Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] M2M authentication on Jetty (jetty-users Digest, Vol 84, Issue 20)

Thank you for your response Simone.

Simone: How do you plan to make this machine-to-machine interaction?
Jim: The requesting machine will submit a REST request.  Our questions concern authentication.  
1. Specifically, how would the client machine submit a request to the Jetty server in such a way that the sender could be authenticated with LDAP?  
2. How would the Jetty server be configured so that incoming requests would be authenticated with LDAP, but the username/password would be obtained from the request?  That is, since a machine is submitting the request and not an interactive user, we cannot have a login dialog pop up to obtain the username/password.  The username/password must instead be embedded in the request itself.  NOTE:  LDAP-based authentication is not an absolute requirement - we could instead use certificate-based authentication.  But regardless of whether LDAP or a certificate is used, the question remains, how to configure Jetty to perform the authentication when the request comes from a machine rather than an interactive user?

Simone: Are you using an HTTP client to make requests?
Jim: HTTPS (I assume, due to authentication requirements).

Jim Gregoric


Message: 1
Date: Thu, 19 May 2016 13:02:35 +0000
From: "Gregoric, James" <James.Gregoric@xxxxxxxxxxxxxxxxxxxxx>
To: "jetty-users@xxxxxxxxxxx" <jetty-users@xxxxxxxxxxx>
Subject: [jetty-users] M2M authentication on Jetty
Message-ID: <d65e4a5599c547a7abe548fc9918ff15@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Dear Jetty Community,

We would like to provide an in-house group of users access to our Solr database in a way that meets the following specifications:

1.       Use the Jetty web service that Solr 6.0 installs by default.
2.       Provide an M2M (machine-to-machine) interface, so a user can setup a cron job that periodically executes a query and stores the results.
3.       Authentication credentials for the M2M interface to the Jetty service are provided by an LDAP service so it is possible to log who is accessing what data.
4.       Result data retrieved from Solr (result UIDs) and passed back to the caller via Jetty are recorded by SPLUNK.

Can you offer advice and/or point us to a working example of any of these specification items?

Here's what we have so far:
A.      Completed item 1 above.  We've installed Solr 6.0 with Jetty on a Linux VM and it works great.
B.      Partially addressed item 3 above in that we can login to Jetty using LDAP.  However, our implementation is such that the login credentials are input interactively (via a login dialog).  We don't yet know how to perform this login from machine to machine.  This is the main sticking point right now.

Any insight you might provide would be greatly appreciated.

Regards,
Jim Gregoric
Boston Children's Hospital, Clinical Research Informatics

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_private_jetty-2Dusers_attachments_20160519_c2209e9d_attachment.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=y4CZtddGgVb9PJgB-uFPGEI1ZVII7W7Wu7JcJOInhFI&e= >

------------------------------

Message: 2
Date: Thu, 19 May 2016 16:00:51 +0200
From: Simone Bordet <sbordet@xxxxxxxxxxx>
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: Re: [jetty-users] M2M authentication on Jetty
Message-ID:
	<CAFWmRJ0HYvrsqSYa3r2MncXcy79NkwQY2fYEEWBGbUQikEPscA@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8

Hi,

On Thu, May 19, 2016 at 3:02 PM, Gregoric, James <James.Gregoric@xxxxxxxxxxxxxxxxxxxxx> wrote:
> B.      Partially addressed item 3 above in that we can login to Jetty using
> LDAP.  However, our implementation is such that the login credentials 
> are input interactively (via a login dialog).  We don?t yet know how 
> to perform this login from machine to machine.  This is the main 
> sticking point right now.

How do you plan to make this machine-to-machine interaction ?
Are you using a HTTP client to make requests ?

--
Simone Bordet
----
https://urldefense.proofpoint.com/v2/url?u=http-3A__cometd.org&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=5bIdYv2WIMKOjBXrpxpWAHMxjREQeVrd4ouRHpJ5CJU&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__webtide.com&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=ak4TcjIDPjVkfyC4dQI_v80CePGYK2-YQGaFSQPNews&e=
Developer advice, training, services and support from the Jetty & CometD experts.


------------------------------

Message: 3
Date: Thu, 19 May 2016 16:14:18 +0200
From: Peter Ondru?ka <peter.ondruska+jetty@xxxxxxxx>
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Subject: [jetty-users] HTTP 2 with Simone Bordet
Message-ID:
	<CAAo0nc5SxF=H9+KFMOK8PoPDF=hHM6yx28DH0F1n2F93mryFmw@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

https://urldefense.proofpoint.com/v2/url?u=https-3A__youtu.be_snE9TqGASas&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=UHc58ouQVABqVT1yK6D2fQi4k2nTdEUkPeJqiwxd5SI&e= 

HTTP 2.0 is supposed to be the next big thing for the web, after the overwhelming success of HTTP 1.1. In this interview he examines the HTTP
2.0 protocol, what is the status of its specification, what features does it offer over HTTP 1.1, and how websites can benefit (in speed and money) from it.

Bio: Simone Bordet is a Jetty Committer, the CometD project leader and works as Lead Architect at Webtide. Active open source developer, he founded and contributed to various open source projects such as Jetty, CometD, MX4J, Foxtrot, LiveTribe, and others. Simone has been technical speaker at various national and international conferences such as Devoxx, JavaOne, CodeMotion, etc., and is a co-lead of the Java User Group of Torino, Italy. Simone specializes in server-side multi-thread development, J2EE application development, in Comet technologies applied to web development, web network protocols (HTTP, WebSocket, SPDY, HTTP/2) and in high performance JVM tuning.

Enjoy :)

Maybe I just missed this on the list (so sorry about that).

