Also tried adding this webapps/pr.xml per the 'webapps/test.xml' in the
demo, and got no errors (even with web.xml auth turned on, which is
progress, but still get no security - I'm expecting the browser to pop
up a basic username/password window with BASIC auth-method, but when my
javascript calls the servlet there is no such popup.
Bill
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/pr</Set>
<Set name="war"><Property name="jetty.webapps" default="."/>/pr.war</Set>
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty name="jetty.base"
default="."/>/etc/realm.properties</Set>
<!-- To enable reload of realm when properties change,
uncomment the following lines -->
<!-- changing refreshInterval (in seconds) as
desired -->
<!--
<Set name="refreshInterval">5</Set>
<Call name="start"></Call>
-->
</New>
</Set>
<Set name="authenticator">
<New
class="org.eclipse.jetty.security.authentication.FormAuthenticator">
<Set name="alwaysSaveUri">true</Set>
</New>
</Set>
<Set name="checkWelcomeFiles">true</Set>
</Get>
</Configure>
On 10/2/2015 1:42 PM, Bill Ross wrote:
On 10/1/2015 1:26 PM, Bill Ross wrote:
jetty.demo.realm only exists in demo config files - it is not in any
java files.
And I can change it to jexty.demo.realm without error.
Same result when I put the basic auth in the web.xml of a war file
(java.lang.IllegalStateException: No LoginService), so the problem is
definitely either in the code or the config of the examples, which
have the dead tag as I described.
Meanwhile I have added a filename-masking Servlet on /images/* that
uses an evanescent tag instead of the filename. So my only remaining
security task is getting login working. I have tried a bunch of stuff
and it seems I have found a bug or two in demos and maybe source, but
no one seems to be paying attention. Please don't make me read the
code :-)
Thanks,
Bill
-------- Original message --------
From: Bill Ross
Date:10/01/2015 1:06 PM (GMT-08:00)
To: [email protected]
Subject: Re: [jetty-users] HashLoginService (was JAAS)
Jan (or anyone),
> There's also a jetty-specific feature that if the realm-name is
omitted from the <login-config> then we'll automatically select the
first LoginService that has been defined for a Server instance (eg as
an addBean() as has been shown in the doco and in the
demo-base/etc/test-realm.xml).
Aha, when I delete the realm-name from the <login-config> in web.xml,
I see that my HashLoginService evidently didn't get registered even
though the etc/realm.xml has
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><Property name="jetty.demo.realm"
default="etc/realm.properties"/></Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
<Get class="org.eclipse.jetty.util.log.Log" name="rootLogger">
<Call name="warn"><Arg>demo test-realm is deployed. DO NOT USE
IN PRODUCTION!</Arg></Call>
</Get>
</Configure>
And on startup I see:
2015-10-01 12:50:39.793:WARN::main: demo test-realm is deployed. DO
NOT USE IN PRODUCTION!
2015-10-01 12:50:40.203:WARN:oejw.WebAppContext:main: Failed startup
of context
o.e.j.w.WebAppContext@234bef66{/,file:///Users/priot/pr/jetty-base/webapps/ROOT/,STARTING}{/ROOT}
java.lang.IllegalStateException: No LoginService for
org.eclipse.jetty.security.authentication.BasicAuthenticator@47db50c5
in org.eclipse.jetty.security.ConstraintSecurityHandler@5c072e3f
at
org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:76)
at
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:354)
at
org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:448)
So there seems to be a bug in docs or code since the HashLoginService
setup is quietly consumed but seems to have no effect.
And in case anyone is still reading, once again, is the
"jetty.demo.realm" supposed to mean anything or match anything???
<Property name="jetty.demo.realm" default="etc/realm.properties"/>
Thanks,
Bill
On 9/30/2015 1:29 AM, Jan Bartel wrote:
Bill,
If you use the same realm-name in the <login-config> element of
multiple webapps, they'll all share the same LoginService.
There's also a jetty-specific feature that if the realm-name is
omitted from the <login-config> then we'll automatically select the
first LoginService that has been defined for a Server instance (eg
as an addBean() as has been shown in the doco and in the
demo-base/etc/test-realm.xml).
Jan
On 30 September 2015 at 18:10, Bill Ross <[email protected]
<mailto:[email protected]>> wrote:
Hi Jan,
So if web.xml only goes in a webapp, how can a realm defined in
one cover the contents of ROOT?
I will see how you change that text and try the result.
Thanks,
Bill
-------- Original message --------
From: Jan Bartel
Date:09/30/2015 12:46 AM (GMT-08:00)
To: JETTY user mailing list
Subject: Re: [jetty-users] JAAS questions
Hi Bill,
web.xml does not go into the ${jetty.base} directory. It can
only go into a WEB-INF directory of a webapp, such as a webapp
inside of the ${jetty.base}/webapps directory, which is the
default deploy directory.
Also, I will change the text on the Security page which mentions
jetty.xml - this is no doubt historical from before we had the
distinction between ${jetty.home} and ${jetty.base}. And no, I
do NOT recommend anyone edits ${jetty.home} - there should be
very very very few cases where this is necessary (and this isn't
one of them :)).
cheers
Jan
On 30 September 2015 at 17:35, Bill Ross <[email protected]> wrote:
Jan, there was no jetty-base etc dir before I created it to
put that file in. I thought jetty xmls were additive, but it
sounds like the base one tromped the home one. I have home
set to the distribution of my last build of the current tree.
The configuring security link brings me
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
