Know that what Larry McCay pointed out is the access for that security information (the database query / read part of it).
You can still have your application handle the mangement / write aspects of this data in its own way. (there's really no standard or spec for this) Thus having the security be application specific, with its own users and roles. It really depends on how complicated you want to go. Where the user and role data comes from is completely configurable. The server will just use whatever Realm (aka LoginService) provider you tell it to use, even your own. Just implement your own org.eclipse.jetty.security.LoginService<http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/security/LoginService.html>and provide it to the Server<http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/Server.html>via .addBean()<http://download.eclipse.org/jetty/stable-8/apidocs/org/eclipse/jetty/server/Server.html#addBean(java.lang.Object)> . Example of using Server.addBean() to add a LoginService using jetty xml. http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/test-jetty-webapp/src/main/config/etc/jetty-testrealm.xml?h=jetty-8 -- Joakim Erdfelt <[email protected]> webtide.com <http://www.webtide.com/> Developer advice, services and support from the Jetty & CometD experts eclipse.org/jetty - cometd.org On Sun, Feb 10, 2013 at 2:22 PM, Nils Kilden-Pedersen <[email protected]>wrote: > On Sun, Feb 10, 2013 at 4:10 PM, larry mccay <[email protected]>wrote: > >> I'm still a little confused about your usecase - what are planning to >> authenticate against if you don't want to use the server's configured >> realm/login service? >> > > The application's own database of users. And the application's own concept > of roles. I've never understood why the JEE spec felt that was a server > responsibility (yet terribly under-spec'ed). > > Anyway, seems like it's not possible, but thanks for taking the time. > > >> >> Again, you may be well served by spring security or apache shiro. >> >> Sorry that I can't be of more help. >> >> On Sun, Feb 10, 2013 at 3:15 PM, Nils Kilden-Pedersen <[email protected]> >> wrote: >> > I'd like to be able to use the tools provided by the servlet spec, such >> as >> > getUserPrincipal, isUserInRole, etc. on HttpServletRequest and use the >> > HttpConstraint annotation, but without having the authentication and >> role >> > assignment being done by the server (because I'd prefer to get into as >> > little server specific setup as possible). >> > >> > >> > On Thu, Feb 7, 2013 at 9:00 PM, larry mccay <[email protected]> >> wrote: >> >> >> >> Depends on what you mean by application based authentication. >> >> >> >> You can always implement authentication in a servlet filter. You can >> use a >> >> security framework like spring security as a filter. >> >> >> >> You may want to provide more info of what you need to do. >> >> >> >> On Feb 7, 2013 7:19 PM, "Nils Kilden-Pedersen" <[email protected]> >> wrote: >> >>> >> >>> Is it possible to configure application based authentication without >> >>> having access to the server installation, i.e. only through the war >> file? >> >>> >> >>> >> >>> _______________________________________________ >> >>> jetty-users mailing list >> >>> [email protected] >> >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >> >>> >> >> >> >> _______________________________________________ >> >> jetty-users mailing list >> >> [email protected] >> >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> >> >> > >> > >> > _______________________________________________ >> > jetty-users mailing list >> > [email protected] >> > https://dev.eclipse.org/mailman/listinfo/jetty-users >> > >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > _______________________________________________ > jetty-users mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/jetty-users > >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
