I have finally got login working with
BASIC auth for a Servlet, after looking at some docs further
afield. I'm not sure if all my config is relevant, but here it is
in case it helps.
Relevant parts of latest web.xml (from war file):
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test Realm</realm-name>
</login-config>
<security-constraint>
<display-name>Restricted GET To user</display-name>
<web-resource-collection>
<web-resource-name>Restricted Access - Get
Only</web-resource-name>
<url-pattern>/images/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>user</role-name>
</security-role>
<servlet>
<servlet-name>images</servlet-name>
<servlet-class>com.priot.servlet.TagResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>images</servlet-name>
<url-pattern>/images/*</url-pattern>
</servlet-mapping>
And in my /etc/realm.properties:
guest: guest, user
On startup I see:
2015-10-05 13:54:16.146:WARN:oejs.SecurityHandler:main:
ServletContext@o.e.j.w.WebAppContext@2286778{/pr,
file:///private/var/folders/r1/fghw80h10b90nlggmfmd8jjr0000gn/T/jetty-0.0.0.0-8080-pr.war-_pr-any-4185978627296347654.dir/webapp/,STARTING}{/pr.war}
has uncovered http methods for path: /images/*
So I know the security is being loaded. Assuming _javascript_
Image.src = "" results in a GET, I am not worried
about POST being uncovered for now.
--- /etc/realm.xml:
<Configure id="Server"
class="org.eclipse.jetty.server.Server">
<Call name="addBean">
<Arg>
<New
class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty
name="jetty.base"
default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
<Get class="org.eclipse.jetty.util.log.Log"
name="rootLogger">
<Call name="warn"><Arg>demo test-realm is
deployed. DO NOT USE IN PRODUCTION!</Arg></Call>
</Get>
</Configure>
--- src/main/webapp/WEB-INF/jetty-env.xml
<Get name="securityHandler">
<Set name="realmName">Test Realm</Set>
</Get>
--- jetty-base/webapps/pr.xml [matches pr.war, not sure if picked
up]
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/pr</Set>
<Set name="war"><Property name="jetty.webapps"
default="."/>/pr.war</Set>
<Get name="securityHandler">
<Set name="loginService">
<New
class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">Test Realm</Set>
<Set name="config"><SystemProperty
name="jetty.base"
default="."/>/etc/realm.properties</Set>
<!-- To enable reload of realm when properties
change, uncomment the following lines -->
<!-- changing refreshInterval (in seconds) as
desired -->
<!--
<Set name="refreshInterval">5</Set>
<Call name="start"></Call>
-->
</New>
</Set>
<Set name="authenticator">
<New
class="org.eclipse.jetty.security.authentication.BasicAuthenticator">
<!-- Set name="alwaysSaveUri">true</Set -->
</New>
</Set>
<Set name="checkWelcomeFiles">true</Set>
</Get>
</Configure>
That's the latest.
Bill
On 10/2/2015 2:37 PM, Bill Ross wrote: