Re: [jetty-users] JASPI 196: make it work on Jetty 8
Hi, Thanks for that comprehensive information, we will certainly look into it. In saying that jetty-jaspi currently does not work well on jetty-8, does this mean that it is working fine with jetty-7? We try to maintain as much of the codebase in common between jetty-7 and jetty-8 as possible, so I'd like to know if this is something that should go into jetty-7, and will then get merged into jetty-8, or if this is a problem specific to jetty-8. thanks Jan On 28 September 2011 15:23, Guofeng Zhang guof...@radvision.com wrote: Hi, ** ** JASPI make us to plug in other authentication module (for example, using openID or other mechanism to authenticate users) easier on Jetty for container-managed security. There is jetty-jaspi module in the Jetty source code base, but I think it has not been maintained for a long time. ** ** By making a little fix on jetty-jaspi module, I make the JASPI works well on Jetty 8. I attach the changes. I hope if I did it well, it could be merged into the next Jetty 8 release. ** ** To use JASPI: **1. **Creating a JASPI configuration XML file for your auth module: ?xml version=1.0 encoding=UTF-8? jaspi xmlns=http://geronimo.apache.org/xml/ns/geronimo-jaspi; ** ** configProvider messageLayerHTTP/messageLayer appContext/ui/appContext descriptiondescription/description serverAuthConfig authenticationContextIDauthenticationContextID2/authenticationContextID protectedtrue/protected serverAuthContext serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.FormAuthModule/className options org.eclipse.jetty.security.jaspi.modules.LoginPage=/secure/jaaslogin org.eclipse.jetty.security.jaspi.modules.ErrorPage=/secure/jaaserror /options /serverAuthModule /serverAuthContext /serverAuthConfig persistenttrue/persistent /configProvider /jaspi The above using the Jetty built-in FormAuthModule, if you want to use the built-in Basic or Digest auth module, the serverAuthModule part should be: serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.DigestAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Or serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.BasicAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule ** ** Here I use the implementation of JASPI of geronimo-jaspi 2.0-SNAPSHOT from geronimo-jaspi (https://github.com/apache/geronimo-jaspi). you could use geronimo-jaspi 1.1.1 release, but you might need to implements javax.security.auth.message.config.AuthConfigProvider (and not javax.security.auth.message.module.ServerAuthModule) and configure it in the above XML file. ** ** **2. **Configuring your AppContext to use JaspiAuthenticatorFactory. I configured it in jetty-web.xml file: Configure class=org.eclipse.jetty.webapp.WebAppContext Set name=securityHandler New class=org.eclipse.jetty.security.ConstraintSecurityHandler** ** Set name=loginService New class=org.eclipse.jetty.plus.jaas.JAASLoginService Set name=nameJAASRealm/Set Set name=loginModuleNamejaas/Set /New /Set ** ** Set name=authenticatorFactory New class=org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory / /Set /New /Set /Configure ** ** **3. **When launching Jetty, using -Dorg.apache.geronimo.jaspic.configurationFile to tell geronimo-jaspi where to find the JASPI configuration file. The following is the jetty-maven-plugin configuration (my JASPI configuration file is form-test-jaspi-2.xml): plugin groupIdorg.mortbay.jetty/groupId artifactIdjetty-maven-plugin/artifactId version${jetty.version}/version configuration scanIntervalSeconds10/scanIntervalSeconds webAppConfig contextPath/ui/contextPath parentLoaderPrioritytrue/parentLoaderPriority /webAppConfig ** ** systemProperties systemProperty namejava.security.auth.login.config/name value./conf/jetty/jaas.conf/value
Re: [jetty-users] JASPI 196: make it work on Jetty 8
