Realm security config for GWT dev mode
1,145 views
Skip to first unread message
Peter Leong
May 9, 2012, 1:44:48 AM5/9/12
to codehaus-mojo-gwt-...@googlegroups.com
Hi,
I'm new to GWT and am trying to set up container authentication. Can anyone give me an example of using the pom.xml to supply realm configuration to the jetty embedded in GWT Dev Mode?
Currently I get 'HTTP ERROR: 500 No realm' when I run gwt:run.
Plugin version: 2.4.0
The only relevant post I could find was unanswered.
I have a public learning project and I've got the jetty only plugin working but I don't know how to do the same for GWT plugin.
Excerpt from web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>everything</web-resource-name>
<!-- NOTE: Mangle this to turn off security requirements -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>superuser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Login with bruce x2</realm-name>
</login-config>
...
Jetty (only) plugin config:
...
</connector>
</connectors>
<userRealms>
<userRealm implementation="org.mortbay.jetty.security.HashUserRealm">
<name>Login with bruce x2</name>
<config>src/test/config/jetty-realm.properties</config>
</userRealm>
</userRealms>
</configuration>
<dependencies>
<dependency>
...
jetty-realm.properties:
# User database in a file
bruce: bruce,superuser
Any help or suggestions would be appreciated.
Pete
I'm new to GWT and am trying to set up container authentication. Can anyone give me an example of using the pom.xml to supply realm configuration to the jetty embedded in GWT Dev Mode?
Currently I get 'HTTP ERROR: 500 No realm' when I run gwt:run.
Plugin version: 2.4.0
The only relevant post I could find was unanswered.
I have a public learning project and I've got the jetty only plugin working but I don't know how to do the same for GWT plugin.
Excerpt from web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>everything</web-resource-name>
<!-- NOTE: Mangle this to turn off security requirements -->
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>superuser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Login with bruce x2</realm-name>
</login-config>
...
Jetty (only) plugin config:
...
</connector>
</connectors>
<userRealms>
<userRealm implementation="org.mortbay.jetty.security.HashUserRealm">
<name>Login with bruce x2</name>
<config>src/test/config/jetty-realm.properties</config>
</userRealm>
</userRealms>
</configuration>
<dependencies>
<dependency>
...
jetty-realm.properties:
# User database in a file
bruce: bruce,superuser
Any help or suggestions would be appreciated.
Pete
Thomas Broyer
May 9, 2012, 4:09:40 AM5/9/12
to codehaus-mojo-gwt-...@googlegroups.com
You have at least 2 solutions:
- use -noserver (<noServer>true</noServer>) for the GWT DevMode (gwt:run/gwt:debug); see also
- make it work in the DevMode embedded Jetty server.
See http://code.google.com/p/google-web-toolkit/issues/detail?id=6297 and http://code.google.com/p/google-web-toolkit/issues/detail?id=4462#c5
This wasn't using the gwt-maven-plugin but given it just launches the DevMode, it shouldn't be different: put a jetty-web.xml in your WEB-INF to configure the realm.
To make the CONFIDENTIAL transport-guarantee work, I guess <server>:ssl</server> will Just Work, but I haven't tried it. See http://code.google.com/p/google-web-toolkit/source/browse/trunk/dev/core/src/com/google/gwt/dev/shell/jetty/README-SSL.txt
Peter Leong
May 10, 2012, 1:59:11 AM5/10/12
to codehaus-mojo-gwt-...@googlegroups.com
Thanks for the info Thomas. I attempted to get it working but haven't got far. I added a trivial WEB-INF/jetty-web.xml but it doesn't appear to work unless it needs logging config...
jetty-web.xml:
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Call class="org.mortbay.log.Log" name="warn">
<Arg>!!!!!!!!!!!!!!!!! executing jetty-web.xml</Arg>
</Call>
</Configure>
A log message is output when running jetty stand alone but not in gwt dev mode :(
I'm using Jetty 6 for stand alone. I'm not sure what version GWT uses but gwt-dev.jar contains both the classes used above.
Pete
jetty-web.xml:
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Call class="org.mortbay.log.Log" name="warn">
<Arg>!!!!!!!!!!!!!!!!! executing jetty-web.xml</Arg>
</Call>
</Configure>
A log message is output when running jetty stand alone but not in gwt dev mode :(
I'm using Jetty 6 for stand alone. I'm not sure what version GWT uses but gwt-dev.jar contains both the classes used above.
Pete
Peter Leong
May 13, 2012, 8:21:40 PM5/13/12
to codehaus-mojo-gwt-...@googlegroups.com
Hmm... looks like logging isn't a good baby step to take. I added the following and it seems to work.
jetty-web.xml:
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<!-- This doen't log anything in GWT dev mode. Logging config perhaps? -->
<Call class="org.mortbay.log.Log" name="warn">
<Arg>!!!!!!!!!!!!!!!!! executing jetty-web.xml</Arg>
</Call>
<!-- TODO: Move this out of the src/main tree. Ideally into the gwt-maven-plugin config -->
<Get name="securityHandler">
<Set name="userRealm">
<New class="org.mortbay.jetty.security.HashUserRealm">
<Set name="name">Login with bruce x2</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/src/test/config/jetty-realm.properties
</Set>
</New>
</Set>
</Get>
</Configure>
This is getting pretty close but I'd like to supply this config from the pom. Wish me luck.
Thanks again for your help.
Pete
jetty-web.xml:
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<!-- This doen't log anything in GWT dev mode. Logging config perhaps? -->
<Call class="org.mortbay.log.Log" name="warn">
<Arg>!!!!!!!!!!!!!!!!! executing jetty-web.xml</Arg>
</Call>
<Get name="securityHandler">
<Set name="userRealm">
<New class="org.mortbay.jetty.security.HashUserRealm">
<Set name="name">Login with bruce x2</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/src/test/config/jetty-realm.properties
</Set>
</New>
</Set>
</Get>
</Configure>
This is getting pretty close but I'd like to supply this config from the pom. Wish me luck.
Thanks again for your help.
Pete
Peter Leong
May 13, 2012, 9:59:53 PM5/13/12
to codehaus-mojo-gwt-...@googlegroups.com
In addition to the config in the original post, I ended up:
Adding a WEB-INF/jetty-web.xml:
Cheers,
Pete
Adding a WEB-INF/jetty-web.xml:
<!-- A development only file. This is excluded from the resulting war. -->
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
<Get name="securityHandler">
<Set name="userRealm">
<!-- NOTE: This config is duplicated in the pom (jetty plugin) -->
<New class="org.mortbay.jetty.security.HashUserRealm">
<Set name="name">Login with bruce x2</Set>
<Set name="config"><SystemProperty name="jetty.home" default="."/>/src/test/config/jetty-realm.properties
</Set>
</New>
</Set>
</Get>
</Configure>
Excluding it from maven-war-plugin packaging:
...
</execution>
</executions>
<configuration>
<webappDirectory>${webappDirectory}</webappDirectory>
<!-- Exclude dev config from packaging -->
<packagingExcludes>WEB-INF/jetty-web.xml</packagingExcludes>
</configuration>
</plugin>
...
Note that SSL was already enabled and the resulting war will need auth configured in the target container. The
realm-name may be significant so use an appropriate one (like
'AppRealm'). Also, BASIC auth-method will probably change to FORM for my real project.
It may be worth mentioning this security approach will permit secure JSP pages for parts of the app that don't use GWT.
Cheers,
Pete
Reply all
Reply to author
Forward
0 new messages