|
|
Jetty配置JAAS(独立的Jetty服务器)
>>在独立的Jetty服务器中使用默认的JAAS配置文件
1,建立名为web-test的web项目,项目里放入index.jsp,login.jsp和web.xml.
在login.jsp中:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Page</title>
</head>
<body>
<form id="loginForm" method="post" action="j_security_check">
<input type="text" name="j_username" id="j_username"/>
<input type="password" name="j_password" id="j_password"/>
<input type="submit" value="Login"/>
</form>
</body>
</html>
index.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Main Page</title>
</head>
<body>
Welcome to main page !!!
</body>
</html>
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>web-test</display-name>
<security-constraint>
<web-resource-collection>
<web-resource-name>Web Test Actions</web-resource-name>
<url-pattern>/*</url-pattern>
<!--<url-pattern>*.jsp</url-pattern> -->
</web-resource-collection>
<auth-constraint>
<role-name>jvwl</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>java:/jaas/jvwl-sso</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>jvwl</role-name>
</security-role>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
2,将项目打包为web-test.war,并放入${jetty_home}/webapps下面.到此项目上的准备工作全部完成.
3,接下来进行jetty的配置.首先修改文件${jetty_home}/etc/jetty-testrealm.xml:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Configure Authentication Login Service -->
<!-- Realms may be configured for the entire server here, or -->
<!-- they can be configured for a specific web app in a context -->
<!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
<!-- example). -->
<!-- =========================================================== -->
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">java:/jaas/jvwl-sso</Set>
<Set name="config"><Property name="jetty.home" default="."/>/etc/realm.properties</Set>
<Set name="refreshInterval">0</Set>
</New>
</Arg>
</Call>
</Configure>
这里<Set name="name">java:/jaas/jvwl-sso</Set>必须与web.xml中的<realm-name>java:/jaas/jvwl-sso</realm-name>保持一致.如果这里的不一致将会出现下面的错误信息:
2014-07-10 18:10:43.675:INFO:oejw.WebInfConfiguration:Extract jar:file:/D:/Server/jetty-pure/jetty-distribution-8.1.8.v20121106/webapps/web-test.war!/ to C:\Users\jervalj\AppData\Local\Temp\jetty-0.0.0.0-8080-web-test.war-_web-test-any-\webapp
Null identity service, trying login service: null
Finding identity service: null
2014-07-10 18:10:43.891:WARN:oejuc.AbstractLifeCycle:FAILED org.eclipse.jetty.security.ConstraintSecurityHandler@ef137d: java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.FormAuthenticator@141b571 in org.eclipse.jetty.security.ConstraintSecurityHandler@ef137d
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.FormAuthenticator@141b571 in org.eclipse.jetty.security.ConstraintSecurityHandler@ef137d
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:61)
at org.eclipse.jetty.security.authentication.FormAuthenticator.setConfiguration(FormAuthenticator.java:130)
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:380)
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:452)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:115)
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:124)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:115)
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:752)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:706)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:492)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:39)
at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:186)
at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:494)
at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:141)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:145)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:56)
at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:609)
at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:540)
at org.eclipse.jetty.util.Scanner.scan(Scanner.java:403)
at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:337)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:121)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:555)
at org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:230)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.util.component.AggregateLifeCycle.doStart(AggregateLifeCycle.java:81)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:58)
at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:96)
at org.eclipse.jetty.server.Server.doStart(Server.java:277)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1266)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1189)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.eclipse.jetty.start.Main.invokeMain(Main.java:472)
at org.eclipse.jetty.start.Main.start(Main.java:620)
at org.eclipse.jetty.start.Main.main(Main.java:95)
4,现在就差最后一步,将自己的帐号信息加入${jetty_home}/etc/realm.properties:
#
# This file defines users passwords and roles for a HashUserRealm
#
# The format is
# <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated
# passwords or password checksums
#
# If DIGEST Authentication is used, the password must be in a recoverable
# format, either plain text or OBF:.
#
jetty: MD5:164c88b302622e17050af52c89945d44,user
admin: CRYPT:adpexzg3FUZAk,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user
jerval: 111111,jvwl
# This entry is for digest auth. The credential is a MD5 hash of username:realmname:password
digest: MD5:6e120743ad67abfbc385bc2bb754e297,user
这里'jerval: 111111,jvwl'是新加入的信息,其它的都在原有的信息. 注意,jvwl是role,它与web.xml里的role对应.如果不对应将出现不能登录的情况.
