Jetty 구성 JAAS(독립형 Jetty 서버)

23221 단어 jetty
Jetty 구성 JAAS(독립형 Jetty 서버)
 
>> 독립형 Jetty 서버에서 기본 JAAS 프로필 사용
1, 웹-test라는 웹 프로젝트를 만들고 프로젝트에 index를 넣는다.jsp,login.jsp와 웹.xml.
로그인 중입니다.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Login Page</title>
</head>
<body>
  <form id="loginForm" method="post" action="j_security_check">
    <input type="text" name="j_username" id="j_username"/>
    <input type="password" name="j_password" id="j_password"/>
    <input type="submit" value="Login"/>
  </form>
</body>
</html>

index.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Main Page</title>
</head>
<body>
Welcome to main page !!!
</body>
</html>

web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>web-test</display-name>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Web Test Actions</web-resource-name>
      <url-pattern>/*</url-pattern>
      <!--<url-pattern>*.jsp</url-pattern>  -->
    </web-resource-collection>
    <auth-constraint>
      <role-name>jvwl</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>java:/jaas/jvwl-sso</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login.jsp</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <role-name>jvwl</role-name>
  </security-role>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>

2, 프로젝트를 웹 테스트로 포장합니다.war, ${jetty_home}/webapps 아래에 넣습니다.이 프로젝트의 준비 작업을 전부 끝냈다.
 
3, 다음은 제티의 설정을 진행합니다.우선 파일 ${jetty_home}/etc/jetty-testrealm을 수정합니다.xml:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

<Configure id="Server" class="org.eclipse.jetty.server.Server">

    <!-- =========================================================== -->
    <!-- Configure Authentication Login Service                      -->
    <!-- Realms may be configured for the entire server here, or     -->
    <!-- they can be configured for a specific web app in a context  -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an   -->
    <!-- example).                                                   -->
    <!-- =========================================================== -->
    <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">java:/jaas/jvwl-sso</Set>
          <Set name="config"><Property name="jetty.home" default="."/>/etc/realm.properties</Set>
          <Set name="refreshInterval">0</Set>
        </New>
      </Arg>
    </Call>
</Configure>

여기 java:/jaas/jvwl-sso는 웹과 함께 있어야 합니다.xml의 java:/jaas/jvwl-sso는 일치합니다.여기서 일치하지 않으면 다음 오류 메시지가 나타납니다.
2014-07-10 18:10:43.675:INFO:oejw.WebInfConfiguration:Extract jar:file:/D:/Server/jetty-pure/jetty-distribution-8.1.8.v20121106/webapps/web-test.war!/ to C:\Users\jervalj\AppData\Local\Temp\jetty-0.0.0.0-8080-web-test.war-_web-test-any-\webapp
Null identity service, trying login service: null
Finding identity service: null
2014-07-10 18:10:43.891:WARN:oejuc.AbstractLifeCycle:FAILED org.eclipse.jetty.security.ConstraintSecurityHandler@ef137d: java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.FormAuthenticator@141b571 in org.eclipse.jetty.security.ConstraintSecurityHandler@ef137d
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.FormAuthenticator@141b571 in org.eclipse.jetty.security.ConstraintSecurityHandler@ef137d
        at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:61)
        at org.eclipse.jetty.security.authentication.FormAuthenticator.setConfiguration(FormAuthenticator.java:130)
        at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:380)
        at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:452)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
        at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:115)
        at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:124)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
        at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:115)
        at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:752)
        at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:249)
        at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
        at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:706)
        at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:492)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.deploy.bindings.StandardStarter.processBinding(StandardStarter.java:39)
        at org.eclipse.jetty.deploy.AppLifeCycle.runBindings(AppLifeCycle.java:186)
        at org.eclipse.jetty.deploy.DeploymentManager.requestAppGoal(DeploymentManager.java:494)
        at org.eclipse.jetty.deploy.DeploymentManager.addApp(DeploymentManager.java:141)
        at org.eclipse.jetty.deploy.providers.ScanningAppProvider.fileAdded(ScanningAppProvider.java:145)
        at org.eclipse.jetty.deploy.providers.ScanningAppProvider$1.fileAdded(ScanningAppProvider.java:56)
        at org.eclipse.jetty.util.Scanner.reportAddition(Scanner.java:609)
        at org.eclipse.jetty.util.Scanner.reportDifferences(Scanner.java:540)
        at org.eclipse.jetty.util.Scanner.scan(Scanner.java:403)
        at org.eclipse.jetty.util.Scanner.doStart(Scanner.java:337)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.deploy.providers.ScanningAppProvider.doStart(ScanningAppProvider.java:121)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.deploy.DeploymentManager.startAppProvider(DeploymentManager.java:555)
        at org.eclipse.jetty.deploy.DeploymentManager.doStart(DeploymentManager.java:230)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.util.component.AggregateLifeCycle.doStart(AggregateLifeCycle.java:81)
        at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:58)
        at org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:96)
        at org.eclipse.jetty.server.Server.doStart(Server.java:277)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
        at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1266)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1189)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.eclipse.jetty.start.Main.invokeMain(Main.java:472)
        at org.eclipse.jetty.start.Main.start(Main.java:620)
        at org.eclipse.jetty.start.Main.main(Main.java:95)

