Hi Bill,
web.xml does not go into the ${jetty.base} directory. It can only go into a
WEB-INF directory of a webapp, such as a webapp inside of the
${jetty.base}/webapps directory, which is the default deploy directory.
Also, I will change the text on the Security page which mentions jetty.xml
- this is no doubt historical from before we had the distinction between
${jetty.home} and ${jetty.base}. And no, I do NOT recommend anyone edits
${jetty.home} - there should be very very very few cases where this is
necessary (and this isn't one of them :)).
cheers
Jan
On 30 September 2015 at 17:35, Bill Ross <[email protected]> wrote:
> Jan, there was no jetty-base etc dir before I created it to put that file
> in. I thought jetty xmls were additive, but it sounds like the base one
> tromped the home one. I have home set to the distribution of my last build
> of the current tree.
>
> The configuring security link brings me back to my previous question about
> whether a jetty-base/web.xml will cover both my webapps/x.war and ROOT.
> That page also recommends adding the HashLoginService in
> ${jetty.home}/jetty.xml - but should we as admins modify jetty.home files?
> All the more so in my case because a build could overwrite my changes.
>
> Thanks,
> Bill
>
>
> -------- Original message --------
> From: Jan Bartel
> Date:09/30/2015 12:10 AM (GMT-08:00)
> To: JETTY user mailing list
> Subject: Re: [jetty-users] JAAS questions
>
> Bill,
>
> Don't look at that wiki unless you are using an old version of jetty. The
> recent documentation is here:
> https://www.eclipse.org/jetty/documentation/current/.
>
> In particular, here's a link to configuring realms:
> https://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html
>
> It looks like you've deleted all the content out of the etc/jetty.xml file
> that should be there and just put in a realm configuration. Leave the
> ${jetty.base}/etc/jetty.xml file as it is originally, don't edit it. The
> idea would be to create a new ${jetty.base} directory and then add files to
> it to configure things the way you want - jetty config files are generally
> additive. Say your new base is called "my-base", then edit
> my-base/my-realm.xml - you could copy in the contents of
> demo-base/etc/test-realm.xml for a start and change it as appropriate.
> Edit your my-base/start.ini file and put in a line with just
> etc/my-realm.xml on it (similarly to demo-base/start.ini has a line with
> etc/test-realm.xml on it). This will add your etc/my-realm.xml file to your
> command line when you run jetty.
>
> Jan
>
> On 30 September 2015 at 16:44, Bill Ross <[email protected]> wrote:
>
>> Thanks Jan,
>>
>> Seeing that the HashLoginService is sufficient, and that it is associated
>> with a realm, I found
>>
>> https://wiki.eclipse.org/Jetty/Tutorial/Realms
>>
>> and per that I added an /etc/jetty.xml file:
>>
>> <Configure id="Server" class="org.eclipse.jetty.server.Server">
>>
>> <Call name="addBean">
>> <Arg>
>> <New class="org.eclipse.jetty.security.HashLoginService">
>> <Set name="name">Test Realm</Set>
>> <Set name="config"><SystemProperty name="jetty.home"
>> default="."/>/etc/realm.properties</Set>
>> <Set name="refreshInterval">0</Set>
>> </New>
>> </Arg>
>> </Call>
>>
>> </Configure>
>>
>> However when I start jetty with this file and a simple
>> etc/realm.properties file, I get this on loading the standard
>> jetty-http.xml:
>>
>> 2015-09-29 23:28:12.676:WARN:oejx.XmlConfiguration:main: Config error at
>> <Call name="addConnector"><Arg>| <New id="httpConnector"
>> class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref
>> refid="Server"/></Arg><Arg name="acceptors" type="int"><Property
>> name="jetty.http.acceptors" deprecated="http.acceptors"
>> default="-1"/></Arg><Arg name="selectors" type="int"><Property
>> name="jetty.http.selectors" deprecated="http.selectors"
>> default="-1"/></Arg><Arg name="factories">| <Array
>> type="org.eclipse.jetty.server.ConnectionFactory"><Item>| <New
>> class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg
>> name="config"><Ref refid="httpConfig"/></Arg></New>|
>> </Item></Array>| </Arg><Set name="host"><Property
>> name="jetty.http.host" deprecated="jetty.host"/></Set><Set
>> name="port"><Property name="jetty.http.port" deprecated="jetty.port"
>> default="8080"/></Set><Set name="idleTimeout"><Property
>> name="jetty.http.idleTimeout" deprecated="http.timeout"
>> default="30000"/></Set><Set name="soLingerTime"><Property
>> name="jetty.http.soLingerTime" deprecated="http.soLingerTime"
>> default="-1"/></Set><Set name="acceptorPriorityDelta"><Property
>> name="jetty.http.acceptorPriorityDelta"
>> deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set
>> name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize"
>> deprecated="http.acceptQueueSize" default="0"/></Set></New>|
>> </Arg></Call> java.lang.reflect.InvocationTargetException in
>> file:/Users/priot/jetty/org.eclipse.jetty.project/jetty-distribution/target/distribution/etc/jetty-http.xml
>> java.lang.reflect.InvocationTargetException
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:497)
>> at org.eclipse.jetty.start.Main.invokeMain(Main.java:214)
>> at org.eclipse.jetty.start.Main.start(Main.java:457)
