OK, so if you are using BASIC auth, then you don't need sessions, so we're barking up the wrong tree!
Can you share the headers of your first and second requests? Does the second request have the authentication header? cheers On Mon, 24 Feb 2020 at 20:21, Wang Yicheng <[email protected]> wrote: > Sorry for the late reply. Yes we use BASIC as the authentication method. > It works fine with WebLogic without extra configuration to create sessions. > So I supposed Jetty would do the same at the beginning. The thing is our > system doesn't have HTML pages as we only use the web server for > remote communication. > > I've tried to change the <auth-method> to FORM in web.xml but it's > prompting that the pages are needed. I simply put "/" for the login page > and the error page but then the customized login module is not working > properly. We have a servlet for domain "/" but it wouldn't return any HTML > pages. I didn't get a chance to do further investigation. > > Any suggestions would be appreciated! > > On Sun, Feb 23, 2020 at 10:02 AM Greg Wilkins <[email protected]> wrote: > >> >> What auth mechanism are you using? >> BASIC and DIGEST send auth information with every request >> FORM stores the auth in the session. >> >> You can have other varieties (eg OPENID) which do either, but you need to >> set an authenticator to do whatever auth conversation you want to have. >> >> So tell us a bit more detail about your actual authentication mechanism. >> >> cheers >> >> >> >> >> On Wed, 19 Feb 2020 at 11:23, Jan Bartel <[email protected]> wrote: >> >>> If you use BASIC authentication, every single request must contain the >>> realm, username and password and is authenticated on reception - there is >>> no concept of a session maintaining state. >>> >>> The form login page can be generated by a servlet, it doesn't have to be >>> a static html resource. >>> >>> Jan >>> >>> On Tue, 18 Feb 2020 at 20:34, Wang Yicheng <[email protected]> >>> wrote: >>> >>>> Thanks Jan! The thing is, my project actually doesn't have any pages. >>>> So, is it possible to have FORM authentication without login pages? Or does >>>> it mean I should go with BASIC while create sessions myself? >>>> >>>> On Mon, Feb 17, 2020 at 2:16 AM Jan Bartel <[email protected]> wrote: >>>> >>>>> You need to set up what the authentication method is, ie the >>>>> equivalent of the <login-config><auth-method/></login-config> in web.xml. >>>>> The default is basic authentication. If you want to use sessions to >>>>> maintain the authentication state, then configure FORM authentication, >>>>> either in web.xml or by setting an instance of >>>>> https://www.eclipse.org/jetty/javadoc/9.4.26.v20200117/org/eclipse/jetty/security/authentication/FormAuthenticator.html >>>>> on the SecurityHandler. >>>>> >>>>> Jan >>>>> >>>>> On Mon, 10 Feb 2020 at 23:12, Wang Yicheng <[email protected]> >>>>> wrote: >>>>> >>>>>> Thanks Joakim! >>>>>> >>>>>> Yes I do have a customized login module following JAAS spec. So it >>>>>> seems the missing session is causing the problem. Then my question is: >>>>>> With >>>>>> default configuration, does Jetty generate session automatically for >>>>>> authenticated user? Or is my code responsible for doing that? >>>>>> >>>>>> I actually published another question here >>>>>> <http://jetty.4.x6.nabble.com/HttpServletRequest-Returns-NULL-Principal-After-Logging-In-td4968503.html> >>>>>> which contains more details about my issue. Any help is highly >>>>>> appreciated! >>>>>> >>>>>> Best >>>>>> >>>>>> On Mon, Feb 10, 2020 at 1:11 PM Joakim Erdfelt <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> If using Servlet authentication (or JAAS) the principal would be set. >>>>>>> >>>>>>> If you are using a 3rd party web library (like spring) then odds are >>>>>>> you are not integrating with Servlet security. >>>>>>> >>>>>>> Joakim Erdfelt / [email protected] >>>>>>> >>>>>>> >>>>>>> On Mon, Feb 10, 2020 at 2:05 PM Yicheng Wang < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi team, >>>>>>>> >>>>>>>> My question is as the subject state. My issue is the login request >>>>>>>> does have >>>>>>>> the principal by calling getUserPrincipal. But after logging in, >>>>>>>> the second >>>>>>>> request has a null principal. Besides, neither of the requests have >>>>>>>> sessions. So I'm wondering if Jetty uses session information to set >>>>>>>> the >>>>>>>> principal in HTTP request. Do appreciate your help! >>>>>>>> >>>>>>>> Best >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html >>>>>>>> _______________________________________________ >>>>>>>> jetty-users mailing list >>>>>>>> [email protected] >>>>>>>> To change your delivery options, retrieve your password, or >>>>>>>> unsubscribe from this list, visit >>>>>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> jetty-users mailing list >>>>>>> [email protected] >>>>>>> To change your delivery options, retrieve your password, or >>>>>>> unsubscribe from this list, visit >>>>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>>>> >>>>>> _______________________________________________ >>>>>> jetty-users mailing list >>>>>> [email protected] >>>>>> To change your delivery options, retrieve your password, or >>>>>> unsubscribe from this list, visit >>>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>>> >>>>> >>>>> >>>>> -- >>>>> Jan Bartel <[email protected]> >>>>> www.webtide.com >>>>> *Expert assistance from the creators of Jetty and CometD* >>>>> >>>>> _______________________________________________ >>>>> jetty-users mailing list >>>>> [email protected] >>>>> To change your delivery options, retrieve your password, or >>>>> unsubscribe from this list, visit >>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> [email protected] >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>> >>> >>> >>> -- >>> Jan Bartel <[email protected]> >>> www.webtide.com >>> *Expert assistance from the creators of Jetty and CometD* >>> >>> _______________________________________________ >>> jetty-users mailing list >>> [email protected] >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/jetty-users >> >> >> >> -- >> Greg Wilkins <[email protected]> CTO http://webtide.com >> _______________________________________________ >> jetty-users mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > _______________________________________________ > jetty-users mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users -- Greg Wilkins <[email protected]> CTO http://webtide.com
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
