Hello,
please ignore the previous message, the jetty.xml snippet was removed by
Nabble, this time I am using email.
I am trying to implement a custom authenticator for Jetty. The idea is to
decode a custom HTTP header
and extract from there some credentials that I will validate in a custom
JAAS LoginModule
I did the following:
1. I created a Web application bundle with a web.xml in which the
auth-method is set to "custom" and realm is set to "my-realm" and I chose
"rest" as the context root
2. I registered via blueprint a custom login module for realm "my-realm"
3. I created a custom implementation of Authenticator by extending
LoginAuthenticator. The intention is that my authenticator will extract
credentials from a HTTP header and will perform a login passing in
input a dummy username and the token extracted from the HTTP header as the
credential, then the custom login module will ignore username, will decode
the token and will eventually accept the login (assuming a valid token),
adding to the Subject the right user and role principals
4. I registered the custom authenticator in jetty.xml for my "/rest" web
app as in the example below
I don't understand why, but the Web application always fails to be deployed
with an error complaining that BasicAuthenticator cannot find a
LoginService. This is happening even
if I am not registering any BasicAuthenticator, and despite the fact that
as already mentioned the
auth-method in web.xml is set to "custom", not "BASIC".
Could anyone help me or point me to an example?
Thanks in advance.
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">karaf</Set>
<Set name="loginModuleName">karaf</Set>
<Set name="roleClassNames">
<Array type="java.lang.String">
<Item>org.example.RolePrincipal</Item>
</Array>
</Set>
</New>
</Arg>
</Call>
<Get name="handler">
<Call name="addHandler">
<Arg>
<New
class="org.eclipse.jetty.servlet.ServletContextHandler">
<Arg type="int">2</Arg>
<Set name="contextPath">/rest</Set>
<Get name="securityHandler">
<Set name="loginService">
<New
class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">custom-method</Set>
<Set name="loginModuleName">custom</Set>
<Set name="roleClassNames">
<Array type="java.lang.String">
<Item>org.example.RolePrincipal</Item>
</Array>
</Set>
</New>
</Set>
</Get>
<Call name="addBean">
<Arg>
<New class="org.example.CustomAuthenticator">
</New>
</Arg>
</Call>
</New>
</Arg>
</Call>
</Get>
--
Gian Maria Romanato
<gm.romanato (at) gmail (dot) com>
