Password protect app in jetty

jetty

I am testing a webapp (.war) running in Jetty 7. For demo purposes I want to run this on a public URL, however I would like not to have the whole world (if they happen to come across the URL) be able to see it.

Is there a way to make Jetty require a basic-auth type of authentication when accessing the webapp (without modifying anything inside the war, i.e. no edits on the web.xml file)? Or if not the webapp, then any part of what Jetty provides at port 8080?

Best Answer

Take a look at the full example here:

https://web.archive.org/web/20150120081913/http://docs.codehaus.org/display/JETTY/How+to+Configure+Security+with+Embedded+Jetty

The above is Web archive link, original link is now unavailable:

http://docs.codehaus.org/display/JETTY/How+to+Configure+Security+with+Embedded+Jetty

Programmatic configuration example from the above:

import org.mortbay.jetty.security.*;

Server server = new Server();

Connector connector = new SelectChannelConnector();
connector.setPort(8080);
server.setConnectors(new Connector[]{connector});

Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);;
constraint.setRoles(new String[]{"user","admin","moderator"});
constraint.setAuthenticate(true);

ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");

SecurityHandler sh = new SecurityHandler();
sh.setUserRealm(new HashUserRealm("MyRealm",System.getProperty("jetty.home")+"/etc/realm.properties"));
sh.setConstraintMappings(new ConstraintMapping[]{cm});

WebAppContext webappcontext = new WebAppContext();
webappcontext.setContextPath("/mywebapp");
webappcontext.setWar("./path/to/my/war/orExplodedwar");
webappcontext.addHandler(sh);

HandlerCollection handlers= new HandlerCollection();
handlers.setHandlers(new Handler[]{webappcontext, new DefaultHandler()});

server.setHandler(handlers);
server.start();
server.join();

Related Solutions

Apache and jetty

All the comet solutions rely on holding the connection between the webserver open as long as possible, either by the client making a POST request and then delaying sending the data, or the server sending a GET response, again delaying the data.

Both of those have similar problems for the origin, namely consuming a socket and memory per connection, and possibly a thread, unless you are using something like Jetty continuations.

By placing a reverse proxy like Apache in front of Jetty, like apache each open connection between Jetty and the client will also consume a worker. Depending on which apache worker model you choose (for example mod_prefork or mod_worker_mpm) there will be limitations on the maximum number of connections your apache server can support. That is around a couple of hundred for mod_prefork and is generally limited by the amount of physical memory each worker process consumes, to a few thousand with mod_worker_mpm. If you are mixing mod_worker_mpm with php you should research the options that your version of php was compiled with as there are known incompatibilities with php and mod_worker_mpm.

You will also have to be mindful of the timeouts in both Apache and Jetty. Comet style connections either simulate a slow POST request, so you'll have to tune Apache to be lenient towards that, as well as the size of the request body. GET style requests are also subject to timeout if nothing is transmitted from the origin server. You'll have to apply these timeouts on both sides of the reverse proxy connection, from the client to Apache, and from Apache to Jetty.

If I was deploying a solution like this I would either place the Jetty based Comet service on a different domain, using a load balancer to proxy multiple Jetty backends for added capacity and reliability, or I would use a different reverse proxy, say HAProxy, to act in Apaches stead, and direct requests to the various backends (Apache, Jetty), based on the URL.

NullPointerException on jetty 7 startup with jetty deployment descriptor

my guess is, you have an additional slash. replace

<Set name="war"><SystemProperty name="jetty.home" default="."/>/webapps-plus/webapp.war</Set>

with

<Set name="war"><SystemProperty name="jetty.home" default=".">/webapps-plus/webapp.war</Set>

Best Answer

Related Solutions

Apache and jetty

NullPointerException on jetty 7 startup with jetty deployment descriptor

Related Topic