Hi Jan, So if web.xml only goes in a webapp, how can a realm defined in one cover the contents of ROOT?
I will see how you change that text and try the result. Thanks, Bill <div>-------- Original message --------</div><div>From: Jan Bartel <[email protected]> </div><div>Date:09/30/2015 12:46 AM (GMT-08:00) </div><div>To: JETTY user mailing list <[email protected]> </div><div>Subject: Re: [jetty-users] JAAS questions </div><div> </div>Hi Bill, web.xml does not go into the ${jetty.base} directory. It can only go into a WEB-INF directory of a webapp, such as a webapp inside of the ${jetty.base}/webapps directory, which is the default deploy directory. Also, I will change the text on the Security page which mentions jetty.xml - this is no doubt historical from before we had the distinction between ${jetty.home} and ${jetty.base}. And no, I do NOT recommend anyone edits ${jetty.home} - there should be very very very few cases where this is necessary (and this isn't one of them :)). cheers Jan On 30 September 2015 at 17:35, Bill Ross <[email protected]> wrote: Jan, there was no jetty-base etc dir before I created it to put that file in. I thought jetty xmls were additive, but it sounds like the base one tromped the home one. I have home set to the distribution of my last build of the current tree. The configuring security link brings me back to my previous question about whether a jetty-base/web.xml will cover both my webapps/x.war and ROOT. That page also recommends adding the HashLoginService in ${jetty.home}/jetty.xml - but should we as admins modify jetty.home files? All the more so in my case because a build could overwrite my changes. Thanks, Bill -------- Original message -------- From: Jan Bartel Date:09/30/2015 12:10 AM (GMT-08:00) To: JETTY user mailing list Subject: Re: [jetty-users] JAAS questions Bill, Don't look at that wiki unless you are using an old version of jetty. The recent documentation is here: https://www.eclipse.org/jetty/documentation/current/. In particular, here's a link to configuring realms: https://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html It looks like you've deleted all the content out of the etc/jetty.xml file that should be there and just put in a realm configuration. Leave the ${jetty.base}/etc/jetty.xml file as it is originally, don't edit it. The idea would be to create a new ${jetty.base} directory and then add files to it to configure things the way you want - jetty config files are generally additive. Say your new base is called "my-base", then edit my-base/my-realm.xml - you could copy in the contents of demo-base/etc/test-realm.xml for a start and change it as appropriate. Edit your my-base/start.ini file and put in a line with just etc/my-realm.xml on it (similarly to demo-base/start.ini has a line with etc/test-realm.xml on it). This will add your etc/my-realm.xml file to your command line when you run jetty. Jan On 30 September 2015 at 16:44, Bill Ross <[email protected]> wrote: Thanks Jan, Seeing that the HashLoginService is sufficient, and that it is associated with a realm, I found https://wiki.eclipse.org/Jetty/Tutorial/Realms and per that I added an /etc/jetty.xml file: <Configure id="Server" class="org.eclipse.jetty.server.Server"> <Call name="addBean"> <Arg> <New class="org.eclipse.jetty.security.HashLoginService"> <Set name="name">Test Realm</Set> <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set> <Set name="refreshInterval">0</Set> </New> </Arg> </Call> </Configure> However when I start jetty with this file and a simple etc/realm.properties file, I get this on loading the standard jetty-http.xml: 2015-09-29 23:28:12.676:WARN:oejx.XmlConfiguration:main: Config error at <Call name="addConnector"><Arg>| <New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref refid="Server"/></Arg><Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="-1"/></Arg><Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg><Arg name="factories">| <Array type="org.eclipse.jetty.server.ConnectionFactory"><Item>| <New class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg name="config"><Ref refid="httpConfig"/></Arg></New>| </Item></Array>| </Arg><Set name="host"><Property name="jetty.http.host" deprecated="jetty.host"/></Set><Set name="port"><Property name="jetty.http.port" deprecated="jetty.port" default="8080"/></Set><Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set><Set name="soLingerTime"><Property name="jetty.http.soLingerTime" deprecated="http.soLingerTime" default="-1"/></Set><Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set></New>| </Arg></Call> java.lang.reflect.InvocationTargetException in file:/Users/priot/jetty/org.eclipse.jetty.project/jetty-distribution/target/distribution/etc/jetty-http.xml java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.eclipse.jetty.start.Main.invokeMain(Main.java:214) at org.eclipse.jetty.start.Main.start(Main.java:457) at org.eclipse.jetty.start.Main.main(Main.java:75) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:422) at org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newArray(XmlConfiguration.java:860) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1237) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:766) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.access$500(XmlConfiguration.java:274) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1366) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1341) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:704) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417) at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:358) at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:259) at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1498) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1435) ... 7 more Caused by: java.lang.IllegalArgumentException: Null HttpConfiguration at org.eclipse.jetty.server.HttpConnectionFactory.<init>(HttpConnectionFactory.java:45) ... 31 more Speaking of problems, I just did a git pull in case the problem was an earlier pull, and got this on building: [ERROR] symbol: class NamingContext <== seems to be gone [ERROR] location: class org.eclipse.jetty.jndi.local.localContextRoot Thanks, Bill On 9/29/2015 6:44 PM, Jan Bartel wrote: Hi Bill, I think you'll get a bit more clarity if you look in demo-base/webapps at the test-jaas.xml and test-jaas.war file. This is the example webapp for configuring and using jaas. My question is, why have two password files? Are both required? There are different password files for different purposes: etc/test-realm.xml configures a HashLoginService that is set as the default login service on the Server object and references etc/realm.properties with the passwords and roles etc/realm.properties is also referenced by the webapp-specific HashLoginService configured for the test webapp in webapps/test.xml etc/login.conf is a jaas configuration file. The webapps/test-jaas.xml context file sets up a JAASLoginService for the webapps/test-jaas.war webapp, which will use the etc/login.conf file to point to the passwords and roles defined in etc/login.properties. So, HashLoginService is an alternative to JAASLoginService and they both have different config files and formats. The demo-base has both to cater to the multiple different webapps deployed in it. regards Jan Also, etc/test-realm.xml creates a HashLoginService, is that complementary to JAASLoginService? I don't see that in demo-base/etc/ at least. I expected to see a Configure Server somewhere at the top level of the demo bringing in JAASLoginService based on http://www.eclipse.org/jetty/documentation/current/jaas-support.html Third question is, why is there no demo-base/web.xml? It seems I need one because I want to password protect both war/servlets and ROOT: --webapp/my.war [2 servlets with a web.xml] --webapp/ROOT It seems I need to define a realm that encompasses them? Would a ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)? <login-config> <auth-method>FORM</auth-method> <realm-name>mywholesite</realm-name> <form-login-config> <form-login-page>/login/login</form-login-page> <== example? <form-error-page>/login/error</form-error-page> <== example? (e.g. if a param is passed) </form-login-config> </login-config> And it would automatically cover the war and ROOT, or would that need to be spelled out? The web.xml info I see on Google looks generally like servlet config, which I have down in my war's web.xml. Thanks, Bill _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users -- Jan Bartel <[email protected]> www.webtide.com Expert assistance from the creators of Jetty and CometD _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users -- Jan Bartel <[email protected]> www.webtide.com Expert assistance from the creators of Jetty and CometD _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users -- Jan Bartel <[email protected]> www.webtide.com Expert assistance from the creators of Jetty and CometD
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
