        Content.Sink.write(response, true, msg, callback);
        return true;
    }
}

The code is working fine. I have two questions:

1. Is this the correct or best way to integrate the template engine to render dynamic content in Jetty 12 handler?
2. Is there a way I can secure the UsersHandler – meaning only upon user authentication, should the users-data be rendered?

I know how to do using Servlet security but not sure if a secure handler can be configured on Jetty 12 Handler.Abstract.