Re: [jetty-users] 9.4: can I get rid of LoginService if no login?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] 9.4: can I get rid of LoginService if no login?

From: Jan Bartel <janb@xxxxxxxxxxx>
Date: Wed, 27 Apr 2022 10:23:27 +0200
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

You only need to configure a realm and loginservice if you're doing any kind of authentication/authorization in your webapp.

You have some kind of configuration mismatch, as the the ConstraintSecurityHandler has had a BasicAuthenticator set up on it - either via jetty xml config or an entry in web.xml - but yet neither the server or the context has had a LoginService set up on it. Your xml snippet shows a FormAuthenticator, yet at runtime it's a BasicAuthencator, so there's something wrong with your config.

If you don't want to do any authentication, take the <login-config> element out of your web.xml (or however you've set up the BasicAuthenticator). Otherwise, you need to provide some type of LoginService, usually set as a bean on the Server instance, but can also be set on the WebAppContext instance in the context xml file (I think you're calling it app.xml?). You haven't provided many details of your setup, but if you have another webapp/context in the mix and it also requires authentication it will also need access to a LoginService: generally, but not necessarily, all webapps share the same LoginService, set as a bean on the Server. If you've only configured a LoginService for one context, the other could be the one producing the stacktrace.

regards

Jan

On Wed, 27 Apr 2022 at 09:51, Bill Ross via jetty-users <jetty-users@xxxxxxxxxxx> wrote:

I'm trying to simplify before open-sourcing. I used to have a HashLogin,
and it seems I can't get rid of the requirement. E.g. it wants the
securityHandler, and an empty jetty-base/etc/realm.properties is needed
at least.

9.4

Thanks,

Bill

I seem to need this in jetty-base/webapps/app.xml:

   <Get name="securityHandler">
     <Set name="loginService">
         <New class="org.eclipse.jetty.security.HashLoginService">

           ...

     </Set>
     <Set name="authenticator">
       <New
class="org.eclipse.jetty.security.authentication.FormAuthenticator">
         <Set name="alwaysSaveUri">true</Set>
       </New>
     </Set>
     <Set name="checkWelcomeFiles">true</Set>
   </Get>

java.lang.IllegalStateException: No LoginService for
org.eclipse.jetty.security.authentication.BasicAuthenticator@77825085 in
ConstraintSecurityHandler@3568f9d2{STARTING}
         at
org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92)
         at
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:410)
         at
org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:417)

--
Phobrain.com
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Jan Bartel <janb@xxxxxxxxxxx>

www.webtide.com
Expert assistance from the creators of Jetty and CometD

References:
- [jetty-users] 9.4: can I get rid of LoginService if no login?
  - From: Bill Ross

Prev by Date: [jetty-users] 9.4: can I get rid of LoginService if no login?
Next by Date: [jetty-users] Webapps not loading after migration from 9.4 to 10.0
Previous by thread: [jetty-users] 9.4: can I get rid of LoginService if no login?
Next by thread: Re: [jetty-users] 9.4: can I get rid of LoginService if no login?
Index(es):
- Date
- Thread

Breadcrumbs