Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] JAAS questions

Hi Bill,

I think you'll get a bit more clarity if you look in demo-base/webapps at the test-jaas.xml and test-jaas.war file. This is the example webapp for configuring and using jaas.




My question is, why have two password files? Are both required?

There are different password files for different purposes:

etc/test-realm.xml configures a HashLoginService that is set as the default login service on the Server object and references etc/realm.properties with the passwords and roles
etc/realm.properties is also referenced by the webapp-specific HashLoginService configured for the test webapp in webapps/test.xml
etc/login.conf is a jaas configuration file. The webapps/test-jaas.xml context file sets up a JAASLoginService for the webapps/test-jaas.war webapp, which will use the etc/login.conf file to point to the passwords and roles defined in etc/login.properties.


So, HashLoginService is an alternative to JAASLoginService and they both have different config files and formats. The demo-base has both to cater to the multiple different webapps deployed in it.


regards
Jan

 

Also, etc/test-realm.xml creates a HashLoginService, is that complementary to JAASLoginService? I don't see that in demo-base/etc/ at least. I expected to see a Configure Server somewhere at the top level of the demo bringing in JAASLoginService based on

  http://www.eclipse.org/jetty/documentation/current/jaas-support.html

Third question is, why is there no demo-base/web.xml? It seems I need one because I want to password protect both war/servlets and ROOT:

--webapp/my.war  [2 servlets with a web.xml]
--webapp/ROOT

It seems I need to define a realm that encompasses them? Would a ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)?

<login-config>
  <auth-method>FORM</auth-method>
  <realm-name>mywholesite</realm-name>
  <form-login-config>
    <form-login-page>/login/login</form-login-page>    <== example?
    <form-error-page>/login/error</form-error-page>    <== example? (e.g. if a param is passed)
  </form-login-config>
</login-config>

And it would automatically cover the war and ROOT, or would that need to be spelled out?
The web.xml info I see on Google looks generally like servlet config, which I have down in my war's web.xml.

Thanks,
Bill

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--
Jan Bartel <janb@xxxxxxxxxxx>
www.webtide.com
Expert assistance from the creators of Jetty and CometD


Back to the top