The sources in jetty-7.5.1.v20110908/jetty-jaspi and jetty-8.0.1.v20110908/jetty-jaspi are the same each other. JASPI does not work in etty-7.5.1.v20110908. Merge what I changed to jetty-7.5.1.v20110908 works by my test, so you could first fix it in Jetty 7, then merge the fix to Jetty 8. From: jetty-users-boun...@eclipse.orgmailto:jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org]mailto:[mailto:jetty-users-boun...@eclipse.org] On Behalf Of Jan Bartel Sent: Wednesday, September 28, 2011 2:07 PM To: JETTY user mailing list Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 Hi, Thanks for that comprehensive information, we will certainly look into it. In saying that jetty-jaspi currently does not work well on jetty-8, does this mean that it is working fine with jetty-7? We try to maintain as much of the codebase in common between jetty-7 and jetty-8 as possible, so I'd like to know if this is something that should go into jetty-7, and will then get merged into jetty-8, or if this is a problem specific to jetty-8. thanks Jan On 28 September 2011 15:23, Guofeng Zhang guof...@radvision.commailto:guof...@radvision.com wrote: Hi, JASPI make us to plug in other authentication module (for example, using openID or other mechanism to authenticate users) easier on Jetty for container-managed security. There is jetty-jaspi module in the Jetty source code base, but I think it has not been maintained for a long time. By making a little fix on jetty-jaspi module, I make the JASPI works well on Jetty 8. I attach the changes. I hope if I did it well, it could be merged into the next Jetty 8 release. To use JASPI: 1. Creating a JASPI configuration XML file for your auth module: ?xml version=1.0 encoding=UTF-8? jaspi xmlns=http://geronimo.apache.org/xml/ns/geronimo-jaspi; configProvider messageLayerHTTP/messageLayer appContext/ui/appContext descriptiondescription/description serverAuthConfig authenticationContextIDauthenticationContextID2/authenticationContextID protectedtrue/protected serverAuthContext serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.FormAuthModule/className options org.eclipse.jetty.security.jaspi.modules.LoginPage=/secure/jaaslogin org.eclipse.jetty.security.jaspi.modules.ErrorPage=/secure/jaaserror /options /serverAuthModule /serverAuthContext /serverAuthConfig persistenttrue/persistent /configProvider /jaspi The above using the Jetty built-in FormAuthModule, if you want to use the built-in Basic or Digest auth module, the serverAuthModule part should be: serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.DigestAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Or serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.BasicAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Here I use the implementation of JASPI of geronimo-jaspi 2.0-SNAPSHOT from geronimo-jaspi (https://github.com/apache/geronimo-jaspi). you could use geronimo-jaspi 1.1.1 release, but you might need to implements javax.security.auth.message.config.AuthConfigProvider (and not javax.security.auth.message.module.ServerAuthModule) and configure it in the above XML file. 2. Configuring your AppContext to use JaspiAuthenticatorFactory. I configured it in jetty-web.xml file: Configure class=org.eclipse.jetty.webapp.WebAppContext Set name=securityHandler New class=org.eclipse.jetty.security.ConstraintSecurityHandler Set name=loginService New class=org.eclipse.jetty.plus.jaas.JAASLoginService Set name=nameJAASRealm/Set Set name=loginModuleNamejaas/Set /New /Set Set name=authenticatorFactory New class=org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory / /Set /New /Set /Configure 3. When launching Jetty, using -Dorg.apache.geronimo.jaspic.configurationFile to tell geronimo-jaspi where to find the JASPI configuration file. The following is the jetty-maven-plugin configuration (my JASPI configuration file is form-test-jaspi-2.xml): plugin groupIdorg.mortbay.jetty/groupId artifactIdjetty-maven-plugin/artifactId version${jetty.version}/version configuration scanIntervalSeconds10/scanIntervalSeconds
Re: [jetty-users] JASPI 196: make it work on Jetty 8
