Jetty Configure JAAS access rights and passwords

Jetty Configure JAAS access rights and Passwords Introduction to JaasJAAS definition: The javaauthentication Authorization Service (Jaas,java authentication and Authorization API) provides a flexible and scalable mechanism to guarantee client or server-side Java programs. In simple terms, the user has control over the access rights of a program. In simple terms, it is through Jaas that we can log on to our Java applications without having to write a login intercept. files that need to be modified or addedWeb.xml (configuration file for Web project) Jetty.xml (jetty Run configuration file) realm.properties (account password) Web.xml

code block syntax follows standard markdown code, such as:

<?xml version= "1.0" encoding= "UTF-8"?> <web-app xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xmlns= "Http://java.sun.com/xml/ns/javaee" xmlns:web= "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi: schemalocation= "Http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version= " 3.0 "> <display-name>jspJetty</display-name> <security-constraint> <web-resource-col lection> <web-resource-name>web Test actions</web-resource-name> <url-pattern>/*</   
    url-pattern> <!--<url-pattern>*.jsp</url-pattern>--> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </se Curity-constraint> <login-config> <!--java EE specification, customizable page--> <!--&LT;AUTH-METHOD&GT;FORM&L T;/auth-method>--> <auth-method>basic</aUth-method> <realm-name>java:/jaas/jvwl-sso</realm-name> <!--<form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp</form-error-page > </form-login-config>--> </login-config> <security-role> <role-name>adm In</role-name> </security-role> </web-app>

Jetty.xml

Add the following content

<call name= "Addbean" >
    <Arg>
    <new class= "Org.eclipse.jetty.security.HashLoginService" >
      <set name= "name" >java:/jaas/jvwl-sso</Set>
      <set name= "config" ><property name= " Jetty.home "default=". />/doc/jetty/etc/realm.properties</set>
      <set name= "RefreshInterval" >5</Set>
    </ new>
    </Arg>
  </Call>

realm.properties

Realm.properties must add content

#realm账号形式: #  <username>: <password>[,<rolename> ...]
# The format is
#  <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed.  The class 
# Org.eclipse.util.Password should is used to generate obfuscated
# passwords or Password checksums
#
# If DIGEST authentication is used, the password must are in a recoverable
# format, either plain text or OBF:.
user:plain,admin
User:password,user

The effect after use:

Think of the auth-method here as the definition of the interface, if the form property can be customized interface Note:

In Realm.propertie, the user's permission parameters must be consistent with Web.xml, otherwise the user will not be able to log in to the web.xml in PS:web.xml The Auth-method attribute in Login-config has the following

    <auth-method>BASIC</auth-method>

Basic:http specification, Base64

    <web-app> ...
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>
    ...
</web-app>

Digest:http specification, strong data integrity, but not SSL

    <web-app> ...
    <login-config>
        <auth-method>DIGEST</auth-method>
    </login-config>
    ...
   </web-app>

CLIENT-CERT:J2EE specification, strong data integrity, public key (PKC)

<web-app> ...
    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
    </login-config>
    ......
</web-app>

FORM:J2EE specification, you can customize the interface

<web-app> ... <login-config> <auth-method>form</auth-meth
            Od> <form-login-config> <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> ... </web-app>