Wednesday, March 9, 2011

Authentication in embedded Jetty 7 server

A change in Jetty security from 6 to 7 is the introduction of LoginService, which was designed to replace UserRealm based approach. The usage of LoginService can be seen in the example SecuredHelloHandler and the test case of SecuredContentExchangeTest . Basically, the LoginService needs to be attached to a SecurityHander, and the SecurityHandler needs to wrap the handler that needs the authentication service. This can be done by either
securityHandler.setHandler(yourHandler);

or

ServletContextHandler theContext = new ServletContextHandler(handlerContainer, contextPath, sessionHandler, securityHandler, servletHandler, errorHandler);