4, 이제 마지막 단계입니다. 자신의 계정 정보를 ${jetty_home}/etc/realm에 추가합니다.properties:
#
# This file defines users passwords and roles for a HashUserRealm
#
# The format is
#  <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed.  The class 
# org.eclipse.util.Password should be used to generate obfuscated
# passwords or password checksums
#
# If DIGEST Authentication is used, the password must be in a recoverable
# format, either plain text or OBF:.
#
jetty: MD5:164c88b302622e17050af52c89945d44,user
admin: CRYPT:adpexzg3FUZAk,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user
jerval: 111111,jvwl

# This entry is for digest auth.  The credential is a MD5 hash of username:realmname:password
digest: MD5:6e120743ad67abfbc385bc2bb754e297,user

여기'jerval: 111111, jvwl'는 새로 추가된 정보입니다. 다른 것은 모두 원래의 정보입니다.주의, jvwl는 role입니다. 이것은 웹과 같습니다.xml의 role가 대응합니다.대응하지 않으면 로그인할 수 없는 상황이 발생합니다.
 
>> 독립형 Jetty 서버에서 사용자 정의 JAAS 프로필 사용
1, 기본 JAAS 구성을 제거합니다.${jetty_home}/start를 찾습니다.ini, 주석 코드 etc/jetty-testrealm.xml:
#===========================================================
# Configuration files.
# For a full list of available configuration files do
#   java -jar start.jar --help
#-----------------------------------------------------------
#etc/jetty-jmx.xml
etc/jetty.xml
etc/jetty-annotations.xml
# etc/jetty-ssl.xml
# etc/jetty-requestlog.xml
etc/jetty-deploy.xml
#etc/jetty-overlay.xml
etc/jetty-webapps.xml
etc/jetty-contexts.xml
#etc/jetty-testrealm.xml
#===========================================================

여기'#etc/jetty-testrealm.xml'은 주석 부분입니다.
2, 사용자 정의 JAAS 파일(jvwl-realm.conf, jvwl-realm.xml, jvwl-realm.properties)을 ${jetty_home}/etc/myJAAS에 추가합니다.
jvwl-realm.conf:
jvwl-sso {
    org.eclipse.jetty.plus.jaas.spi.PropertyFileLoginModule required
    debug="true"
    file="etc/myJAAS/jvwl-realm.properties";
};

jvwl-realm.xml:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <Call name="addBean">
    <Arg>
      <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <Set name="Name">java:/jaas/jvwl-sso</Set>
        <Set name="LoginModuleName">jvwl-sso</Set>
      </New>
    </Arg>
  </Call>
</Configure>

jvwl-realm.properties:
#
# This file defines users passwords and roles for a HashUserRealm
#
# The format is
#  <username>: <password>[,<rolename> ...]
#
# Passwords may be clear text, obfuscated or checksummed.  The class 
# org.eclipse.util.Password should be used to generate obfuscated
# passwords or password checksums
#
# If DIGEST Authentication is used, the password must be in a recoverable
# format, either plain text or OBF:.
#
jetty: MD5:164c88b302622e17050af52c89945d44,user
admin: CRYPT:adpexzg3FUZAk,server-administrator,content-administrator,admin
other: OBF:1xmk1w261u9r1w1c1xmq,user
plain: plain,user
user: password,user
jerval: 888888,jvwl

# This entry is for digest auth.  The credential is a MD5 hash of username:realmname:password
digest: MD5:6e120743ad67abfbc385bc2bb754e297,user

 
3, ${jetty_home}에서'start'라는 이름을 지정합니다.d'의 폴더는 폴더 아래에 있습니다.ini 파일, 예를 들어jerval.ini.그리고 ${jetty_home}/start.d/jerval.ini 파일에 쓰기:
-Djava.security.auth.login.config=etc/myJAAS/jvwl-realm.conf
etc/myJAAS/jvwl-realm.xml

주: 여기도 다음과 같이 쓸 수 있습니다.
-Djava.security.auth.login.config=etc/myJAAS/jvwl-realm.conf
그렇다면 위의 jvwl-realm.xml 파일은 생략할 수 있지만 설정 정보:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
  <Call name="addBean">
    <Arg>
      <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <Set name="name">java:/jaas/jvwl-sso</Set>
        <Set name="loginModuleName">jvwl-sso</Set>
      </New>
    </Arg>
  </Call>
</Configure>
jetty에 합병해야 합니다.xml에서는 다음 파일에도 통합할 수 있습니다.
#===========================================================
# Configuration files.
# For a full list of available configuration files do
#   java -jar start.jar --help
#-----------------------------------------------------------
#etc/jetty-jmx.xml
etc/jetty.xml
etc/jetty-annotations.xml
# etc/jetty-ssl.xml
# etc/jetty-requestlog.xml
etc/jetty-deploy.xml
#etc/jetty-overlay.xml
etc/jetty-webapps.xml
etc/jetty-contexts.xml
#etc/jetty-testrealm.xml
#===========================================================
- 코드 캡처는 ${jetty_home}/start.ini 중.
 