--
kaibo, s.r.o., ID 28435036, registered with the commercial register administered by the Municipal Court in Prague, section C, insert 141269.
Registered office and postal address: kaibo, s.r.o., Kali?nick? 379/10, Prague 3, 130 00, Czech Republic.
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.kaibo.eu&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=KHeMqd9yPK1MA_Gs084esoo6MtW6uPo9FedBu4mTTpQ&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_private_jetty-2Dusers_attachments_20160519_19171341_attachment.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=b5Gsw_4U_Mka8QjSjeTRgDnLoIJAxq5xm4oYs14yFkE&e= >

------------------------------

Message: 4
Date: Thu, 19 May 2016 11:01:09 -0400
From: Jennifer Coston <Jennifer.Coston@xxxxxxxxxxxx>
To: jetty-users@xxxxxxxxxxx
Subject: [jetty-users] How do I tell embedded jetty to scan for
	annotations?
Message-ID:
	<OFCD730520.83F344F0-ON85257FB8.004F38F6-85257FB8.005280EB@xxxxxxxxxxxx>
	
Content-Type: text/plain; charset="us-ascii"



Hello,

I am trying to configure embedded jetty so that it scans for the @WebListener annotation. I have added the Jetty-annotations library to my pom.xml file. From looking at this documentation, it looks like I also need to set metadata-complete to false. The problem is that most of the documentation references a web.xml or jetty.xml which I don't have. Is it possible to configure Jetty to scan for annotations without it? Is there a way I can configure the server to tell it where the @WebListener is?

Here is the method where I am creating and configuring the server:

public static void start() throws Exception {
		// Create Embedded Jetty server
		jettyServer = new Server();

		// Configure for Http
		 HttpConfiguration http_config = new HttpConfiguration();
		 http_config.setSecureScheme("https");
		 http_config.setSecurePort(8443);
		 http_config.setOutputBufferSize(32768);

		 ServerConnector http = new ServerConnector(jettyServer,
		 new HttpConnectionFactory(http_config));
		 http.setPort(HTTP_SERVER_PORT);
		 http.setIdleTimeout(30000);
		 jettyServer.addConnector(http);

		// Add ServletContextHandler
		ServletContextHandler servletContextHandler = new ServletContextHandler(
				ServletContextHandler.SESSIONS);
		servletContextHandler.setContextPath("/");

		jettyServer.setHandler(servletContextHandler);

		// Add API Origin Filter
		servletContextHandler.addFilter(
				"com.my.company.swagger.api.util.ApiOriginFilter",
"/*",
				EnumSet.of(DispatcherType.INCLUDE,
DispatcherType.REQUEST));

		// Setup API resources (Jersey)
		ServletHolder jerseyServlet = new ServletHolder(new ServletContainer());
		jerseyServlet.setInitOrder(1);
		jerseyServlet.setInitParameter(

"com.sun.jersey.spi.container.ContainerRequestFilters",

"com.sun.jersey.api.container.filter.PostReplaceFilter");
		jerseyServlet.setInitParameter(
				"com.sun.jersey.api.json.POJOMappingFeature",
"true");
		jerseyServlet
				.setInitParameter(
						ServerProperties.PROVIDER_PACKAGES,

"io.swagger.jaxrs.json;io.swagger.jaxrs;io.swagger.jaxrs.listing;com.my.company.swagger.api");
		jerseyServlet.setInitParameter
(ServerProperties.WADL_FEATURE_DISABLE,
				"true");
		jerseyServlet
				.setInitParameter(
						ServerProperties.PROVIDER_CLASSNAMES,

"org.glassfish.jersey.filter.LoggingFilter;org.glassfish.jersey.media.multipart.MultiPartFeature");
		servletContextHandler.addServlet(jerseyServlet, "/api/*");

		jettyServer.setHandler(servletContextHandler);

		// Start the server
		jettyServer.start();
	}

And this is my class with the @WebListener

package com.my.company.swagger.api.util;

import io.swagger.jaxrs.config.BeanConfig;

import javax.annotation.Resource;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebListener
public class SwaggerInitializer implements ServletContextListener {

	private static final Logger LOGGER = LoggerFactory.getLogger (SwaggerInitializer.class);

    public void contextInitialized(ServletContextEvent servletContextEvent) {
    	LOGGER.debug("######### Configuring Swagger with BeanConfig #########");
        BeanConfig beanConfig = new BeanConfig();
        beanConfig.setVersion( "1.0.0" );
        beanConfig.setResourcePackage( "com.my.company.swagger.api" );
        beanConfig.setBasePath( "https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A12043_api-2Ddocs&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=JW8fGW4lpHPQ4wUOi1rCsq95KjXdOExNeD7CprT0DR4&e= " );
        beanConfig.setDescription( "Hello World!" );
        beanConfig.setTitle( "Swagger Test Server" );
        beanConfig.setScan( true );
    }

    public void contextDestroyed(ServletContextEvent servletContextEvent) {
    }

}

Thank you!

Jennifer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_private_jetty-2Dusers_attachments_20160519_e51ccfdf_attachment.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=QVTI_mancifGtSz9hnY0_uEU1k7PzHX-UqSucdYTh0w&e= >

------------------------------

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://urldefense.proofpoint.com/v2/url?u=https-3A__dev.eclipse.org_mailman_listinfo_jetty-2Dusers&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=Vz54g8AncKBbc-0EcxspoZmpfAbzclEJax6SNtvVq2Y&s=Z-TMW-WpJmGO8eiyYvFLEwc5ocXJiLUH_AiRWx5wEKU&e= 

End of jetty-users Digest, Vol 84, Issue 20
*******************************************


Back to the top