[Jetty-support] RE: Jetty seems to be overriding security constraints

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Greg,

I just want to thank you and the entire group for all the pointers that =
you
have provided so far, the pathContext and servletMapping information has =
been=20
exceptionally helpful. =20

There is still a little mystery that I have not been able to resolve so =
far and
that is:

After I have authenticated my client in HashUserRealm.authenticate, I =
would
like to pass some data to my servlet.

I have tried using the follwoing mechanisms, but have to been able to =
get it to work.
Here is what I am doing inside HashUserRealm.authenticate, by the way, I =
extend
your jetty's HashUserRealm in order to do this.

request.setAttribute(attrName, attr) --- did not work, when I tried to =
get the
attribute inside the servlet, it returns null.

I have also tried to extend the the KnownUser and inside the Servlet I =
tried to
cast the getUserPrincipal() but did not work.

My question is this, how could someone pass data to the servlet from the =
point
where user is being authenticated using jetty?

Thanks,

Ike

-----Original Message-----
From: Greg Wilkins [mailto:gr...@mo...]
Sent: Sun 11/21/2004 5:32 AM
To: jet...@li...
Subject: Re: Jetty seems to be overriding security constraints
=20

Ike,

I think your problem is that there are two related - but different =
mechanisms.

The SecurityHandler handles security constraints when you are not using
webapplications.  It is used in combination with ServletHandlers and =
FileHandlers.

The webapplicationHandler is an extended servlet handler with security =
handling
built in.  So you should either just use webapplications or =
securityhandlers, but
not both.

When using a webapplicationcontext, the configuration of a authenticator =
will be
handled for you.

Ikonne, Ike wrote:
> Hi all,
>=20
> I wil try another angle to my previous question:  It seems to me that =
if=20
> I load a servlet using
>=20
> server.addWebapplicationContext( .......)
>=20
> that jetty won't let me override the security constraints using the=20
> established web context.  Is there any reason
> for this?
>=20
> What I am trying to accomplish is to have a basic web.xml associated=20
> with this servlet , and then
> initialize the related security constraints dynamically.  I have jetty =

> embedded in my application.
>=20
> Any suggestions will be highly appreciated ...
>=20
>=20
> Cheers,
>=20
> Ike
>=20