Jan, there was no jetty-base etc dir before I created it to put that file in. I
thought jetty xmls were additive, but it sounds like the base one tromped the
home one. I have home set to the distribution of my last build of the current
tree.
The configuring security link brings me back to my previous question about
whether a jetty-base/web.xml will cover both my webapps/x.war and ROOT. That
page also recommends adding the HashLoginService in ${jetty.home}/jetty.xml -
but should we as admins modify jetty.home files? All the more so in my case
because a build could overwrite my changes.
Thanks,
Bill
<div>-------- Original message --------</div><div>From: Jan Bartel
<[email protected]> </div><div>Date:09/30/2015 12:10 AM (GMT-08:00)
</div><div>To: JETTY user mailing list <[email protected]>
</div><div>Subject: Re: [jetty-users] JAAS questions </div><div>
</div>Bill,
Don't look at that wiki unless you are using an old version of jetty. The
recent documentation is here:
https://www.eclipse.org/jetty/documentation/current/.
In particular, here's a link to configuring realms:
https://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html
It looks like you've deleted all the content out of the etc/jetty.xml file that
should be there and just put in a realm configuration. Leave the
${jetty.base}/etc/jetty.xml file as it is originally, don't edit it. The idea
would be to create a new ${jetty.base} directory and then add files to it to
configure things the way you want - jetty config files are generally additive.
Say your new base is called "my-base", then edit my-base/my-realm.xml - you
could copy in the contents of demo-base/etc/test-realm.xml for a start and
change it as appropriate. Edit your my-base/start.ini file and put in a line
with just etc/my-realm.xml on it (similarly to demo-base/start.ini has a line
with etc/test-realm.xml on it). This will add your etc/my-realm.xml file to
your command line when you run jetty.
Jan
On 30 September 2015 at 16:44, Bill Ross <[email protected]> wrote:
Thanks Jan,
Seeing that the HashLoginService is sufficient, and that it is associated with
a realm, I found
https://wiki.eclipse.org/Jetty/Tutorial/Realms
and per that I added an /etc/jetty.xml file:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.home"
default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
</Configure>
However when I start jetty with this file and a simple etc/realm.properties
file, I get this on loading the standard jetty-http.xml:
2015-09-29 23:28:12.676:WARN:oejx.XmlConfiguration:main: Config error at <Call
name="addConnector"><Arg>| <New id="httpConnector"
class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref
refid="Server"/></Arg><Arg name="acceptors" type="int"><Property
name="jetty.http.acceptors" deprecated="http.acceptors"
default="-1"/></Arg><Arg name="selectors" type="int"><Property
name="jetty.http.selectors" deprecated="http.selectors"
default="-1"/></Arg><Arg name="factories">| <Array
type="org.eclipse.jetty.server.ConnectionFactory"><Item>| <New
class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg name="config"><Ref
refid="httpConfig"/></Arg></New>| </Item></Array>|
</Arg><Set name="host"><Property name="jetty.http.host"
deprecated="jetty.host"/></Set><Set name="port"><Property
name="jetty.http.port" deprecated="jetty.port" default="8080"/></Set><Set
name="idleTimeout"><Property name="jetty.http.idleTimeout"
deprecated="http.timeout" default="30000"/></Set><Set
name="soLingerTime"><Property name="jetty.http.soLingerTime"
deprecated="http.soLingerTime" default="-1"/></Set><Set
name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta"
deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set
name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize"
deprecated="http.acceptQueueSize" default="0"/></Set></New>| </Arg></Call>
java.lang.reflect.InvocationTargetException in
file:/Users/priot/jetty/org.eclipse.jetty.project/jetty-distribution/target/distribution/etc/jetty-http.xml
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
at org.eclipse.jetty.start.Main.start(Main.java:457)
at org.eclipse.jetty.start.Main.main(Main.java:75)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newArray(XmlConfiguration.java:860)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1237)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:766)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.access$500(XmlConfiguration.java:274)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1366)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1341)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:704)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417)
at
org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:358)
at
org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:259)
at
org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1498)
at java.security.AccessController.doPrivileged(Native Method)
at
org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1435)
... 7 more
Caused by: java.lang.IllegalArgumentException: Null HttpConfiguration
at
org.eclipse.jetty.server.HttpConnectionFactory.<init>(HttpConnectionFactory.java:45)
... 31 more
Speaking of problems, I just did a git pull in case the problem was an earlier
pull, and got this on building:
[ERROR] symbol: class NamingContext <== seems to be gone
[ERROR] location: class org.eclipse.jetty.jndi.local.localContextRoot
Thanks,
Bill
On 9/29/2015 6:44 PM, Jan Bartel wrote:
Hi Bill,
I think you'll get a bit more clarity if you look in demo-base/webapps at the
test-jaas.xml and test-jaas.war file. This is the example webapp for
configuring and using jaas.
My question is, why have two password files? Are both required?
There are different password files for different purposes:
etc/test-realm.xml configures a HashLoginService that is set as the default
login service on the Server object and references etc/realm.properties with the
passwords and roles
etc/realm.properties is also referenced by the webapp-specific HashLoginService
configured for the test webapp in webapps/test.xml
etc/login.conf is a jaas configuration file. The webapps/test-jaas.xml context
file sets up a JAASLoginService for the webapps/test-jaas.war webapp, which
will use the etc/login.conf file to point to the passwords and roles defined in
etc/login.properties.
So, HashLoginService is an alternative to JAASLoginService and they both have
different config files and formats. The demo-base has both to cater to the
multiple different webapps deployed in it.
regards
Jan
Also, etc/test-realm.xml creates a HashLoginService, is that complementary to
JAASLoginService? I don't see that in demo-base/etc/ at least. I expected to
see a Configure Server somewhere at the top level of the demo bringing in
JAASLoginService based on
http://www.eclipse.org/jetty/documentation/current/jaas-support.html
Third question is, why is there no demo-base/web.xml? It seems I need one
because I want to password protect both war/servlets and ROOT:
--webapp/my.war [2 servlets with a web.xml]
--webapp/ROOT
It seems I need to define a realm that encompasses them? Would a
${jetty.base}/web.xml like this be sufficient (per the jaas-support page)?
<login-config>
<auth-method>FORM</auth-method>
<realm-name>mywholesite</realm-name>
<form-login-config>
<form-login-page>/login/login</form-login-page> <== example?
<form-error-page>/login/error</form-error-page> <== example? (e.g. if a
param is passed)
</form-login-config>
</login-config>
And it would automatically cover the war and ROOT, or would that need to be
spelled out?
The web.xml info I see on Google looks generally like servlet
config, which I have down in my war's web.xml.
Thanks,
Bill
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
--
Jan Bartel <[email protected]>
www.webtide.com
Expert assistance from the creators of Jetty and CometD
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
--
Jan Bartel <[email protected]>
www.webtide.com
Expert assistance from the creators of Jetty and CometD
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
