I have an embedded implementation of Jetty 7 running as a service and want to add basic authentication with no web.xml file for a servlet.
I created my credentials using the steps described here
I thought that I could create the server, create a security handler with basic authentication and attach a HashLoginService to the security manager. But I am clearly missing several things because I am never getting prompt for credentials.
Below is the code. Any help would be greatly appreciated.
server = new Server(port);
server.addConnector(getSslChannelConnector(securePort));
server.setGracefulShutdown(1000);
server.setStopAtShutdown(true);
// create the context handler for the server
ServletContextHandler sch = new ServletContextHandler(server, WEBAPP_CONTEXT);
// attach the security handler to it that has basic authentication
sch.setSecurityHandler(getSecurityHandler());
// define the processing servlet.
sch.addServlet(new ServletHolder(new ProcessingServlet()), "/process");
.
.
private SecurityHandler getSecurityHandler() {
// add authentication
Constraint constraint = new Constraint(Constraint.__BASIC_AUTH,"user");
constraint.setAuthenticate(true);
constraint.setRoles(new String[]{"user","admin"});
// map the security constraint to the root path.
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
// create the security handler, set the authentication to Basic
// and assign the realm.
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setAuthenticator(new BasicAuthenticator());
csh.setRealmName(REALM);
csh.addConstraintMapping(cm);
// set the login service
csh.setLoginService(getHashLoginService());
return csh;
}
private HashLoginService getHashLoginService() {
// create the login service, assign the realm and read the user credentials
// from the file /tmp/realm.properties.
HashLoginService hls = new HashLoginService();
hls.setName(REALM);
hls.setConfig("/tmp/realm.properties");
hls.setRefreshInterval(0);
return hls;
}