Tuesday, February 8, 2011

Embedded Jetty serving static content with form authentication

Dear all,

I try to use the Forms-Based authentication within an embedded Jetty 6.1.7 project.

That's why I need to serve servlets and html (login.html) under the same context to make authentication work. I don't want to secure the hole application since different context should need different roles. The jetty javadoc states that a ContextHandlerCollection can handle different handlers for one context but I don't get it to work. My sample ignoring the authentication stuff will not work, why?

ContextHandlerCollection contexts = new ContextHandlerCollection();

// serve html       
Context ctxADocs= new Context(contexts,"/ctxA",Context.SESSIONS);
ctxADocs.setResourceBase("d:\\tmp\\ctxA");
ServletHolder ctxADocHolder= new ServletHolder();
ctxADocHolder.setInitParameter("dirAllowed", "false");    
ctxADocHolder.setServlet(new DefaultServlet());
ctxADocs.addServlet(ctxADocHolder, "/");   

// serve a sample servlet
Context ctxA = new Context(contexts,"/ctxA",Context.SESSIONS);  

ctxA.addServlet(new ServletHolder(new SessionDump()), "/sda");
ctxA.addServlet(new ServletHolder(new DefaultServlet()), "/");

contexts.setHandlers(new Handler[]{ctxA, ctxADocs});

// end of snippet

Any helpful thought is welcome!

Thanks.

Okami

From stackoverflow Okami

  • Use the web application descriptor:

    Paste this in to your web.xml:

    <login-config>
    <auth-method>BASIC</auth-method>
</login-config>
<security-role>
    <role-name>MySiteRole</role-name>
</security-role>

<security-constraint>
    <display-name>ProtectEverything</display-name>
    <web-resource-collection>
     <web-resource-name>ProtectEverything</web-resource-name>
     <url-pattern>*.*</url-pattern>
     <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
     <role-name>MySiteRole</role-name>
    </auth-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
     <web-resource-name>ExcludeLoginPage</web-resource-name>
     <url-pattern>/login.html</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
     <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

    Without authentication this will hide everything but the login.html.

    Okami : Thanks, but it has to be embedded. I will refine my question.
    From Eduard Wirch

  • Finally I got it right, solution is to use latest jetty 6.1.12 rc2. I didn't check out what they changed - I'm just happy that it works now.

    From Okami
Posted by Ku XI at 12:41 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)