Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/jetty-security/src/main/config/etc/README.spnego
blob: 6bc2123290eb82ec7da2913eb7394d3ba3d4960d (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

This setup will enable you to authenticate a user via spnego into your 
webapp.

To run with spengo enabled the following command line options are required:

-Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini
-Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf 
-Djavax.security.auth.useSubjectCredsOnly=false

The easiest place to put these lines are in the start.ini file.

For debugging the spengo authentication the following options are helpful:

-Dorg.eclipse.jetty.LEVEL=debug
-Dsun.security.spnego.debug=all 


Spengo Authentication is enabled in the webapp with the following setup.

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Secure Area</web-resource-name>
      <url-pattern>/secure/me/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>MORTBAY.ORG</role-name>  <-- this is the domain that the user is a member of
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>SPNEGO</auth-method>
    <realm-name>Test Realm</realm-name>
    (optionally to add custom error page)
    <spnego-login-config>
      <spengo-error-page>/loginError.html?param=foo</spnego-error-page>
    </spnego-login-config>
  </login-config>
   
A corresponding UserRealm needs to be created either programmatically if 
embedded, via the jetty.xml or in a context file for the webapp.

(in the jetty.xml)

   <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.SpnegoLoginService">
          <Set name="name">Test Realm</Set>
          <Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set>
        </New>
      </Arg>
    </Call>

(context file)
  <Get name="securityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.SpnegoLoginService">
	    <Set name="name">Test Realm</Set>
	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set>
      </New>
    </Set>
    <Set name="checkWelcomeFiles">true</Set>
  </Get>
  
  
8

Back to the top