What auth mechanism are you using? BASIC and DIGEST send auth information with every request FORM stores the auth in the session.
You can have other varieties (eg OPENID) which do either, but you need to set an authenticator to do whatever auth conversation you want to have. So tell us a bit more detail about your actual authentication mechanism. cheers On Wed, 19 Feb 2020 at 11:23, Jan Bartel <j...@webtide.com> wrote: > If you use BASIC authentication, every single request must contain the > realm, username and password and is authenticated on reception - there is > no concept of a session maintaining state. > > The form login page can be generated by a servlet, it doesn't have to be a > static html resource. > > Jan > > On Tue, 18 Feb 2020 at 20:34, Wang Yicheng <wangyicheng1...@gmail.com> > wrote: > >> Thanks Jan! The thing is, my project actually doesn't have any pages. So, >> is it possible to have FORM authentication without login pages? Or does it >> mean I should go with BASIC while create sessions myself? >> >> On Mon, Feb 17, 2020 at 2:16 AM Jan Bartel <j...@webtide.com> wrote: >> >>> You need to set up what the authentication method is, ie the equivalent >>> of the <login-config><auth-method/></login-config> in web.xml. The default >>> is basic authentication. If you want to use sessions to maintain the >>> authentication state, then configure FORM authentication, either in web.xml >>> or by setting an instance of >>> https://www.eclipse.org/jetty/javadoc/9.4.26.v20200117/org/eclipse/jetty/security/authentication/FormAuthenticator.html >>> on the SecurityHandler. >>> >>> Jan >>> >>> On Mon, 10 Feb 2020 at 23:12, Wang Yicheng <wangyicheng1...@gmail.com> >>> wrote: >>> >>>> Thanks Joakim! >>>> >>>> Yes I do have a customized login module following JAAS spec. So it >>>> seems the missing session is causing the problem. Then my question is: With >>>> default configuration, does Jetty generate session automatically for >>>> authenticated user? Or is my code responsible for doing that? >>>> >>>> I actually published another question here >>>> <http://jetty.4.x6.nabble.com/HttpServletRequest-Returns-NULL-Principal-After-Logging-In-td4968503.html> >>>> which contains more details about my issue. Any help is highly appreciated! >>>> >>>> Best >>>> >>>> On Mon, Feb 10, 2020 at 1:11 PM Joakim Erdfelt <joa...@webtide.com> >>>> wrote: >>>> >>>>> If using Servlet authentication (or JAAS) the principal would be set. >>>>> >>>>> If you are using a 3rd party web library (like spring) then odds are >>>>> you are not integrating with Servlet security. >>>>> >>>>> Joakim Erdfelt / joa...@webtide.com >>>>> >>>>> >>>>> On Mon, Feb 10, 2020 at 2:05 PM Yicheng Wang < >>>>> wangyicheng1...@gmail.com> wrote: >>>>> >>>>>> Hi team, >>>>>> >>>>>> My question is as the subject state. My issue is the login request >>>>>> does have >>>>>> the principal by calling getUserPrincipal. But after logging in, the >>>>>> second >>>>>> request has a null principal. Besides, neither of the requests have >>>>>> sessions. So I'm wondering if Jetty uses session information to set >>>>>> the >>>>>> principal in HTTP request. Do appreciate your help! >>>>>> >>>>>> Best >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sent from: http://jetty.4.x6.nabble.com/Jetty-User-f3247280.html >>>>>> _______________________________________________ >>>>>> jetty-users mailing list >>>>>> jetty-users@eclipse.org >>>>>> To change your delivery options, retrieve your password, or >>>>>> unsubscribe from this list, visit >>>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>>>> >>>>> _______________________________________________ >>>>> jetty-users mailing list >>>>> jetty-users@eclipse.org >>>>> To change your delivery options, retrieve your password, or >>>>> unsubscribe from this list, visit >>>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>>> >>>> _______________________________________________ >>>> jetty-users mailing list >>>> jetty-users@eclipse.org >>>> To change your delivery options, retrieve your password, or unsubscribe >>>> from this list, visit >>>> https://www.eclipse.org/mailman/listinfo/jetty-users >>> >>> >>> >>> -- >>> Jan Bartel <j...@webtide.com> >>> www.webtide.com >>> *Expert assistance from the creators of Jetty and CometD* >>> >>> _______________________________________________ >>> jetty-users mailing list >>> jetty-users@eclipse.org >>> To change your delivery options, retrieve your password, or unsubscribe >>> from this list, visit >>> https://www.eclipse.org/mailman/listinfo/jetty-users >> >> _______________________________________________ >> jetty-users mailing list >> jetty-users@eclipse.org >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users > > > > -- > Jan Bartel <j...@webtide.com> > www.webtide.com > *Expert assistance from the creators of Jetty and CometD* > > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users -- Greg Wilkins <gr...@webtide.com> CTO http://webtide.com
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users
