[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
|
- From: Bryan Coleman <bryan.coleman@xxxxxxxx>
- Date: Tue, 6 Sep 2022 15:07:50 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dart.biz; dmarc=pass action=none header.from=dart.biz; dkim=pass header.d=dart.biz; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/rodnRrBHv8fMY0+TPhZnuqPoL3W9Ncr03ZN7hiDjGo=; b=KnhcwGvTdjXggpyB+150w/bmmOE/2c9W8kehE2iwvBTL5UmfEf7RkcZhbQGkN8F/BwC9bYeGeKiwzqooB0QCD52XFERDFIG8skZw5c2fOiYV4e19tOGBmijsnjFgSNSFIoWERPKHZjBUldh2GMoFyZv+C+nbDATJmgmJeoPp+HqzKS0PVQMCwKfO8x87ad0VyusgSqETe+ZscXvWTZrLrRO26e7p8dHgbQqv0Xpewr+jme8Jkqbrg1JJMjRImKKMatCxKrXHIBDVO7yHUNzEP5QtDtLRJbmpfN4L/xdgsIsxoIuAjxM01JvpF0qNzp4PNNihAqiULRwYmLZonDfAqA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=F1wYm+Jg7PbAqhCNBagf7AZ1xeYqhRJfaUPeex5fcs5BNKPQhtE6IgM+y/D4E86HrirbsE5aJatIO+hcfpmaNXOZTAnHjP5KZO2EcGwlg3aGxJ6b0YIE2sNkhmp33PNE/0PoSdGTdk+Z7o5CIhxU1yupDyM0BCYnEPR2GzH9spH99C4BhC6Lt0fSDlcyInOBW46qcxCIuwJg4Dm5dGLeiZCE7+ZhEeXZC/ISK5mVAEkPYj0ZLuDMDsxvj6UDggIgtrPoIEz24c2D6APojBKr75kqei4KeTYE74h1qpOE6KV04whi10EWKArWaAkXjyloy1ccqlkxiAoAFRWkcEgngw==
- Delivered-to: jetty-users@xxxxxxxxxxx
- List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
- List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
- List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
- List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
- Thread-index: AQHYsjLBBXbI7TDmsEykBqBgXPJjta20JhwAgABlL/CACZFhAIABOO4AgBMtvjA=
- Thread-topic: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
I believe I have narrowed the issue down to the login arena (i.e. login / authentication / authorization).
I am using a fallback authenticator which is an extension of the ConfigurableSpnegoAuthenticator and works to authenticate clients using a myriad of options (Spnego, NTLM, Basic).
With jetty 10, if I change things to start with the BasicAuthenticator, provide credentials, stop things and then restart with the FallbackAuthenticator it works; however, if I start with the FallbackAuthenticator out of the gate it tries to do Anonymous authentication and fails.
Questions:
Any ideas?
Has anything changed with the Spnego setup requirements from jetty 9 to 10?
Is there a good reference for Spnego setup? (I noticed that the programming guide still shows TODO for HttpClient SPNEGO authentication support)
I have seen some references to the need for an IdentityService; however, not sure how to properly set that up.
Here is the setup for how things were under jetty 9 (which worked):
SslContextFactory ssl = new SslContextFactory.Server();
ssl.setKeyStorePath(getKeyStorePath());
ssl.setKeyStoreType("JKS");
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
https.setSecurePort(port);
// set header sizes so that kerberos tickets will fit (necessary for SPNEGO)
https.setRequestHeaderSize(16384);
https.setResponseHeaderSize(16384);
server = new Server();
ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(ssl, HttpVersion.HTTP_1_1.toString()), new HttpConnectionFactory(https));
connector.setPort(port);
connector.setIdleTimeout(500000);
server.setConnectors(new Connector[]{connector});
Constraint constraint = new Constraint();
constraint.setName(REALM);
constraint.setRoles(new String[]{REALM});
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
javax.security.auth.login.Configuration.setConfiguration(new JaasConfigurator()); // note: JaasConfigurator extends javax.security.auth.login.Configuration
File spnegoConfig = new File(CONFIG, "spnego.prop");
ConstraintSecurityHandler security_handler = new ConstraintSecurityHandler();
security_handler.setAuthenticator(new FallbackAuthenticator());
security_handler.setLoginService(new SpnegoLoginService(REALM, spnegoConfig.getPath()));
security_handler.setConstraintMappings(new ConstraintMapping[]{mapping});
security_handler.setRealmName(REALM);
ServletContextHandler root_context = new ServletContextHandler(ServletContextHandler.SESSIONS);
root_context.setContextPath("/");
root_context.setResourceBase(BASE);
root_context.setSessionHandler(session_handler);
root_context.setSecurityHandler(security_handler);
root_context.addFilter(new FilterHolder(SessionFilter.class), "/Echo/*", EnumSet.of(DispatcherType.INCLUDE, DispatcherType.REQUEST));
root_context.addServlet(new ServletHolder(AppServlet.class), "/Echo");
root_context.addServlet(new ServletHolder(MyDefaultServlet.class), "/");
Constraint api_constraint = new Constraint();
api_constraint.setName(REALM);
api_constraint.setRoles(new String[]{REALM});
api_constraint.setAuthenticate(true);
ConstraintMapping api_mapping = new ConstraintMapping();
api_mapping.setConstraint(constraint);
api_mapping.setPathSpec("/*");
ConstraintSecurityHandler api_security_handler = new ConstraintSecurityHandler();
api_security_handler.setAuthenticator(root_context.getSecurityHandler().getAuthenticator());
api_security_handler.setLoginService(root_context.getSecurityHandler().getLoginService());
api_security_handler.setConstraintMappings(new ConstraintMapping[]{api_mapping});
api_security_handler.setRealmName(REALM);
ServletContextHandler noauth_context = new ServletContextHandler(ServletContextHandler.NO_SESSIONS);
noauth_context.setContextPath("/static_noauth");
noauth_context.setResourceBase(STATIC_NOAUTH);
noauth_context.addServlet(new ServletHolder(MyDefaultServlet.class), "/");
ContextHandlerCollection contexts = new ContextHandlerCollection();
contexts.setHandlers(new Handler[]{root_context, noauth_context});
server.setHandler(contexts);
server.start();
Thank you!
-----Original Message-----
From: Simone Bordet <simone.bordet@xxxxxxxxx>
Sent: Thursday, August 25, 2022 4:31 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Cc: Bryan Coleman <bryan.coleman@xxxxxxxx>
Subject: Re: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
[You don't often get email from simone.bordet@xxxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Hi,
On Wed, Aug 24, 2022 at 7:03 PM Bryan Coleman via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
>
> Including logs to show what I am seeing in hopes that someone will have an idea of additional things to check.
In both cases your request is hitting
com.website.department.projectY.reporter.MyDefaultServlet.
In the ISO-8859-1 case there is a sendError() and in the other a successful response.
You should be looking at what that class does and why it is calling sendError().
--
Simone Bordet
---
Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
