Dear Karaf maintainers and users, I need your advice for a problem related to the auth-method in web.xml.
My application contains several web apps and must support a number of different application servers including Apache Karaf. In Karaf I needed a simple SSO across Web Apps that would allow me to share the authentication obtained by a Form login web app with a basic-auth web app and vice versa. So I created my own custom Jetty authenticator which can delegate to Jetty's own BasicAuthenticator and FormAuthenticator while also adding support for JWT, so that in any Web app I can now log-in using Basic Auth, Form or JWT, and a JWT token will be created in any case regardless of the login method, that will provide SSO with other web apps. To enable my own SSO and authenticator I must set in the web.xml < auth-method>JWT</auth-method> My problem is that the other application servers I must support do not allow JWT as an auth method (only Basic and Form) but on the other hand they do provide built-in SSO across web apps. So, I would like that my default web.xml files do not declare JWT as the auth-method, because this is only needed for Karaf and would be harmful on other servers. I noticed that Jetty documentation mentions the possibility to override the web.xml of an application. https://www.eclipse.org/jetty/documentation/current/override-web-xml.html Is it possible to use such feature in Karaf? -- Gian Maria Romanato <gm.romanato (at) gmail (dot) com>
