Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.6.0, 2.0-M1
-
None
-
NA
-
Patch Available
Description
The Jetty component is presently unable to be configured for security. A general purpose mechanism so that the Jetty component can be configured would be useful. The following URI based option is proposed:
| Name | Default Value | Description |
|---|---|---|
| handlers | null | Specifies a comma delimited set of instances in your Registry (such as your Spring ApplicationContext). These instances are added to the Jetty servlet context |
Here is an example URI:
jetty:http://0.0.0.0:9080/MyService?handlers=securityHandler
This could refer to something like the following Spring configuration:
<!-- Jetty Security handling --> <bean id="userRealm" class="org.mortbay.jetty.plus.jaas.JAASUserRealm"> <property name="name" value="tracker-users" /> <property name="loginModuleName" value="ldaploginmodule" /> </bean> <bean id="constraint" class="org.mortbay.jetty.security.Constraint"> <property name="name" value="BASIC" /> <property name="roles" value="tracker-users" /> <property name="authenticate" value="true" /> </bean> <bean id="constraintMapping" class="org.mortbay.jetty.security.ConstraintMapping"> <property name="constraint" ref="constraint" /> <property name="pathSpec" value="/*" /> </bean> <bean id="securityHandler" class="org.mortbay.jetty.security.SecurityHandler"> <property name="userRealm" ref="userRealm" /> <property name="constraintMappings" ref="constraintMapping" /> </bean>
I have attached proposed changes to the 1.6 branch. I imagine that 2.0 should be quite similar.
Attachments
1.
|
Add support for jetty user security realms |
|
Closed | Unassigned |