How to get HTTP authentication working in hosted mode using GWT 1.6

[Roman]

Hello

In my web.xml file I'm using the following configuration to enable
HTTP authentication for my app:

<security-constraint>
<web-resource-collection>
<web-resource-name>Demo Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sol</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Demo authentication</realm-name>
</login-config>

For web mode I have configured a suitable realm in my tomcat server
and got HTTP authentication working.

Now I would like to use HTTP authentication also in hosted mode using
the embedded Jetty server (for debugging).

Can anybody tell me how to proceed or help me to locate the
configuration files for the embedded Jetty server?

Thanks and regards,
Roman

[rudolf michael]

Hello,
You can always change your shell command params to point to any other Servlet container/app server.
i dont think that the Jetty server which comes with the toolkit has support for such thing.
in you shell-cmd.bat, add the following:
com.google.gwt.dev.GWTShell -noserver -port 8080
where 8080 is your app server that your war is hosted.

[Roman]

Thanks, for your reply.

This would mean, that I could only debug the client code in Eclipse
and that the war file needs to be rebuilt and deployed every time I
change the server code, right?

-- Roman

On Apr 3, 5:00 pm, rudolf michael <roud...@gmail.com> wrote:
> Hello,
> You can always change your shell command params to point to any other
> Servlet container/app server.
> i dont think that the Jetty server which comes with the toolkit has support
> for such thing.
> in you shell-cmd.bat, add the following:
> com.google.gwt.dev.GWTShell -noserver -port 8080
> where 8080 is your app server that your war is hosted.
>

[rudolf michael]

if you changed the static files like .css, .html and others then yes you will need to re-deploy the war to see the changes in your hosted mod browser.
But if you did change the .java files, then you will see the changes on the fly. means that no need to re-delpoy your war, just refresh your hosted mode browser.

regards,
ruds

[Vitali Lovich]

Cool trick I found on the web:

javascript:void(function(){var%20i,a,s;a=document.getElementsByTagName('link');for(i=0;i<a.length;i++){s=a[i];if(s.rel.toLowerCase().indexOf('stylesheet')>=0&&s.href)%20{var%20h=s.href.replace(/(&|%5C?)forceReload=\d+/,'');s.href=h+(h.indexOf('?')>=0?'&':'?')+'forceReload='+(new%20Date().valueOf())}}})();

Refreshes your CSS without reloading your page. Pretty useful with
GWT apps since refreshing them regularly can cause problems.

[Roman]

Thanks for the suggestions

I still wished it would be possible to use internal jetty server and
configure it to support HTTP authentication. It would make debugging
of the server code a lot easier.

-- Roman

On Apr 3, 5:33 pm, Vitali Lovich <vlov...@gmail.com> wrote:
> Cool trick I found on the web:
>
> javascript:void(function(){var%20i,a,s;a=document.getElementsByTagName('link');for(i=0;i<a.length;i++){s=a[i];if(s.rel.toLowerCase().indexOf('stylesheet')>=0&&s.href)%20{var%20h=s.href.replace(/(&|%5C?)forceReload=\d+/,'');s.href=h+(h.indexOf('?')>=0?'&':'?')+'forceReload='+(new%20Date().valueOf())}}})();
>
> Refreshes your CSS without reloading your page.  Pretty useful with
> GWT apps since refreshing them regularly can cause problems.
>

> On Fri, Apr 3, 2009 at 11:31 AM, rudolf michael <roud...@gmail.com> wrote:
> > if you changed the static files like .css, .html and others then yes you
> > will need to re-deploy the war to see the changes in your hosted mod
> > browser.
> > But if you did change the .java files, then you will see the changes on the
> > fly. means that no need to re-delpoy your war, just refresh your hosted mode
> > browser.
>
> > regards,
> > ruds
>

[Andrew Newdigate]

Hi Roman,

I've worked out a bit of hack to get this working for myself. It works well enough for me right now, but if I had time I would do it properly.

Here's what you need to do:

* Duplicate the code from the com.google.gwt.dev.shell.jetty.JettyLauncher class into your project. GWT ships with the sources, so it should be easy to find this class. I called my duplicate class JettyRealmServletLauncher.

* Add the jetty-plus-6.1.1.jar to your project classpath. (I am using Maven and used artifact org.mortbay.jetty:jetty-plus:6.1.1 with scope PROVIDED)

* In the start method in JettyRealmServletLauncher, locate the line that says server.addConnector(connector), and add your realm configuration below, in a similar manner to how you would do it in the jetty.xml file.

Mine looked like:

       JAASUserRealm realm = new JAASUserRealm();

       realm.setName("Realm");

       realm.setLoginModuleName("LoginModule");

       realm.setRoleClassNames(new String[] {

           "com.xxxxxx.ldap.LDAPGroup",

           "com.xxxxxx.ldap.LDAPPrincipal",

           "com.xxxxxx.login.RdbmsRole" });

       server.addUserRealm(realm);

       

Then, open up your GWT Web Application debug/run configuration in Eclipse (Run|Debug Configurations) and go to the arguments tab, where you need to add the following line:

-server com.xxxxx.client.JettyRealmServletLauncher

(Obviously you'll need to replace the FQCN with your own)

I hope this helps, let me know if you have any problems.

Ideally it would be great if the standard JettyLauncher that ships with GWT could be passed a parameter for the jetty.xml configuration file from the command line. It wouldn't be too hard to write an instance of ServletContainerLauncher that does this. 

Regards,

Andrew

On Apr 3, 5:47 pm, Roman <roman.g...@gmail.com> wrote:

>> Thanks for the suggestions

>>

>> I still wished it would be possible to use internal jetty server and

>> configure it to support HTTP authentication. It would make debugging

>> of the server code a lot easier.

>>

>> -- Roman

>>

>> On Apr 3, 5:33 pm, Vitali Lovich <vlov...@gmail.com> wrote:

>>

>>

>>

>> > Cool trick I found on the web:

>>

>> > javascript:void(function(){var%20i,a,s;a=document.getElementsByTagName('lin k');for(i=0;i<a.length;i++){s=a[i];if(s.rel.toLowerCase().indexOf('styleshe et')>=0&&s.href)%20{var%20h=s.href.replace(/(&|%5C?)forceReload=\d+/,'');s. href=h+(h.indexOf('?')>=0?'&':'?')+'forceReload='+(new%20Date().valueOf())} }})();

[cschoett]

Hi Roman,

I had the same issue after upgrading to GWT 1.6 and after a lot of
trial and error I found a solution.
You must add a jetty-web.xml to your configuration. Put it in the
beside your web.xml file.

My confifiguration looks like the following:

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN"
"http://jetty.mortbay.org/configure.dtd">
<Configure class="org.mortbay.jetty.webapp.WebAppContext">

<Get name="SecurityHandler">
<Call name="setUserRealm">
<Arg>
<New class="org.mortbay.jetty.security.JDBCUserRealm">
<Set name="name">your realm name</Set>
<Set name="config">jdbcRealm.properties</Set>
</New>
</Arg>
</Call>
</Get>
</Configure>

In the referenced jdbcRealm.properties the realm is configured (db
access, user and role tables). You should find out how to configure
this in the jetty documentation.

This is the cleanest solution I found and it works for me without
problems.

Regards,
Christoph

[Roman]

Hello Christoph

Thanks for posting your solution.

I tried it with a simple HashUserRealm and it worked perfectly.

Best regards,
Roman