Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Working example of integration as Jetty container authentication #474

Open
hakanai opened this issue Jan 10, 2017 · 3 comments
Open

Working example of integration as Jetty container authentication #474

hakanai opened this issue Jan 10, 2017 · 3 comments

Comments

@hakanai
Copy link

hakanai commented Jan 10, 2017

I have been fighting with this one for the better part of two days now.

We are currently using NegotiateServletFilter, but finding that the usernames are not appearing in access.log. After hunting around, it seems that the only way to get that information in the log is to use proper container authentication.

Jetty has a number of different integration points for authentication and it isn't very obvious which level one would integrate WAFFLE at.

(a) Custom LoginService?
(b) Custom LoginModule, for use with JAASLoginService?
(c) Custom Authenticator? Or multiple?

Some hints would be good, but I think a working example of this sort of integration would be more useful...
@hazendaz
Copy link
Member

hazendaz commented Jan 11, 2017
edited
Loading

Currently we don't have that level of integration with jetty unfortunately. Not many jetty developers have offered up help in making waffle better. At the moment the use you have is essentially all we have. The unit tests do show how to get embedded working but I think your approach is likely more traditional and you want to know who is requesting what up front. So basically, if you know enough about jetty to assist we certainly could use your expertise to add further support.

@hakanai
Copy link
Author

hakanai commented Jan 11, 2017

I wish I knew enough about Jetty to make it work. If I did, I wouldn't have come asking. :(

The closest I got was noticing that SpnegoAuthenticator and SpnegoLoginService both exist, so it could be a matter of keeping one and replacing the other, or replacing both... but I had a fairly good look at SpnegoAuthenticator and it didn't cover our one requirement where we wanted a way to set the whole thing to NTLM-only... something I wish we didn't have to support, but oh well. :/

At the moment I'm just going to give up again and accept that the logs are going to be missing the username. I can't see any way the access log can show the right information with the way things currently stand, so it could be something where I go file that against Jetty and see what happens. :/

@hazendaz
Copy link
Member

I know I recently discovered we could log headers via access log so presumably if user authentication info is in the header, you certainly could log that. If you do figure this out, please feel free to submit a FAQ to help others. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hakanai @hazendaz