The servlet specification calls for authorisation support, but doesn't give you the ability to interact with it (as far as I can tell). So, after the flip, I've put up a Python script to add users to your servlet engine and a sample servlet configuration snippet to support authentication. The authentication is taken care of by the servlet engine.
#!/usr/bin/python
import cgi
f=cgi.FieldStorage()
import os
os.putenv('CLASSPATH','/home/hdiwan/jetty-6.1.21//lib/jetty-6.1.21.jar:/home/hdiwan/jetty-6.1.21//lib/jetty-util-6.1.21.jar')
java =subprocess.Popen(stdout = subprocess.PIPE, stderr=subprocess.STDOUT, args=str(("/usr/local/bin/java org.mortbay.jetty.security.Password %s %s")%(f['j_username'], f['j_password']).split(' '))
data = java.stdout.read()
import re
reg=re.compile('(MD5:.*)')
m=reg.search(data)
userinfo = f['j_username']+': '+m.group(1)+'\n'
f=open('/home/hdiwan/jetty-6.1.21/etc/realm.properties','a')
f.write(userinfo)
f.close()
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected</web-resource-name>
<url-pattern>/sensitive/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>finance</realm-name>
</login-config>
Leave a comment