Code diff's have to come in through bugzilla before we can apply them, so if you would open an issue on bugs.eclipse.org and attach the diff there we can look at applying itthis is standard eclipse policy, sorry about the hassle :) cheers, jesse -- jesse mcconnell jesse.mcconn...@gmail.com On Wed, Sep 28, 2011 at 02:30, Guofeng Zhang guof...@radvision.com wrote: The sources in jetty-7.5.1.v20110908/jetty-jaspi and jetty-8.0.1.v20110908/jetty-jaspi are the same each other. JASPI does not work in etty-7.5.1.v20110908. Merge what I changed to jetty-7.5.1.v20110908 works by my test, so you could first fix it in Jetty 7, then merge the fix to Jetty 8. From: jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org] On Behalf Of Jan Bartel Sent: Wednesday, September 28, 2011 2:07 PM To: JETTY user mailing list Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 Hi, Thanks for that comprehensive information, we will certainly look into it. In saying that jetty-jaspi currently does not work well on jetty-8, does this mean that it is working fine with jetty-7? We try to maintain as much of the codebase in common between jetty-7 and jetty-8 as possible, so I'd like to know if this is something that should go into jetty-7, and will then get merged into jetty-8, or if this is a problem specific to jetty-8. thanks Jan On 28 September 2011 15:23, Guofeng Zhang guof...@radvision.com wrote: Hi, JASPI make us to plug in other authentication module (for example, using openID or other mechanism to authenticate users) easier on Jetty for container-managed security. There is jetty-jaspi module in the Jetty source code base, but I think it has not been maintained for a long time. By making a little fix on jetty-jaspi module, I make the JASPI works well on Jetty 8. I attach the changes. I hope if I did it well, it could be merged into the next Jetty 8 release. To use JASPI: 1. Creating a JASPI configuration XML file for your auth module: ?xml version=1.0 encoding=UTF-8? jaspi xmlns=http://geronimo.apache.org/xml/ns/geronimo-jaspi; configProvider messageLayerHTTP/messageLayer appContext/ui/appContext descriptiondescription/description serverAuthConfig authenticationContextIDauthenticationContextID2/authenticationContextID protectedtrue/protected serverAuthContext serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.FormAuthModule/className options org.eclipse.jetty.security.jaspi.modules.LoginPage=/secure/jaaslogin org.eclipse.jetty.security.jaspi.modules.ErrorPage=/secure/jaaserror /options /serverAuthModule /serverAuthContext /serverAuthConfig persistenttrue/persistent /configProvider /jaspi The above using the Jetty built-in FormAuthModule, if you want to use the built-in Basic or Digest auth module, the serverAuthModule part should be: serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.DigestAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Or serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.BasicAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Here I use the implementation of JASPI of geronimo-jaspi 2.0-SNAPSHOT from geronimo-jaspi (https://github.com/apache/geronimo-jaspi). you could use geronimo-jaspi 1.1.1 release, but you might need to implements javax.security.auth.message.config.AuthConfigProvider (and not javax.security.auth.message.module.ServerAuthModule) and configure it in the above XML file. 2. Configuring your AppContext to use JaspiAuthenticatorFactory. I configured it in jetty-web.xml file: Configure class=org.eclipse.jetty.webapp.WebAppContext Set name=securityHandler New class=org.eclipse.jetty.security.ConstraintSecurityHandler Set name=loginService New class=org.eclipse.jetty.plus.jaas.JAASLoginService Set name=nameJAASRealm/Set Set name=loginModuleNamejaas/Set /New /Set Set name=authenticatorFactory New class=org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory / /Set /New /Set /Configure 3. When launching Jetty, using -Dorg.apache.geronimo.jaspic.configurationFile to tell geronimo-jaspi where to find the JASPI configuration file. The following is the jetty-maven-plugin configuration (my JASPI configuration file is form-test-jaspi-2.xml): plugin
