I'm trying to set up site login looking at ./jetty-distribution/target/distribution/demo-base
E.g. demo-base/start.ini: ----- # Enable security via jaas, and configure it --module=jaas jetty.jaas.login.conf=etc/login.conf # Create and configure the test realm etc/test-realm.xml jetty.demo.realm=etc/realm.properties ----- etc/login.conf points to etc/login.properties which looks like me=me,me,roleA Per the doc, it's a "properties file of the same format as the etc/realm.properties example file." <username>: <password>[,<rolename> ...] My question is, why have two password files? Are both required? Also, etc/test-realm.xml creates a HashLoginService, is that complementary to JAASLoginService? I don't see that in demo-base/etc/ at least. I expected to see a Configure Server somewhere at the top level of the demo bringing in JAASLoginService based on http://www.eclipse.org/jetty/documentation/current/jaas-support.html Third question is, why is there no demo-base/web.xml? It seems I need one because I want to password protect both war/servlets and ROOT: --webapp/my.war [2 servlets with a web.xml] --webapp/ROOT It seems I need to define a realm that encompasses them? Would a ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)? <login-config> <auth-method>FORM</auth-method> <realm-name>mywholesite</realm-name> <form-login-config> <form-login-page>/login/login</form-login-page> <== example? <form-error-page>/login/error</form-error-page> <== example? (e.g. if a param is passed) </form-login-config> </login-config> And it would automatically cover the war and ROOT, or would that need to be spelled out? The web.xml info I see on Google looks generally like servlet config, which I have down in my war's web.xml. Thanks, Bill _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
