Hi, On Thu, May 19, 2016 at 5:28 PM, Gregoric, James <[email protected]> wrote: > Thank you for your response Simone. > > Simone: How do you plan to make this machine-to-machine interaction? > Jim: The requesting machine will submit a REST request. Our questions > concern authentication. > 1. Specifically, how would the client machine submit a request to the Jetty > server in such a way that the sender could be authenticated with LDAP? > 2. How would the Jetty server be configured so that incoming requests would > be authenticated with LDAP, but the username/password would be obtained from > the request? That is, since a machine is submitting the request and not an > interactive user, we cannot have a login dialog pop up to obtain the > username/password. The username/password must instead be embedded in the > request itself. NOTE: LDAP-based authentication is not an absolute > requirement - we could instead use certificate-based authentication. But > regardless of whether LDAP or a certificate is used, the question remains, > how to configure Jetty to perform the authentication when the request comes > from a machine rather than an interactive user? > > Simone: Are you using an HTTP client to make requests? > Jim: HTTPS (I assume, due to authentication requirements).
The way I see this working is as follows: Server. Configure the server with a BasicAuthenticator and with the JAAS login service. Configure the JAAS login service to use the LDAP module. See: https://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html https://www.eclipse.org/jetty/documentation/current/jaas-support.html Client. Use Jetty's HttpClient and specify BasicAuthentication credentials: HttpClient.getAuthenticationStore().addAuthentication(new BasicAuthentication(...)); -- Simone Bordet ---- http://cometd.org http://webtide.com Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
