1. [13-Mar-2005] JettyPlus updated to JOTM 2.0.5and XAPool 1.4.2
  2. [03-Mar-2005] JAAS enhancement to retrieve extra fields from login forms
  3. [22-Aug-2004] JettyPlus now updated to XAPool 1.3.3
  4. [22-Aug-2004] JettyPlus supports pluggable DataSources
  5. [13-Jun-2004] JettyPlus now supports JMX
  6. [07-Apr-2004] JettyPlus now updated to JOTM 1.4.3
  7. [07-Apr-2004] new start configuration for JettyPlus start.jar

JettyPlus://

About these instructions

The instructions in these pages served from http://jetty.mortbay.org refer to the most recent release (or the CVS HEAD version, whichever is most recent) of JettyPlus. The JettyPlus downloads contain instructions matching the downloaded version, and can be accessed on your local machine by running the Jetty demo webapp:

java -jar start.jar etc/demo.xml

and surfing to the URL http://localhost:8080/jetty/plus

What it is, where to get it and how to run it

The purpose of this project is to enrich Jetty by selectively incorporating useful J2EE and non-J2EE features. The result is JettyPlus, an environment offering additional facilities to core web and servlet services, but which does not entail a full-blown application server (such as JettyJBoss and JettyJOnAS).

The feature set currently contains:

These features have been implemented as a pluggable, Service-based architecture. This means that it is possible to develop and use alternative services to those provided.

Downloading

JettyPlus is part of the Jetty SourceForge project. To obtain JettyPlus you can:

Configuration

To use JettyPlus, you must configure the org.mortbay.jetty.plus.Server class in your xml configuration file rather than the standard org.mortbay.jetty.Server class, eg:
  <Configure class="org.mortbay.jetty.plus.Server">

You may also need to provide configuration for JettyPlus features that you want to use.

Starting JettyPlus

To start JettyPlus:
   java -DSTART=extra/etc/start-plus.config -jar start.jar config.xml

JettyPlus with JMX

JettyPlus supports JMX for management. As with standard Jetty, to enable the JMX support, you must start JettyPlus with an jmx config file. This boot file must contain one mbean entry for each Server instance you wish to run, and usually also an entry for a JMX http adaptor. An example is in extra/etc/jettyplus-jmx.xml

To start JettyPlus with JMX support:

 java -Dmain.class=org.mortbay.xml.XmlConfiguration -jar start.jar extra/etc/jettyplus-jmx.xml

If you have copied the example mlet file setup, the JMX http adaptor can be found on port 8082.

More information ...

If you use the convenient start.jar method of running Jetty as described above (highly recommended!), all necessary jar and property files will be automatically be placed on the JVM classpath for you.

Otherwise, you need to set up the the classpath yourself. JettyPlus consists of org.mortbay.jetty.plus.jar, org.mortbay.jaas.jar as well as a number of libraries found in extra/ext and property files found in extra/resources.

The extra/plus/README.TXT file in the source distribution contains more information on the JettyPlus package, including instructions on how to run the JettyPlus demonstration webapps.

Features

Transactions and XADataSources

Click here for information on distributed transactions and XA resources.

Non-XA DataSources

Click here for information on DataSource resources

Mail Service

A mail service is provided with JettyPlus. This means that you can send email programmatically from servlets, JSPs etc.

To use the mail service, you need to:

JNDI

JettyPlus supports JNDI, including ENC lookups of <env-entry> tags in the web.xml descriptor. All you need to do to effect JNDI env lookups in your code is to: New:  JettyPlus JNDI service is now lenient on leading and trailing "/" elements of JNDI names. This avoids a lot of errors caused by mis-typings. For example, the following are all now equivalent:
java:comp/env/mything (strictly the correct form according to the spec)
java:/comp/env/mything
java:/comp/env/mything/

Log4J

The JettyPlus package provides a Jetty org.mortbay.util.LogSink to enable Jetty log messages to appear in Log4J style logs. The extra/resources directory is added to the classpath by extra/etc/start.config and contains a log4j.properties configuration file which may be modified as needed.

To use Log4J:

JAAS

JAAS provides a pluggable framework for authenticating and authorising users. JettyPlus JAAS integrates this with the declarative security model of the Java Servlet Specification.

The Jetty JAAS classes are not included in the main JettyPlus jar (org.mortbay.jetty.plus.jar). Instead, it is built as org.mortbay.jaas.jar to enable it to be used either with standard Jetty, or with JettyPlus.

As JAAS is a pluggable framework, the Jetty JAAS integration aims to dictate as little as possible whilst providing a sufficiently flexible infrastructure to allow users to drop in their own custom LoginModules. An example LoginModule (org.mortbay.jaas.spi.JDBCLoginModule), interacting with a database to store user names, passwords and roles, is included with the release to illustrate what to implement.

Some important classes are:

org.mortbay.jaas.JAASUserRealm
This bridges Jetty's realm concept to JAAS. This class must be configured as the realm for your webapp.
org.mortbay.jaas.JAASPrincipal
Implements the java.security.Principal interface. This class is used by the sample JDBCLoginModule, but the Jetty JAAS infrastructure is Principal agnostic, meaning you can use your own implementation of this class for your LoginModules if you wish.
org.mortbay.jaas.JAASRole
This is a Principal that represents a role possessed by a user.
org.mortbay.jaas.JAASGroup
An implementation of the java.security.acl.Group interface. It is used only by the sample JDBCLoginModule to group all roles possessed by a user under a single Principal called "roles".
org.mortbay.jaas.spi.JDBCLoginModule
An example implementation of a LoginModule that uses a database to store user names, passwords and roles. All database-related information is configurable, including:
  • the names and columns of the user table and role table
  • the database connection driver, URL, username and password.

Using JAAS

The above describes how to use the Jetty JAAS integration to authenticate web users and authorize them against webapp security constraints. It can also be used for authorization with a Java security manager and permission policy file. For information on how to accomplish this, build and run the JAAS demo in extra/plus as instructed in the extra/plus/README.TXT file in the source distribution.

Extension for extra fields with FORM login

As all servlet containers intercept and process a form submission with action j_security_check, it is usually not possible to insert any extra input fields onto a login form with which to perform authentication: you may only pass j_username and j_password. For those rare occasions when this is not good enough, and you require more information from the user in order to authenticate them, you can use the (new) JAAS callback handler org.mortbay.jaas.callback.RequestParameterCallback. This callback handler gives you access to all parameters that were passed in the form submission. To use it: