Login/Register
How to use JASPI/JASPIC on Jetty?
Asked Answered
Solved javajakarta-eejettyjetty-8jaspic
A

1

6

On Jetty's main project page compatibility with JASPI (JASPIC/JSR 196) is mentioned.

However, the distribution of Jetty 8 does not seem to contain any classes related to JASPI. There's a jetty-security-8.1.8.v20121106.jar jar in [jetty home]/lib, but this one does not contain any of the JASPIC/JASPI types.

The documentation about JASPIC/JASPI on the Jetty wiki is only a placeholder and does not contain any information.

After some Googling I found JavaDocs on the Eclipse site and discovered there should be a jetty-jaspi-8.1.8.v20121106.jar somewhere. Those JavaDocs are included in the distribution as well. Finally, a jetty-jaspi repo appears at Github.

Obviously there is some amount of support available, but why are those classes seemingly not present in the Jetty distribution and where is the documentation on how to configure this? What am I missing?

Aundreaaunson answered 8/1, 2013 at 22:1 Comment(0)
G
8

This project (https://github.com/guofengzh/jaspi-on-jetty) is a working example of the JASPI API in jetty that uses geronimo-jaspi which in turn calls back to the jetty-jaspi modules for the authentication. Geronimo seems to be providing the configuration mechanism and jetty the authentication modules themselves in this example.

It seems as though you can select a form, digest or basic authentication methods. A quick test of the form based login has shown it appears to function.

The Jaspi authentication factory is setup in jetty-web.xml like so:

<Set name="securityHandler">
  <New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <Set name="name">JAASRealm</Set>
        <Set name="loginModuleName">jaas</Set>
      </New>
    </Set>

    <Set name="authenticatorFactory">
      <New class="org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory" />
    </Set>
  </New>
</Set>

And the jaspi configuration file is referenced via a system property in the pom.xml file:

<systemProperty>
  <name>org.apache.geronimo.jaspic.configurationFile</name>
  <value>./conf/jaspi/form-test-jaspi-2.xml</value>
</systemProperty>

Additionally, the jaspi library you mentioned is added as a dependency in the pom, along with the geronimo jaspi implementation:

<dependency>
  <groupId>org.eclipse.jetty</groupId>
  <artifactId>jetty-jaspi</artifactId>
  <version>${jetty.version}</version>
</dependency>
<dependency>
  <groupId>org.apache.geronimo.components</groupId>
  <artifactId>geronimo-jaspi</artifactId>
  <version>2.0.0</version>
</dependency>

I have also been unable to find documenation on the topic. It seems as though the jetty-jaspi module is not one of the standard start options, but could be added to the ${jetty.home/lib/ext} directory (see Jetty classloading).

Gridiron answered 11/1, 2013 at 10:3 Comment(3)
Looks like a good answer :) I'm still a bit in the dark on why the jaspi javadocs are in the distribution, but not the actual code. Requiring two external libs also makes the claim of supporting jaspi on the homepage questionable. By the same token, Tomcat could claim to be JSF compatible :| But, alas, I'll try your example ;)Aundreaaunson
I quite the like the modular nature of jetty, you can enable only the features you need and have a lightweight runtime. I take your point about the javadocs + external lib though; it's not clear from the documentation how jetty supports this feature.Gridiron
yeah, it is supported in jetty for years now but something I personally hear so little about I haven't thought much about in terms of enabling, it was largely work of another committer (David Jencks) from geronimo. We need to get it into the new docbook documentation though, would love to see a pull request in the docs for it!Vaca

© 2022 - 2024 — McMap. All rights reserved.