Re: [jetty-users] How to use a login form with Jetty 9?

[Greg Wilkins <gregw@xxxxxxxxxxx>]

Serge,

the problem is that you have added a ConstraintSecurityHandler as the prime Server handler and it does not have a SessionHandler to create the session.

Note that within your WebAppContext, you will already have a SessionHandler and a ConstraintSecurityHandler, so you really should just configure those.        However, you have an external ResourceHandler, which again is not strictly necessary as the DefaultServlet in the WebAppContext is able to server static content.

So you either need to decide to use the WebAppContext and all it's built in capabilities

OR

use a ServletContextHandler that will be able to build a structure like

  Server -> ServletContextHandler -> SessionHandler -> ConstraintSecurityHandler -> ServletHandler

which you could modify to 

  Server -> ServletContextHandler -> SessionHandler -> ConstraintSecurityHandler -> HandlerList [ ResourceHandler, ServletContextHandler ]

OR

build your own structure like:

  Server -> SessionHandler -> ConstraintSecurityHandler -> HandlerList [ ResourceHandler, ServletContextHandler ]

cheers

On 4 August 2017 at 15:26, Serge Weinstock <serge.weinstock@xxxxxxxxx> wrote:

I've just added authentication to my embedded jetty 9 web server. I'm using the JDBCLoginService and everything works fine.

 

I now want to add a login page. But I can’t get it working: when the FormAuthenticator.validate() method is called, it's trying to get an HTTPsession and none is found.

 

I've been trying to create Sessions but I've been unable to find the correct API. Can someone give me an example?

 

This is my code:

 

// the file server part

ResourceHandler resource_handler = new ResourceHandler();

resource_handler.setDirectoriesListed(false);

resource_handler.setResourceBase("www");

resource_handler.setDirectoriesListed(false);

resource_handler.setWelcomeFiles(new String[]{ "html/dashboard.html" });

// the JSP part

WebAppContext webAppContext = new WebAppContext();

webAppContext.setResourceBase("www");

webAppContext.setInitParameter("dirAllowed", "false");

webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals");

webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues");

HandlerList handlers = new HandlerList();

handlers.setHandlers(new Handler[] {

        // static files

        resource_handler,

        // servlets

        webAppContext,

        // 404

        new DefaultHandler()

    });

// get the path for the authentication settings

// it should be in the same folder than the platform location

File configFile = new File(System.getProperty("com.bnpp.firefly.configfile"));

File authConfigFile = new File(configFile.getParent(), "auth.properties");

LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath());

m_server.addBean(loginService);

 

ConstraintSecurityHandler security = new ConstraintSecurityHandler();

Constraint constraint = new Constraint();

constraint.setName(Constraint.__FORM_AUTH);

constraint.setAuthenticate(true);

constraint.setRoles(new String[] { "user", "admin" });

 

ConstraintMapping mapping = new ConstraintMapping();

mapping.setPathSpec("/*");

mapping.setConstraint(constraint);

 

security.addConstraintMapping(mapping);

FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html", false);

security.setAuthenticator(authenticator);

security.setLoginService(loginService);

 

 

security.setHandler(handlers);

m_server.setHandler(security);

 

 

m_server.start();

Thanks,

Serge

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

--

Greg Wilkins <gregw@xxxxxxxxxxx> CTO http://webtide.com