Jetty网络服务器安全性 [英] Jetty webserver security

问题描述

我有一个由Jetty提供支持的网站。

I have a website powered by Jetty.

我想使网站密码受到保护（或类似）。

I'd like to make the site password protected (or similar).

有没有办法单靠配置来做到这一点（不需要触摸代码）。

Is there a way to do this by configuration alone (without touching the code).

所有帮助都非常感谢。

Dan

推荐答案

实现此目的的一种方法是为您的应用程序设置基本身份验证。你应该只在你使用ssl时这样做，但是然后在没有ssl的情况下登录也不安全，所以我猜你已经有了。

One way to do this is by setting up basic authentication for your application. You should only do this if you use ssl, but then login without ssl is not secure anyway so I guess you have that already.

有很多方法可以做到这一点Jetty，这只是其中之一。

There is many ways to do this in Jetty, and this is only one of them.

首先，您必须定义一个领域，您可以在其中定义所有用户，密码，角色等.Jetty中的默认设置已定义一个叫做测试领域的领域。领域在文件/etc/jetty-testrealm.xml中定义。您可以使用此领域或创建一个新领域。如果定义新的，则可以在同一文件或单独的文件中定义它。如果您创建一个单独的文件，请记住在start.ini中包含该文件。

First, you must define a realm where you define all users, passwords, roles etc. The default settings in Jetty already defines a realm called "Test Realm". The realm is defined in the file /etc/jetty-testrealm.xml. You may use this realm or create a new one. If you define a new, you may define it in the same file or in a separate file. If you create a separate file, remember to include that file in start.ini.

/etc/jetty-testrealm.xml引用了/ etc / realm。属性。这是您创建用户的位置。如果您只想使用test-realm，请记住删除已在realm.properties中定义的默认用户。

The /etc/jetty-testrealm.xml has a reference to /etc/realm.properties. This is where you create your users. If you want to just use the test-realm, remember to delete the default users that already is defined in realm.properties.

还有其他类型的域实现，即用户数据的数据库。

There are also other kind of realm implementations that use i.e. a database for user data.

接下来，打开/etc/webdefault.xml文件并在底部添加如下内容：

Next, open the /etc/webdefault.xml file and add something like this at the bottom:

<security-constraint>
  <web-resource-collection>
    <url-pattern>/*</url-pattern>      <!--The url that should be protected -->
  </web-resource-collection>
  <auth-constraint>
    <role-name>admin</role-name>       <!--The required roles for accessing the url -->
    <role-name>user</role-name>
    <role-name>moderator</role-name>
  </auth-constraint>
</security-constraint>

<login-config>
  <auth-method>BASIC</auth-method>     <!-- Use http basic authentication -->
  <realm-name>Test Realm</realm-name>  <!-- Users are defined in this realm -->
</login-config>

这篇关于Jetty网络服务器安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！