Menu
▾
▴
Re: [Jetty-support] RE: Jetty seems to be overriding security constraints
|
From: Jan B. <ja...@mo...> - 2004-11-22 21:55:19
|
Ike,
You should not add a SecurityHandler. WebApplicationContext does it's
own security handling, as Greg said.
I'd also suggest you do your own setup AFTER the basic web.xml is read.
You can do this by putting the setup into a jetty-web.xml file.
Jan
Ikonne, Ike wrote:
> Hi Greg,
>
> Thanks for your prompt response. Yes, I do understand what you have just stated, but
> look at this: Inside WebApplicationContext.java, there is a method:
>
> protected void initSecurityConstraint(XmlParser.Node node)
> {
> SecurityConstraint scBase = new SecurityConstraint();
> ..
> ...
> }
>
> So, I am doing is exactly what WebApplicationContext.java is doing, i.e., create
>
> SecurityConstraint , set this SecurityConstraint into the webApplicationContext, create an
> authenticator, initialize webappcontext with my authenticator, also I have to add
> a security handler to handle the security issues.
>
> This is basically what is given in ../etc/admin.xml that came with Jetty
>
> So, what is wrong in what I have done so far? I would thought, looking at what
> WebApplicationContext does, that I can initialize it with my own objects and still
> have things work the same.
>
>
> Basically this is what I am doing:
>
> wac = server.addWebApplication(null, "/deudav/*", file.getAbsolutePath());
> wac.setAuthenticator(bau);
> wac.addSHandler(security_handler)
> wac.addSecurityConstraint("/deudav/*", security_constraint)
>
> Here is mapping inside the web.xml
>
> <servlet-mapping>
> <servlet-name>deudav</servlet-name>
> <url-pattern>/deudav/*</url-pattern>
> </servlet-mapping>
>
> I would expect my: http://myserver:9966/deudav/ should prompt me for authentication, right?
>
>
> Thanks for your patients and understanding, I am just trying to make/get this to work.
>
>
> Ike
>
>
>
>
>
> -----Original Message-----
> From: Greg Wilkins [mailto:gr...@mo...]
> Sent: Sunday, November 21, 2004 5:33 AM
> To: jet...@li...
> Subject: Re: Jetty seems to be overriding security constraints
>
>
>
> Ike,
>
> I think your problem is that there are two related - but different mechanisms.
>
> The SecurityHandler handles security constraints when you are not using
> webapplications. It is used in combination with ServletHandlers and FileHandlers.
>
> The webapplicationHandler is an extended servlet handler with security handling
> built in. So you should either just use webapplications or securityhandlers, but
> not both.
>
> When using a webapplicationcontext, the configuration of a authenticator will be
> handled for you.
>
>
> Ikonne, Ike wrote:
>
>>Hi all,
>>
>>I wil try another angle to my previous question: It seems to me that if
>>I load a servlet using
>>
>>server.addWebapplicationContext( .......)
>>
>>that jetty won't let me override the security constraints using the
>>established web context. Is there any reason
>>for this?
>>
>>What I am trying to accomplish is to have a basic web.xml associated
>>with this servlet , and then
>>initialize the related security constraints dynamically. I have jetty
>>embedded in my application.
>>
>>Any suggestions will be highly appreciated ...
>>
>>
>>Cheers,
>>
>>Ike
>>
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Jetty-support mailing list
> Jet...@li...
> https://lists.sourceforge.net/lists/listinfo/jetty-support
|