If you use BASIC authentication, every single request must contain the realm, username and password and is authenticated on reception - there is no concept of a session maintaining state.
The form login page can be generated by a servlet, it doesn't have to be a static html resource. Jan On Tue, 18 Feb 2020 at 20:34, Wang Yicheng <[email protected]> wrote: > Thanks Jan! The thing is, my project actually doesn't have any pages. So, > is it possible to have FORM authentication without login pages? Or does it > mean I should go with BASIC while create sessions myself? > > On Mon, Feb 17, 2020 at 2:16 AM Jan Bartel <[email protected]> wrote: > >> You need to set up what the authentication method is, ie the equivalent >> of the <login-config><auth-method/></login-config> in web.xml. The default >> is basic authentication. If you want to use sessions to maintain the >> authentication state, then configure FORM authentication, either in web.xml >> or by setting an instance of >> https://www.eclipse.org/jetty/javadoc/9.4.26.v20200117/org/eclipse/jetty/security/authentication/FormAuthenticator.html >> on the SecurityHandler. >> >> Jan >> >> On Mon, 10 Feb 2020 at 23:12, Wang Yicheng <[email protected]> >> wrote: >> >>> Thanks Joakim! >>> >>> Yes I do have a customized login module following JAAS spec. So it seems >>> the missing session is causing the problem. Then my question is: With >>> default configuration, does Jetty generate session automatically for >>> authenticated user? Or is my code responsible for doing that? >>> >>> I actually published another question here >>> <http://jetty.4.x6.nabble.com/HttpServletRequest-Returns-NULL-Principal-After-Logging-In-td4968503.html> >>> which contains more details about my issue. Any help is highly appreciated! >>> >>> Best >>> >>> On Mon, Feb 10, 2020 at 1:11 PM Joakim Erdfelt <[email protected]> >>> wrote: >>> >>>> If using Servlet authentication (or JAAS) the principal would be set. >>>> >>>> If you are using a 3rd party web library (like spring) then odds are >>>> you are not integrating with Servlet security. >>>> >>>> Joakim Erdfelt / [email protected] >>>> >>>> >>>> On Mon, Feb 10, 2020 at 2:05 PM Yicheng Wang <[email protected]> >>>> wrote: >>>> >>>>> Hi team, >>>>> >>>>> My question is as the subject state. My issue is the login request >>>>> does have >>>>> the principal by calling getUserPrincipal. But after logging in, the >>>>> second >>>>> request has a null principal. Besides, neither of the requests have >>>>> sessions. So I'm wondering if Jetty uses session information to set the >>>>> principal in HTTP request. Do appreciate your help! >>>>> >>>>> Best >>>>> >>>>> >>>>> >>>>> -- >>>>> Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html >>>>> _______________________________________________ >>>>> jetty-users mailing list >>>>> [email protected] >>>>> To change your delivery options, retrieve your password, or >>>>> unsubscribe from this list, visit >>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/jetty-users >> >> >> >> -- >> Jan Bartel <[email protected]> >> www.webtide.com >> *Expert assistance from the creators of Jetty and CometD* >> >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users -- Jan Bartel <[email protected]> www.webtide.com *Expert assistance from the creators of Jetty and CometD*
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
