securityHandler.setHandler(yourHandler);
or
ServletContextHandler theContext = new ServletContextHandler(handlerContainer, contextPath, sessionHandler, securityHandler, servletHandler, errorHandler);
Wednesday, March 9, 2011
Authentication in embedded Jetty 7 server
A change in Jetty security from 6 to 7 is the introduction of LoginService, which was designed to replace UserRealm based approach. The usage of LoginService can be seen in the example SecuredHelloHandler and the test case of SecuredContentExchangeTest . Basically, the LoginService needs to be attached to a SecurityHander, and the SecurityHandler needs to wrap the handler that needs the authentication service. This can be done by either
or
or
Subscribe to:
Post Comments (Atom)
As part of our product we plan to port (Upgrade) from Jetty 6.1.14 to 7.x. I see a lot have changed from Jetty 6.x to 7.x. One such change is Package name change. Eg : UserRealm (Org.mortbay.jetty.security.UserRealm) has been changed to LoginService (Org.eclipes.jetty.security. LoginService).
ReplyDeleteSome of the Classes have been removed in 7.X. Such as SSORealm class (Single Sign On) present in Org.mortbay.jetty.security package has been removed. Can you please comment on the below questions.
· How 7.x handles Single Sign On (SSO) ? (Have searched a lot but couldn’t find L)
· Do we have any replacement for SSORealm ? (As we do have LoginService (7.x) for UserRealm (6.x))
· Any alternative, on how to use SSO.
Did anyone find a replacement for the SSORealm class in Jetty 7+? Tomcat has this feature and it's becoming a blocker for us moving to Jetty.
ReplyDeleteI think SSORealm is a kind of hacking. It is easy but would have some issues. If you need the SSO support, why not use CAS or Shibboleth in your applications?
ReplyDelete