>> at org.eclipse.jetty.start.Main.main(Main.java:75)
>> Caused by: java.lang.reflect.InvocationTargetException
>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>> Method)
>> at
>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>> at
>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
>> at org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newArray(XmlConfiguration.java:860)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1237)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:766)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.access$500(XmlConfiguration.java:274)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1366)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1341)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:704)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:358)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:259)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1498)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1435)
>> ... 7 more
>> Caused by: java.lang.IllegalArgumentException: Null HttpConfiguration
>> at
>> org.eclipse.jetty.server.HttpConnectionFactory.<init>(HttpConnectionFactory.java:45)
>> ... 31 more
>>
>>
>> Speaking of problems, I just did a git pull in case the problem was an
>> earlier pull, and got this on building:
>>
>> [ERROR] symbol: class NamingContext <== seems to be gone
>> [ERROR] location: class org.eclipse.jetty.jndi.local.localContextRoot
>>
>> Thanks,
>> Bill
>>
>>
>>
>> On 9/29/2015 6:44 PM, Jan Bartel wrote:
>>
>> Hi Bill,
>>
>> I think you'll get a bit more clarity if you look in demo-base/webapps at
>> the test-jaas.xml and test-jaas.war file. This is the example webapp for
>> configuring and using jaas.
>>
>>
>>
>>
>>> My question is, why have two password files? Are both required?
>>>
>>
>> There are different password files for different purposes:
>>
>> etc/test-realm.xml configures a HashLoginService that is set as the
>> default login service on the Server object and references
>> etc/realm.properties with the passwords and roles
>> etc/realm.properties is also referenced by the webapp-specific
>> HashLoginService configured for the test webapp in webapps/test.xml
>> etc/login.conf is a jaas configuration file. The webapps/test-jaas.xml
>> context file sets up a JAASLoginService for the webapps/test-jaas.war
>> webapp, which will use the etc/login.conf file to point to the passwords
>> and roles defined in etc/login.properties.
>>
>>
>> So, HashLoginService is an alternative to JAASLoginService and they both
>> have different config files and formats. The demo-base has both to cater to
>> the multiple different webapps deployed in it.
>>
>>
>> regards
>> Jan
>>
>>
>>
>>>
>>> Also, etc/test-realm.xml creates a HashLoginService, is that
>>> complementary to JAASLoginService? I don't see that in demo-base/etc/ at
>>> least. I expected to see a Configure Server somewhere at the top level of
>>> the demo bringing in JAASLoginService based on
>>>
>>> http://www.eclipse.org/jetty/documentation/current/jaas-support.html
>>>
>>> Third question is, why is there no demo-base/web.xml? It seems I need
>>> one because I want to password protect both war/servlets and ROOT:
>>>
>>> --webapp/my.war [2 servlets with a web.xml]
>>> --webapp/ROOT
>>>
>>> It seems I need to define a realm that encompasses them? Would a
>>> ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)?
>>>
>>> <login-config>
>>> <auth-method>FORM</auth-method>
>>> <realm-name>mywholesite</realm-name>
>>> <form-login-config>
>>> <form-login-page>/login/login</form-login-page> <== example?
>>> <form-error-page>/login/error</form-error-page> <== example?
>>> (e.g. if a param is passed)
>>> </form-login-config>
>>> </login-config>
>>>
>>> And it would automatically cover the war and ROOT, or would that need to
>>> be spelled out?
>>> The web.xml info I see on Google looks generally like servlet config,
>>> which I have down in my war's web.xml.
>>>
>>> Thanks,
>>> Bill
>>>
>>> _______________________________________________
>>> jetty-users mailing list
>>> [email protected]
>>> To change your delivery options, retrieve your password, or unsubscribe
>>> from this list, visit
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>>
>>
>>
>>
>> --
>> Jan Bartel <[email protected]>
>> <http://www.webtide.com>www.webtide.com
>> *Expert assistance from the creators of Jetty and CometD*
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing [email protected]
>> To change your delivery options, retrieve your password, or unsubscribe from
>> this list, visithttps://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> [email protected]
>> To change your delivery options, retrieve your password, or unsubscribe
>> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
>
> --
> Jan Bartel <[email protected]>
> www.webtide.com
> *Expert assistance from the creators of Jetty and CometD*
>
>
> _______________________________________________
> jetty-users mailing list
> [email protected]
> To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
--
Jan Bartel <[email protected]>
www.webtide.com
*Expert assistance from the creators of Jetty and CometD*
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