Re: [jetty-users] Can't get env-entry value from web.xml
David, You need to ensure you have the jars on the classpath that enable j2ee-style features for jetty and configure the webapp to use them also. See http://wiki.eclipse.org/Jetty/Feature/JNDI Jan On 29 September 2011 03:23, David Haynes david.dhc...@gmail.com wrote: I am probably missing something trivial but I can't seem to find it. I am running Jetty 8.0.1.v20110908 as an embedded server. My jetty-web.xml file looks like this: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE Configure PUBLIC -//Mort Bay Consulting/DTD Configure/EN http://www.eclipse.org/jetty/configure.dtd; Configure class=org.eclipse.jetty.webapp.WebAppContext Set name=contextPath/directory/Set Set name=warSystemProperty name=jetty.home default=.//webapp/directory/Set /Configure My web.xml has this env-entry in it: env-entry env-entry-namedatabase.fqn/env-entry-name env-entry-typejava.lang.String/env-entry-type env-entry-value192.168.215.35/env-entry-value /env-entry When I try to read the value from my webapp, I get the following: [2011-09-28 13:12:55,638][DEBUG]?:?(?:?): No entry for classloader: WebAppClassLoader=Directory Service@2f996f [2011-09-28 13:12:55,638][DEBUG]?:?(?:?): Looking up name=env/database.fqn [2011-09-28 13:12:55,639][ WARN]?:?(?:?): /directory/api/ping org.jboss.resteasy.spi.UnhandledException: javax.naming.NameNotFoundException; remaining name 'env/database.fqn' at org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340) at org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214) at org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190) This is the start method: public void startServer() throws Exception { Connector connector = new SelectChannelConnector(); connector.setHost(fqn); connector.setPort(port); connector.setMaxIdleTime(1);// 10 seconds server = new Server(); WebAppContext wac = new WebAppContext(warFilePath, contextPath); wac.setParentLoaderPriority(true); server.setHandler(wac); server.setConnectors(new Connector[] { connector }); server.start(); } Does anyone have any idea why its not working? Any suggestions would be great at this point! -david- ___ jetty-users mailing list jetty-users@eclipse.org https://dev.eclipse.org/mailman/listinfo/jetty-users ___ jetty-users mailing list jetty-users@eclipse.org https://dev.eclipse.org/mailman/listinfo/jetty-users
Re: [jetty-users] JASPI 196: make it work on Jetty 8
Guofeng, When you raise the issue, assign it to me. I'm most of the way through setting up an environment to deal with this. thanks Jan On 28 September 2011 22:53, Jesse McConnell jesse.mcconn...@gmail.comwrote: Code diff's have to come in through bugzilla before we can apply them, so if you would open an issue on bugs.eclipse.org and attach the diff there we can look at applying itthis is standard eclipse policy, sorry about the hassle :) cheers, jesse -- jesse mcconnell jesse.mcconn...@gmail.com On Wed, Sep 28, 2011 at 02:30, Guofeng Zhang guof...@radvision.com wrote: The sources in jetty-7.5.1.v20110908/jetty-jaspi and jetty-8.0.1.v20110908/jetty-jaspi are the same each other. JASPI does not work in etty-7.5.1.v20110908. Merge what I changed to jetty-7.5.1.v20110908 works by my test, so you could first fix it in Jetty 7, then merge the fix to Jetty 8. From: jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org] On Behalf Of Jan Bartel Sent: Wednesday, September 28, 2011 2:07 PM To: JETTY user mailing list Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 Hi, Thanks for that comprehensive information, we will certainly look into it. In saying that jetty-jaspi currently does not work well on jetty-8, does this mean that it is working fine with jetty-7? We try to maintain as much of the codebase in common between jetty-7 and jetty-8 as possible, so I'd like to know if this is something that should go into jetty-7, and will then get merged into jetty-8, or if this is a problem specific to jetty-8. thanks Jan On 28 September 2011 15:23, Guofeng Zhang guof...