>>在独立的Jetty服务器中使用自定义的JAAS配置文件
1,去掉默认的JAAS配置.找到${jetty_home}/start.ini,注释代码etc/jetty-testrealm.xml:
#===========================================================
# Configuration files.
# For a full list of available configuration files do
# java -jar start.jar --help
#-----------------------------------------------------------
#etc/jetty-jmx.xml
etc/jetty.xml
etc/jetty-annotations.xml
# etc/jetty-ssl.xml
# etc/jetty-requestlog.xml
etc/jetty-deploy.xml
#etc/jetty-overlay.xml
etc/jetty-webapps.xml
etc/jetty-contexts.xml
#etc/jetty-testrealm.xml
#===========================================================
这里'#etc/jetty-testrealm.xml'即为注释部分.
2,添加自定义JAAS文件(jvwl-realm.conf,jvwl-realm.xml,jvwl-realm.properties)到${jetty_home}/etc/myJAAS下.
jvwl-realm.conf:
jvwl-sso {
org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
debug="true"
file="etc/myJAAS/jvwl-realm.properties";
};
jvwl-realm.xml:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<Set name="Name">java:/jaas/jvwl-sso</Set>
<Set name="LoginModuleName">jvwl-sso</Set>
</New>
</Arg>
</Call>
</Configure>
jvwl-realm.properties:
#
# This file defines users passwords and roles for a HashUserRealm
#
# The format is
# <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed. The class
# org.eclipse.util.Password should be used to generate obfuscated
# passwords or password checksums
#
# If DIGEST Authentication is used, the password must be in a recoverable
# format, either plain text or OBF:.
#
jetty: MD5:164c88b302622e17050af52c89945d44,user
admin: CRYPT:adpexzg3FUZAk,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user
jerval: 888888,jvwl
# This entry is for digest auth. The credential is a MD5 hash of username:realmname:password
digest: MD5:6e120743ad67abfbc385bc2bb754e297,user
3,在${jetty_home}下建立名为'start.d'的文件夹,在文件夹下放如.ini文件,如jerval.ini.然后在${jetty_home}/start.d/jerval.ini文件里写入:
-Djava.security.auth.login.config=etc/myJAAS/jvwl-realm.conf
etc/myJAAS/jvwl-realm.xml
注:这里也可以写成:
-Djava.security.auth.login.config=etc/myJAAS/jvwl-realm.conf
如果这样的话, 上面的jvwl-realm.xml文件就可以省略,但是里面的配置信息:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<Set name="name">java:/jaas/jvwl-sso</Set>
<Set name="loginModuleName">jvwl-sso</Set>
</New>
</Arg>
</Call>
</Configure>
则需要合并到jetty.xml中,当然也可以合并到以下任何一个文件中:
#===========================================================
# Configuration files.
# For a full list of available configuration files do
# java -jar start.jar --help
#-----------------------------------------------------------
#etc/jetty-jmx.xml
etc/jetty.xml
etc/jetty-annotations.xml
# etc/jetty-ssl.xml
# etc/jetty-requestlog.xml
etc/jetty-deploy.xml
#etc/jetty-overlay.xml
etc/jetty-webapps.xml
etc/jetty-contexts.xml
#etc/jetty-testrealm.xml
#===========================================================
--代码截取自${jetty_home}/start.ini中.
