Excellent suggestion, thank you Simone. I will investigate Jetty's HttpClient. Best Regards, Jim Gregoric
On Thu, May 19, 2016 at 5:28 PM, Gregoric, James <[email protected]> wrote: > Thank you for your response Simone. > > Simone: How do you plan to make this machine-to-machine interaction? > Jim: The requesting machine will submit a REST request. Our questions > concern authentication. > 1. Specifically, how would the client machine submit a request to the Jetty > server in such a way that the sender could be authenticated with LDAP? > 2. How would the Jetty server be configured so that incoming requests would > be authenticated with LDAP, but the username/password would be obtained from > the request? That is, since a machine is submitting the request and not an > interactive user, we cannot have a login dialog pop up to obtain the > username/password. The username/password must instead be embedded in the > request itself. NOTE: LDAP-based authentication is not an absolute > requirement - we could instead use certificate-based authentication. But > regardless of whether LDAP or a certificate is used, the question remains, > how to configure Jetty to perform the authentication when the request comes > from a machine rather than an interactive user? > > Simone: Are you using an HTTP client to make requests? > Jim: HTTPS (I assume, due to authentication requirements). The way I see this working is as follows: Server. Configure the server with a BasicAuthenticator and with the JAAS login service. Configure the JAAS login service to use the LDAP module. See: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.eclipse.org_jetty_documentation_current_configuring-2Dsecurity-2Dauthentication.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=xLKFsrFREWwi7-7QJTeiOI2AuUPZrnRpPOTI3sJgcME&e= https://urldefense.proofpoint.com/v2/url?u=https-3A__www.eclipse.org_jetty_documentation_current_jaas-2Dsupport.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=NC9xb9eqnF9r6cDxxNaGdhse1CxKv_uLxMJJI-M-sR8&e= Client. Use Jetty's HttpClient and specify BasicAuthentication credentials: HttpClient.getAuthenticationStore().addAuthentication(new BasicAuthentication(...)); -- Simone Bordet ---- https://urldefense.proofpoint.com/v2/url?u=http-3A__cometd.org&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=iA_C0v9CLYiXIyFXgq8vfNJrvQ2OQ2-hUgAV8xeS57A&e= https://urldefense.proofpoint.com/v2/url?u=http-3A__webtide.com&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=mbGDXa4Hos05Omf6K8HQj_gai3RulqGltJghrV8coYM&e= Developer advice, training, services and support from the Jetty & CometD experts. _______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
