Skip to content
Snippets Groups Projects
Select Git revision
  • e1bf7df94fa960518ba4f0696113958df1a24fa0
  • master default protected
2 results

README.spnego

Blame
  • README.spnego 2.00 KiB
    This setup will enable you to authenticate a user via spnego into your 
    webapp.
    
    To run with spengo enabled the following command line options are required:
    
    -Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini
    -Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf 
    -Djavax.security.auth.useSubjectCredsOnly=false
    
    The easiest place to put these lines are in the start.ini file.
    
    For debugging the spengo authentication the following options are helpful:
    
    -Dorg.eclipse.jetty.LEVEL=debug
    -Dsun.security.spnego.debug=true
    
    
    Spengo Authentication is enabled in the webapp with the following setup.
    
      <security-constraint>
        <web-resource-collection>
          <web-resource-name>Secure Area</web-resource-name>
          <url-pattern>/secure/me/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
          <role-name>MORTBAY.ORG</role-name>  <-- this is the domain that the user is a member of
        </auth-constraint>
      </security-constraint>
    
      <login-config>
        <auth-method>SPNEGO</auth-method>
        <realm-name>Test Realm</realm-name>
        (optionally to add custom error page)
        <spnego-login-config>
          <spengo-error-page>/loginError.html?param=foo</spnego-error-page>
        </spnego-login-config>
      </login-config>
       
    A corresponding UserRealm needs to be created either programmatically if 
    embedded, via the jetty.xml or in a context file for the webapp.
    
    (in the jetty.xml)
    
       <Call name="addBean">
          <Arg>
            <New class="org.eclipse.jetty.security.SpnegoLoginService">
              <Set name="name">Test Realm</Set>
              <Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set>
            </New>
          </Arg>
        </Call>
    
    (context file)
      <Get name="securityHandler">
        <Set name="loginService">
          <New class="org.eclipse.jetty.security.SpnegoLoginService">
    	    <Set name="name">Test Realm</Set>
    	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set>
          </New>
        </Set>
        <Set name="checkWelcomeFiles">true</Set>
      </Get>