Re: [Fwd: Re: Jetty, Security and OSGi?]

Mon, 10 Dec 2007 01:03:22 -0800 

Richard
I haven't really looked into authentication as yet - although the Felix HTTP service does at the very least include the API calls for this. 


What I did in this area was to include the HTTPS listener support, which 
I'd have to think would also be a part of anyone's 
security/authentication since it protects the underlying transport.



From what I remember, OSGi supports a basic authentication via the 
following method on the HttpContext



   public boolean handleSecurity(HttpServletRequest request, 
HttpServletResponse response)



This then leaves it open to an individual application to add whatever 
authentication checks they like by creating one or more custom security 
contexts. I'm no expert in this area, but I'd assume the Servlet session 
objects would typically be used to manage security details across calls.



I suspect I may have to learn more about this area next year as our 
fledgling GWT application sits on top of the Felix HTTP service and we 
have user's wanting logon style auth checks


Regards

-- Rob

Richard S. Hall wrote:

Rob,

Didn't you deal with some of these issues?

-> richard

-------- Original Message --------
Subject:     Re: Jetty, Security and OSGi?
Date:     Mon, 26 Nov 2007 08:16:04 -0800 (PST)
From:     kitplummer <[EMAIL PROTECTED]>
Reply-To:     [email protected]
To:     [email protected]
References:     <[EMAIL PROTECTED]>




Any pointers at all, on setting up Basic authentication for Jetty?  I 
know
that the HttpService specifies that the implementation must handle 
security

- but, I'm just not sure where to begin.

Kit


Kit Plummer-4 wrote:


Looking for any ideas on how to best handle security (user
authentication/HTTPS) with embedded Jetty.  We've moved to using Pax Web
recently, so are at Jetty 6.1.3.

We are launching a few Servlets programmtically...via the HttpService.

Any thoughts, ideas?

TIA,
Kit




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







--


Ascert - Taking systems to the Edge
[EMAIL PROTECTED]
+44 (0)20 7488 3470
www.ascert.com


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to