• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1This setup will enable you to authenticate a user via spnego into your
2webapp.
3
4To run with spengo enabled the following command line options are required:
5
6-Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini
7-Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf
8-Djavax.security.auth.useSubjectCredsOnly=false
9
10The easiest place to put these lines are in the start.ini file.
11
12For debugging the spengo authentication the following options are helpful:
13
14-Dorg.eclipse.jetty.LEVEL=debug
15-Dsun.security.spnego.debug=true
16
17
18Spengo Authentication is enabled in the webapp with the following setup.
19
20  <security-constraint>
21    <web-resource-collection>
22      <web-resource-name>Secure Area</web-resource-name>
23      <url-pattern>/secure/me/*</url-pattern>
24    </web-resource-collection>
25    <auth-constraint>
26      <role-name>MORTBAY.ORG</role-name>  <-- this is the domain that the user is a member of
27    </auth-constraint>
28  </security-constraint>
29
30  <login-config>
31    <auth-method>SPNEGO</auth-method>
32    <realm-name>Test Realm</realm-name>
33    (optionally to add custom error page)
34    <spnego-login-config>
35      <spengo-error-page>/loginError.html?param=foo</spnego-error-page>
36    </spnego-login-config>
37  </login-config>
38
39A corresponding UserRealm needs to be created either programmatically if
40embedded, via the jetty.xml or in a context file for the webapp.
41
42(in the jetty.xml)
43
44   <Call name="addBean">
45      <Arg>
46        <New class="org.eclipse.jetty.security.SpnegoLoginService">
47          <Set name="name">Test Realm</Set>
48          <Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set>
49        </New>
50      </Arg>
51    </Call>
52
53(context file)
54  <Get name="securityHandler">
55    <Set name="loginService">
56      <New class="org.eclipse.jetty.security.SpnegoLoginService">
57	    <Set name="name">Test Realm</Set>
58	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set>
59      </New>
60    </Set>
61    <Set name="checkWelcomeFiles">true</Set>
62  </Get>