Re: [jetty-users] Authentication in embedded Jetty7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] Authentication in embedded Jetty7

From: jetty-users@xxxxxxxxxxxxxx
Date: Thu, 03 Nov 2011 00:42:50 -0400
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/jetty-users>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>

For what it's worth, I got the behavior I wanted by adding

        csh.setAuthenticator(new DigestAuthenticator());

I feel like I'm using a sledgehammer, though!



On 11/02/2011 10:55 AM, jetty-users@xxxxxxxxxxxxxx wrote:
> Hello again
>
> I'm still searching for the right incantation to require digest
> authentication in embedded Jetty 7.  I created a constraint with the
> name "DIGEST" but the result is that the browser uses BASIC
> authentication, successfully.  How can I force it to use DIGEST?  Here
> is the code that sets up the constraint and starts the server:
>
>         Constraint constraint = new Constraint();
>         constraint.setName(Constraint.__DIGEST_AUTH);
>         constraint.setRoles(new String[]{"admin"});
>         constraint.setAuthenticate(true);
>
>         ConstraintMapping cm = new ConstraintMapping();
>         cm.setConstraint(constraint);
>         cm.setPathSpec("/*");
>
>         ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
>         csh.setLoginService(new HashLoginService("Test Realm2",
>                                                  "/tmp/realm.properties"));
>         csh.setConstraintMappings(new ConstraintMapping[]{cm});
>         csh.setStrict(true);
>
>         wac = new WebAppContext();
>         wac.setContextPath("/");
>         wac.setSecurityHandler(csh);
>         wac.setWar(
>             (getClass().getClassLoader().getResource
>              ("war/blahblah").toExternalForm());
>
>         jetty = new Server(httpPort);
>         jetty.setHandler(wac);
>         jetty.start();
>
> The realm.properties file contains:
>
>     digested: MD5:e44ac848b54053adeef5fc47d1aadb36,admin
>
> When I access my web application, Firefox prompts for user&password, and
> I give digested's credentials.  The resulting auth header is
>
>     Authorization: Basic ZGlnZXN0ZWQ6ZGlnZXN0ZWQ=
>
> I must be misunderstanding the API in some way.  Can one of you point
> out my mistake?  I'm using Jetty 7.4.0.v20110414.  Thanks in advance!
>
>   -- Guy Hillyer
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users

Prev by Date: Re: [jetty-users] embedded Jetty issue with maven surefire plugin and tld scanning
Next by Date: [jetty-users] Setuid UnsatisfiedLinkError
Previous by thread: Re: [jetty-users] Authentication in embedded Jetty7
Next by thread: [jetty-users] Jetty 7.5.3 Logging Question
Index(es):
- Date
- Thread

Breadcrumbs