Menu
I have a website powered by Jetty.
I'd like to make the site password protected (or similar).
Is there a way to do this by configuration alone (without touching the code).
All help much appreciated.
Dan
441
Jetty provides a web server and servlet container, additionally providing support for HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations. These components are open source and are freely available for commercial use and distribution.
Jetty is another application server (this one developed by Eclipse Foundation) that isn't technically a fully featured Java EE container. Just like Tomcat, it lacks support for many Java EE features. And just like Tomcat, you can still use most of the features by including additional third-party dependencies.
The Jetty Server is the plumbing between a collection of Connectors that accept HTTP connections, and a collection of Handlers that service requests from the connections and produce responses, with the work being done by threads taken from a thread pool.
One way to do this is by setting up basic authentication for your application. You should only do this if you use ssl, but then login without ssl is not secure anyway so I guess you have that already.
There is many ways to do this in Jetty, and this is only one of them.
First, you must define a realm where you define all users, passwords, roles etc. The default settings in Jetty already defines a realm called "Test Realm". The realm is defined in the file /etc/jetty-testrealm.xml. You may use this realm or create a new one. If you define a new, you may define it in the same file or in a separate file. If you create a separate file, remember to include that file in start.ini.
The /etc/jetty-testrealm.xml has a reference to /etc/realm.properties. This is where you create your users. If you want to just use the test-realm, remember to delete the default users that already is defined in realm.properties.
There are also other kind of realm implementations that use i.e. a database for user data.
Next, open the /etc/webdefault.xml file and add something like this at the bottom:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern> <!--The url that should be protected -->
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name> <!--The required roles for accessing the url -->
<role-name>user</role-name>
<role-name>moderator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method> <!-- Use http basic authentication -->
<realm-name>Test Realm</realm-name> <!-- Users are defined in this realm -->
</login-config>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
