I have a website powered by Jetty.
I\'d like to make the site password protected (or similar).
Is there a way to do this by configuration alone (without touc
I found the example that the jetty distribution provides quite helpful. To use basic auth using user accounts from a text file look at your {jetty.home}/demo-base/etc directory. Copy these two files to your {jetty.base}/etc folder: realm.properties, test-realm.xml
Jetty won't properly load these files unless you tell it to. This can be done by adding the following text to the start.ini or any *.ini file in your {jetty.base}/start.d folder:
# Create and configure the test realm
etc/test-realm.xml
jetty.demo.realm=etc/realm.properties
Finally, create a web.xml file (if not done already) and insert the example provided by @sstendal/@Torsten in their earlier answer. It uses the same real name as within the demo-base example from the jetty distribution so it should work. Restart jetty and try to access any of your web resources. Your browser or client should ask you for credentials. User user/password for example.
One way to do this is by setting up basic authentication for your application. You should only do this if you use ssl, but then login without ssl is not secure anyway so I guess you have that already.
There is many ways to do this in Jetty, and this is only one of them.
First, you must define a realm where you define all users, passwords, roles etc. The default settings in Jetty already defines a realm called "Test Realm". The realm is defined in the file /etc/jetty-testrealm.xml. You may use this realm or create a new one. If you define a new, you may define it in the same file or in a separate file. If you create a separate file, remember to include that file in start.ini.
The /etc/jetty-testrealm.xml has a reference to /etc/realm.properties. This is where you create your users. If you want to just use the test-realm, remember to delete the default users that already is defined in realm.properties.
There are also other kind of realm implementations that use i.e. a database for user data.
Next, open the /etc/webdefault.xml file and add something like this at the bottom:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern> <!--The url that should be protected -->
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name> <!--The required roles for accessing the url -->
<role-name>user</role-name>
<role-name>moderator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method> <!-- Use http basic authentication -->
<realm-name>Test Realm</realm-name> <!-- Users are defined in this realm -->
</login-config>