Ironically, In Jetty 8 I didn't have to call ServletContextHandler#setSecurityHandler(SecurityHandler) I just did:
servletContextHandler.setHandler(constraintSecurityHandler);
server.setHandler(servletContextHandler);
... but in Jetty 9 it is required in order to prevent the error. So, it looks like Jetty 9 fixes the bug rather than produces one :)
servletContextHandler.setSecurityHandler(constraintSecurityHandler);
server.setHandler(servletContextHandler);
From: Will Hoover [mailto:java.whoover@xxxxxxxxx]
Sent: Thursday, March 14, 2013 10:41 AM
To: 'jetty-users@xxxxxxxxxxx'
Subject: Jetty 9.0.0.v20130308 FormAuthenticator Bug
I switched from Jetty 8 to Jetty 9.0.0.v20130308 and I'm now getting "java.lang.IllegalStateException: No SessionManager" using a FormAuthenticator. I'm basically using a similar setup as http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/SecuredHelloHandler.java but with a FormAuthenticator instead of BasicAuthenticator.