Hi Larry, indeed this was a very helpful clue. works nice. Only thing is that I cannot leave it declaratively unconstrained since this leads to a NPE. Seems like Jetty is expecting a path. I could use a path which very unlikely will ever be used (like "/msdclk230234scsm"), but I rather would like to have a clean solution. Any ideas?
On 23.01.2013 14:38, larry mccay wrote: > Hi Gregor - > > While I haven't tried this with embedded Jetty, you may try a third > approach. > > 3. Programmatic Security > Leave it declaratively unconstrained but define the login-config for > BASIC. > In a filter or directly in a servlet, direct the container to > authenticate the user through HttpServletRequest.authenticate(). > See: http://docs.oracle.com/javaee/6/tutorial/doc/gjiie.html > > HTH. > > --larry > > On Wed, Jan 23, 2013 at 8:26 AM, Gregor Jarisch <[email protected] > <mailto:[email protected]>> wrote: > > me again. > Still couldn't managed to solve my issue. > > I see two possible solutions: > 1) Intercept jetty before basic auth, --> redirect to https > (unfortunately, filters get invoked later) > 2) Make basic auth for https connections only, therefore skip auth > on http > > Any ideas how I can achieve one of those two approaches? > > thanks. > > On 22.01.2013 12:26, Gregor Jarisch wrote: > > Hi there, > > > > I am facing the following problem. I have an embedded jetty > (8.1.7) and > > I'd like to run my application on https only. > > Furthermore my users have to authenticate via basic auth. The > redirect > > from http to https works fine, the problem is that jetty is > asking for > > authentication on http too before the redirect, instead of > redirecting > > to https first. > > > > How can I prevent the insecure basic prompt on http? > > > > Thanks. > > > > This is my code: > > > > List<Connector> connectors = new LinkedList<Connector>(); > > > > SelectChannelConnector proxyConnector = new > > SelectChannelConnector() { > > @Override > > public void customize(EndPoint endpoint, Request > request) > > throws IOException { > > request.setScheme("https"); > > super.customize(endpoint, request); > > } > > }; > > > > proxyConnector.setHost("localhost"); > > proxyConnector.setPort(80); > > proxyConnector.setConfidentialPort(443); > > proxyConnector.setIntegralPort(443); > > if (options.useBehindProxy) { > > proxyConnector.setHostHeader("localhost:443"); > > proxyConnector.setForwarded(true); > > } > > connectors.add(proxyConnector); > > > > ConstraintSecurityHandler csh = new > ConstraintSecurityHandler(); > > csh.setAuthenticator(new BasicAuthenticator()); > > csh.setRealmName("realm"); > > csh.setLoginService(options.loginService); > > > > Constraint basicAuthConstraint = new Constraint(); > > basicAuthConstraint.setName(Constraint.__BASIC_AUTH); > > basicAuthConstraint.setRoles(new String[]{"user"}); > > basicAuthConstraint.setAuthenticate(true); > > > basicAuthConstraint.setDataConstraint(Constraint.DC_CONFIDENTIAL); > > > > ConstraintMapping cm = new ConstraintMapping(); > > cm.setConstraint(basicAuthConstraint); > > cm.setPathSpec("/*"); > > csh.addConstraintMapping(cm); > > context.setSecurityHandler(csh); > > > > SslSocketConnector sslConnector = new SslSocketConnector(); > > sslConnector.setPort(443); > > sslConnector.setPassword("..."); > > sslConnector.setKeyPassword("..."); > > sslConnector.setKeystore("..."); > > sslConnector.setTrustPassword("..."); > > connectors.add(sslConnector); > > > > server.setConnectors(connectors.toArray(new > > Connector[connectors.size()])); > > > > _______________________________________________ > > jetty-users mailing list > > [email protected] <mailto:[email protected]> > > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > -- > Ing. Gregor Jarisch > entrepreneurship & development > > _______________________________________________ > jetty-users mailing list > [email protected] <mailto:[email protected]> > https://dev.eclipse.org/mailman/listinfo/jetty-users > > > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users -- Ing. Gregor Jarisch entrepreneurship & development
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
