Jetty webserver security

Question

I have a website powered by Jetty.

I\'d like to make the site password protected (or similar).

Is there a way to do this by configuration alone (without touc

Answer 1

One way to do this is by setting up basic authentication for your application. You should only do this if you use ssl, but then login without ssl is not secure anyway so I guess you have that already.

There is many ways to do this in Jetty, and this is only one of them.

First, you must define a realm where you define all users, passwords, roles etc. The default settings in Jetty already defines a realm called "Test Realm". The realm is defined in the file /etc/jetty-testrealm.xml. You may use this realm or create a new one. If you define a new, you may define it in the same file or in a separate file. If you create a separate file, remember to include that file in start.ini.

The /etc/jetty-testrealm.xml has a reference to /etc/realm.properties. This is where you create your users. If you want to just use the test-realm, remember to delete the default users that already is defined in realm.properties.

There are also other kind of realm implementations that use i.e. a database for user data.

Next, open the /etc/webdefault.xml file and add something like this at the bottom:

  
    /*      
  
  
    admin       
    user
    moderator
  



  BASIC     
  Test Realm