Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Programmatically Configuring JASPI for Embedded Jetty

Hi Larry,

I'm impressed you've managed to get this far, as we've historically
done a terrible job of documenting jaspi in jetty!

I've only ever used jetty-jaspi in conjunction with geronimo's jaspi
jars, and a very early version of those geronimo jars at that.

So in addition to what you've got already, here's the other pieces
that I have used in a working test webapp using jaspi:

+ these geronimo-jaspi dependencies:
         <dependency>
              <groupId>org.apache.geronimo.components</groupId>
              <artifactId>geronimo-jaspi</artifactId>
              <version>2.0-SNAPSHOT</version>
              <exclusions>
                <exclusion>
                  <groupId>org.apache.geronimo.specs</groupId>
                  <artifactId>geronimo-jaspic_1.0_spec</artifactId>
                </exclusion>
              </exclusions>
           </dependency>
           <dependency>
             <groupId>org.apache.geronimo.specs</groupId>
             <artifactId>geronimo-osgi-locator</artifactId>
             <version>1.0</version>
           </dependency>


+ a system property pointing to a geronimo jaspi config file (which
sets up the missing piece from your stacktrace, the ServerAuthModule):
   -Dorg.apache.geronimo.jaspic.configurationFile=jaspi.xml

+ a geronimo jaspi config file:
<?xml version="1.0" encoding="UTF-8"?>

<jaspi xmlns="http://geronimo.apache.org/xml/ns/geronimo-jaspi";>
    <configProvider>
        <messageLayer>HTTP</messageLayer>
        <appContext>server /foo</appContext>
        <description>description</description>
        <serverAuthConfig>
            <authenticationContextID>authenticationContextID2</authenticationContextID>
            <protected>true</protected>
            <serverAuthContext>
                <serverAuthModule>

<className>org.eclipse.jetty.security.jaspi.modules.FormAuthModule</className>
                    <options>

org.eclipse.jetty.security.jaspi.modules.LoginPage=/logon.html?param=test

org.eclipse.jetty.security.jaspi.modules.ErrorPage=/logonError.html?param=test
                    </options>
                </serverAuthModule>
            </serverAuthContext>
        </serverAuthConfig>
        <persistent>true</persistent>
    </configProvider>
</jaspi>


Hopefully that might help you get a bit further.

I'm interested to hear if many others on the lists are trying to use
or are using the jetty-jaspi integration. Our impression is that it is
hardly used by anyone. Of course, that could be because the
documentation is missing! However, before we direct more of our
limited resources to the jaspi stuff, we'd like to hear from the user
community - is this something that you are using, or are likely to
use???

Jan

On 17 January 2013 03:53, larry mccay <larry.mccay@xxxxxxxxx> wrote:
> Greetings -
>
> I am working on an embedded Jetty project in which we programmatically
> deploy the WebAppContexts for dynamically created WebApps.
> What I would like to do is configure the use of JASPI per application.
>
> The following code is being used at deployment time:
>
>   private synchronized void internalDeploy( Topology topology, File warFile
> ) {
>
>     String name = topology.getName();
>
>     String warPath = warFile.getAbsolutePath();
>
>     WebAppContext context = new WebAppContext();
>
>     context.setDefaultsDescriptor( null );
>
>     context.setContextPath( "/" + path + "/" + name );
>
>     context.setWar( warPath );
>
>
>     JaspiAuthenticatorFactory authenticatorFactory = new
> JaspiAuthenticatorFactory();
>
>     SecurityHandler handler = new ConstraintSecurityHandler();
>
>     handler.setAuthenticatorFactory(authenticatorFactory);
>
>     JAASLoginService ls = new JAASLoginService();
>
>     ls.setName("JAASRealm");
>
>     ls.setLoginModuleName("jaas");
>
>     ls.setIdentityService(new DefaultIdentityService());
>
>     handler.setLoginService(ls);
>
>     authenticatorFactory.setLoginService(ls);
>
>     jetty.addBean(ls);
>
>     Constraint constraint = new Constraint();
>
>     constraint.setName(constraint.__BASIC_AUTH);
>
>     constraint.setRoles(new String[]{"user","admin","moderator"});
>
>     constraint.setAuthenticate(true);
>
>
>
>     ConstraintMapping cm = new ConstraintMapping();
>
>     cm.setConstraint(constraint);
>
>     cm.setPathSpec("/*");
>
> //    handler.setAuthMethod("BASIC");
>
>     handler.setRealmName("JAASRealm");
>
>     ((ConstraintSecurityHandler) handler).setConstraintMappings(new
> ConstraintMapping[]{cm});
>
>     context.setSecurityHandler(handler);
>
>     internalUndeploy( topology );
>
>     deployments.put( name, context );
>
>     contexts.addHandler( handler );
>
>     contexts.addHandler( context );
>
>     try {
>
>       context.start();
>
>     } catch( Exception e ) {
>
>       //TODO: I18N message
>
>       e.printStackTrace();
>
>     }
>
>   }
>
>
> and I am encountering the following stacktrace:
>
> 13/01/16 11:16:05 WARN component.AbstractLifeCycle: FAILED
> org.eclipse.jetty.server.session.SessionHandler@786c1a82:
> java.lang.IllegalStateException: No ServerAuthentication
> java.lang.IllegalStateException: No ServerAuthentication
> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:371)
> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:233)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:115)
> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:124)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:115)
> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:752)
> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:247)
> at
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1238)
> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:706)
> at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:480)
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> at
> org.apache.hadoop.gateway.GatewayServer.internalDeploy(GatewayServer.java:323)
> at org.apache.hadoop.gateway.GatewayServer.access$600(GatewayServer.java:68)
> at
> org.apache.hadoop.gateway.GatewayServer$InternalTopologyListener.handleTopologyEvent(GatewayServer.java:367)
> at
> org.apache.hadoop.gateway.topology.file.FileTopologyProvider.notifyChangeListeners(FileTopologyProvider.java:148)
> at
> org.apache.hadoop.gateway.topology.file.FileTopologyProvider.reloadTopologies(FileTopologyProvider.java:113)
> at org.apache.hadoop.gateway.GatewayServer.start(GatewayServer.java:255)
> at
> org.apache.hadoop.gateway.GatewayServer.startGateway(GatewayServer.java:180)
> at org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:97)
>
> Looking at the ServerHandler code this indicates that no authenticator is
> being found in the following code snippet:
> ...
>
>         if (_authenticator==null && _authenticatorFactory!=null &&
> _identityService!=null)
>
>         {
>
>
> _authenticator=_authenticatorFactory.getAuthenticator(getServer(),ContextHandler.getCurrentContext(),this,
> _identityService, _loginService);
>
>             if (_authenticator!=null)
>
>                 _authMethod=_authenticator.getAuthMethod();
>
>         }
>
>
>         if (_authenticator==null)
>
>         {
>
>             if (_realmName!=null)
>
>             {
>
>                 LOG.warn("No ServerAuthentication for "+this);
>
>                 throw new IllegalStateException("No ServerAuthentication");
>
>             }
>
>         }
>
>         else
>
>         {
>
>             _authenticator.setConfiguration(this);
>
>             if (_authenticator instanceof LifeCycle)
>
>                 ((LifeCycle)_authenticator).start();
>
>         }
>
> ...
>
> Can anyone tell what is missing from my configuration code or alternatively
> point me to relevant tests?
>
> Thank you in advance!
>
> --larry
>
>
>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com – Developer advice, services and support
from the Jetty & CometD experts.


Back to the top