Bill, If you use the same realm-name in the <login-config> element of multiple webapps, they'll all share the same LoginService.
There's also a jetty-specific feature that if the realm-name is omitted from the <login-config> then we'll automatically select the first LoginService that has been defined for a Server instance (eg as an addBean() as has been shown in the doco and in the demo-base/etc/test-realm.xml). Jan On 30 September 2015 at 18:10, Bill Ross <[email protected]> wrote: > Hi Jan, > > So if web.xml only goes in a webapp, how can a realm defined in one cover > the contents of ROOT? > > I will see how you change that text and try the result. > > Thanks, > Bill > > > -------- Original message -------- > From: Jan Bartel > Date:09/30/2015 12:46 AM (GMT-08:00) > To: JETTY user mailing list > Subject: Re: [jetty-users] JAAS questions > > Hi Bill, > > web.xml does not go into the ${jetty.base} directory. It can only go into > a WEB-INF directory of a webapp, such as a webapp inside of the > ${jetty.base}/webapps directory, which is the default deploy directory. > > Also, I will change the text on the Security page which mentions jetty.xml > - this is no doubt historical from before we had the distinction between > ${jetty.home} and ${jetty.base}. And no, I do NOT recommend anyone edits > ${jetty.home} - there should be very very very few cases where this is > necessary (and this isn't one of them :)). > > cheers > Jan > > On 30 September 2015 at 17:35, Bill Ross <[email protected]> wrote: > >> Jan, there was no jetty-base etc dir before I created it to put that file >> in. I thought jetty xmls were additive, but it sounds like the base one >> tromped the home one. I have home set to the distribution of my last build >> of the current tree. >> >> The configuring security link brings me back to my previous question >> about whether a jetty-base/web.xml will cover both my webapps/x.war and >> ROOT. That page also recommends adding the HashLoginService in >> ${jetty.home}/jetty.xml - but should we as admins modify jetty.home files? >> All the more so in my case because a build could overwrite my changes. >> >> Thanks, >> Bill >> >> >> -------- Original message -------- >> From: Jan Bartel >> Date:09/30/2015 12:10 AM (GMT-08:00) >> To: JETTY user mailing list >> Subject: Re: [jetty-users] JAAS questions >> >> Bill, >> >> Don't look at that wiki unless you are using an old version of jetty. The >> recent documentation is here: >> https://www.eclipse.org/jetty/documentation/current/. >> >> In particular, here's a link to configuring realms: >> https://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html >> >> It looks like you've deleted all the content out of the etc/jetty.xml >> file that should be there and just put in a realm configuration. Leave the >> ${jetty.base}/etc/jetty.xml file as it is originally, don't edit it. The >> idea would be to create a new ${jetty.base} directory and then add files to >> it to configure things the way you want - jetty config files are generally >> additive. Say your new base is called "my-base", then edit >> my-base/my-realm.xml - you could copy in the contents of >> demo-base/etc/test-realm.xml for a start and change it as appropriate. >> Edit your my-base/start.ini file and put in a line with just >> etc/my-realm.xml on it (similarly to demo-base/start.ini has a line with >> etc/test-realm.xml on it). This will add your etc/my-realm.xml file to your >> command line when you run jetty. >> >> Jan >> >> On 30 September 2015 at 16:44, Bill Ross <[email protected]> wrote: >> >>> Thanks Jan, >>> >>> Seeing that the HashLoginService is sufficient, and that it is >>> associated with a realm, I found >>> >>> https://wiki.eclipse.org/Jetty/Tutorial/Realms >>> >>> and per that I added an /etc/jetty.xml file: >>> >>> <Configure id="Server" class="org.eclipse.jetty.server.Server"> >>> >>> <Call name="addBean"> >>> <Arg> >>> <New class="org.eclipse.jetty.security.HashLoginService"> >>> <Set name="name">Test Realm</Set> >>> <Set name="config"><SystemProperty name="jetty.home" >>> default="."/>/etc/realm.properties</Set> >>> <Set name="refreshInterval">0</Set> >>> </New> >>> </Arg> >>> </Call> >>> >>> </Configure> >>> >>> However when I start jetty with this file and a simple >>> etc/realm.properties file, I get this on loading the standard >>> jetty-http.xml: >>> >>> 2015-09-29 23:28:12.676:WARN:oejx.XmlConfiguration:main: Config error at >>> <Call name="addConnector"><Arg>| <New id="httpConnector" >>> class="org.eclipse.jetty.server.ServerConnector"><Arg name="server"><Ref >>> refid="Server"/></Arg><Arg name="acceptors" type="int"><Property >>> name="jetty.http.acceptors" deprecated="http.acceptors" >>> default="-1"/></Arg><Arg name="selectors" type="int"><Property >>> name="jetty.http.selectors" deprecated="http.selectors" >>> default="-1"/></Arg><Arg name="factories">| <Array >>> type="org.eclipse.jetty.server.ConnectionFactory"><Item>| <New >>> class="org.eclipse.jetty.server.HttpConnectionFactory"><Arg >>> name="config"><Ref refid="httpConfig"/></Arg></New>| >>> </Item></Array>| </Arg><Set name="host"><Property >>> name="jetty.http.host" deprecated="jetty.host"/></Set><Set >>> name="port"><Property name="jetty.http.port" deprecated="jetty.port" >>> default="8080"/></Set><Set name="idleTimeout"><Property >>> name="jetty.http.idleTimeout" deprecated="http.timeout" >>> default="30000"/></Set><Set name="soLingerTime"><Property >>> name="jetty.http.soLingerTime" deprecated="http.soLingerTime" >>> default="-1"/></Set><Set name="acceptorPriorityDelta"><Property >>> name="jetty.http.acceptorPriorityDelta" >>> deprecated="http.acceptorPriorityDelta" default="0"/></Set><Set >>> name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" >>> deprecated="http.acceptQueueSize" default="0"/></Set></New>| >>> </Arg></Call> java.lang.reflect.InvocationTargetException in >>> file:/Users/priot/jetty/org.eclipse.jetty.project/jetty-distribution/target/distribution/etc/jetty-http.xml >>> java.lang.reflect.InvocationTargetException >>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>> at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) >>> at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>> at java.lang.reflect.Method.invoke(Method.java:497) >>> at org.eclipse.jetty.start.Main.invokeMain(Main.java:214) >>> at org.eclipse.jetty.start.Main.start(Main.java:457) >>> at org.eclipse.jetty.start.Main.main(Main.java:75) >>> Caused by: java.lang.reflect.InvocationTargetException >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native >>> Method) >>> at >>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) >>> at >>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >>> at >>> java.lang.reflect.Constructor.newInstance(Constructor.java:422) >>> at org.eclipse.jetty.util.TypeUtil.construct(TypeUtil.java:627) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:782) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newArray(XmlConfiguration.java:860) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1237) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:766) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1233) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1138) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.access$500(XmlConfiguration.java:274) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1366) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration$AttrOrElementNode.getList(XmlConfiguration.java:1341) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:704) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:417) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:358) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:259) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1498) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1435) >>> ... 7 more >>> Caused by: java.lang.IllegalArgumentException: Null HttpConfiguration >>> at >>> org.eclipse.jetty.server.HttpConnectionFactory.<init>(HttpConnectionFactory.java:45) >>> ... 31 more >>> >>> >>> Speaking of problems, I just did a git pull in case the problem was an >>> earlier pull, and got this on building: >>> >>> [ERROR] symbol: class NamingContext <== seems to be gone >>> [ERROR] location: class org.eclipse.jetty.jndi.local.localContextRoot >>> >>> Thanks, >>> Bill >>> >>> >>> >>> On 9/29/2015 6:44 PM, Jan Bartel wrote: >>> >>> Hi Bill, >>> >>> I think you'll get a bit more clarity if you look in demo-base/webapps >>> at the test-jaas.xml and test-jaas.war file. This is the example webapp for >>> configuring and using jaas. >>> >>> >>> >>> >>>> My question is, why have two password files? Are both required? >>>> >>> >>> There are different password files for different purposes: >>> >>> etc/test-realm.xml configures a HashLoginService that is set as the >>> default login service on the Server object and references >>> etc/realm.properties with the passwords and roles >>> etc/realm.properties is also referenced by the webapp-specific >>> HashLoginService configured for the test webapp in webapps/test.xml >>> etc/login.conf is a jaas configuration file. The webapps/test-jaas.xml >>> context file sets up a JAASLoginService for the webapps/test-jaas.war >>> webapp, which will use the etc/login.conf file to point to the passwords >>> and roles defined in etc/login.properties. >>> >>> >>> So, HashLoginService is an alternative to JAASLoginService and they both >>> have different config files and formats. The demo-base has both to cater to >>> the multiple different webapps deployed in it. >>> >>> >>> regards >>> Jan >>> >>> >>> >>>> >>>> Also, etc/test-realm.xml creates a HashLoginService, is that >>>> complementary to JAASLoginService? I don't see that in demo-base/etc/ at >>>> least. I expected to see a Configure Server somewhere at the top level of >>>> the demo bringing in JAASLoginService based on >>>> >>>> http://www.eclipse.org/jetty/documentation/current/jaas-support.html >>>> >>>> Third question is, why is there no demo-base/web.xml? It seems I need >>>> one because I want to password protect both war/servlets and ROOT: >>>> >>>> --webapp/my.war [2 servlets with a web.xml] >>>> --webapp/ROOT >>>> >>>> It seems I need to define a realm that encompasses them? Would a >>>> ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)? >>>> >>>> <login-config> >>>> <auth-method>FORM</auth-method> >>>> <realm-name>mywholesite</realm-name> >>>> <form-login-config> >>>> <form-login-page>/login/login</form-login-page> <== example? >>>> <form-error-page>/login/error</form-error-page> <== example? >>>> (e.g. if a param is passed) >>>> </form-login-config> >>>> </login-config> >>>> >>>> And it would automatically cover the war and ROOT, or would that need >>>> to be spelled out? >>>> The web.xml info I see on Google looks generally like servlet config, >>>> which I have down in my war's web.xml. >>>> >>>> Thanks, >>>> Bill >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>>> >>> >>> >>> >>> -- >>> Jan Bartel <[email protected]> >>> <http://www.webtide.com>www.webtide.com >>> *Expert assistance from the creators of Jetty and CometD* >>> >>> >>> >>> _______________________________________________ >>> jetty-users mailing [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visithttps://dev.eclipse.org/mailman/listinfo/jetty-users >>> >>> >>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://dev.eclipse.org/mailman/listinfo/jetty-users >>> >> >> >> >> -- >> Jan Bartel <[email protected]> >> www.webtide.com >> *Expert assistance from the creators of Jetty and CometD* >> >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://dev.eclipse.org/mailman/listinfo/jetty-users >> > > > > -- > Jan Bartel <[email protected]> > www.webtide.com > *Expert assistance from the creators of Jetty and CometD* > > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://dev.eclipse.org/mailman/listinfo/jetty-users > -- Jan Bartel <[email protected]> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
