Home | History | Annotate | only in /external/jetty/src/config/etc
Up to higher level directory
NameDateSize
jdbcRealm.properties06-Dec-20162.1K
jetty-bio-ssl.xml06-Dec-20161.2K
jetty-bio.xml06-Dec-2016897
jetty-debug.xml06-Dec-2016963
jetty-fileserver.xml06-Dec-20161K
jetty-ipaccess.xml06-Dec-2016951
jetty-jmx.xml06-Dec-20164.4K
jetty-logging.xml06-Dec-20161.4K
jetty-proxy.xml06-Dec-20162.6K
jetty-requestlog.xml06-Dec-20161.3K
jetty-ssl.xml06-Dec-20161.7K
jetty-stats.xml06-Dec-2016660
jetty-xinetd.xml06-Dec-20161.9K
jetty.xml06-Dec-20163.6K
keystore06-Dec-20161.4K
krb5.ini06-Dec-2016521
README.spnego06-Dec-20162K
spnego.conf06-Dec-2016544
spnego.properties06-Dec-201632
webdefault.xml06-Dec-201623.9K

README.spnego

      1 This setup will enable you to authenticate a user via spnego into your 
      2 webapp.
      3 
      4 To run with spengo enabled the following command line options are required:
      5 
      6 -Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini
      7 -Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf 
      8 -Djavax.security.auth.useSubjectCredsOnly=false
      9 
     10 The easiest place to put these lines are in the start.ini file.
     11 
     12 For debugging the spengo authentication the following options are helpful:
     13 
     14 -Dorg.eclipse.jetty.LEVEL=debug
     15 -Dsun.security.spnego.debug=true
     16 
     17 
     18 Spengo Authentication is enabled in the webapp with the following setup.
     19 
     20   <security-constraint>
     21     <web-resource-collection>
     22       <web-resource-name>Secure Area</web-resource-name>
     23       <url-pattern>/secure/me/*</url-pattern>
     24     </web-resource-collection>
     25     <auth-constraint>
     26       <role-name>MORTBAY.ORG</role-name>  <-- this is the domain that the user is a member of
     27     </auth-constraint>
     28   </security-constraint>
     29 
     30   <login-config>
     31     <auth-method>SPNEGO</auth-method>
     32     <realm-name>Test Realm</realm-name>
     33     (optionally to add custom error page)
     34     <spnego-login-config>
     35       <spengo-error-page>/loginError.html?param=foo</spnego-error-page>
     36     </spnego-login-config>
     37   </login-config>
     38    
     39 A corresponding UserRealm needs to be created either programmatically if 
     40 embedded, via the jetty.xml or in a context file for the webapp.
     41 
     42 (in the jetty.xml)
     43 
     44    <Call name="addBean">
     45       <Arg>
     46         <New class="org.eclipse.jetty.security.SpnegoLoginService">
     47           <Set name="name">Test Realm</Set>
     48           <Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set>
     49         </New>
     50       </Arg>
     51     </Call>
     52 
     53 (context file)
     54   <Get name="securityHandler">
     55     <Set name="loginService">
     56       <New class="org.eclipse.jetty.security.SpnegoLoginService">
     57 	    <Set name="name">Test Realm</Set>
     58 	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set>
     59       </New>
     60     </Set>
     61     <Set name="checkWelcomeFiles">true</Set>
     62   </Get>