Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Unable to Authenticate Session with Cookie in Jetty 12

Hi Greg, 

Thanks so much for getting back to me. 

We are currently using EE10, but we are open to using EE8/9 if that would fix the problem. 

This is going to a webapp. 

Our login module is implemented as a subclass of AbstractLoginModule, with a corresponding subclass of JAASUser. 
To enable it, we include the following in jetty-web.xml: 

  <Set name="securityHandler">
    <New class="org.eclipse.jetty.ee10.servlet.security.ConstraintSecurityHandler">
      <Set name="loginService">
        <New class="org.eclipse.jetty.security.jaas.JAASLoginService">
          <Set name="name"><name></Set>
          <Set name="loginModuleName"><name></Set>
        </New>
      </Set>
    </New>
  </Set>

Please let me know if I can provide any more information! 

Additionally, after upgrading from Jetty 12.0.14 to 12.0.15 I have found that we are getting an error on startup due to jetty-web.xml: 
org.eclipse.jetty.xml.XmlConfigurationException: Bad Jetty XML configuration in file:<path>/jetty-web.xml
...
Caused by:
java.lang.NullPointerException: Cannot invoke "java.util.Map.containsKey(Object)" because "this.fTableOfIDAttributeNames" is null

This was not previously happening, and we did not change jetty-web.xml at all during the upgrade. The file jetty-web.xml is small, and just sets the securityHandler and an errorHandler. Do you know what could be causing us to read it as an improper configuration? 

Thanks for your help, 
Shan Parikh

On Tue, Nov 26, 2024 at 3:09 PM Greg Wilkins <gregw@xxxxxxxxxxx> wrote:

Shan,

We need a bit more information to help.

What environment are you using? EE10?
Is this going to a webapp or an programmatic context?
How is your custom login module/mechanism installed/implemented?

Does curl send the cookie with the request that gets the 401 response?

regards





On Tue, 26 Nov 2024 at 08:50, Shan Parikh via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
Hi, 

I am currently running Jetty 11 and looking to upgrade to Jetty 12 because of the upcoming end of life for Jetty 11 in Jan 2025. 

I have gotten the server running after reconfiguring some of the modules and XML files. However, we are having some issues with authentication that were not present in the Jetty 11 configuration. 

We have a custom login module that gets triggered when we POST to the /login/ endpoint with the login information (base 64 encoding of username + password). We are able to login, and get a cookie in the response that corresponds to a session. 

However, when we send a curl request (or post a request through Java) using this cookie (without the login information), we always receive a 401: unauthorized error. This same request goes through to the same server running Jetty 11, so it has to be a server side issue. 

For reference, when sending requests through Java we are using the CookieManager and CookieStore classes, which seem to automatically populate the session information. 

Are there any changes to how Jetty 12 processes cookies that would prevent us from accepting cookies? Is there any debug information I could include that would help address this issue?

Thanks for your help, 
Shan Parikh


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users


--

Back to the top