1

I am new to GWT. I want to add security to my existing webapp. This is the content of my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_1342051730046" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>index pages</web-resource-name>
            <url-pattern>/</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>admin</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>admin</role-name>
    </security-role>

    <filter>
        <description>Initialises Guice</description>
        <filter-name>guiceFilter</filter-name>
        <filter-class>com.google.inject.servlet.GuiceFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>guiceFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>TEST</realm-name>
    </login-config>

</web-app>

Without the security constraints, the app works fine. However, if it is present in web.xml, I get the following error 503 Service not available when I try to call a remote service.

This is how I configure Jetty to include the realm:

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
<Configure class="org.mortbay.jetty.webapp.WebAppContext">
    <Set name="contextPath">/fnd</Set>
    <Get name="securityHandler">
        <Set name="userRealm">
            <!-- NOTE: This config is duplicated in the pom (jetty plugin) -->
            <New class="org.mortbay.jetty.security.HashUserRealm">
                <Set name="name">User realm</Set>
                <Set name="config"><SystemProperty name="jetty.home" default="."/>/realm.properties
                </Set>
            </New>
        </Set>
    </Get>
</Configure>

And realm.properties, which is in classpath:

# Usernames and passwords for the Jetty deployment
admin:admin,admin

Is there anything wrong with this config?I would expect the basic authentication dialog box to be displayed when the index page is accessed.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Tuan Nguyen
  • 89
  • 1
  • 6

0 Answers0