Jetty Configure JAAS access rights and passwords

Source: Internet
Author: User
Tags auth
Jetty Configure JAAS access rights and Passwords Introduction to JaasJAAS definition: The javaauthentication Authorization Service (Jaas,java authentication and Authorization API) provides a flexible and scalable mechanism to guarantee client or server-side Java programs. In simple terms, the user has control over the access rights of a program. In simple terms, it is through Jaas that we can log on to our Java applications without having to write a login intercept. files that need to be modified or addedWeb.xml (configuration file for Web project) Jetty.xml (jetty Run configuration file) realm.properties (account password) Web.xml

code block syntax follows standard markdown code, such as:

<?xml version= "1.0" encoding= "UTF-8"?> <web-app xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xmlns= "Http://java.sun.com/xml/ns/javaee" xmlns:web= "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi: schemalocation= "Http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version= " 3.0 "> <display-name>jspJetty</display-name> <security-constraint> <web-resource-col lection> <web-resource-name>web Test actions</web-resource-name> <url-pattern>/*</   
    url-pattern> <!--<url-pattern>*.jsp</url-pattern>--> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </se Curity-constraint> <login-config> <!--java EE specification, customizable page--> <!--&LT;AUTH-METHOD&GT;FORM&L T;/auth-method>--> <auth-method>basic</aUth-method> <realm-name>java:/jaas/jvwl-sso</realm-name> <!--<form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/login.jsp</form-error-page > </form-login-config>--> </login-config> <security-role> <role-name>adm In</role-name> </security-role> </web-app>
Jetty.xml

Add the following content

<call name= "Addbean" >
    <Arg>
    <new class= "Org.eclipse.jetty.security.HashLoginService" >
      <set name= "name" >java:/jaas/jvwl-sso</Set>
      <set name= "config" ><property name= " Jetty.home "default=". />/doc/jetty/etc/realm.properties</set>
      <set name= "RefreshInterval" >5</Set>
    </ new>
    </Arg>
  </Call>
realm.properties

Realm.properties must add content

#realm账号形式: #  <username>: <password>[,<rolename> ...]
# The format is
#  <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed.  The class 
# Org.eclipse.util.Password should is used to generate obfuscated
# passwords or Password checksums
#
# If DIGEST authentication is used, the password must are in a recoverable
# format, either plain text or OBF:.
user:plain,admin
User:password,user

The effect after use:

Think of the auth-method here as the definition of the interface, if the form property can be customized interface Note:

In Realm.propertie, the user's permission parameters must be consistent with Web.xml, otherwise the user will not be able to log in to the web.xml in PS:web.xml The Auth-method attribute in Login-config has the following

    <auth-method>BASIC</auth-method>

Basic:http specification, Base64

    <web-app> ...
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>
    ...
</web-app>

Digest:http specification, strong data integrity, but not SSL

    <web-app> ...
    <login-config>
        <auth-method>DIGEST</auth-method>
    </login-config>
    ...
   </web-app>

CLIENT-CERT:J2EE specification, strong data integrity, public key (PKC)

<web-app> ...
    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
    </login-config>
    ......
</web-app>

FORM:J2EE specification, you can customize the interface

<web-app> ... <login-config> <auth-method>form</auth-meth
            Od> <form-login-config> <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> ... </web-app> 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.