392237 Split jaas from jetty-plus into jetty-jaas and port the test-jaas-webapp from codehaus

jetty-jaas/pom.xml

@@ -0,0 +1,89 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <parent>
+    <groupId>org.eclipse.jetty</groupId>
+    <artifactId>jetty-project</artifactId>
+    <version>9.0.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>jetty-jaas</artifactId>
+  <name>Jetty :: JAAS</name>
+  <description>Jetty JAAS support</description>
+  <properties>
+    <bundle-symbolic-name>${project.groupId}.jaas</bundle-symbolic-name>
+  </properties>
+  <build>
+    <plugins>
+<!--
+  COMMENTED OUT UNTIL CORRECT CONFIG IS FOUND FOR Export uses clauses
+-->
+      <plugin>
+        <groupId>org.apache.felix</groupId>
+        <artifactId>maven-bundle-plugin</artifactId>
+        <extensions>true</extensions>
+        <executions>
+          <execution>
+            <goals>
+              <goal>manifest</goal>
+            </goals>
+            <configuration>
+              <instructions>
+               <_versionpolicy> </_versionpolicy>
+               <Import-Package>javax.sql.*,javax.security.*,javax.naming.*,
+               javax.servlet.*;version="2.6.0",
+               *</Import-Package>
+              </instructions>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <configuration>
+          <archive>
+            <manifestFile>${project.build.outputDirectory}/META-INF/MANIFEST.MF</manifestFile>
+          </archive>
+        </configuration>
+      </plugin>
+<!--
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <descriptorRefs>
+                <descriptorRef>config</descriptorRef>
+              </descriptorRefs>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+-->
+      <!-- always include the sources to be able to prepare the eclipse-jetty-SDK feature
+      with a snapshot. -->
+      <plugin>
+         <groupId>org.apache.maven.plugins</groupId>
+         <artifactId>maven-source-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>findbugs-maven-plugin</artifactId>
+        <configuration>
+          <onlyAnalyze>org.eclipse.jetty.jaas.*</onlyAnalyze>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+  <dependencies>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-security</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+  </dependencies>
+</project>

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASGroup.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 import java.security.Principal;
 import java.security.acl.Group;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASLoginService.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 import java.io.IOException;
 import java.security.Principal;
@@ -34,8 +34,8 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
-import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
-import org.eclipse.jetty.plus.jaas.callback.RequestParameterCallback;
+import org.eclipse.jetty.jaas.callback.ObjectCallback;
+import org.eclipse.jetty.jaas.callback.RequestParameterCallback;
 import org.eclipse.jetty.security.DefaultIdentityService;
 import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.LoginService;
@@ -56,7 +56,7 @@ public class JAASLoginService extends AbstractLifeCycle implements LoginService
 {
     private static final Logger LOG = Log.getLogger(JAASLoginService.class);
 
-    public static String DEFAULT_ROLE_CLASS_NAME = "org.eclipse.jetty.plus.jaas.JAASRole";
+    public static String DEFAULT_ROLE_CLASS_NAME = "org.eclipse.jetty.jaas.JAASRole";
     public static String[] DEFAULT_ROLE_CLASS_NAMES = {DEFAULT_ROLE_CLASS_NAME};
 
     protected String[] _roleClassNames = DEFAULT_ROLE_CLASS_NAMES;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASPrincipal.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 import java.io.Serializable;
 import java.security.Principal;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASRole.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 
 public class JAASRole extends JAASPrincipal

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/JAASUserPrincipal.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 import java.security.Principal;
 import javax.security.auth.Subject;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/RoleCheckPolicy.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 import java.security.Principal;
 import java.security.acl.Group;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/StrictRoleCheckPolicy.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas;
+package org.eclipse.jetty.jaas;
 
 import java.security.Principal;
 import java.security.acl.Group;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/callback/AbstractCallbackHandler.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.callback;
+package org.eclipse.jetty.jaas.callback;
 
 import java.io.IOException;
 import javax.security.auth.callback.Callback;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/callback/DefaultCallbackHandler.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.callback;
+package org.eclipse.jetty.jaas.callback;
 
 import java.io.IOException;
 import java.util.Arrays;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/callback/ObjectCallback.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.callback;
+package org.eclipse.jetty.jaas.callback;
 
 import javax.security.auth.callback.Callback;
 

