Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] jetty-users Digest, Vol 84, Issue 21 
Excellent suggestion, thank you Simone.  I will investigate Jetty's HttpClient.
Best Regards,
Jim Gregoric

On Thu, May 19, 2016 at 5:28 PM, Gregoric, James <James.Gregoric@xxxxxxxxxxxxxxxxxxxxx> wrote:
> Thank you for your response Simone.
>
> Simone: How do you plan to make this machine-to-machine interaction?
> Jim: The requesting machine will submit a REST request.  Our questions concern authentication.
> 1. Specifically, how would the client machine submit a request to the Jetty server in such a way that the sender could be authenticated with LDAP?
> 2. How would the Jetty server be configured so that incoming requests would be authenticated with LDAP, but the username/password would be obtained from the request?  That is, since a machine is submitting the request and not an interactive user, we cannot have a login dialog pop up to obtain the username/password.  The username/password must instead be embedded in the request itself.  NOTE:  LDAP-based authentication is not an absolute requirement - we could instead use certificate-based authentication.  But regardless of whether LDAP or a certificate is used, the question remains, how to configure Jetty to perform the authentication when the request comes from a machine rather than an interactive user?
>
> Simone: Are you using an HTTP client to make requests?
> Jim: HTTPS (I assume, due to authentication requirements).

The way I see this working is as follows:

Server.
Configure the server with a BasicAuthenticator and with the JAAS login service.
Configure the JAAS login service to use the LDAP module.
See:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.eclipse.org_jetty_documentation_current_configuring-2Dsecurity-2Dauthentication.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=xLKFsrFREWwi7-7QJTeiOI2AuUPZrnRpPOTI3sJgcME&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.eclipse.org_jetty_documentation_current_jaas-2Dsupport.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=NC9xb9eqnF9r6cDxxNaGdhse1CxKv_uLxMJJI-M-sR8&e= 

Client.
Use Jetty's HttpClient and specify BasicAuthentication credentials:
HttpClient.getAuthenticationStore().addAuthentication(new
BasicAuthentication(...));

--
Simone Bordet
----
https://urldefense.proofpoint.com/v2/url?u=http-3A__cometd.org&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=iA_C0v9CLYiXIyFXgq8vfNJrvQ2OQ2-hUgAV8xeS57A&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__webtide.com&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=mbGDXa4Hos05Omf6K8HQj_gai3RulqGltJghrV8coYM&e=
Developer advice, training, services and support from the Jetty & CometD experts.

Back to the top