Hi again jetty-users, I'm still stuck on this problem. Has anyone done something similar, or have a resource to suggest I could dig deeper to answer my own question? I'm so close to having the authentication flow work, this is the last non-working bit...
Thanks, Steven On Mon, Apr 26, 2021 at 2:48 PM Steven Schlansker < [email protected]> wrote: > Hi jetty-users, happy Monday :) > I am trying to configure FormAuthenticator in Jetty 9.4.40 on a server > that serves HTTP terminated behind an external load balancer handling the > TLS termination. > > Everything works fine in testing, but when it is behind the external TLS > termination, Jetty serves up 303 See Other responses to e.g. the login page > with an absolute http url, which redirects the user away from the secure > site. The FormAuthenticator seems to allow me to customize the path to the > form and error page, but not the scheme. > > I tried attaching ForwardedRequestCustomizer to see if parsing the > forwarding headers would help, but it did not seem to change anything. > > I tried using FormAuthenticator dispatch mode instead of redirect, but > that caused all server responses to 404 for reasons I didn't really > understand, so I gave up on that pretty quick. > > What's the right way to configure FormAuthenticator or its connector in > embedded jetty to preserve the https nature of the site, even when Jetty > doesn't do TLS termination? I can't help but feel this should be answered > on Google but I must be searching for the wrong thing... > > I've attached my handler setup below in case that helps. > Thanks for any advice, > Steven > > final var securityHandler = new ConstraintSecurityHandler(); > securityHandler.setLoginService(loginService); > securityHandler.addRole("ws"); > > final var constraintMapping = new ConstraintMapping(); > final var constraint = new Constraint(Constraint.__FORM_AUTH, > "ws"); > constraint.setAuthenticate(true); > constraintMapping.setConstraint(constraint); > constraintMapping.setPathSpec("/*"); > > securityHandler.addConstraintMapping(constraintMapping); > > final var noAuth = new Constraint(); > noAuth.setName(Constraint.NONE); > final String loginPath = "/login"; > final String loginErrPath = loginPath + "/error"; > for (final var exclude : new String[] { "/favicon.ico", "/health", > "/health/*", loginPath, loginErrPath }) { > final var noAuthMapping = new ConstraintMapping(); > noAuthMapping.setConstraint(noAuth); > noAuthMapping.setPathSpec(exclude); > securityHandler.addConstraintMapping(noAuthMapping); > } > securityHandler.setHandler(servletContextHandler); > > securityHandler.setAuthenticator(new FormAuthenticator(loginPath, > loginErrPath, false)); > > final var sessionHandler = new SessionHandler(); > sessionHandler.setHandler(securityHandler); > sessionHandler.setMaxInactiveInterval((int) > Duration.ofDays(7).toSeconds()); > > final var sessionSchema = new SessionTableSchema(); > sessionSchema.setTableName("JettySessions_" + serviceName); > > final var dbAdapt = new DatabaseAdaptor(); > dbAdapt.setDatasource(ds); > > final var dataStoreFactory = new JDBCSessionDataStoreFactory(); > dataStoreFactory.setGracePeriodSec((int) > Duration.ofDays(7).toSeconds()); > dataStoreFactory.setSessionTableSchema(sessionSchema); > dataStoreFactory.setDatabaseAdaptor(dbAdapt); > server.addBean(dataStoreFactory); > > final var sessionIdMgr = new DefaultSessionIdManager(server); > sessionIdMgr.setWorkerName(GraphiteTags.pod()); > server.setSessionIdManager(sessionIdMgr); > > return sessionHandler; >
_______________________________________________ jetty-users mailing list [email protected] To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
