search

gwtproject / gwt

GWT Open Source Project
http://www.gwtproject.org
1.52k stars 376 forks source link

Configuring security authentication in development mode. #6296

Closed dankurka closed 9 years ago

dankurka commented 9 years ago

Originally reported on Google Code with ID 6297

Hi,

Using: SmartGWT/OS X 10.6/Tomcat/Mozilla

I have configured authorization for my web app, and set roles/login config and security-constraint
in web.xml
Corresponding changes are done in server-conf/tomcat-users.xml

Now, on production it's asking for username/pwd and is working fine, but same web.xml
is throwing error, when run in hosted mode using Jetty

I created WEB-INF/jetty-web.xml(attached) to enable authorization in dev mode, but
jetty is giving below error now.

0:01:04.770 [WARN] Failed startup of context com.google.gwt.dev.shell.jetty.JettyLauncher$WebAppContextWithReload@<MyApp>

java.lang.NoSuchMethodException: class com.google.gwt.dev.shell.jetty.JettyLauncher$WebAppContextWithReload.setUserRealms(class
[Lorg.mortbay.jetty.security.UserRealm;)    at org.mortbay.xml.XmlConfiguration.set(XmlConfiguration.java:416)
    at org.mortbay.xml.XmlConfiguration.configure(XmlConfiguration.java:240)    at org.mortbay.xml.XmlConfiguration.configure(XmlConfiguration.java:182)
    at org.mortbay.jetty.webapp.JettyWebXmlConfiguration.configureWebApp(JettyWebXmlConfiguration.java:109)
    at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1217)     at
org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:513)   at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:448)
    at com.google.gwt.dev.shell.jetty.JettyLauncher$WebAppContextWithReload.doStart(JettyLauncher.java:461)
    at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:39)     at com.google.gwt.dev.shell.jetty.JettyLauncher$JettyServletContainer.refresh(JettyLauncher.java:244)
    at com.google.gwt.dev.DevMode.onRestartServer(DevMode.java:342)     at com.google.gwt.dev.SwingUI$2.restartServer(SwingUI.java:221)
    at com.google.gwt.dev.WebServerPanel$1.actionPerformed(WebServerPanel.java:60)  at
javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2028)    at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2351)
    at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:387)
    at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:242)   at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:236)
    at java.awt.Component.processMouseEvent(Component.java:6374)    at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
    at java.awt.Component.processEvent(Component.java:6139)     at java.awt.Container.processEvent(Container.java:2085)
    at java.awt.Component.dispatchEventImpl(Component.java:4736)    at java.awt.Container.dispatchEventImpl(Container.java:2143)
    at java.awt.Component.dispatchEvent(Component.java:4566)    at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4621)
    at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4282)    at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4212)
    at java.awt.Container.dispatchEventImpl(Container.java:2129)    at java.awt.Window.dispatchEventImpl(Window.java:2478)
    at java.awt.Component.dispatchEvent(Component.java:4566)    at java.awt.EventQueue.dispatchEventImpl(EventQueue.java:680)
    at java.awt.EventQueue.access$000(EventQueue.java:86)   at java.awt.EventQueue$1.run(EventQueue.java:639)
    at java.awt.EventQueue$1.run(EventQueue.java:637)   at java.security.AccessController.doPrivileged(Native
Method)     at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:87)
    at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:98)
    at java.awt.EventQueue$2.run(EventQueue.java:653)   at java.awt.EventQueue$2.run(EventQueue.java:651)
    at java.security.AccessController.doPrivileged(Native Method)   at java.security.AccessControlContext$1.doIntersectionPrivilege(AccessControlContext.java:87)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:650)   at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:296)
    at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:211)
    at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:201)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:196)    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:188)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)

Is there any way to by-pass/configure authorization while running in hosted mode.

-Shoonya

Reported by shoonya.mohit on 2011-04-30 13:38:49

dankurka commented 9 years ago 
Your <Set name="UserRealms"><Array ...><Item> should rather be <Get name="SecurityHandler"><Set
name="UserName"> (you set a single UserRealm –rather than an array– on the WebAppContext's
SecurityHandler).
You could bypass authentication (hardcoding the user in the jetty-web.xml for instance)
but it requires coding your own Authenticator; probably not worth it in your case (see
below)

But maybe you should rather use your Tomcat server instead of the embedded Jetty: http://code.google.com/webtoolkit/doc/latest/DevGuideCompilingAndDebugging.html#How_do_I_use_my_own_server_in_development_mode_instead_of_GWT's

Reported by t.broyer on 2011-04-30 14:43:35

dankurka commented 9 years ago 
Thanks a ton.

Finally this jetty-web.xml worked.

----
<?xml version="1.0"  encoding="ISO-8859-1"?>

<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTDConfigure//EN" "http://jetty.mortbay.org/configure.dtd">
<Configure class="org.mortbay.jetty.webapp.WebAppContext">

   <Get name="securityHandler">
    <Set name="userRealm">
        <New class="org.mortbay.jetty.security.HashUserRealm">
         <Set name="name">MyRealm</Set>
            <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
        </New>
    </Set>
  </Get>

</Configure>

Reported by shoonya.mohit on 2011-04-30 16:22:49

dankurka commented 9 years ago 
Just had a doubt.
Why the jetty official page is showing, we set an array?

http://docs.codehaus.org/display/JETTY/Walkthrough+jetty.xml

Reported by shoonya.mohit on 2011-04-30 16:24:45

dankurka commented 9 years ago 
Comments indicate Thomas likely resolved the user's issue.

Reported by stephen.haberman on 2011-12-17 08:19:48