| Re: [jetty-users] Does Jetty Uses Session to Set the Principal in HTTP Request |
OK,so if you are using BASIC auth, then you don't need sessions, so we're barking up the wrong tree!Can you share the headers of your first and second requests? Does the second request have the authentication header?cheersOn Mon, 24 Feb 2020 at 20:21, Wang Yicheng <wangyicheng1209@xxxxxxxxx> wrote:Sorry for the late reply. Yes we use BASIC as the authentication method. It works fine with WebLogic without extra configuration to create sessions. So I supposed Jetty would do the same at the beginning. The thing is our system doesn't have HTML pages as we only use the web server for remote communication.I've tried to change the <auth-method> to FORM in web.xml but it's prompting that the pages are needed. I simply put "/" for the login page and the error page but then the customized login module is not working properly. We have a servlet for domain "/" but it wouldn't return any HTML pages. I didn't get a chance to do further investigation.Any suggestions would be appreciated!_______________________________________________On Sun, Feb 23, 2020 at 10:02 AM Greg Wilkins <gregw@xxxxxxxxxxx> wrote:What auth mechanism are you using?BASIC and DIGEST send auth information with every requestFORM stores the auth in the session.You can have other varieties (eg OPENID) which do either, but you need to set an authenticator to do whatever auth conversation you want to have.So tell us a bit more detail about your actual authentication mechanism.cheersOn Wed, 19 Feb 2020 at 11:23, Jan Bartel <janb@xxxxxxxxxxx> wrote:If you use BASIC authentication, every single request must contain the realm, username and password and is authenticated on reception - there is no concept of a session maintaining state.The form login page can be generated by a servlet, it doesn't have to be a static html resource.JanOn Tue, 18 Feb 2020 at 20:34, Wang Yicheng <wangyicheng1209@xxxxxxxxx> wrote:Thanks Jan! The thing is, my project actually doesn't have any pages. So, is it possible to have FORM authentication without login pages? Or does it mean I should go with BASIC while create sessions myself?_______________________________________________On Mon, Feb 17, 2020 at 2:16 AM Jan Bartel <janb@xxxxxxxxxxx> wrote:You need to set up what the authentication method is, ie the equivalent of the <login-config><auth-method/></login-config> in web.xml. The default is basic authentication. If you want to use sessions to maintain the authentication state, then configure FORM authentication, either in web.xml or by setting an instance of https://www.eclipse.org/jetty/javadoc/9.4.26.v20200117/org/eclipse/jetty/security/authentication/FormAuthenticator.html on the SecurityHandler.JanOn Mon, 10 Feb 2020 at 23:12, Wang Yicheng <wangyicheng1209@xxxxxxxxx> wrote:Thanks Joakim!Yes I do have a customized login module following JAAS spec. So it seems the missing session is causing the problem. Then my question is: With default configuration, does Jetty generate session automatically for authenticated user? Or is my code responsible for doing that?I actually published another question here which contains more details about my issue. Any help is highly appreciated!Best_______________________________________________On Mon, Feb 10, 2020 at 1:11 PM Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:If using Servlet authentication (or JAAS) the principal would be set.If you are using a 3rd party web library (like spring) then odds are you are not integrating with Servlet security.Joakim Erdfelt / joakim@xxxxxxxxxxx_______________________________________________On Mon, Feb 10, 2020 at 2:05 PM Yicheng Wang <wangyicheng1209@xxxxxxxxx> wrote:Hi team,
My question is as the subject state. My issue is the login request does have
the principal by calling getUserPrincipal. But after logging in, the second
request has a null principal. Besides, neither of the requests have
sessions. So I'm wondering if Jetty uses session information to set the
principal in HTTP request. Do appreciate your help!
Best
--
Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users--_______________________________________________Jan Bartel <janb@xxxxxxxxxxx>www.webtide.com
Expert assistance from the creators of Jetty and CometD
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users--_______________________________________________Jan Bartel <janb@xxxxxxxxxxx>www.webtide.com
Expert assistance from the creators of Jetty and CometD
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users--_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users--_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users