Ceptor - Get a Free Trial

Integrating with Jetty

Owned by Kim Rasmussen
Last updated: Jun 01, 2020 by Kim Rasmussen (Unlicensed)
4 min read

Integration with Jetty can be done in a number of ways.

Integrating with Jetty in Ceptors Distribution

Ceptor contains a built-in Jetty server, which you can use for your own webapps.

Here is a sample launcher xml that starts a demoapp

pp_launch_demoapp.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- Ceptor Launcher configuration -->
<ceptorlauncher port="21311"
	launcherclasspath="classes/launcher;lib/CeptorAgent.jar;extlib/logback-core-1.1.5.jar;extlib/logback-classic-1.1.5.jar;extlib/slf4j-api-1.7.16.jar" jvmstartdelay="10">
    <!-- Ceptor DemoApp -->
    <jvm name="demoapp" vmargs="-Xmx1024M -Xnoclassgc" systemclasspath="">
        <config servers="nios://localhost:21233?validateservercert=false" />
        <classloader name="demoapp" extraclasspath="extlib_extras/jsp">
            <service name="webserver1" launcherclass="dk.itp.managed.service.GenericWarLauncher">
                <property name="registerppsecurityhandler" value="true"/>
                <webserver webapp="${portalprotect.home}/samples/demoapp/PortalProtectDemoApp.war"
                    contextpath="/"
                    bindaddress="0.0.0.0" httpport="8080" sslport="0" minthreads="2" maxthreads="500"
                    maxpostsize="67108864" maxidletime="10000"
                    responseheadersize="32768"
                    outputbuffersize="32768"
                    />
            </service>
        </classloader>
    </jvm>
</ceptorlauncher>

In the above example, the property 

<property name="registerppsecurityhandler" value="true"/>

is all that is required to register the security handler.

Programmatically Install Jetty Security Handler

You can also install the Jetty Security Handler programmatically - Here is a full example, which sets up a security handler, and launches and embedded Jetty Server:

package dk.portalprotect.launcher.demoapp;

import java.io.File;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;

import javax.security.auth.Subject;
import javax.servlet.ServletRequest;

import dk.itp.security.passticket.Agent;
import dk.itp.security.passticket.PTException;
import org.apache.tomcat.InstanceManager;
import org.apache.tomcat.SimpleInstanceManager;
import org.eclipse.jetty.apache.jsp.JettyJasperInitializer;
import org.eclipse.jetty.plus.annotation.ContainerInitializer;
import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.webapp.WebAppContext;


/**
 * Bootstrapper, used to start the demoapp using an embedded jetty webserver
 */
public class StartJetty {
	public static class PPPrincipal implements Principal {
		String sessionid;
		
		public PPPrincipal(String sessionid) {
			this.sessionid = sessionid;
		}
		
		public String getName() {
			return sessionid;
		}
		
	}
	
	public static class PPUserIdentity implements UserIdentity {
		Subject subject;
		PPPrincipal principal;
		
		public PPUserIdentity(Subject subject, PPPrincipal principal) {
			this.subject = subject;
			this.principal = principal;
		}

		public Subject getSubject() {
			return subject;
		}

		public Principal getUserPrincipal() {
			return principal;
		}

		public boolean isUserInRole(String role, Scope scope) {
			try {
				boolean member = Agent.getInstance().isMemberOfGroup(principal.sessionid, role);
				if (!member) {
					System.err.println("Warning: User: "+ principal.sessionid + " was not a member of role: " + role);
				}
				return member;
			} catch (PTException e) {
				e.printStackTrace();
				return false;
			}
		}
		
	}
	
	public static class PPLoginService implements LoginService {
		IdentityService identService = new DefaultIdentityService();
		
		public UserIdentity login(String user, Object credentials, ServletRequest request) {
			if (Agent.getInstance().isValid(user)) {
				PPPrincipal principal = new PPPrincipal(user);
				Subject subject = new Subject();
				subject.getPrincipals().add(principal);
				
				return new PPUserIdentity(subject, principal);
				
			}
			return null;
		}
		
		public boolean validate(UserIdentity useridentity) {
			if (useridentity instanceof PPUserIdentity) {
				return Agent.getInstance().isValid(((PPUserIdentity)useridentity).principal.sessionid);
			}
			return false;
		}
		
		public void setIdentityService(IdentityService identityservice) {
			identService = identityservice;
		}
		
		public String getName() {
			return "PortalProtect Security Realm";
		}
		
		public IdentityService getIdentityService() {
			return identService;
		}

		public void logout(UserIdentity useridentity) {
			if (useridentity instanceof PPUserIdentity) {
				try {
					Agent.getInstance().logoff(((PPUserIdentity)useridentity).principal.sessionid);
				} catch (PTException e) {
				}
			}
		}		
	}
	
    private static List<ContainerInitializer> jspInitializers()
    {
        JettyJasperInitializer sci = new JettyJasperInitializer();
        ContainerInitializer initializer = new ContainerInitializer(sci, null);
        List<ContainerInitializer> initializers = new ArrayList<ContainerInitializer>();
        initializers.add(initializer);
        return initializers;
    }
    
	public static void main(String[] arguments) {
		try {
			System.setProperty("org.apache.jasper.compiler.disablejsr199","false");
			
			boolean develop = false;
			int port = 8080;
			for(int i = 0; i < arguments.length; i++) {
				if (arguments[i].equals("-develop"))
					develop = true;
				else if (arguments[i].equals("-port") && i+1 < arguments.length) {
					port = Integer.parseInt(arguments[++i]);
				}
			}
			
			HttpConfiguration httpConfig = new HttpConfiguration();
			httpConfig.setSendServerVersion(false);
			httpConfig.setSendXPoweredBy(false);
			httpConfig.setSendDateHeader(false);
			httpConfig.setResponseHeaderSize(32768);
			httpConfig.setOutputBufferSize(32768);

			final Server srv = new Server();
			ServerConnector con = new ServerConnector(srv, new HttpConnectionFactory(httpConfig));

			con.setPort(port);
			srv.setConnectors(new Connector[] {con});
			
			WebAppContext webapp = new WebAppContext();
			webapp.setContextPath("/");
			webapp.setAttribute("org.eclipse.jetty.containerInitializers", jspInitializers());
			webapp.setAttribute(InstanceManager.class.getName(), new SimpleInstanceManager());
			
			if (develop) {
				webapp.setWar("webapp");
			} else { 
				if (new File("dist/PortalProtectDemoApp.war").exists())
					webapp.setWar("dist/PortalProtectDemoApp.war");
				else
					webapp.setWar("PortalProtectDemoApp.war");
			}
			
			webapp.getSecurityHandler().setLoginService(new PPLoginService());
			webapp.getSessionHandler().getSessionManager().setMaxInactiveInterval(60*60);
			srv.setHandler(webapp);
			srv.start();
			
	        Handler handler = srv.getHandler(); 
	        if(handler instanceof WebAppContext) { 
	            webapp.getSessionHandler().getSessionManager().setMaxInactiveInterval(60*60); // sets to 30 sec 
	        } 
	        
			Runtime.getRuntime().addShutdownHook(new Thread(new Runnable() {
				public void run() {
					try {
						srv.stop();
					} catch(Throwable t) {
						System.err.println(new Date() + ": Problem shutting down.");
						t.printStackTrace();
					}
				}
			}));

			System.out.println("Jetty now ready on port " + port + " - connect to the demoapp using the PP dispatcher.");
			while(true)
				Thread.sleep(60000);
		} catch (Throwable e) {
			System.err.println("Fatal error starting webserver");
			e.printStackTrace();
		}		
	}	
}

Adding a Security Handler in a Webapp

If you wish, you can also add a security handler directly within your .war file without starting up Jetty yourself.

Simply add a class like this:

Sample Jetty LoginService
package io.ceptor.jetty;

import java.security.Principal;

import javax.security.auth.Subject;
import javax.servlet.ServletRequest;

import org.eclipse.jetty.security.DefaultIdentityService;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.server.UserIdentity;

import dk.itp.security.passticket.Agent;
import dk.itp.security.passticket.PTException;

/**
 * Ceptor Jetty Login Service
 */
public class LoginService implements org.eclipse.jetty.security.LoginService {
	public static class PPPrincipal implements Principal {
		String sessionid;

		public PPPrincipal(String sessionid) {
			this.sessionid = sessionid;
		}

		public String getName() {
			return sessionid;
		}

	}

	public static class PPUserIdentity implements UserIdentity {
		Subject subject;
		PPPrincipal principal;

		public PPUserIdentity(Subject subject, PPPrincipal principal) {
			this.subject = subject;
			this.principal = principal;
		}

		public Subject getSubject() {
			return subject;
		}

		public Principal getUserPrincipal() {
			return principal;
		}

		public boolean isUserInRole(String role, Scope scope) {
			try {
				boolean member = Agent.getInstance().isMemberOfGroup(principal.sessionid, role);
				if (!member) {
//					System.err.println("Warning: User: " + principal.sessionid + " was not a member of role: " + role);
				}
				return member;
			} catch (PTException e) {
//				e.printStackTrace();
				return false;
			}
		}

	}

	IdentityService identService = new DefaultIdentityService();

	public UserIdentity login(String username, Object credentials) {
		return login(username, credentials, null);
	}
	
	public UserIdentity login(String user, Object credentials, ServletRequest request) {
		if (Agent.getInstance().isValid(user)) {
			PPPrincipal principal = new PPPrincipal(user);
			Subject subject = new Subject();
			subject.getPrincipals().add(principal);

			return new PPUserIdentity(subject, principal);

		}
		return null;
	}

	public boolean validate(UserIdentity useridentity) {
		if (useridentity instanceof PPUserIdentity) {
			return Agent.getInstance().isValid(((PPUserIdentity) useridentity).principal.sessionid);
		}
		return false;
	}

	public void setIdentityService(IdentityService identityservice) {
		identService = identityservice;
	}

	public String getName() {
		return "Ceptor Security Realm";
	}

	public IdentityService getIdentityService() {
		return identService;
	}

	public void logout(UserIdentity useridentity) {
		if (useridentity instanceof PPUserIdentity) {
			try {
				Agent.getInstance().logoff(((PPUserIdentity) useridentity).principal.sessionid);
			} catch (PTException e) {
			}
		}
	}

}

And then create the following jetty-web.xml in your WEB-INF folder:

Sample jetty-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty/Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
	<Get name="securityHandler">
		<Set name="loginService"><New class="io.ceptor.jetty.LoginService"></New></Set>
	</Get>
</Configure>

© Ceptor ApS. All Rights Reserved.