src/config/etc/README.spnego - platform/external/jetty - Git at Google

 This setup will enable you to authenticate a user via spnego into your
 webapp.

 To run with spengo enabled the following command line options are required:

 -Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini
 -Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf
 -Djavax.security.auth.useSubjectCredsOnly=false

 The easiest place to put these lines are in the start.ini file.

 For debugging the spengo authentication the following options are helpful:

 -Dorg.eclipse.jetty.LEVEL=debug
 -Dsun.security.spnego.debug=true


 Spengo Authentication is enabled in the webapp with the following setup.

   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Secure Area</web-resource-name>
       <url-pattern>/secure/me/*</url-pattern>
     </web-resource-collection>
     <auth-constraint>
       <role-name>MORTBAY.ORG</role-name>  <-- this is the domain that the user is a member of
     </auth-constraint>
   </security-constraint>

   <login-config>
     <auth-method>SPNEGO</auth-method>
     <realm-name>Test Realm</realm-name>
     (optionally to add custom error page)
     <spnego-login-config>
       <spengo-error-page>/loginError.html?param=foo</spnego-error-page>
     </spnego-login-config>
   </login-config>

 A corresponding UserRealm needs to be created either programmatically if
 embedded, via the jetty.xml or in a context file for the webapp.

 (in the jetty.xml)

    <Call name="addBean">
       <Arg>
         <New class="org.eclipse.jetty.security.SpnegoLoginService">
           <Set name="name">Test Realm</Set>
           <Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set>
         </New>
       </Arg>
     </Call>

 (context file)
   <Get name="securityHandler">
     <Set name="loginService">
       <New class="org.eclipse.jetty.security.SpnegoLoginService">
 	    <Set name="name">Test Realm</Set>
 	    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set>
       </New>
     </Set>
     <Set name="checkWelcomeFiles">true</Set>
   </Get>
	This setup will enable you to authenticate a user via spnego into your
	webapp.

	To run with spengo enabled the following command line options are required:

	-Djava.security.krb5.conf=/path/to/jetty/etc/krb5.ini
	-Djava.security.auth.login.config=/path/to/jetty/etc/spnego.conf
	-Djavax.security.auth.useSubjectCredsOnly=false

	The easiest place to put these lines are in the start.ini file.

	For debugging the spengo authentication the following options are helpful:

	-Dorg.eclipse.jetty.LEVEL=debug
	-Dsun.security.spnego.debug=true


	Spengo Authentication is enabled in the webapp with the following setup.

	<security-constraint>
	<web-resource-collection>
	<web-resource-name>Secure Area</web-resource-name>
	<url-pattern>/secure/me/*</url-pattern>
	</web-resource-collection>
	<auth-constraint>
	<role-name>MORTBAY.ORG</role-name> <-- this is the domain that the user is a member of
	</auth-constraint>
	</security-constraint>

	<login-config>
	<auth-method>SPNEGO</auth-method>
	<realm-name>Test Realm</realm-name>
	(optionally to add custom error page)
	<spnego-login-config>
	<spengo-error-page>/loginError.html?param=foo</spnego-error-page>
	</spnego-login-config>
	</login-config>

	A corresponding UserRealm needs to be created either programmatically if
	embedded, via the jetty.xml or in a context file for the webapp.

	(in the jetty.xml)

	<Call name="addBean">
	<Arg>
	<New class="org.eclipse.jetty.security.SpnegoLoginService">
	<Set name="name">Test Realm</Set>
	<Set name="config"><Property name="jetty.home" default="."/>/etc/spnego.properties</Set>
	</New>
	</Arg>
	</Call>

	(context file)
	<Get name="securityHandler">
	<Set name="loginService">
	<New class="org.eclipse.jetty.security.SpnegoLoginService">
	<Set name="name">Test Realm</Set>
	<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/spnego.properties</Set>
	</New>
	</Set>
	<Set name="checkWelcomeFiles">true</Set>
	</Get>