====== Jetty ======
==== Questions answered ====
=== How to reconfigure JUL when running Jetty with ''jetty-maven-plugin''? ===
The problem is that JUL is initialized from JRE ''logging.properties'' when Maven is started and is not re-initialized when Jetty is run as it is launched within same JVM.
Solutions:
* Run Jetty in separate JVM (see ''[[eclipse>Jetty/Feature/Jetty_Maven_Plugin#jetty:run-forked__:__Running_an_unassembled_webapp_in_a_separate_jvm|jetty:run-forked]]'')
* Reinitialize JUL when Jetty is started. For this add to your ''pom.xml'':
org.mortbay.jetty
jetty-maven-plugin
...
java.util.logging.config.file
jetty/logging.properties
and to your ''jetty.xml'':
...
or you can even set system property directly in your ''jetty.xml'':
...
java.util.logging.config.file
jetty/logging.properties
=== How to configure Jetty to authenticate a user via SPNEGO/NEGOTIATE? ===
For Jetty build-in implementation follow [[eclipse>Jetty/Howto/Spnego|Jetty Spnego Howto]]:
* One needs to set following system properties either by passing them to JVM: \\
''-Djava.security.krb5.conf=/etc/krb5.conf -Djava.security.auth.login.config=/path/to/login.config -Djavax.security.auth.useSubjectCredsOnly=false'' \\
or via maven:
org.mortbay.jetty
jetty-maven-plugin
/path/to/jetty.xml
java.security.auth.login.config
/path/to/login.config
java.security.krb5.conf
/etc/krb5.conf
javax.security.auth.useSubjectCredsOnly
false
* Add to ''jetty.xml'':
MYAPP
/path/to/spnego.properties
* ''spnego.properties'' should refer the principal in keytab file:
targetName = HTTP/service-id.company.org
* ''login.config'' file:
// Login entry for a Kerberos client (initiator of a secure Kerberos connection):
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=true;
};
// Login entry for a secure server (acceptor of a Kerberos ticket):
com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule required
principal="HTTP/service-id.company.org@REALM.COMPANY.ORG"
useKeyTab=true
keyTab="/path/to/service.keytab"
storeKey=true
debug=true
isInitiator=false;
};
* Finally in ''web.xml'':
SPNEGO
MYAPP
Perhaps you will also have to increase the limit of header size, as NEGOTIATE token can be large (few KB):
50000
=== To allow the role "*" to match any role, not only those mentioned in the deployment descriptor? ===
See [[eclipsetracker>377537|bug#377537]]:
false
Now this configuration in ''web.xml'' works as expected:
all
/secure/*
*
=== Deploying the application that installs custom protocol handler ===
Web application provides custom protocol handler which needs to be listed in ''java.protocol.handler.pkgs'' system property (for example if it would be CLI application). Deploying such web application to the server is challenging.
Depending on whether application server overrides ''URLStreamHandlerFactory'' or not (and it can be set only once, see ''[[javaee>docs/api/java/net/URL.html#setURLStreamHandlerFactory%28java.net.URLStreamHandlerFactory%29|java.net.URL#setURLStreamHandlerFactory(URLStreamHandlerFactory)]]'' unless one uses a hacker's approach to access private variable like in [[http://tomcat.10.x6.nabble.com/Custom-URL-handlers-in-Tomcat-web-app-td2006418.html#a2006434|Custom URL handlers in Tomcat web app]]) the solutions vary:
* JBoss 7+ overrides ''URLStreamHandlerFactory''. The custom factory should be then registered as service in standard way (''META-INF/services/java.net.URLStreamHandlerFactory'', see [[http://www.openunderwriter.com/blog/item/protocol-handlers-and-jboss|Protocol handlers and JBoss ]] and [[https://developer.jboss.org/thread/172768|URL Protocol Handler doesn't work]]) which is then imported by ''[[grepcode>repo1.maven.org/maven2/org.jboss.modules/jboss-modules/1.3.4.Final/org/jboss/modules/ModularURLStreamHandlerFactory.java#ModularURLStreamHandlerFactory|org.jboss.modules.ModularURLStreamHandlerFactory]]''.
* Tomcat 6+ overrides ''URLStreamHandlerFactory'' (see [[https://www.mail-archive.com/users@tomcat.apache.org/msg115168.html|java.protocol.handler.pkgs does not work with Tomcat 7]]). The solution is to use static method [[grepcode>repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.55/org/apache/naming/resources/DirContextURLStreamHandlerFactory.java#DirContextURLStreamHandlerFactory.addUserFactory%28java.net.URLStreamHandlerFactory%29|DirContextURLStreamHandlerFactory.addUserFactory(URLStreamHandlerFactory)]] to register custom handler factories (see [[apachebztracker>26701|bug#26701]]). The handle factory should be injected as early as possible (see [[stackoverflow>861500/6808190#comment42603768_6808190|URL to load resources from the classpath in Java]]).
* Jetty 8 does not override ''URLStreamHandlerFactory'', so the standard mechanism can be used to register handler factory. However note that if ''URLStreamHandlerFactory'' implementation is added to plugin classpath, then it will be loaded by Maven class loader ''org.codehaus.plexus.classworlds.realm.ClassRealm'' (''plugin>org.mortbay.jetty:jetty-maven-plugin:...'') and thus will have no access to Web application resources. Complete solution is based on calling the above mentioned static method to register handler factory and using context classloader to access web application resources:
* Create the following ''jetty-context.xml'':
and include it via plugin configuration:
...
jetty/jetty-context.xml
* Load the necessary resource in ''MyHandlerFactory'' via ''Thread.currentThread().getContextClassLoader().getResourceAsStream(webAppResourceName)'' (that class loader should the instance of ''org.eclipse.jetty.webapp.WebAppClassLoader'').
=== How to increase the limit of submitted form size? ===
Sometimes ''POST'' forms require a lot of data to be submitted as ''multipart/form-data''. To increase the limit, set the following property:
1500000
=== How to configure JNDI datasource? ===
java:jdbc/myDS
net.sourceforge.jtds.jdbc.Driver
jdbc:jtds:sqlserver://dbhost:1433/mydb
myuser
mypassword
20
50
true
7200
select 1
For other pool configurations check [[database#jdbc_datasource_spring_configuration_examples|JDBC datasource Spring configuration examples]].
{{tag>SPNEGO Kerberos}}