Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] HashLoginService (was JAAS)

Also tried adding this webapps/pr.xml per the 'webapps/test.xml' in the demo, and got no errors (even with web.xml auth turned on, which is progress, but still get no security - I'm expecting the browser to pop up a basic username/password window with BASIC auth-method, but when my _javascript_ calls the servlet there is no such popup.

Bill

<Configure class="org.eclipse.jetty.webapp.WebAppContext">

  <Set name="contextPath">/pr</Set>
  <Set name="war"><Property name="jetty.webapps" default="."/>/pr.war</Set>

  <Get name="securityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
        <Set name="name">Test Realm</Set>
        <Set name="config"><SystemProperty name="jetty.base" default="."/>/etc/realm.properties</Set>
            <!-- To enable reload of realm when properties change, uncomment the following lines -->
            <!-- changing refreshInterval (in seconds) as desired                                -->
            <!--
            <Set name="refreshInterval">5</Set>
            <Call name="start"></Call>
            -->
      </New>
    </Set>
    <Set name="authenticator">
      <New class="org.eclipse.jetty.security.authentication.FormAuthenticator">
        <Set name="alwaysSaveUri">true</Set>
      </New>
    </Set>
    <Set name="checkWelcomeFiles">true</Set>

  </Get>

</Configure>


On 10/2/2015 1:42 PM, Bill Ross wrote:
On 10/1/2015 1:26 PM, Bill Ross wrote:
jetty.demo.realm only exists in demo config files - it is not in any java files.

And I can change it to jexty.demo.realm without error.

Same result when I put the basic auth in the web.xml of a war file (java.lang.IllegalStateException: No LoginService), so the problem is definitely either in the code or the config of the examples, which have the dead tag as I described.

Meanwhile I have added a filename-masking Servlet on /images/* that uses an evanescent tag instead of the filename. So my only remaining security task is getting login working. I have tried a bunch of stuff and it seems I have found a bug or two in demos and maybe source, but no one seems to be paying attention. Please don't make me read the code :-)

Thanks,
Bill


-------- Original message --------
From: Bill Ross
Date:10/01/2015 1:06 PM (GMT-08:00)
Subject: Re: [jetty-users] HashLoginService (was JAAS)

Jan (or anyone),

> There's also a jetty-specific feature that if the realm-name is omitted from the <login-config> then we'll automatically select the first LoginService that has been defined for a Server instance (eg as an addBean() as has been shown in the doco and in the demo-base/etc/test-realm.xml).

Aha, when I delete the realm-name from the <login-config> in web.xml, I see that my HashLoginService evidently didn't get registered even though the etc/realm.xml has

<Configure id="Server" class="org.eclipse.jetty.server.Server">
    <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">Test Realm</Set>
          <Set name="config"><Property name="jetty.demo.realm" default="etc/realm.properties"/></Set>
          <Set name="refreshInterval">0</Set>
        </New>
      </Arg>
    </Call>

    <Get class="org.eclipse.jetty.util.log.Log" name="rootLogger">
      <Call name="warn"><Arg>demo test-realm is deployed. DO NOT USE IN PRODUCTION!</Arg></Call>
    </Get>
</Configure>

And on startup I see:

2015-10-01 12:50:39.793:WARN::main: demo test-realm is deployed. DO NOT USE IN PRODUCTION!

2015-10-01 12:50:40.203:WARN:oejw.WebAppContext:main: Failed startup of context o.e.j.w.WebAppContext@234bef66{/,file:///Users/priot/pr/jetty-base/webapps/ROOT/,STARTING}{/ROOT}
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@47db50c5 in org.eclipse.jetty.security.ConstraintSecurityHandler@5c072e3f
        at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:76)
        at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:354)
        at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:448)

So there seems to be a bug in docs or code since the HashLoginService setup is quietly consumed but seems to have no effect.

And in case anyone is still reading, once again, is the "jetty.demo.realm" supposed to mean anything or match anything???

    <Property name="jetty.demo.realm" default="etc/realm.properties"/>

Thanks,
Bill

On 9/30/2015 1:29 AM, Jan Bartel wrote:
Bill,

If you use the same realm-name in the <login-config> element of multiple webapps, they'll all share the same LoginService.

There's also a jetty-specific feature that if the realm-name is omitted from the <login-config> then we'll automatically select the first LoginService that has been defined for a Server instance (eg as an addBean() as has been shown in the doco and in the demo-base/etc/test-realm.xml).

Jan

On 30 September 2015 at 18:10, Bill Ross <ross@xxxxxxxxxxxx> wrote:
Hi Jan, 

So if web.xml only goes in a webapp, how can a realm defined in one cover the contents of ROOT?

I will see how you change that text and try the result.

Thanks,
Bill


-------- Original message --------
From: Jan Bartel
Date:09/30/2015 12:46 AM (GMT-08:00)
To: JETTY user mailing list
Subject: Re: [jetty-users] JAAS questions

Hi Bill,

web.xml does not go into the ${jetty.base} directory. It can only go into a WEB-INF directory of a webapp, such as a webapp inside of the ${jetty.base}/webapps directory, which is the default deploy directory.

Also, I will change the text on the Security page which mentions jetty.xml - this is no doubt historical from before we had the distinction between ${jetty.home} and ${jetty.base}.  And no, I do NOT recommend anyone edits ${jetty.home} - there should be very very very few cases where this is necessary (and this isn't one of them :)).

cheers
Jan

On 30 September 2015 at 17:35, Bill Ross <ross@xxxxxxxxxxxx> wrote:
Jan, there was no jetty-base etc dir before I created it to put that file in. I thought jetty xmls were additive, but it sounds like the base one tromped the home one. I have home set to the distribution of my last build of the current tree.

The configuring security link brings me


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


Back to the top