Tips for implementing a custom JAAS login module for Jetty

1) jetty-web.xml

You can gather all specific settings for Jetty in the file WEB-INF/jetty-web.xml, remember to also specify paths for the role principals if you use your own classes for that.

Example jetty-web.xml file:

<!-- Jetty specific config file -->
<Configure>
 
<!-- Tell jetty where to find login config -->
<Call name="setProperty">
	<Arg>java.security.<strong>auth</strong>.login.config</Arg>
	<Arg>WEB-INF/login.config</Arg>
</Call>
 
<!-- Bug fix for Jetty to properly handle login config in a per-project setup -->
<Set name="serverClasses">
	<Array type="java.lang.String">
		<Item>-org.mortbay.jetty.plus.jaas.</Item>
		<Item>org.mortbay.jetty</Item>
		<Item>org.slf4j.</Item>
	</Array>
</Set>
 
<!-- Create login realm -->
<Get name="securityHandler">
	<Set name="userRealm">
		<New>
			<Set name="name">*NAME OF YOUR REALM*</Set>
			<Set name="LoginModuleName">*NAME OF YOUR LOGIN CLASS*</Set>
			<Set name="roleClassNames">
				<Array type="java.lang.String">
					<Item>*PATH TO YOUR ROLE PRINCIPAL CLASS*</Item>
				</Array>
			</Set>
		</New>
	</Set>
</Get>
</Configure>

2) Adding roles to a user in commit

When you want to give a user roles(like admin, moderator etc), you can add those to the user when he or she is authenticated and commit is called upon:

	public boolean commit() throws LoginException {
		MyUserPrincipal user = new MyUserPrincipal("username");
 
		//Add logged in user as first principal
		subject.getPrincipals().add(user);
 
		//Add roles for the logged in user
		subject.getPrincipals().add( new MyGroupPrincipal("admin") );
		subject.getPrincipals().add( new MyGroupPrincipal("moderator") );
	}

Comments are closed.