@radvision.com wrote: Hi, JASPI make us to plug in other authentication module (for example, using openID or other mechanism to authenticate users) easier on Jetty for container-managed security. There is jetty-jaspi module in the Jetty source code base, but I think it has not been maintained for a long time. By making a little fix on jetty-jaspi module, I make the JASPI works well on Jetty 8. I attach the changes. I hope if I did it well, it could be merged into the next Jetty 8 release. To use JASPI: 1. Creating a JASPI configuration XML file for your auth module: ?xml version=1.0 encoding=UTF-8? jaspi xmlns=http://geronimo.apache.org/xml/ns/geronimo-jaspi; configProvider messageLayerHTTP/messageLayer appContext/ui/appContext descriptiondescription/description serverAuthConfig authenticationContextIDauthenticationContextID2/authenticationContextID protectedtrue/protected serverAuthContext serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.FormAuthModule/className options org.eclipse.jetty.security.jaspi.modules.LoginPage=/secure/jaaslogin org.eclipse.jetty.security.jaspi.modules.ErrorPage=/secure/jaaserror /options /serverAuthModule /serverAuthContext /serverAuthConfig persistenttrue/persistent /configProvider /jaspi The above using the Jetty built-in FormAuthModule, if you want to use the built-in Basic or Digest auth module, the serverAuthModule part should be: serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.DigestAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Or serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.BasicAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Here I use the implementation of JASPI of geronimo-jaspi 2.0-SNAPSHOT from geronimo-jaspi (https://github.com/apache/geronimo-jaspi). you could use geronimo-jaspi 1.1.1 release, but you might need to implements javax.security.auth.message.config.AuthConfigProvider (and not javax.security.auth.message.module.ServerAuthModule) and configure it in the above XML file. 2. Configuring your AppContext to use JaspiAuthenticatorFactory. I configured it in jetty-web.xml file: Configure class=org.eclipse.jetty.webapp.WebAppContext Set name=securityHandler New class=org.eclipse.jetty.security.ConstraintSecurityHandler Set name=loginService New class=org.eclipse.jetty.plus.jaas.JAASLoginService Set name=nameJAASRealm/Set Set name=loginModuleNamejaas/Set /New /Set Set name=authenticatorFactory
Re: [jetty-users] Can't get env-entry value from web.xml
David, Try doing: java -jar start.jar --list-options Jan On 29 September 2011 10:43, David Haynes david.dhc...@gmail.com wrote: Thanks for the response. Well, I guess I am closer. I changed the jetty-web.xml as follows: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE Configure PUBLIC -//Mort Bay Consulting/DTD Configure/EN http://www.eclipse.org/jetty/configure.dtd; Configure id=wac class=org.eclipse.jetty.webapp.WebAppContext Array id=plusConfig type=java.lang.String Itemorg.eclipse.jetty.webapp.WebInfConfiguration/Item Itemorg.eclipse.jetty.webapp.WebXmlConfiguration/Item Itemorg.eclipse.jetty.webapp.MetaInfConfiguration/Item Itemorg.eclipse.jetty.webapp.FragmentConfiguration/Item Itemorg.eclipse.jetty.plus.webapp.EnvConfiguration/Item !-- add for JNDI -- Itemorg.eclipse.jetty.plus.webapp.PlusConfiguration/Item !-- add for JNDI -- Itemorg.eclipse.jetty.webapp.JettyWebXmlConfiguration/Item Itemorg.eclipse.jetty.webapp.TagLibConfiguration/Item /Array Set name=warSystemProperty name=jetty.home default=.//directory/Set Set name=configurationClassesRef id=plusConfig//Set /Configure The other part of the manual page is about how to set the OPTIONS on the java invocation but I am running this as an embedded service. So how do I do the equivalent of the OPTIONS=plus from inside a Java class? The error message I am getting now is: [2011-09-28 20:33:48,579][DEBUG]?:?(?:?): XML o.e.j.w.WebAppContext{/directory,file:/tmp/jetty-127.0.0.1-8099-directory.war-_directory-any-/webapp/},./directory.setConfigurationClasses([Ljava.lang.String;@8f9a32) [2011-09-28 20:33:48,579][ WARN]?:?