Hi Gregor - While I haven't tried this with embedded Jetty, you may try a third approach.
3. Programmatic Security Leave it declaratively unconstrained but define the login-config for BASIC. In a filter or directly in a servlet, direct the container to authenticate the user through HttpServletRequest.authenticate(). See: http://docs.oracle.com/javaee/6/tutorial/doc/gjiie.html HTH. --larry On Wed, Jan 23, 2013 at 8:26 AM, Gregor Jarisch <[email protected]> wrote: > me again. > Still couldn't managed to solve my issue. > > I see two possible solutions: > 1) Intercept jetty before basic auth, --> redirect to https > (unfortunately, filters get invoked later) > 2) Make basic auth for https connections only, therefore skip auth on http > > Any ideas how I can achieve one of those two approaches? > > thanks. > > On 22.01.2013 12:26, Gregor Jarisch wrote: > > Hi there, > > > > I am facing the following problem. I have an embedded jetty (8.1.7) and > > I'd like to run my application on https only. > > Furthermore my users have to authenticate via basic auth. The redirect > > from http to https works fine, the problem is that jetty is asking for > > authentication on http too before the redirect, instead of redirecting > > to https first. > > > > How can I prevent the insecure basic prompt on http? > > > > Thanks. > > > > This is my code: > > > > List<Connector> connectors = new LinkedList<Connector>(); > > > > SelectChannelConnector proxyConnector = new > > SelectChannelConnector() { > > @Override > > public void customize(EndPoint endpoint, Request request) > > throws IOException { > > request.setScheme("https"); > > super.customize(endpoint, request); > > } > > }; > > > > proxyConnector.setHost("localhost"); > > proxyConnector.setPort(80); > > proxyConnector.setConfidentialPort(443); > > proxyConnector.setIntegralPort(443); > > if (options.useBehindProxy) { > > proxyConnector.setHostHeader("localhost:443"); > > proxyConnector.setForwarded(true); > > } > > connectors.add(proxyConnector); > > > > ConstraintSecurityHandler csh = new ConstraintSecurityHandler(); > > csh.setAuthenticator(new BasicAuthenticator()); > > csh.setRealmName("realm"); > > csh.setLoginService(options.loginService); > > > > Constraint basicAuthConstraint = new Constraint(); > > basicAuthConstraint.setName(Constraint.__BASIC_AUTH); > > basicAuthConstraint.setRoles(new String[]{"user"}); > > basicAuthConstraint.setAuthenticate(true); > > > basicAuthConstraint.setDataConstraint(Constraint.DC_CONFIDENTIAL); > > > > ConstraintMapping cm = new ConstraintMapping(); > > cm.setConstraint(basicAuthConstraint); > > cm.setPathSpec("/*"); > > csh.addConstraintMapping(cm); > > context.setSecurityHandler(csh); > > > > SslSocketConnector sslConnector = new SslSocketConnector(); > > sslConnector.setPort(443); > > sslConnector.setPassword("..."); > > sslConnector.setKeyPassword("..."); > > sslConnector.setKeystore("..."); > > sslConnector.setTrustPassword("..."); > > connectors.add(sslConnector); > > > > server.setConnectors(connectors.toArray(new > > Connector[connectors.size()])); > > > > _______________________________________________ > > jetty-users mailing list > > [email protected] > > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > -- > Ing. Gregor Jarisch > entrepreneurship & development > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
