Jetty has moved!
Jetty is a project at the Eclipse Foundation.
Homepage:http://www.eclipse.org/jetty
Downloads: http://download.eclipse.org/jetty/
Documentation:http://www.eclipse.org/jetty/documentation/current/
About:http://www.eclipse.org/jetty/about.php
Jetty Powered:http://www.eclipse.org/jetty/powered/
Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Authentication on Embedded Jetty:
This example is setting up Basic Authentication on the context "/mywebapp"

On your webapp's WEB-INF/web.xml:

<web-app>  
<security-constraint>
   <web-resource-collection>
     <web-resource-name>A Protected Page</web-resource-name>
     <url-pattern>/*</url-pattern>   <!-- you can include specific files/urls individually.. eg. <url-pattern>/mywelcomepage.html</url-pattern>
   </web-resource-collection>

   <auth-constraint>
     <role-name>admin</role-name>
     <role-name>user</role-name>
     <role-name>moderator</role-name>
   </auth-constraint>
  </security-constraint>

  <login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>MyRealm</realm-name>
  </login-config>
</web-app>

Next on your WebAppContext:

Server server = new Server();

Connector connector = new SelectChannelConnector();
connector.setPort(8080);
server.setConnectors(new Connector[]{connector});

WebAppContext webappcontext = new WebAppContext();
webappcontext.setContextPath("/mywebapp");
webappcontext.setWar("./path/to/my/war/orExplodedwar");

HandlerCollection handlers= new HandlerCollection();
handlers.setHandlers(new Handler[]{webappcontext, new DefaultHandler()});

server.setHandler(handlers);
HashUserRealm myrealm = new HashUserRealm("MyRealm","C:/jetty-6.0.1/etc/realm.properties"); // org.mortbay.jetty.security.HashUserRealm
server.setUserRealms(new UserRealm[]{myrealm}); // org.mortbay.jetty.security.UserRealm

server.start();
server.join();

On JETTY_HOME/etc/realm.properties:

You will see the format:
<username>:<password>,role ... notice the password has another ":" for users "jetty", "admin" and "other". Its the hash of the actual password.

Since the roles we placed onare admin, user, moderator,...
The user/pass with access are:
jetty/jetty
admin/admin

you can then append a new user/pass and role on realm.properties... for example:
newUser: newPass,moderator

So when u test on http://localhost:8080/mywebapp
You will be prompted to supply the user/pass with a basic authentication. Simply admin/admin, jetty/jetty or newUser/newPass will get you authenticated.

-----------------------------------------------------------------------------------------------------------------------

Authentication done programatically (without web.xml config)

import org.mortbay.jetty.security.*;

Server server = new Server();

Connector connector = new SelectChannelConnector();
connector.setPort(8080);
server.setConnectors(new Connector[]{connector});

Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);;
constraint.setRoles(new String[]{"user","admin","moderator"});
constraint.setAuthenticate(true);

ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*"); 

SecurityHandler sh = new SecurityHandler();
sh.setUserRealm(new HashUserRealm("MyRealm","./path/to/my/realm.properties"));
sh.setConstraintMappings(new ConstraintMapping[]{cm});

WebAppContext webappcontext = new WebAppContext();       
webappcontext.setContextPath("/mywebapp");     
webappcontext.setWar("./path/to/my/war/orExplodedwar");
webappcontext.addHandler(sh);

HandlerCollection handlers= new HandlerCollection();
handlers.setHandlers(new Handler[]{webappcontext, new DefaultHandler()});

server.setHandler(handlers);
server.start();
server.join();

  • No labels
Contact the core Jetty developers at www.webtide.com
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery