Enabling authentication realm in jetty 8

Question

I tried to follow the offical tutorial to enable MD5 authentication for my only web-app running on jetty. Nginx manages ssl and redirects to jetty

I placed

   <Call name="addBean">
      <Arg>
        <New class="org.eclipse.jetty.security.HashLoginService">
          <Set name="name">My Realm</Set>
          <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
          <Set name="refreshInterval">0</Set>
        </New>
      </Arg>
    </Call>

In jetty.xml, and the content of realm.properties are :

test: MD5:098f6bcd4621d373cade4e832627b4f6,user

In the tutorial they do not tell where to assign the realm to a context so I don't know where to place this :

<Configure class="org.eclipse.jetty.webapp.WebAppContext">
   <Get name="securityHandler">
       <Set name="realmName">My Realm</Set>
   </Get>
</Configure>

I tried to put in in jetty-context.xml, and in web.xml, but it is still not working. I receive a 502 (bad gateway) when I place this in jetty.xml, in the other cases I get a normal json result from the web service (Shouldn't I get a 503 - not authorized ?)

Answer 1

A "Context XML File" (as outlined in Configuring Security Realms) refers Webapp deployment using the ContextProvider (enabled by default on jetty-distribution).

This deploys webapps by using a XML file, usually found in ${jetty.home}/contexts/ with a description of where that webapp is located on disk, and some details on how you want that webapp deployed.

You can also use the WEB-INF/jetty-web.xml to embed this Context configuration within your WAR file.