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/callback/RequestParameterCallback.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.callback;
+package org.eclipse.jetty.jaas.callback;
 
 import java.util.List;
 import javax.security.auth.callback.Callback;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/AbstractDatabaseLoginModule.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.sql.Connection;
 import java.sql.PreparedStatement;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/AbstractLoginModule.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.io.IOException;
 import java.security.Principal;
@@ -33,9 +33,9 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.eclipse.jetty.plus.jaas.JAASPrincipal;
-import org.eclipse.jetty.plus.jaas.JAASRole;
-import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
+import org.eclipse.jetty.jaas.JAASPrincipal;
+import org.eclipse.jetty.jaas.JAASRole;
+import org.eclipse.jetty.jaas.callback.ObjectCallback;
 
 /**
  * AbstractLoginModule

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/DataSourceLoginModule.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.sql.Connection;
 import java.util.Map;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/JDBCLoginModule.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.sql.Connection;
 import java.sql.DriverManager;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -40,7 +40,7 @@ import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.login.LoginException;
 
-import org.eclipse.jetty.plus.jaas.callback.ObjectCallback;
+import org.eclipse.jetty.jaas.callback.ObjectCallback;
 import org.eclipse.jetty.util.log.Log;
 import org.eclipse.jetty.util.log.Logger;
 import org.eclipse.jetty.util.security.Credential;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/PropertyFileLoginModule.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.security.Principal;
 import java.util.ArrayList;

jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/UserInfo.java

@@ -16,7 +16,7 @@
 //  ========================================================================
 //
 
-package org.eclipse.jetty.plus.jaas.spi;
+package org.eclipse.jetty.jaas.spi;
 
 import java.util.ArrayList;
 import java.util.List;

jetty-start/src/main/resources/org/eclipse/jetty/start/start.config

@@ -127,6 +127,9 @@ $(jetty.home)/lib/jetty-jndi-${version}.jar			! available org.eclipse.jetty.jndi
 $(jetty.home)/lib/jetty-plus-${version}.jar			! available org.eclipse.jetty.plus.jndi.NamingEntry
 $(jetty.home)/lib/jndi/**					exists $(jetty.home)/lib/jndi 
 
+[All,jaas]
+$(jetty.home)/lib/jetty-jaas-${version}.jar			! available org.eclipse.jetty.jaas.JAASLoginService
+
 [All,annotations]
 $(jetty.home)/lib/jetty-annotations-$(version).jar		! available org.eclipse.jetty.annotations.AnnotationFinder
 $(jetty.home)/lib/annotations/**				exists $(jetty.home)/lib/jndi 

jetty-webapp/src/main/java/org/eclipse/jetty/webapp/WebAppContext.java

@@ -113,7 +113,7 @@ public class WebAppContext extends ServletContextHandler implements WebAppClassL
         "org.w3c.",                         // needed by javax.xml
         "org.eclipse.jetty.continuation.",  // webapp cannot change continuation classes
         "org.eclipse.jetty.jndi.",          // webapp cannot change naming classes
-        "org.eclipse.jetty.plus.jaas.",     // webapp cannot change jaas classes
+        "org.eclipse.jetty.jaas.",          // webapp cannot change jaas classes
         "org.eclipse.jetty.websocket.",     // WebSocket is a jetty extension
         "org.eclipse.jetty.servlet.DefaultServlet" // webapp cannot change default servlets
     } ;
@@ -126,7 +126,7 @@ public class WebAppContext extends ServletContextHandler implements WebAppClassL
     {
         "-org.eclipse.jetty.continuation.", // don't hide continuation classes
         "-org.eclipse.jetty.jndi.",         // don't hide naming classes
-        "-org.eclipse.jetty.plus.jaas.",    // don't hide jaas classes
+        "-org.eclipse.jetty.jaas.",         // don't hide jaas classes
         "-org.eclipse.jetty.websocket.",    // WebSocket is a jetty extension
         "-org.eclipse.jetty.servlet.DefaultServlet", // don't hide default servlet
         "-org.eclipse.jetty.servlet.listener.", // don't hide useful listeners

