Done, the bug no.: 359329. But it is assigned to Greg Wilkins. I do not know how to change the assignment.
Thanks From: jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org] On Behalf Of Jan Bartel Sent: Thursday, September 29, 2011 6:52 AM To: JETTY user mailing list Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 Guofeng, When you raise the issue, assign it to me. I'm most of the way through setting up an environment to deal with this. thanks Jan On 28 September 2011 22:53, Jesse McConnell <jesse.mcconn...@gmail.com<mailto:jesse.mcconn...@gmail.com>> wrote: Code diff's have to come in through bugzilla before we can apply them, so if you would open an issue on bugs.eclipse.org<http://bugs.eclipse.org> and attach the diff there we can look at applying it....this is standard eclipse policy, sorry about the hassle :) cheers, jesse -- jesse mcconnell jesse.mcconn...@gmail.com<mailto:jesse.mcconn...@gmail.com> On Wed, Sep 28, 2011 at 02:30, Guofeng Zhang <guof...@radvision.com<mailto:guof...@radvision.com>> wrote: > The sources in jetty-7.5.1.v20110908/jetty-jaspi and > jetty-8.0.1.v20110908/jetty-jaspi are the same each other. > > > > JASPI does not work in etty-7.5.1.v20110908. Merge what I changed to > jetty-7.5.1.v20110908 works by my test, so you could first fix it in Jetty > 7, then merge the fix to Jetty 8. > > > > > > From: jetty-users-boun...@eclipse.org<mailto:jetty-users-boun...@eclipse.org> > [mailto:jetty-users-boun...@eclipse.org<mailto:jetty-users-boun...@eclipse.org>] > On Behalf Of Jan Bartel > Sent: Wednesday, September 28, 2011 2:07 PM > To: JETTY user mailing list > Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 > > > > Hi, > > Thanks for that comprehensive information, we will certainly look into it. > > In saying that jetty-jaspi currently does not work well on jetty-8, does > this mean that it is working fine > with jetty-7? We try to maintain as much of the codebase in common between > jetty-7 and jetty-8 as > possible, so I'd like to know if this is something that should go into > jetty-7, and will then get merged > into jetty-8, or if this is a problem specific to jetty-8. > > thanks > Jan > > On 28 September 2011 15:23, Guofeng Zhang > <guof...@radvision.com<mailto:guof...@radvision.com>> wrote: > > Hi, > > > > JASPI make us to plug in other authentication module (for example, using > openID or other mechanism to authenticate users) easier on Jetty for > container-managed security. There is jetty-jaspi module in the Jetty source > code base, but I think it has not been maintained for a long time. > > > > By making a little fix on jetty-jaspi module, I make the JASPI works well on > Jetty 8. I attach the changes. I hope if I did it well, it could be merged > into the next Jetty 8 release. > > > > To use JASPI: > > 1. Creating a JASPI configuration XML file for your auth module: > > <?xml version="1.0" encoding="UTF-8"?> > > <jaspi xmlns="http://geronimo.apache.org/xml/ns/geronimo-jaspi";> > > > > <configProvider> > > <messageLayer>HTTP</messageLayer> > > <appContext>/ui</appContext> > > <description>description</description> > > <serverAuthConfig> > > > <authenticationContextID>authenticationContextID2</authenticationContextID> > > <protected>true</protected> > > <serverAuthContext> > > <serverAuthModule> > > > <className>org.eclipse.jetty.security.jaspi.modules.FormAuthModule</className> > > <options> > > > org.eclipse.jetty.security.jaspi.modules.LoginPage=/secure/jaaslogin > > > org.eclipse.jetty.security.jaspi.modules.ErrorPage=/secure/jaaserror > > </options> > > </serverAuthModule> > > </serverAuthContext> > > </serverAuthConfig> > > <persistent>true</persistent> > > </configProvider> > > </jaspi> > > The above using the Jetty built-in FormAuthModule, if you want to use the > built-in Basic or Digest auth module, the <serverAuthModule> part should be: > > <serverAuthModule> > > > <className>org.eclipse.jetty.security.jaspi.modules.DigestAuthModule</className> > > <options> > > > org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm > > </options> > > </serverAuthModule> > > Or > > <serverAuthModule> > > > <className>org.eclipse.jetty.security.jaspi.modules.BasicAuthModule</className> > > <options> > > > org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm > > </options> > > </serverAuthModule> > > > > Here I use the implementation of JASPI of geronimo-jaspi 2.0-SNAPSHOT from > geronimo-jaspi (https://github.com/apache/geronimo-jaspi). you could use > geronimo-jaspi 1.1.1 release, but you might need to implements > javax.security.auth.message.config.AuthConfigProvider (and not > javax.security.auth.message.module.ServerAuthModule) and configure it in the > above XML file. > > > > 2. Configuring your AppContext to use JaspiAuthenticatorFactory. I > configured it in jetty-web.xml file: > > <Configure class="org.eclipse.jetty.webapp.WebAppContext"> > > <Set name="securityHandler"> > > <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> > > <Set name="loginService"> > > <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> > > <Set name="name">JAASRealm</Set> > > <Set name="loginModuleName">jaas</Set> > > </New> > > </Set> > > > > <Set name="authenticatorFactory"> > > <New > class="org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory" /> > > </Set> > > </New> > > </Set> > > </Configure> > > > > 3. When launching Jetty, using > -Dorg.apache.geronimo.jaspic.configurationFile to tell geronimo-jaspi where > to find the JASPI configuration file. The following is the > jetty-maven-plugin configuration (my JASPI configuration file is > form-test-jaspi-2.xml): > > <plugin> > > <groupId>org.mortbay.jetty</groupId> > > <artifactId>jetty-maven-plugin</artifactId> > > <version>${jetty.version}</version> > > <configuration> > > <scanIntervalSeconds>10</scanIntervalSeconds> > > <webAppConfig> > > <contextPath>/ui</contextPath> > > <parentLoaderPriority>true</parentLoaderPriority> > > </webAppConfig> > > > > <systemProperties> > > <systemProperty> > > <name>java.security.auth.login.config</name> > > <value>./conf/jetty/jaas.conf</value> > > </systemProperty> > > <systemProperty> > > <name>org.apache.geronimo.jaspic.configurationFile</name> > > <value>./conf/jaspi/form-test-jaspi-2.xml</value> > > </systemProperty> > > </configuration> > > <dependencies> > > <dependency> > > <groupId>org.eclipse.jetty</groupId> > > <artifactId>jetty-jaspi</artifactId> > > <version>${jetty.version}</version> > > </dependency> > > <dependency> > > <groupId>org.apache.geronimo.components</groupId> > > <artifactId>geronimo-jaspi</artifactId> > > <version>2.0-SNAPSHOT</version> > > </dependency> > > </dependencies> > > </plugin> > > In my test, I use my own JAAS login module, which configured in jaas.conf. > you could use Jetty built-in login module as described in > http://wiki.eclipse.org/Jetty/Feature/JAAS. > > > > Q: what I cannot know if I did it correctly is the changes to > JaspiAuthenticator. I removed the following lines at the beginning of > validateRequest(): > > if (_allowLazyAuthentication && !mandatory) > > return _deferred; > > and add the following: > > if ( !isMandatory( messageInfo ) ) > > return _deferred ; > > after "if (authStatus == AuthStatus.SUCCESS)" at line 114. This make me have > to add the following in validateRequest() of FormAuthModule class: > > Authentication authentication = > ((org.eclipse.jetty.server.Request)request).getAuthentication() ; > > if (authentication instanceof Authentication.Deferred ) > > return AuthStatus.SEND_SUCCESS; > > or the unprotected resources won't be handled properly. This makes the auth > module to have to know how Authentication.Deferred works, it is not an > easier to use dependency. This might be that I do not understand > DeferredAuthentication class clearly. Your advice is appreciated. > > > > Thanks. > > > > > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org<mailto:jetty-users@eclipse.org> > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org<mailto:jetty-users@eclipse.org> > https://dev.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ jetty-users mailing list jetty-users@eclipse.org<mailto:jetty-users@eclipse.org> https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org https://dev.eclipse.org/mailman/listinfo/jetty-users
