OK, fragment is fine as well (the most important is to be in the pax-jetty classloader).
And yes, Pax Web creates handler. Maybe (for test), you can add a new jetty connector where you hack to see if it works there. Regards JB On 20/11/2019 18:17, Giamma wrote: > Hi, > > my authenticator is in a fragment that attaches to Fragment-Host: > org.ops4j.pax.web.pax-web-jetty, in fact my authenticator is correctly > instantiated. > (I verified this in debug, when the server starts and loads jetty.xml my > authenticator is created and registered into my custom instance of > ServletContextHandler, also declared in jetty.xml). > > However, some other handler must be there, possibly created by Pax-Web, > because at some point the BasicAuthenticator is instantiated for my Web > app and another ServletContextHandler is instantiated, > with constructor argument 3 (Session + Security), even if in my > jetty.xml I am declaring constructor argument 2 (Security only, no session). > > > > On Wed, Nov 20, 2019 at 5:43 PM Jean-Baptiste Onofré <[email protected] > <mailto:[email protected]>> wrote: > > Hi > > did you check if you have dynamic import on Jetty bundle (as I guess > your authenticator is in your own bundle) ? > > Regards > JB > > On 20/11/2019 17:41, Giamma wrote: > > > > Hello, > > > > please ignore the previous message, the jetty.xml snippet was > removed by > > Nabble, this time I am using email. > > > > I am trying to implement a custom authenticator for Jetty. The > idea is to > > decode a custom HTTP header > > and extract from there some credentials that I will validate in a > custom > > JAAS LoginModule > > > > I did the following: > > > > 1. I created a Web application bundle with a web.xml in which the > > auth-method is set to "custom" and realm is set to "my-realm" > and I > > chose "rest" as the context root > > 2. I registered via blueprint a custom login module for realm > "my-realm" > > 3. I created a custom implementation of Authenticator by extending > > LoginAuthenticator. The intention is that my authenticator will > > extract credentials from a HTTP header and will perform a > login > > passing in input a dummy username and the token extracted from the > > HTTP header as the credential, then the custom login module will > > ignore username, will decode the token and will eventually accept > > the login (assuming a valid token), adding to the Subject the > right > > user and role principals > > 4. I registered the custom authenticator in jetty.xml for my "/rest" > > web app as in the example below > > > > > > I don't understand why, but the Web application always fails to be > > deployed with an error complaining that BasicAuthenticator cannot > find a > > LoginService. This is happening even > > if I am not registering any BasicAuthenticator, and despite the fact > > that as already mentioned the > > auth-method in web.xml is set to "custom", not "BASIC". > > > > Could anyone help me or point me to an example? > > Thanks in advance. > > > > <Call name="addBean"> > > <Arg> > > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > > <Set name="name">karaf</Set> > > <Set name="loginModuleName">karaf</Set> > > <Set name="roleClassNames"> > > <Array type="java.lang.String"> > > <Item>org.example.RolePrincipal</Item> > > </Array> > > </Set> > > </New> > > </Arg> > > </Call> > > <Get name="handler"> > > <Call name="addHandler"> > > <Arg> > > <New > > class="org.eclipse.jetty.servlet.ServletContextHandler"> > > <Arg type="int">2</Arg> > > <Set name="contextPath">/rest</Set> > > <Get name="securityHandler"> > > <Set name="loginService"> > > <New > > class="org.eclipse.jetty.jaas.JAASLoginService"> > > <Set name="name">custom-method</Set> > > <Set > name="loginModuleName">custom</Set> > > <Set name="roleClassNames"> > > <Array type="java.lang.String"> > > > > <Item>org.example.RolePrincipal</Item> > > </Array> > > </Set> > > </New> > > </Set> > > </Get> > > <Call name="addBean"> > > <Arg> > > <New > class="org.example.CustomAuthenticator"> > > </New> > > </Arg> > > </Call> > > </New> > > </Arg> > > </Call> > > </Get> > > > > -- > > Gian Maria Romanato > > <gm.romanato (at) gmail (dot) com> > > -- > Jean-Baptiste Onofré > [email protected] <mailto:[email protected]> > http://blog.nanthrax.net > Talend - http://www.talend.com > > > > -- > Gian Maria Romanato > <gm.romanato (at) gmail (dot) com> -- Jean-Baptiste Onofré [email protected] http://blog.nanthrax.net Talend - http://www.talend.com
