Re: [jetty-users] application authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] application authentication

From: larry mccay <larry.mccay@xxxxxxxxx>
Date: Sun, 10 Feb 2013 17:08:36 -0500
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

Custom LoginService is fine - as long as you realize that it is a
Jetty specific implementation.
For a cross platform solution you should consider JASPIC - you'll then
be able to use the same authModule on WLS, Glassfish, JBoss, etc.

On Sun, Feb 10, 2013 at 4:52 PM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
> Know that what Larry McCay pointed out is the access for that security
> information (the database query / read part of it).
>
> You can still have your application handle the mangement / write aspects of
> this data in its own way.  (there's really no standard or spec for this)
> Thus having the security be application specific, with its own users and
> roles.
> It really depends on how complicated you want to go.
>
> Where the user and role data comes from is completely configurable.
> The server will just use whatever Realm (aka LoginService) provider you tell
> it to use, even your own.
>
> Just implement your own org.eclipse.jetty.security.LoginService and provide
> it to the Server via .addBean().
>
> Example of using Server.addBean() to add a LoginService using jetty xml.
> http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/test-jetty-webapp/src/main/config/etc/jetty-testrealm.xml?h=jetty-8
>
> --
> Joakim Erdfelt <joakim@xxxxxxxxxxx>
> webtide.com
> Developer advice, services and support
> from the Jetty & CometD experts
> eclipse.org/jetty - cometd.org
>
>
> On Sun, Feb 10, 2013 at 2:22 PM, Nils Kilden-Pedersen <nilskp@xxxxxxxxx>
> wrote:
>>
>> On Sun, Feb 10, 2013 at 4:10 PM, larry mccay <larry.mccay@xxxxxxxxx>
>> wrote:
>>>
>>> I'm still a little confused about your usecase - what are planning to
>>> authenticate against if you don't want to use the server's configured
>>> realm/login service?
>>
>>
>> The application's own database of users. And the application's own concept
>> of roles. I've never understood why the JEE spec felt that was a server
>> responsibility (yet terribly under-spec'ed).
>>
>> Anyway, seems like it's not possible, but thanks for taking the time.
>>
>>>
>>>
>>> Again, you may be well served by spring security or apache shiro.
>>>
>>> Sorry that I can't be of more help.
>>>
>>> On Sun, Feb 10, 2013 at 3:15 PM, Nils Kilden-Pedersen <nilskp@xxxxxxxxx>
>>> wrote:
>>> > I'd like to be able to use the tools provided by the servlet spec, such
>>> > as
>>> > getUserPrincipal, isUserInRole, etc. on HttpServletRequest and use the
>>> > HttpConstraint annotation, but without having the authentication and
>>> > role
>>> > assignment being done by the server (because I'd prefer to get into as
>>> > little server specific setup as possible).
>>> >
>>> >
>>> > On Thu, Feb 7, 2013 at 9:00 PM, larry mccay <larry.mccay@xxxxxxxxx>
>>> > wrote:
>>> >>
>>> >> Depends on what you mean by application based authentication.
>>> >>
>>> >> You can always implement authentication in a servlet filter. You can
>>> >> use a
>>> >> security framework like spring security as a filter.
>>> >>
>>> >> You may want to provide more info of what you need to do.
>>> >>
>>> >> On Feb 7, 2013 7:19 PM, "Nils Kilden-Pedersen" <nilskp@xxxxxxxxx>
>>> >> wrote:
>>> >>>
>>> >>> Is it possible to configure application based authentication without
>>> >>> having access to the server installation, i.e. only through the war
>>> >>> file?
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> jetty-users mailing list
>>> >>> jetty-users@xxxxxxxxxxx
>>> >>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >>>
>>> >>
>>> >> _______________________________________________
>>> >> jetty-users mailing list
>>> >> jetty-users@xxxxxxxxxxx
>>> >> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > jetty-users mailing list
>>> > jetty-users@xxxxxxxxxxx
>>> > https://dev.eclipse.org/mailman/listinfo/jetty-users
>>> >
>>> _______________________________________________
>>> jetty-users mailing list
>>> jetty-users@xxxxxxxxxxx
>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
>
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>

References:
- [jetty-users] application authentication
  - From: Nils Kilden-Pedersen
- Re: [jetty-users] application authentication
  - From: larry mccay
- Re: [jetty-users] application authentication
  - From: Nils Kilden-Pedersen
- Re: [jetty-users] application authentication
  - From: larry mccay
- Re: [jetty-users] application authentication
  - From: Nils Kilden-Pedersen
- Re: [jetty-users] application authentication
  - From: Joakim Erdfelt

Prev by Date: Re: [jetty-users] application authentication
Next by Date: Re: [jetty-users] application authentication
Previous by thread: Re: [jetty-users] application authentication
Next by thread: Re: [jetty-users] application authentication
Index(es):
- Date
- Thread

Breadcrumbs