(?:?): Config error at Set name=configurationClassesRef id=plusConfig//Set [2011-09-28 20:33:48,581][ WARN]?:?(?:?): Failed startup of context o.e.j.w.WebAppContext{/directory,file:/tmp/jetty-127.0.0.1-8099-directory.war-_directory-any-/webapp/},./directory java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) I have tried the '/webapps/directory', '/webapp/directory' and '/directory' for the Set name=war with no difference. On Wed, Sep 28, 2011 at 6:49 PM, Jan Bartel j...@intalio.com wrote: David, You need to ensure you have the jars on the classpath that enable j2ee-style features for jetty and configure the webapp to use them also. See http://wiki.eclipse.org/Jetty/Feature/JNDI Jan On 29 September 2011 03:23, David Haynes david.dhc...@gmail.com wrote: I am probably missing something trivial but I can't seem to find it. I am running Jetty 8.0.1.v20110908 as an embedded server. My jetty-web.xml file looks like this: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE Configure PUBLIC -//Mort Bay Consulting/DTD Configure/EN http://www.eclipse.org/jetty/configure.dtd; Configure class=org.eclipse.jetty.webapp.WebAppContext Set name=contextPath/directory/Set Set name=warSystemProperty name=jetty.home default=.//webapp/directory/Set /Configure My web.xml has this env-entry in it: env-entry env-entry-namedatabase.fqn/env-entry-name env-entry-typejava.lang.String/env-entry-type env-entry-value192.168.215.35/env-entry-value /env-entry When I try to read the value from my webapp, I get the following: [2011-09-28 13:12:55,638][DEBUG]?:?(?:?): No entry for classloader: WebAppClassLoader=Directory Service@2f996f [2011-09-28 13:12:55,638][DEBUG]?:?(?:?): Looking up name=env/database.fqn [2011-09-28 13:12:55,639][ WARN]?:?(?:?): /directory/api/ping org.jboss.resteasy.spi.UnhandledException: javax.naming.NameNotFoundException; remaining name 'env/database.fqn' at org.jboss.resteasy.core.SynchronousDispatcher.handleApplicationException(SynchronousDispatcher.java:340) at org.jboss.resteasy.core.SynchronousDispatcher.handleException(SynchronousDispatcher.java:214) at org.jboss.resteasy.core.SynchronousDispatcher.handleInvokerException(SynchronousDispatcher.java:190) This is the start method: public void startServer() throws Exception { Connector connector = new SelectChannelConnector(); connector.setHost(fqn); connector.setPort(port); connector.setMaxIdleTime(1);// 10 seconds server = new Server(); WebAppContext wac = new WebAppContext(warFilePath, contextPath); wac.setParentLoaderPriority(true); server.setHandler(wac); server.setConnectors(new Connector[] { connector }); server.start(); } Does anyone have any idea why its not working? Any suggestions would be great at this point! -david- ___ jetty-users mailing list jetty-users@eclipse.org https://dev.eclipse.org/mailman/listinfo/jetty-users ___ jetty-users mailing list jetty-users@eclipse.org
Re: [jetty-users] JASPI 196: make it work on Jetty 8
Done, the bug no.: 359329. But it is assigned to Greg Wilkins. I do not know how to change the assignment. Thanks From: jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.org] On Behalf Of Jan Bartel Sent: Thursday, September 29, 2011 6:52 AM To: JETTY user mailing list Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 Guofeng, When you raise the issue, assign it to me. I'm most of the way through setting up an environment to deal with this. thanks Jan On 28 September 2011 22:53, Jesse McConnell jesse.mcconn...@gmail.commailto:jesse.mcconn...@gmail.com wrote: Code diff's have to come in through bugzilla before we can apply them, so if you would open an issue on bugs.eclipse.orghttp://bugs.eclipse.org and attach the diff there we can look at applying itthis is standard eclipse policy, sorry about the hassle :) cheers, jesse -- jesse mcconnell jesse.mcconn...@gmail.commailto:jesse.mcconn...@gmail.com On Wed, Sep 28, 2011 at 02:30, Guofeng Zhang guof...@radvision.commailto:guof...@radvision.com wrote: The sources in jetty-7.5.1.v20110908/jetty-jaspi and jetty-8.0.1.v20110908/jetty-jaspi are the same each other. JASPI does not work in etty-7.5.1.v20110908. Merge what I changed to jetty-7.5.1.v20110908 works by my test, so you could first fix it in Jetty 7, then merge the fix to Jetty 8. From: jetty-users-boun...@eclipse.orgmailto:jetty-users-boun...@eclipse.org [mailto:jetty-users-boun...@eclipse.orgmailto:jetty-users-boun...@eclipse.org] On Behalf Of Jan Bartel Sent: Wednesday, September 28, 2011 2:07 PM To: JETTY user mailing list Subject: Re: [jetty-users] JASPI 196: make it work on Jetty 8 Hi, Thanks for that comprehensive information, we will certainly look into it. In saying that jetty-jaspi currently does not work well on jetty-8, does this mean that it is working fine with jetty-7? We try to maintain as much of the codebase in common between jetty-7 and jetty-8 as possible, so I'd like to know if this is something that should go into jetty-7, and will then get merged into jetty-8, or if this is a problem specific to jetty-8. thanks Jan On 28 September 2011 15:23, Guofeng Zhang guof...@radvision.commailto:guof...@radvision.com wrote: Hi, JASPI make us to plug in other authentication module (for example, using openID or other mechanism to authenticate users) easier on Jetty for container-managed security. There is jetty-jaspi module in the Jetty source code base, but I think it has not been maintained for a long time. By making a little fix on jetty-jaspi module, I make the JASPI works well on Jetty 8. I attach the changes. I hope if I did it well, it could be merged into the next Jetty 8 release. To use JASPI: 1. Creating a JASPI configuration XML file for your auth module: ?xml version=1.0 encoding=UTF-8? jaspi xmlns=http://geronimo.apache.org/xml/ns/geronimo-jaspi; configProvider messageLayerHTTP/messageLayer appContext/ui/appContext descriptiondescription/description serverAuthConfig authenticationContextIDauthenticationContextID2/authenticationContextID protectedtrue/protected serverAuthContext serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.FormAuthModule/className options org.eclipse.jetty.security.jaspi.modules.LoginPage=/secure/jaaslogin org.eclipse.jetty.security.jaspi.modules.ErrorPage=/secure/jaaserror /options /serverAuthModule /serverAuthContext /serverAuthConfig persistenttrue/persistent /configProvider /jaspi The above using the Jetty built-in FormAuthModule, if you want to use the built-in Basic or Digest auth module, the serverAuthModule part should be: serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.DigestAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Or serverAuthModule classNameorg.eclipse.jetty.security.jaspi.modules.BasicAuthModule/className options org.eclipse.jetty.security.jaspi.modules.RealmName=JAASRealm /options /serverAuthModule Here I use the implementation of JASPI of geronimo-jaspi 2.0-SNAPSHOT from geronimo-jaspi (https://github.com/apache/geronimo-jaspi). you could use geronimo-jaspi 1.1.1 release, but you might need to implements javax.security.auth.message.config.AuthConfigProvider (and not javax.security.auth.message.module.ServerAuthModule) and configure it in the above XML file. 2. Configuring your AppContext to use JaspiAuthenticatorFactory. I configured it in jetty-web.xml file: Configure class=org.eclipse.jetty.webapp.WebAppContext
Re: [jetty-users] Can't get env-entry value from web.xml
David, You need to execute java -jar start.jar --list-modes from inside a standard distribution of jetty. Eg output is: There are 32 OPTIONs available to use. Each option is listed along with associated available classpath entries, in the order that they would appear from that mode. Note: If using multiple options (eg: 'Server,servlet,webapp,jms,jmx') then overlapping entries will not be repeated in the eventual classpath. ${jetty.home} = /home/janb/src/jetty-codehaus/jetty-7/jetty-hightide/target/hightide GLOBAL option (Prepended Entries) - Empty option, no classpath entries active. GLOBAL option (Appended Entries) (*) - 0: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-util-7.5.2-SNAPSHOT.jar 1: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-io-7.5.2-SNAPSHOT.jar Option [ajp] - 0: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-ajp-7.5.2-SNAPSHOT.jar Option [All] (Aggregate) - 0:(dir) | ${jetty.home}/resources 1: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-xml-7.5.2-SNAPSHOT.jar 2: 2.5.0.v200910301333 | ${jetty.home}/lib/servlet-api-2.5.jar 3: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-http-7.5.2-SNAPSHOT.jar 4: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-continuation-7.5.2-SNAPSHOT.jar 5: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-server-7.5.2-SNAPSHOT.jar 6: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-security-7.5.2-SNAPSHOT.jar 7: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-servlet-7.5.2-SNAPSHOT.jar 8: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-webapp-7.5.2-SNAPSHOT.jar 9: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-deploy-7.5.2-SNAPSHOT.jar 10: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-servlets-7.5.2-SNAPSHOT.jar 11: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-rewrite-7.5.2-SNAPSHOT.jar 12: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-jmx-7.5.2-SNAPSHOT.jar 13: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-ajp-7.5.2-SNAPSHOT.jar 14: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-jndi-7.5.2-SNAPSHOT.jar 15: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-plus-7.5.2-SNAPSHOT.jar 16: 1.1.0.v201005080500 | ${jetty.home}/lib/jndi/javax.activation_1.1.0.v201005080500.jar 17: 1.4.1.v201005082020 | ${jetty.home}/lib/jndi/javax.mail.glassfish_1.4.1.v201005082020.jar 18: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-annotations-7.5.2-SNAPSHOT.jar 19: 3.1 | ${jetty.home}/lib/annotations/asm-3.1.jar 20: 3.1 | ${jetty.home}/lib/annotations/asm-commons-3.1.jar 21: 3.1 | ${jetty.home}/lib/annotations/asm-tree-3.1.jar 22:1.1.1 | ${jetty.home}/lib/annotations/geronimo-annotation_1.0_spec-1.1.1.jar 23: 1.0.0.v20100513-0750 | ${jetty.home}/lib/annotations/javax.annotation_1.0.0.v20100513-0750.jar 24: 3.1.0.v200803061910 | ${jetty.home}/lib/annotations/org.objectweb.asm_3.1.0.v200803061910.jar 25: 7.5.2-SNAPSHOT | ${jetty.home}/lib/setuid/jetty-setuid-java-7.5.2-SNAPSHOT.jar 26: 3.2.2 b0 | ${jetty.home}/lib/setuid/jna-3.2.2.jar 27: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-policy-7.5.2-SNAPSHOT.jar 28: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-client-7.5.2-SNAPSHOT.jar 29: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-websocket-7.5.2-SNAPSHOT.jar 30: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jetty-overlay-deployer-7.5.2-SNAPSHOT.jar 31: 1.0.0.v201004190952 | ${jetty.home}/lib/jsp/com.sun.el_1.0.0.v201004190952.jar 32: 3.6.0.I20100608-0911 | ${jetty.home}/lib/jsp/ecj-3.6.jar 33: 2.1.0.v201004190952 | ${jetty.home}/lib/jsp/javax.el_2.1.0.v201004190952.jar 34: 2.1.0.v201004190952 | ${jetty.home}/lib/jsp/javax.servlet.jsp_2.1.0.v201004190952.jar 35: 1.2.0.v201004190952 | ${jetty.home}/lib/jsp/javax.servlet.jsp.jstl_1.2.0.v201004190952.jar 36: 7.5.2-SNAPSHOT | ${jetty.home}/lib/jsp/jetty-jsp-2.1-7.5.2-SNAPSHOT.jar 37:2.1.3.b10 | ${jetty.home}/lib/jsp/jsp-impl-2.1.3-b10.jar 38: 1.2.0.v201004190952 | ${jetty.home}/lib/jsp/org.apache.taglibs.standard.glassfish_1.2.0.v201004190952.jar 39:1.1.1 | ${jetty.home}/lib/jta/javax.transaction_1.1.1.v201004190952.jar 40:3.7.0 | ${jetty.home}/lib/jta/atomikos/atomikos-util-3.7.0.jar 41:3.7.0 | ${jetty.home}/lib/jta/atomikos/transactions-3.7.0.jar 42:3.7.0 | ${jetty.home}/lib/jta/atomikos/transactions-api-3.7.0.jar 43:3.7.0 | ${jetty.home}/lib/jta/atomikos/transactions-jdbc-3.7.0.jar 44:3.7.0 | ${jetty.home}/lib/jta/atomikos/transactions-jta-3.7.0.jar 45: 7.5.2-SNAPSHOT | ${jetty.home}/lib/spring/jetty-spring-7.5.2-SNAPSHOT.jar 46: 10.6.100.938214 | ${jetty.home}/lib/jdbc/derby/derby-10.6.1.0.jar 47: (not specified) |