Menu
▾
▴
[Jetty-support] DIGEST authentication?
|
From: Jeff W. <je...@wi...> - 2004-02-26 04:57:04
|
Hi folks,
I have a very simple jetty configuration as follows:
- Jetty serves one web application, as it's root context
- Web XML projects a specific pattern mapping with security-constraint. All
other requests are passed through without security.
This works fine if my auth-method is BASIC, but Jetty seems to always return
'Unauthorized' if auth-method is DIGEST.
Note: it does this _without_ issuing the proper challenge so neither a
web-browser, not programmatic connection, knows to prompt for username/pwd.
Question:
Do I need to _explicitly_ set a DigestAuthenticator in my Jetty.xml? I was
assuming that the standard parsing of my web.xml would instantiate the
appropriate authenticator...
Here are relevant sections of my Jetty.xml:
<Configure class="org.mortbay.jetty.Server">
<Call name="addListener"> ...vanilla... </Call>
<Call name="addRealm">
<Arg>
<New class="org.mortbay.http.HashUserRealm">
<Arg>My Realm</Arg>
<Arg>...path to my realm config...</Arg>
</New>
</Arg>
</Call>
<Call name="addWebApplication">
<Arg>/</Arg>
<Arg><SystemProperty name="jetty.home" default="."/>/webapps/root</Arg>
<Set
name="defaultsDescriptor">org/mortbay/jetty/servlet/webdefault.xml</Set>
</Call>
...
Here are relevant sections of web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>PROTECTED</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>valid_user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>My realm</realm-name>
</login-config>
----------------------------
As mentionned above, everything works find if my <auth-method> is BASIC.
Thanks for any pointers!
cheers,
Jeff
|