Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] JAAS questions

I'm trying to set up site login looking at


E.g. demo-base/start.ini:

# Enable security via jaas, and configure it

# Create and configure the test realm

etc/login.conf points to etc/ which looks like

Per the doc, it's a "properties file of the same format as the etc/ example file."
<username>: <password>[,<rolename> ...]

My question is, why have two password files? Are both required?

Also, etc/test-realm.xml creates a HashLoginService, is that complementary to JAASLoginService? I don't see that in demo-base/etc/ at least. I expected to see a Configure Server somewhere at the top level of the demo bringing in JAASLoginService based on

Third question is, why is there no demo-base/web.xml? It seems I need one because I want to password protect both war/servlets and ROOT:

--webapp/my.war  [2 servlets with a web.xml]

It seems I need to define a realm that encompasses them? Would a ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)?

    <form-login-page>/login/login</form-login-page>    <== example?
    <form-error-page>/login/error</form-error-page>    <== example? (e.g. if a param is passed)

And it would automatically cover the war and ROOT, or would that need to be spelled out?
The web.xml info I see on Google looks generally like servlet config, which I have down in my war's web.xml.


Back to the top