[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[jetty-users] JAAS questions
|
I'm trying to set up site login looking at
./jetty-distribution/target/distribution/demo-base
E.g. demo-base/start.ini:
-----
# Enable security via jaas, and configure it
--module=jaas
jetty.jaas.login.conf=etc/login.conf
# Create and configure the test realm
etc/test-realm.xml
jetty.demo.realm=etc/realm.properties
-----
etc/login.conf points to etc/login.properties which looks like
me=me,me,roleA
Per the doc, it's a "properties file of the same format as the etc/realm.properties example file."
<username>: <password>[,<rolename> ...]
My question is, why have two password files? Are both required?
Also, etc/test-realm.xml creates a HashLoginService, is that complementary to JAASLoginService? I don't see that in demo-base/etc/ at least. I expected to see a Configure Server somewhere at the top level of the demo bringing in JAASLoginService based on
http://www.eclipse.org/jetty/documentation/current/jaas-support.html
Third question is, why is there no demo-base/web.xml? It seems I need one because I want to password protect both war/servlets and ROOT:
--webapp/my.war [2 servlets with a web.xml]
--webapp/ROOT
It seems I need to define a realm that encompasses them? Would a ${jetty.base}/web.xml like this be sufficient (per the jaas-support page)?
<login-config>
<auth-method>FORM</auth-method>
<realm-name>mywholesite</realm-name>
<form-login-config>
<form-login-page>/login/login</form-login-page> <== example?
<form-error-page>/login/error</form-error-page> <== example? (e.g. if a param is passed)
</form-login-config>
</login-config>
And it would automatically cover the war and ROOT, or would that need to be spelled out?
The web.xml info I see on Google looks generally like servlet config, which I have down in my war's web.xml.
Thanks,
Bill
