[jetty-users] configuring login for a jetty site

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[jetty-users] configuring login for a jetty site

From: Bill Ross <ross@xxxxxxxxxxxx>
Date: Thu, 24 Sep 2015 18:07:30 -0700
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Heirloom mailx 12.4 7/29/08

My use case is:

  User hits any page on site
  Username/password prompt appears
  If ok, secure/https access to pages on site granted 

I am looking at 

  http://www.eclipse.org/jetty/documentation/current/configuring-security.html

and am not sure how to generate the keystore - is this what I need:

  https://docs.oracle.com/cd/E19509-01/820-3503/ggfen/index.html
  Configuring Java CAPS for SSL Support

It seems excessive to require a certificate authority to sign the keystore, vs. the simplicity of the .htaccess model which seems to have been discontinued? Would cert signing have to be done on adding each user??

Also, would using password hashes be more secure than OBF passwords, and is this possible?

Thanks,

Bill

Prev by Date: Re: [jetty-users] Dependency tree built
Next by Date: Re: [jetty-users] Dependency tree built
Previous by thread: [jetty-users] Server implements
Next by thread: [jetty-users] Continuation Frame
Index(es):
- Date
- Thread

Breadcrumbs