What is JAAS?
JAAS provides a pluggable framework for authenticating and authorising users (more information is available on the JAAS pages @ Sun Developer Network). Many application servers support JAAS as a means of bringing greater flexibility to the declarative security models of the J2EE (now known as the Java EE) specifications. Whilst intentionally not a full-blown application server, jetty6 supports JAAS to provide greater alternatives for servlet security, and to increase the portability of web applications.
The JAAS support aims to dictate as little as possible whilst providing a sufficiently flexible infrastructure to allow users to drop in their own custom LoginModules. We will discuss how to configure jetty6 for JAAS, and describe the example LoginModules provided with the distribution.
Configure a jetty6
org.mortbay.jetty.plus.jaas.JAASUserRealm to match the
<realm-name> in your
web.xml file. For example, if the
web.xml contains a realm called
Then the following
JAASUserRealm would be declared in a jetty configuration file:
Set up your LoginModule in a configuration file, following the syntax rules: