I believe I have narrowed the issue down to the login arena (i.e. login /
authentication / authorization).
I am using a fallback authenticator which is an extension of the
ConfigurableSpnegoAuthenticator and works to authenticate clients using a
myriad of options (Spnego, NTLM, Basic).
With jetty 10, if I change things to start with the BasicAuthenticator, provide
credentials, stop things and then restart with the FallbackAuthenticator it
works; however, if I start with the FallbackAuthenticator out of the gate it
tries to do Anonymous authentication and fails.
Questions:
Any ideas?
Has anything changed with the Spnego setup requirements from jetty 9 to
10?
Is there a good reference for Spnego setup? (I noticed that the
programming guide still shows TODO for HttpClient SPNEGO authentication support)
I have seen some references to the need for an IdentityService;
however, not sure how to properly set that up.
Here is the setup for how things were under jetty 9 (which worked):
SslContextFactory ssl = new SslContextFactory.Server();
ssl.setKeyStorePath(getKeyStorePath());
ssl.setKeyStoreType("JKS");
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
https.setSecurePort(port);
// set header sizes so that kerberos tickets will fit (necessary
for SPNEGO)
https.setRequestHeaderSize(16384);
https.setResponseHeaderSize(16384);
server = new Server();
ServerConnector connector = new ServerConnector(server, new
SslConnectionFactory(ssl, HttpVersion.HTTP_1_1.toString()), new
HttpConnectionFactory(https));
connector.setPort(port);
connector.setIdleTimeout(500000);
server.setConnectors(new Connector[]{connector});
Constraint constraint = new Constraint();
constraint.setName(REALM);
constraint.setRoles(new String[]{REALM});
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
javax.security.auth.login.Configuration.setConfiguration(new
JaasConfigurator()); // note: JaasConfigurator extends
javax.security.auth.login.Configuration
File spnegoConfig = new File(CONFIG, "spnego.prop");
ConstraintSecurityHandler security_handler = new
ConstraintSecurityHandler();
security_handler.setAuthenticator(new FallbackAuthenticator());
security_handler.setLoginService(new SpnegoLoginService(REALM,
spnegoConfig.getPath()));
security_handler.setConstraintMappings(new
ConstraintMapping[]{mapping});
security_handler.setRealmName(REALM);
ServletContextHandler root_context = new
ServletContextHandler(ServletContextHandler.SESSIONS);
root_context.setContextPath("/");
root_context.setResourceBase(BASE);
root_context.setSessionHandler(session_handler);
root_context.setSecurityHandler(security_handler);
root_context.addFilter(new FilterHolder(SessionFilter.class),
"/Echo/*", EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST));
root_context.addServlet(new ServletHolder(AppServlet.class),
"/Echo");
root_context.addServlet(new ServletHolder(MyDefaultServlet.class),
"/");
Constraint api_constraint = new Constraint();
api_constraint.setName(REALM);
api_constraint.setRoles(new String[]{REALM});
api_constraint.setAuthenticate(true);
ConstraintMapping api_mapping = new ConstraintMapping();
api_mapping.setConstraint(constraint);
api_mapping.setPathSpec("/*");
ConstraintSecurityHandler api_security_handler = new
ConstraintSecurityHandler();
api_security_handler.setAuthenticator(root_context.getSecurityHandler().getAuthenticator());
api_security_handler.setLoginService(root_context.getSecurityHandler().getLoginService());
api_security_handler.setConstraintMappings(new
ConstraintMapping[]{api_mapping});
api_security_handler.setRealmName(REALM);
ServletContextHandler noauth_context = new
ServletContextHandler(ServletContextHandler.NO_SESSIONS);
noauth_context.setContextPath("/static_noauth");
noauth_context.setResourceBase(STATIC_NOAUTH);
noauth_context.addServlet(new
ServletHolder(MyDefaultServlet.class), "/");
ContextHandlerCollection contexts = new ContextHandlerCollection();
contexts.setHandlers(new Handler[]{root_context, noauth_context});
server.setHandler(contexts);
server.start();
Thank you!
-----Original Message-----
From: Simone Bordet <[email protected]>
Sent: Thursday, August 25, 2022 4:31 AM
To: JETTY user mailing list <[email protected]>
Cc: Bryan Coleman <[email protected]>
Subject: Re: [jetty-users] migration woes from version 9 to 10 - possible
character encoding issue
[You don't often get email from [email protected]. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Hi,
On Wed, Aug 24, 2022 at 7:03 PM Bryan Coleman via jetty-users
<[email protected]> wrote:
>
> Including logs to show what I am seeing in hopes that someone will have an
> idea of additional things to check.
In both cases your request is hitting
com.website.department.projectY.reporter.MyDefaultServlet.
In the ISO-8859-1 case there is a sendError() and in the other a successful
response.
You should be looking at what that class does and why it is calling sendError().
--
Simone Bordet
---
Finally, no matter how good the architecture and design are, to deliver
bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
_______________________________________________
jetty-users mailing list
[email protected]
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