4, Jetty 서버 테스트를 시작하고 모든 것을 OK
 
>> 개별 Jetty 서버에서 단일 프로젝트에 JAAS 구성 파일 사용
1, ${jetty_home}/contexts 아래에 mytest를 추가합니다.xml(또는 그 자체에 있는test.xml 파일을 복사하여 수정).
mytest.xml:
<?xml version="1.0"  encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">

<!-- ==================================================================
Configure and deploy the test web application in $(jetty.home)/webapps/test

Note. If this file did not exist or used a context path other that /test
then the default configuration of jetty.xml would discover the test
webapplication with a WebAppDeployer.  By specifying a context in this
directory, additional configuration may be specified and hot deployments 
detected.
===================================================================== -->

<Configure class="org.eclipse.jetty.webapp.WebAppContext">


  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Required minimal context configuration :                        -->
  <!--  + contextPath                                                  -->
  <!--  + war OR resourceBase                                          -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Set name="contextPath">/web</Set>
  <Set name="war"><SystemProperty name="jetty.home" default="."/>/web-test.war</Set>

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- Optional context configuration                                  -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <Set name="extractWAR">true</Set>
  <Set name="copyWebDir">false</Set>
  <Set name="defaultsDescriptor"><SystemProperty name="jetty.home" default="."/>/etc/webdefault.xml</Set>
  <!--<Set name="overrideDescriptor"><SystemProperty name="jetty.home" default="."/>/contexts/test.d/override-web.xml</Set>-->

  <!-- virtual hosts
  <Set name="virtualHosts">
    <Array type="String">
      <Item>www.myVirtualDomain.com</Item>
      <Item>localhost</Item>
      <Item>127.0.0.1</Item>
    </Array>
  </Set>
  -->

  <!-- disable cookies 
  <Get name="sessionHandler">
     <Get name="sessionManager">
        <Set name="usingCookies" type="boolean">false</Set>
     </Get>
  </Get>
  -->

  <Get name="securityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
	    <Set name="name">java:/jaas/jvwl-sso</Set>
	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
            <!-- To enable reload of realm when properties change, uncomment the following lines -->
            <!-- changing refreshInterval (in seconds) as desired                                -->
            <!-- 
            <Set name="refreshInterval">5</Set>
            <Call name="start"></Call>
            -->
      </New>
    </Set>
    <Set name="authenticator">
      <New class="org.eclipse.jetty.security.authentication.FormAuthenticator">
        <Set name="alwaysSaveUri">true</Set>
      </New>
    </Set>
    <Set name="checkWelcomeFiles">true</Set>
  </Get>
  
  <!-- Non standard error page mapping -->
  <!--
  <Get name="errorHandler">
    <Call name="addErrorPage">
      <Arg type="int">500</Arg>
      <Arg type="int">599</Arg>
      <Arg type="String">/dump/errorCodeRangeMapping</Arg>
    </Call>
  </Get>
  -->

  <!-- Add context specific logger
  <Set name="handler">
    <New id="RequestLog" class="org.eclipse.jetty.server.handler.RequestLogHandler">
      <Set name="requestLog">
	<New id="RequestLogImpl" class="org.eclipse.jetty.server.NCSARequestLog">
	  <Set name="filename"><Property name="jetty.logs" default="./logs"/>/test-yyyy_mm_dd.request.log</Set>
	  <Set name="filenameDateFormat">yyyy_MM_dd</Set>
	  <Set name="append">true</Set>
	  <Set name="LogTimeZone">GMT</Set>
	</New>
      </Set>
    </New>
  </Set>
  -->

</Configure>
다음 코드는 JAAS를 구성합니다.
  <Get name="securityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
	    <Set name="name">java:/jaas/jvwl-sso</Set>
	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
            <!-- To enable reload of realm when properties change, uncomment the following lines -->
            <!-- changing refreshInterval (in seconds) as desired                                -->
            <!-- 
            <Set name="refreshInterval">5</Set>
            <Call name="start"></Call>
            -->
      </New>
    </Set>
    <Set name="authenticator">
      <New class="org.eclipse.jetty.security.authentication.FormAuthenticator">
        <Set name="alwaysSaveUri">true</Set>
      </New>
    </Set>
    <Set name="checkWelcomeFiles">true</Set>
  </Get>
이러한 방식으로 서로 다른 프로젝트에 대해 서로 다른 JAAS 구성을 사용할 수 있습니다.
2, 폴더 삭제 ${jetty_home}/start.d 또는 이 폴더 아래의jerval.ini.방금 JAAS 구성이 현재 테스트 결과에 영향을 미치지 않도록 합니다.
3, 테스트 항목, 모든 OK.

좋은 웹페이지 즐겨찾기