如何在Jetty 9上使用登录表单？

Question

我刚刚向我的嵌入式码头web服务器添加了身份验证。我正在使用JDBCLoginService，并且一切正常。

我现在想添加一个登录页面。并且它不再工作：调用FormAuthenticator.validate方法时，它试图获取HTTPsession并且没有找到。

我一直在尝试创建会话，但我一直无法找到正确的API。有人能给我一个例子吗？

这是我的代码：

// the file server part 
ResourceHandler resource_handler = new ResourceHandler(); 
resource_handler.setDirectoriesListed(false); 
resource_handler.setResourceBase("www"); 
resource_handler.setDirectoriesListed(false); 
resource_handler.setWelcomeFiles(new String[]{ "html/dashboard.html" }); 
// the JSP part 
WebAppContext webAppContext = new WebAppContext(); 
webAppContext.setResourceBase("www"); 
webAppContext.setInitParameter("dirAllowed", "false"); 
webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals"); 
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues"); 
HandlerList handlers = new HandlerList(); 
handlers.setHandlers(new Handler[] { 
     // static files 
     resource_handler, 
     // servlets 
     webAppContext, 
     // 404 
     new DefaultHandler() 
    }); 
// get the path for the authentication settings 
// it should be in the same folder than the platform location 
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile")); 
File authConfigFile = new File(configFile.getParent(), "auth.properties"); 
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath()); 
m_server.addBean(loginService); 

ConstraintSecurityHandler security = new ConstraintSecurityHandler(); 
Constraint constraint = new Constraint(); 
constraint.setName(Constraint.__FORM_AUTH); 
constraint.setAuthenticate(true); 
constraint.setRoles(new String[] { "user", "admin" }); 

ConstraintMapping mapping = new ConstraintMapping(); 
mapping.setPathSpec("/*"); 
mapping.setConstraint(constraint); 

security.addConstraintMapping(mapping); 
FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html", false); 
security.setAuthenticator(authenticator); 
security.setLoginService(loginService); 


security.setHandler(handlers); 
m_server.setHandler(security); 


m_server.start(); 

Answer 1

我已经找到了解决办法。窍门是只使用WebAppContext。它提供： *一个SessionHandler *一个ResouceHandler *，并允许设置一个SecurityHandler

我的代码现在是：

// Creating the server on port webPort 
m_server = new Server(webPort); 

// get the path for the authentication settings 
// it should be in the same folder than the platform location 
File configFile = new File(System.getProperty("com.bnpp.firefly.configfile")); 
File authConfigFile = new File(configFile.getParent(), "auth.properties"); 
// set the login service 
LoginService loginService = new org.eclipse.jetty.security.JDBCLoginService("MyRealm", authConfigFile.getPath()); 
ConstraintSecurityHandler security = new ConstraintSecurityHandler(); 

// no authentication for these items 
{ 
    Constraint constraint = new Constraint(); 
    constraint.setAuthenticate(false); 

    for (String pathSpec: new String[] { 
      "/images/*", 
      "/css/*", 
      "/lib/*", 
     }) 
    { 
     ConstraintMapping mapping = new ConstraintMapping(); 
     mapping.setPathSpec(pathSpec); 
     mapping.setConstraint(constraint); 
     security.addConstraintMapping(mapping); 
    } 
} 

// must have authentication for the rest 
{ 
    Constraint constraint = new Constraint(); 
    constraint.setName(Constraint.__FORM_AUTH); 
    constraint.setAuthenticate(true); 
    constraint.setRoles(new String[] { "user", "admin" }); 

    ConstraintMapping mapping = new ConstraintMapping(); 
    mapping.setPathSpec("/*"); 
    mapping.setConstraint(constraint); 
    security.addConstraintMapping(mapping); 
} 

security.setLoginService(loginService); 

FormAuthenticator authenticator = new FormAuthenticator("/html/login.html", "/html/login.html?error=true", false); 
security.setAuthenticator(authenticator); 

// the JSP part 
WebAppContext webAppContext = new WebAppContext(); 
//webAppContext.setContextPath("/"); 
webAppContext.setResourceBase("www"); 
webAppContext.setInitParameter("dirAllowed", "false"); 

//Including the JSTL jars for the webapp. 
webAppContext.setAttribute("org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern",".*/[^/]*jstl.*\\.jar$"); 

//Enabling the Annotation based configuration 
org.eclipse.jetty.webapp.Configuration.ClassList classlist = org.eclipse.jetty.webapp.Configuration.ClassList.setServerDefault(m_server); 
classlist.addAfter("org.eclipse.jetty.webapp.FragmentConfiguration", "org.eclipse.jetty.plus.webapp.EnvConfiguration", "org.eclipse.jetty.plus.webapp.PlusConfiguration"); 
classlist.addBefore("org.eclipse.jetty.webapp.JettyWebXmlConfiguration", "org.eclipse.jetty.annotations.AnnotationConfiguration"); 

webAppContext.addServlet(new ServletHolder(new QueryGlobals()), "/queries/globals"); 
webAppContext.addServlet(new ServletHolder(new QueryAllVenues()), "/queries/all_venues"); 
webAppContext.addServlet(new ServletHolder(new QuerySearchCSV()), "/queries/searchCSV"); 
webAppContext.addServlet(new ServletHolder(new QuerySearchWithPaging()), "/queries/searchWithPaging"); 
webAppContext.setWelcomeFiles(new String [] {"html/dashboard.html"}); 

// this will set authentication 
webAppContext.setSecurityHandler(security); 
webAppContext.getSessionHandler().setMaxInactiveInterval(24 * 60 * 60); 

// what the server serves 
m_server.setHandler(webAppContext); 

m_server.start();