4,启动Jetty服务器进行测试,一切OK
>>在独立的Jetty服务器中为单个项目使用JAAS配置文件
1,在${jetty_home}/contexts下面添加mytest.xml(或者复制本身带有的test.xml文件进行修改).
mytest.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<!-- ==================================================================
Configure and deploy the test web application in $(jetty.home)/webapps/test
Note. If this file did not exist or used a context path other that /test
then the default configuration of jetty.xml would discover the test
webapplication with a WebAppDeployer. By specifying a context in this
directory, additional configuration may be specified and hot deployments
detected.
===================================================================== -->
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- Required minimal context configuration : -->
<!-- + contextPath -->
<!-- + war OR resourceBase -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<Set name="contextPath">/web</Set>
<Set name="war"><SystemProperty name="jetty.home" default="."/>/web-test.war</Set>
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<!-- Optional context configuration -->
<!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
<Set name="extractWAR">true</Set>
<Set name="copyWebDir">false</Set>
<Set name="defaultsDescriptor"><SystemProperty name="jetty.home" default="."/>/etc/webdefault.xml</Set>
<!--<Set name="overrideDescriptor"><SystemProperty name="jetty.home" default="."/>/contexts/test.d/override-web.xml</Set>-->
<!-- virtual hosts
<Set name="virtualHosts">
<Array type="String">
<Item>www.myVirtualDomain.com</Item>
<Item>localhost</Item>
<Item>127.0.0.1</Item>
</Array>
</Set>
-->
<!-- disable cookies
<Get name="sessionHandler">
<Get name="sessionManager">
<Set name="usingCookies" type="boolean">false</Set>
</Get>
</Get>
-->
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">java:/jaas/jvwl-sso</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<!-- To enable reload of realm when properties change, uncomment the following lines -->
<!-- changing refreshInterval (in seconds) as desired -->
<!--
<Set name="refreshInterval">5</Set>
<Call name="start"></Call>
-->
</New>
</Set>
<Set name="authenticator">
<New class="org.eclipse.jetty.security.authentication.FormAuthenticator">
<Set name="alwaysSaveUri">true</Set>
</New>
</Set>
<Set name="checkWelcomeFiles">true</Set>
</Get>
<!-- Non standard error page mapping -->
<!--
<Get name="errorHandler">
<Call name="addErrorPage">
<Arg type="int">500</Arg>
<Arg type="int">599</Arg>
<Arg type="String">/dump/errorCodeRangeMapping</Arg>
</Call>
</Get>
-->
<!-- Add context specific logger
<Set name="handler">
<New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler">
<Set name="requestLog">
<New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
<Set name="filename"><Property name="jetty.logs" default="./logs"/>/test-yyyy_mm_dd.request.log</Set>
<Set name="filenameDateFormat">yyyy_MM_dd</Set>
<Set name="append">true</Set>
<Set name="LogTimeZone">GMT</Set>
</New>
</Set>
</New>
</Set>
-->
</Configure>
其中下面代码是配置JAAS的:
<Get name="securityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.security.HashLoginService">
<Set name="name">java:/jaas/jvwl-sso</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
<!-- To enable reload of realm when properties change, uncomment the following lines -->
<!-- changing refreshInterval (in seconds) as desired -->
<!--
<Set name="refreshInterval">5</Set>
<Call name="start"></Call>
-->
</New>
</Set>
<Set name="authenticator">
<New class="org.eclipse.jetty.security.authentication.FormAuthenticator">
<Set name="alwaysSaveUri">true</Set>
</New>
</Set>
<Set name="checkWelcomeFiles">true</Set>
</Get>
通过这种方式可以为不同的项目使用不同的JAAS配置.
2,删除文件夹${jetty_home}/start.d或者此文件夹下的jerval.ini.防止刚才的JAAS配置影响现在的测试结果.
3,测试项目,一切OK. |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2017-2-26 08:04:37
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