From: Jeff W. <je...@wi...> - 2004-02-26 04:57:04
|
Hi folks, I have a very simple jetty configuration as follows: - Jetty serves one web application, as it's root context - Web XML projects a specific pattern mapping with security-constraint. All other requests are passed through without security. This works fine if my auth-method is BASIC, but Jetty seems to always return 'Unauthorized' if auth-method is DIGEST. Note: it does this _without_ issuing the proper challenge so neither a web-browser, not programmatic connection, knows to prompt for username/pwd. Question: Do I need to _explicitly_ set a DigestAuthenticator in my Jetty.xml? I was assuming that the standard parsing of my web.xml would instantiate the appropriate authenticator... Here are relevant sections of my Jetty.xml: <Configure class="org.mortbay.jetty.Server"> <Call name="addListener"> ...vanilla... </Call> <Call name="addRealm"> <Arg> <New class="org.mortbay.http.HashUserRealm"> <Arg>My Realm</Arg> <Arg>...path to my realm config...</Arg> </New> </Arg> </Call> <Call name="addWebApplication"> <Arg>/</Arg> <Arg><SystemProperty name="jetty.home" default="."/>/webapps/root</Arg> <Set name="defaultsDescriptor">org/mortbay/jetty/servlet/webdefault.xml</Set> </Call> ... Here are relevant sections of web.xml: <security-constraint> <web-resource-collection> <web-resource-name>PROTECTED</web-resource-name> <url-pattern>/protected/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>valid_user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>DIGEST</auth-method> <realm-name>My realm</realm-name> </login-config> ---------------------------- As mentionned above, everything works find if my <auth-method> is BASIC. Thanks for any pointers! cheers, Jeff |