Hi Bill, I think you'll get a bit more clarity if you look in demo-base/webapps at the test-jaas.xml and test-jaas.war file. This is the example webapp for configuring and using jaas.
> My question is, why have two password files? Are both required? > There are different password files for different purposes: etc/test-realm.xml configures a HashLoginService that is set as the default login service on the Server object and references etc/realm.properties with the passwords and roles etc/realm.properties is also referenced by the webapp-specific HashLoginService configured for the test webapp in webapps/test.xml etc/login.conf is a jaas configuration file. The webapps/test-jaas.xml context file sets up a JAASLoginService for the webapps/test-jaas.war webapp, which will use the etc/login.conf file to point to the passwords and roles defined in etc/login.properties. So, HashLoginService is an alternative to JAASLoginService and they both have different config files and formats. The demo-base has both to cater to the multiple different webapps deployed in it. regards Jan > > Also, etc/test-realm.xml creates a HashLoginService, is that complementary > to JAASLoginService? I don't see that in demo-base/etc/ at least. I > expected to see a Configure Server somewhere at the top level of the demo > bringing in JAASLoginService based on > > http://www.eclipse.org/jetty/documentation/current/jaas-support.html > > Third question is, why is there no demo-base/web.xml? It seems I need one > because I want to password protect both war/servlets and ROOT: > > --webapp/my.war [2 servlets with a web.xml] > --webapp/ROOT > > It seems I need to define a realm that encompasses them? Would a > ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)? > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>mywholesite</realm-name> > <form-login-config> > <form-login-page>/login/login</form-login-page> <== example? > <form-error-page>/login/error</form-error-page> <== example? (e.g. > if a param is passed) > </form-login-config> > </login-config> > > And it would automatically cover the war and ROOT, or would that need to > be spelled out? > The web.xml info I see on Google looks generally like servlet config, > which I have down in my war's web.xml. > > Thanks, > Bill > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users > -- Jan Bartel <[email protected]> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