tests/test-webapps/test-jaas-webapp/pom.xml

@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.eclipse.jetty.tests</groupId>
+    <artifactId>test-webapps-parent</artifactId>
+    <version>9.0.0-SNAPSHOT</version>
+  </parent>
+  <artifactId>test-jaas-webapp</artifactId>
+  <name>Jetty Tests :: WebApp :: JAAS</name>
+  <packaging>war</packaging>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-deploy-plugin</artifactId>
+        <configuration>
+          <!-- DO NOT DEPLOY (or Release) -->
+          <skip>true</skip>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.eclipse.jetty</groupId>
+        <artifactId>jetty-maven-plugin</artifactId>
+        <version>${project.version}</version>
+        <configuration>
+          <scanIntervalSeconds>10</scanIntervalSeconds>
+          <systemProperties>
+              <!-- This is for convenience so that the src/etc/login.conf file can stay unmodified when copied to $jetty.home/etc directory -->
+            <systemProperty>
+              <name>jetty.home</name>
+              <value>${basedir}/src/main/config</value>
+            </systemProperty>
+              <!-- Mandatory. This system property tells JAAS where to find the login module configuration file -->
+            <systemProperty>
+              <name>java.security.auth.login.config</name>
+              <value>${basedir}/src/main/config/etc/login.conf</value>
+            </systemProperty>
+          </systemProperties>
+           <webAppConfig>
+            <contextPath>/test-jaas</contextPath>
+            <securityHandler implementation="org.eclipse.jetty.security.ConstraintSecurityHandler">
+              <loginService implementation="org.eclipse.jetty.plus.jaas.JAASLoginService">
+                 <name>Test JAAS Realm</name>
+                 <loginModuleName>xyz</loginModuleName>
+              </loginService>
+            </securityHandler>
+          </webAppConfig>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-assembly-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <descriptors>
+                <descriptor>${basedir}/src/main/assembly/config.xml</descriptor>
+              </descriptors>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+</project>

tests/test-webapps/test-jaas-webapp/src/main/assembly/config.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<assembly>
+  <id>config</id>
+  <includeBaseDirectory>false</includeBaseDirectory>
+  <formats>
+    <format>jar</format>
+  </formats>
+  <fileSets>
+    <fileSet>
+      <directory>src/main/config</directory>
+      <outputDirectory></outputDirectory>
+      <includes>
+        <include>contexts/**</include>
+        <include>etc/**</include>
+      </includes>
+    </fileSet>
+  </fileSets>
+</assembly>
+

tests/test-webapps/test-jaas-webapp/src/main/config/contexts/test-jaas.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+
+<!-- =============================================================== -->
+<!-- Configure the test-jndi webapp                                  -->
+<!-- =============================================================== -->
+<Configure id='wac' class="org.eclipse.jetty.webapp.WebAppContext">
+
+  <Set name="contextPath">/test-jaas</Set>
+  <Set name="war"><SystemProperty name="jetty.home" default="."/>/webapps/test-jaas</Set>
+
+  <Set name="securityHandler">
+    <New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
+     <Set name="loginService">
+       <New class="org.eclipse.jetty.jaas.JAASLoginService">
+         <Set name="name">Test JAAS Realm</Set>
+         <Set name="loginModuleName">xyz</Set>
+       </New>
+     </Set>
+    </New>
+  </Set>
+
+</Configure>
+

tests/test-webapps/test-jaas-webapp/src/main/config/etc/jetty-jaas.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+
+  
+    <!-- ======================================================== -->
+    <!-- java.security.auth.login.config System property          -->
+    <!-- This is usually a runtime parameter to the jvm, but      -->
+    <!-- it is placed here for convenience.                       -->
+    <!-- ======================================================== -->
+    <Call class="java.lang.System" name="setProperty">
+      <Arg>java.security.auth.login.config</Arg>
+      <Arg><SystemProperty name="jetty.home" default="." />/etc/login.conf</Arg>
+    </Call>
+
+
+    <!-- ======================================================== -->
+    <!-- An example JAAS realm setup                              -->
+    <!-- ======================================================== -->
+    <Call name="addBean">
+      <Arg>
+          <New class="org.eclipse.jetty.jaas.JAASLoginService">
+           <Set name="Name">Test JAAS Realm</Set>
+           <Set name="LoginModuleName">xyz</Set>
+          </New>
+      </Arg>
+    </Call>
+
+</Configure>

tests/test-webapps/test-jaas-webapp/src/main/config/etc/login.conf

@@ -0,0 +1,5 @@
+xyz {
+org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
+debug="true"
+file="${jetty.home}/etc/login.properties";
+};

tests/test-webapps/test-jaas-webapp/src/main/config/etc/login.properties

@@ -0,0 +1 @@
+me=me,me,roleA

tests/test-webapps/test-jaas-webapp/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,41 @@
+<web-app
+   xmlns="http://java.sun.com/xml/ns/javaee"
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
+   version="2.5">
+
+  <display-name>JAAS Test</display-name>
+
+  <welcome-file-list>
+    <welcome-file>index.html</welcome-file>
+  </welcome-file-list>
+
+
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>JAAS Role</web-resource-name>
+      <url-pattern>/auth.html</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>roleA</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+
+  <login-config>
+    <auth-method>FORM</auth-method>
+    <realm-name>Test JAAS Realm</realm-name>
+    <form-login-config>
+      <form-login-page>
+        /login.html
+      </form-login-page>
+      <form-error-page>
+        /authfail.html
+      </form-error-page>
+    </form-login-config>
+  </login-config>
+
+  <security-role>
+    <role-name>roleA</role-name>
+  </security-role>
+</web-app>

