如何使用Jetty 9的登录表单?

时间:2017-08-03 12:27:35

标签: authentication jetty

我刚刚在嵌入式jetty Web服务器中添加了身份验证。我正在使用JDBCLoginService,一切正常。

我现在想要添加一个登录页面。并且它不再起作用了:当调用FormAuthenticator.validate方法时,它正在尝试获取HTTPsession而没有找到。

我一直在尝试创建Sessions,但我一直无法找到正确的API。有人可以举个例子吗?

这是我的代码:

// the file server part
ResourceHandler resource_handler = new ResourceHandler();
resource_handler.setDirectoriesListed(false);
resource_handler.setResourceBase("www");
resource_handler.setDirectoriesListed(false);
resource_handler.setWelcomeFiles(new String[]{ "html/dashboard.html" });
// the JSP part
WebAppContext webAppContext = new WebAppContext();
webAppContext.setResourceBase("www");
webAppContext.setInitParameter("dirAllowed", "false");
webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals");
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues");
HandlerList handlers = new HandlerList();
handlers.setHandlers(new Handler[] {
        // static files
        resource_handler,
        // servlets
        webAppContext,
        // 404
        new DefaultHandler()
    });
// get the path for the authentication settings
// it should be in the same folder than the platform location
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile"));
File authConfigFile = new File(configFile.getParent(), "auth.properties");
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath());
m_server.addBean(loginService);

ConstraintSecurityHandler security = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setName(Constraint.__FORM_AUTH);
constraint.setAuthenticate(true);
constraint.setRoles(new String[] { "user", "admin" });

ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);

security.addConstraintMapping(mapping);
FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html", false);
security.setAuthenticator(authenticator);
security.setLoginService(loginService);


security.setHandler(handlers);
m_server.setHandler(security);


m_server.start();

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。诀窍是只使用WebAppContext。它提供: *一个SessionHandler *一个ResouceHandler *并允许设置SecurityHandler

我的代码现在是:

// Creating the server on port webPort
m_server = new Server(webPort);

// get the path for the authentication settings
// it should be in the same folder than the platform location
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile"));
File authConfigFile = new File(configFile.getParent(), "auth.properties");
// set the login service
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath());
ConstraintSecurityHandler security = new ConstraintSecurityHandler();

// no authentication for these items
{
    Constraint constraint = new Constraint();
    constraint.setAuthenticate(false);

    for (String pathSpec: new String[] {
            "/images/*",
            "/css/*",
            "/lib/*",
        })
    {
        ConstraintMapping mapping = new ConstraintMapping();
        mapping.setPathSpec(pathSpec);
        mapping.setConstraint(constraint);
        security.addConstraintMapping(mapping);
    }
}

// must have authentication for the rest
{
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__FORM_AUTH);
    constraint.setAuthenticate(true);
    constraint.setRoles(new String[] { "user", "admin" });

    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setPathSpec("/*");
    mapping.setConstraint(constraint);
    security.addConstraintMapping(mapping);
}

security.setLoginService(loginService);

FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html?error=true", false);
security.setAuthenticator(authenticator);

// the JSP part
WebAppContext webAppContext = new WebAppContext();
//webAppContext.setContextPath("/");
webAppContext.setResourceBase("www");
webAppContext.setInitParameter("dirAllowed", "false");

//Including the JSTL jars for the webapp.
webAppContext.setAttribute("org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern",".*/[^/]*jstl.*\\.jar$");

//Enabling the Annotation based configuration
org.eclipse.jetty.webapp.Configuration.ClassList classlist = org.eclipse.jetty.webapp.Configuration.ClassList.setServerDefault(m_server);
classlist.addAfter("org.eclipse.jetty.webapp.FragmentConfiguration", "org.eclipse.jetty.plus.webapp.EnvConfiguration", "org.eclipse.jetty.plus.webapp.PlusConfiguration");
classlist.addBefore("org.eclipse.jetty.webapp.JettyWebXmlConfiguration", "org.eclipse.jetty.annotations.AnnotationConfiguration");

webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals");
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues");
webAppContext.addServlet(new ServletHolder(new QuerySearchCSV()), "/queries/searchCSV");
webAppContext.addServlet(new ServletHolder(new QuerySearchWithPaging()), "/queries/searchWithPaging");
webAppContext.setWelcomeFiles(new String [] {"html/dashboard.html"});

// this will set authentication
webAppContext.setSecurityHandler(security);
webAppContext.getSessionHandler().setMaxInactiveInterval(24 * 60 * 60);

// what the server serves
m_server.setHandler(webAppContext);

m_server.start();
相关问题
最新问题