Jetty has moved!
Jetty is a project at the Eclipse Foundation.
Homepage:http://www.eclipse.org/jetty
Downloads: http://download.eclipse.org/jetty/
Documentation:http://www.eclipse.org/jetty/documentation/current/
About:http://www.eclipse.org/jetty/about.php
Jetty Powered:http://www.eclipse.org/jetty/powered/
Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Unknown macro: {hint}

This feature is available in SVN as of 7 March 2006

What is JAAS?

JAAS provides a pluggable framework for authenticating and authorising users (more information is available on the JAAS pages @ Sun Developer Network). Many application servers support JAAS as a means of bringing greater flexibility to the declarative security models of the J2EE (now known as the Java EE) specifications. Whilst intentionally not a full-blown application server, jetty6 supports JAAS to provide greater alternatives for servlet security, and to increase the portability of web applications.

The JAAS support aims to dictate as little as possible whilst providing a sufficiently flexible infrastructure to allow users to drop in their own custom LoginModules. We will discuss how to configure jetty6 for JAAS, and describe the example LoginModules provided with the distribution.

Configuration

Using JAAS with jetty is very simply a matter of declaring a org.mortbay.jetty.plus.jaas.JAASUserRealm, creating a jaas login module configuration file and specifying it on the jetty run line. Let's look at an example.

Step 1

Configure a jetty6 org.mortbay.jetty.plus.jaas.JAASUserRealm to match the <realm-name> in your web.xml file. For example, if the web.xml contains a realm called "xyzrealm":

Then the following JAASUserRealm would be declared in a jetty configuration file:

Important!

Icon

It is imperative that the contents of the <realm-name> and the <Set name="name"> of the JAASUserRealm instance are exactly the same

Step 2

Set up your LoginModule in a configuration file, following the syntax rules:

Important!

Icon

It is imperative that the application name to the left of the { is exactly the same as the <Set name="LoginModuleName">

Step 3

Invoke jetty with the jaas configuration file you created in step 2:

A Closer Look at the JAASUserRealm

To allow the greatest degree of flexibility in using JAAS with web applications, the JAASUserRealm supports a couple of configuration options. Note that you don't ordinarily need to set these explicitly, as jetty has defaults which will work in 99% of cases. However, should you need to, you can configure:

  • a policy for role-based authorization (Default: org.mortbay.jetty.plus.jaas.StrictRoleCheckPolicy)
  • a CallbackHandler (Default: org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler)
  • a list of classnames for the Principal implementation that equate to a user role (Default: org.mortbay.jetty.plus.jaas.JAASRole)

Here's an example of setting each of these (to their default values):

  • No labels
Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery