Hi Cristiano,
It depends if you want to use leverage the authentication/authorization to
access to a pattern/url or if you want to use JAAS internally to your
application with a subject.
Basically, imagine you have your servlet where you defined the pattern to /foo
(via the service properties if you use the http-whiteboard for instance).
Then, you can define the security constraint in jetty.xml or in your
configuration.
If you package as a war, you can use a web.xml similar to:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";>
<display-name>cristiano_application</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>authenticated</display-name>
<web-resource-collection>
<web-resource-name>All files</web-resource-name>
<description/>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>karaf</realm-name>
</login-config>
<security-role>
<description/>
<role-name>user</role-name>
</security-role>
</web-app>
Then, the access to any servlet (/*) in your application will be secure using
the karaf JAAS realm.
Regards
JB
On 04/28/2017 12:58 PM, Cristiano Costantini wrote:
Hello All,
How can I implement a Basic HTTP Authentication similar to the one use by Karaf
WebConsole (which I understand uses Jaas) to protect access to HTTP resources in
Karaf?
thanks
Cristiano
--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
