[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] jetty-users Digest, Vol 84, Issue 21
|
Excellent suggestion, thank you Simone. I will investigate Jetty's HttpClient.
Best Regards,
Jim Gregoric
On Thu, May 19, 2016 at 5:28 PM, Gregoric, James <James.Gregoric@xxxxxxxxxxxxxxxxxxxxx> wrote:
> Thank you for your response Simone.
>
> Simone: How do you plan to make this machine-to-machine interaction?
> Jim: The requesting machine will submit a REST request. Our questions concern authentication.
> 1. Specifically, how would the client machine submit a request to the Jetty server in such a way that the sender could be authenticated with LDAP?
> 2. How would the Jetty server be configured so that incoming requests would be authenticated with LDAP, but the username/password would be obtained from the request? That is, since a machine is submitting the request and not an interactive user, we cannot have a login dialog pop up to obtain the username/password. The username/password must instead be embedded in the request itself. NOTE: LDAP-based authentication is not an absolute requirement - we could instead use certificate-based authentication. But regardless of whether LDAP or a certificate is used, the question remains, how to configure Jetty to perform the authentication when the request comes from a machine rather than an interactive user?
>
> Simone: Are you using an HTTP client to make requests?
> Jim: HTTPS (I assume, due to authentication requirements).
The way I see this working is as follows:
Server.
Configure the server with a BasicAuthenticator and with the JAAS login service.
Configure the JAAS login service to use the LDAP module.
See:
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.eclipse.org_jetty_documentation_current_configuring-2Dsecurity-2Dauthentication.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=xLKFsrFREWwi7-7QJTeiOI2AuUPZrnRpPOTI3sJgcME&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.eclipse.org_jetty_documentation_current_jaas-2Dsupport.html&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=NC9xb9eqnF9r6cDxxNaGdhse1CxKv_uLxMJJI-M-sR8&e=
Client.
Use Jetty's HttpClient and specify BasicAuthentication credentials:
HttpClient.getAuthenticationStore().addAuthentication(new
BasicAuthentication(...));
--
Simone Bordet
----
https://urldefense.proofpoint.com/v2/url?u=http-3A__cometd.org&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=iA_C0v9CLYiXIyFXgq8vfNJrvQ2OQ2-hUgAV8xeS57A&e=
https://urldefense.proofpoint.com/v2/url?u=http-3A__webtide.com&d=CwICAg&c=qS4goWBT7poplM69zy_3xhKwEW14JZMSdioCoppxeFU&r=a1pzhqEDruwS4U_330LJvhI7xc_jF-rLeXWg82Ysqyh1J0JMpZkHfoq4WcirSZtm&m=GOPr7VjEr6gUPO6zsz4oYHvBzEOQk3niMwwjYHkr5EA&s=mbGDXa4Hos05Omf6K8HQj_gai3RulqGltJghrV8coYM&e=
Developer advice, training, services and support from the Jetty & CometD experts.