Jake Slack | 03928ae | 2014-05-13 18:41:56 -0700 | [diff] [blame] | 1 | This setup will enable you to authenticate a user via spnego into your |
| 2 | webapp. |
| 3 | |
| 4 | To run with spengo enabled the following command line options are required: |
| 5 | |
| 6 | -Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini |
| 7 | -Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf |
| 8 | -Djavax.security.auth.useSubjectCredsOnly=false |
| 9 | |
| 10 | The easiest place to put these lines are in the start.ini file. |
| 11 | |
| 12 | For debugging the spengo authentication the following options are helpful: |
| 13 | |
| 14 | -Dorg.eclipse.jetty.LEVEL=debug |
| 15 | -Dsun.security.spnego.debug=true |
| 16 | |
| 17 | |
| 18 | Spengo Authentication is enabled in the webapp with the following setup. |
| 19 | |
| 20 | <security-constraint> |
| 21 | <web-resource-collection> |
| 22 | <web-resource-name>Secure Area</web-resource-name> |
| 23 | <url-pattern>/secure/me/*</url-pattern> |
| 24 | </web-resource-collection> |
| 25 | <auth-constraint> |
| 26 | <role-name>MORTBAY.ORG</role-name> <-- this is the domain that the user is a member of |
| 27 | </auth-constraint> |
| 28 | </security-constraint> |
| 29 | |
| 30 | <login-config> |
| 31 | <auth-method>SPNEGO</auth-method> |
| 32 | <realm-name>Test Realm</realm-name> |
| 33 | (optionally to add custom error page) |
| 34 | <spnego-login-config> |
| 35 | <spengo-error-page>/loginError.html?param=foo</spnego-error-page> |
| 36 | </spnego-login-config> |
| 37 | </login-config> |
| 38 | |
| 39 | A corresponding UserRealm needs to be created either programmatically if |
| 40 | embedded, via the jetty.xml or in a context file for the webapp. |
| 41 | |
| 42 | (in the jetty.xml) |
| 43 | |
| 44 | <Call name="addBean"> |
| 45 | <Arg> |
| 46 | <New class="org.eclipse.jetty.security.SpnegoLoginService"> |
| 47 | <Set name="name">Test Realm</Set> |
| 48 | <Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set> |
| 49 | </New> |
| 50 | </Arg> |
| 51 | </Call> |
| 52 | |
| 53 | (context file) |
| 54 | <Get name="securityHandler"> |
| 55 | <Set name="loginService"> |
| 56 | <New class="org.eclipse.jetty.security.SpnegoLoginService"> |
| 57 | <Set name="name">Test Realm</Set> |
| 58 | <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set> |
| 59 | </New> |
| 60 | </Set> |
| 61 | <Set name="checkWelcomeFiles">true</Set> |
| 62 | </Get> |