Bug 333745

Comment 1 Jan Bartel 2011-01-07 11:40:08 EST

This is actually not specific to jetty-8, as the same behaviour occurs on jetty-7.  I don't think that WebAppContext.getCurrentWebAppContext() is going to be guaranteed to work except during startup and shutdown of the context.

Can you tell me what you're trying to achieve because maybe there's another way to do it?

Jan

Comment 2 Sebastian Tusk 2011-01-07 11:54:14 EST

In this case there is just documentation missing I guess.

I need to "manually" login within a servlet. HttpServletRequest.login would provide this functionality but unfortunately this isn't implemented in Jetty. I don't understand the Jetty authentication code well enough to provide a patch myself. In my workaround I need WebAppContext for the configured LoginService. My workaround looks like this.

// jetty specific code
Request jettyRequest = (Request)req;

final String username = req.getParameter( FormAuthenticator.__J_USERNAME );
final String password = req.getParameter( FormAuthenticator.__J_PASSWORD );

WebAppContext.Context innerContext = ((WebAppContext.Context)jettyRequest.getContext());
Field outerClassField;
try {
	outerClassField = WebAppContext.Context.class.getDeclaredField( "this$0" );
} catch (NoSuchFieldException e) {
	throw new RuntimeException( e );
}
outerClassField.setAccessible( true );
WebAppContext outerContext;
try {
	outerContext = (WebAppContext)outerClassField.get( innerContext );
} catch (IllegalAccessException e) {
	throw new RuntimeException( e );
}

LoginService loginService = outerContext.getSecurityHandler().getLoginService();
UserIdentity user = loginService.login(username,password);
if ( user != null ) {
	HttpSession session = req.getSession(true);
	Authenticator authenticator = new DummyAuthenticator();
	
	Authentication authentication = new SessionAuthentication(session,authenticator,user);
	session.setAttribute( SessionAuthentication.__J_AUTHENTICATED, authentication );
	
	jettyRequest.setAuthentication( authentication );
}else{
	resp.sendError( HttpServletResponse.SC_UNAUTHORIZED );
}

Comment 3 Jan Bartel 2011-01-10 07:13:47 EST

Sebastian,

If HttpServletRequest.login() from Servlet 3.0 is what you're after, then this is implemented in jetty-8. See http://download.eclipse.org/jetty/8.0.0.M2/dist/.

If this solves your problem, then please close the issue. If not, then let us know why by commenting on this issue and we'll see what we can do.

cheers
Jan

Comment 4 Sebastian Tusk 2011-01-10 10:21:51 EST

Are you sure that this is implemented in 8.0.0.M2? In 8.0.0.M1 it didn't work and I see that DeferredAuthentication.login is still an empty method with a TODO comment. See Bug 324505.

Comment 5 Jan Bartel 2011-01-10 10:37:36 EST

Sebastian,

Working on a fix for jetty-8 now. We're planning another milestone release within the next 2 weeks, but I'll let you know when the fix is in svn anyway.

cheers
Jan


(In reply to comment #4)
> Are you sure that this is implemented in 8.0.0.M2? In 8.0.0.M1 it didn't work
> and I see that DeferredAuthentication.login is still an empty method with a
> TODO comment. See Bug 324505.

Comment 6 Jan Bartel 2011-01-10 11:22:53 EST

Sebastian,

We've implemented the login method for jetty-8. Please see https://bugs.eclipse.org/bugs/show_bug.cgi?id=324505 for details of svn rev number. It would be appreciated if you could test this in your setup.

thanks
Jan

Comment 7 Jan Bartel 2011-01-10 11:26:32 EST

I'm closing this issue as the real issue is captured by https://bugs.eclipse.org/bugs/show_bug.cgi?id=324505.

Jan