Thanks Jan! The thing is, my project actually doesn't have any pages. So, is it possible to have FORM authentication without login pages? Or does it mean I should go with BASIC while create sessions myself?
On Mon, Feb 17, 2020 at 2:16 AM Jan Bartel <[email protected]> wrote: > You need to set up what the authentication method is, ie the equivalent of > the <login-config><auth-method/></login-config> in web.xml. The default is > basic authentication. If you want to use sessions to maintain the > authentication state, then configure FORM authentication, either in web.xml > or by setting an instance of > https://www.eclipse.org/jetty/javadoc/9.4.26.v20200117/org/eclipse/jetty/security/authentication/FormAuthenticator.html > on the SecurityHandler. > > Jan > > On Mon, 10 Feb 2020 at 23:12, Wang Yicheng <[email protected]> > wrote: > >> Thanks Joakim! >> >> Yes I do have a customized login module following JAAS spec. So it seems >> the missing session is causing the problem. Then my question is: With >> default configuration, does Jetty generate session automatically for >> authenticated user? Or is my code responsible for doing that? >> >> I actually published another question here >> <http://jetty.4.x6.nabble.com/HttpServletRequest-Returns-NULL-Principal-After-Logging-In-td4968503.html> >> which contains more details about my issue. Any help is highly appreciated! >> >> Best >> >> On Mon, Feb 10, 2020 at 1:11 PM Joakim Erdfelt <[email protected]> >> wrote: >> >>> If using Servlet authentication (or JAAS) the principal would be set. >>> >>> If you are using a 3rd party web library (like spring) then odds are you >>> are not integrating with Servlet security. >>> >>> Joakim Erdfelt / [email protected] >>> >>> >>> On Mon, Feb 10, 2020 at 2:05 PM Yicheng Wang <[email protected]> >>> wrote: >>> >>>> Hi team, >>>> >>>> My question is as the subject state. My issue is the login request does >>>> have >>>> the principal by calling getUserPrincipal. But after logging in, the >>>> second >>>> request has a null principal. Besides, neither of the requests have >>>> sessions. So I'm wondering if Jetty uses session information to set the >>>> principal in HTTP request. Do appreciate your help! >>>> >>>> Best >>>> >>>> >>>> >>>> -- >>>> Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/jetty-users >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > > > -- > Jan Bartel <[email protected]> > www.webtide.com > *Expert assistance from the creators of Jetty and CometD* > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
