Tuesday, November 27, 2007

NetKernel backend securing by using Jetty realm

NetKernel uses Jetty for HTTP transport. By default, it opens two port, one for services, and one for management. The fresh installation does not secure the management port, the backend. However, you can configure it to do that by using HTAccessHandler of Jetty as described in http://www.1060.org/forum/topic/265/2 . I encountered problems when doing like that on Window system. So I tried to using Realm of Jetty to do that, and it works. Here is the configuration file.

<?xml version="1.0" encoding="utf-8"?>
<httpConfig>
<!--
*****************
Jetty HTTP Server
*****************
-->
<Configure class="org.mortbay.jetty.Server">
<!--
***********
Add Listeners
***********
-->
<!--Start addlisteners-->
<!--Add SocketListener with default port 1060-->
<Call name="addListener">
<Arg>
<New class="org.mortbay.http.SocketListener">
<Set name="Port">1060</Set>
<Set name="MinThreads">5</Set>
<Set name="MaxThreads">50</Set>
<Set name="MaxIdleTimeMs">30000</Set>
<Set name="LowResourcePersistTimeMs">5000</Set>
</New>
</Arg>
</Call>
<!--End addlisteners-->
<Call name="addRealm">
<Arg>
<New class="org.mortbay.http.HashUserRealm">
<Arg>Admin Realm</Arg>
<Put name="admin">yourpasshere</Put>
<Call name="addUserToRole">
<Arg>admin</Arg>
<Arg>server-administrator</Arg>
</Call>
</New>
</Arg>
</Call>
<!--
************
Add Server Contexts
************
-->
<!--Default context at root / -->
<Call name="addContext">
<Arg>/</Arg>
<Set name="realmName">Admin Realm</Set>
<Set name="authenticator">
<New class="org.mortbay.http.BasicAuthenticator" />
</Set>
<Call name="addHandler">
<Arg>
<New class="org.mortbay.http.handler.SecurityHandler" />
</Arg>
</Call>
<Call name="addSecurityConstraint">
<Arg>/</Arg>
<Arg>
<New class="org.mortbay.http.SecurityConstraint">
<Arg>Admin</Arg>
<Arg>server-administrator</Arg>
</New>
</Arg>
</Call>
<Call name="addHandler">
<Arg>
<New class="org.ten60.transport.jetty.HttpHandler">
<Set name="Name">BackendHTTPTransport</Set>
</New>
</Arg>
</Call>
</Call>
</Configure>
</httpConfig>

Jetty also provides HashUserRealm that reads a property file in which the user names and passwords can be specified.