I've just added authentication to my embedded jetty 9 web server. I'm using the JDBCLoginService and everything works fine.
I now want to add a login page. But I can’t get it working: when the FormAuthenticator.validate() method is called, it's trying to get an HTTPsession and none is found.
I've been trying to create Sessions but I've been unable to find the correct API. Can someone give me an example?
This is my code:
// the file server part
ResourceHandler resource_handler = new ResourceHandler();
resource_handler.setDirectoriesListed(false);
resource_handler.setResourceBase("www");
resource_handler.setDirectoriesListed(false);
resource_handler.setWelcomeFiles(new String[]{ "html/dashboard.html" });
// the JSP part
WebAppContext webAppContext = new WebAppContext();
webAppContext.setResourceBase("www");
webAppContext.setInitParameter("dirAllowed", "false");
webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals");
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues");
HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] {
// static files
resource_handler,
// servlets
webAppContext,
// 404
new DefaultHandler()
});
// get the path for the authentication settings
// it should be in the same folder than the platform location
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile"));
File authConfigFile = new File(configFile.getParent(), "auth.properties");
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath());
m_server.addBean(loginService);
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setName(Constraint.__FORM_AUTH);
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.addConstraintMapping(mapping);
FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html", false);
security.setAuthenticator(authenticator);
security.setLoginService(loginService);
security.setHandler(handlers);
m_server.setHandler(security);
m_server.start();
Thanks,
Serge