tests/test-webapps/test-jaas-webapp/src/main/webapp/auth.html

@@ -0,0 +1,17 @@
+<HTML>
+  <HEAD>
+    <META http-equiv="Pragma" content="no-cache">
+    <META http-equiv="Cache-Control" content="no-cache,no-store">
+  </HEAD>
+
+  <BODY>
+    <H1>Congratulations, you are AUTHENTICATED and web AUTHORIZED</H1>
+  Well done. In order to see this page, you must have been JAAS authentictated using the
+  configured Login Module. You have also been AUTHORIZED according to this webapp's role-based web security constraints.
+  <P>
+  To logout click:
+  <P>
+  <A HREF="logout.jsp">Logout</A>
+  <P>
+  </BODY>
+</HTML>

tests/test-webapps/test-jaas-webapp/src/main/webapp/authfail.html

@@ -0,0 +1,10 @@
+<html>
+  <head>
+    <title>Authentication Failure</title>
+  </head>
+  <body>
+    <h1>Authentication Failure</h1>
+    <p>Sorry, either your login or password were incorrect, please try again.</p>
+    <a href="auth.html">Login</a>
+  </body>
+</html>

tests/test-webapps/test-jaas-webapp/src/main/webapp/index.html

@@ -0,0 +1,52 @@
+<HTML><HEAD><TITLE>Welcome to the JAAS Authentication and Authorization Test</TITLE></HEAD>
+<BODY>
+  <A HREF="http://www.eclipse.org/jetty"><IMG SRC="images/jetty_banner.gif"></A>
+
+<p>&nbsp;</p>
+  <a  href="http://localhost:8080/">Home</a>
+<center>
+  <hr/>
+</center>
+
+  <H1>JAAS Authentication and Authorization Demo </H1>
+  <h2>Preparation</h2>
+  <ol>
+   <li>You will need to edit your $JETTY_HOME/start.ini file and add the following lines:
+    <pre>
+     OPTIONS=jaas
+     etc/jetty-jaas.xml
+    </pre>
+    </li>
+
+    <li>Unjar the test-jaas-webapp-&lt;version&gt;-config.jar inside $JETTY_HOME. The following files will be added:
+     <pre>
+       etc/jetty-jaas.xml
+       etc/login.conf
+       etc/login.properties
+       contexts/test-jaas.xml
+    </pre>
+    </li>
+  </ol>
+
+  <p>Now start jetty as usual.</p>
+
+
+
+  <h2>Using the Demo</h2>
+  <P>
+  Click on the following link to test JAAS <i>authentication</i> and role-based web security constraint <i>authorization</i>.
+  </P>
+  <p>
+   This demo uses a simple login module that stores its configuration in a properties file. There are other types of login module provided with the jetty distro. For full information, please refer to the jetty documentation: <a href="http://www.eclipse.org/jetty/documentation/current/">http://www.eclipse.org/jetty/documentation/current/</a>.
+  </p>
+  <P>
+  To authenticate successfully with this demonstration, you must use username=&quot;me&quot; with password=&quot;me&quot;.  All other usernames, passwords should result in authentication failure.
+  </P>
+  <A HREF="auth.html">Login</A>
+
+  <center>
+   <hr/>
+   <a href="http://www.eclipse.org/jetty"><img style="border:0" src="images/small_powered_by.gif"/></a>
+  </center>
+</BODY>
+</HTML>

tests/test-webapps/test-jaas-webapp/src/main/webapp/login.html

@@ -0,0 +1,15 @@
+
+<HTML><HEAD><TITLE>JAAS Authentication and Authorization Test</TITLE></HEAD>
+<BODY>
+  <H1> Enter your username and password to login </H1>
+  <I> Enter login=me and password=me in order to authenticate successfully</I>
+  <form method="POST" action="j_security_check">
+    <B>Login: </B><input type="text" name="j_username">
+    <P>
+    <B>Password: </B><input type="password" name="j_password">
+    <P>
+    <input type="submit" value="Login"/>
+  </form>
+  <p>
+</BODY>
+</HTML>

tests/test-webapps/test-jaas-webapp/src/main/webapp/logout.jsp

@@ -0,0 +1,21 @@
+<%@ page contentType="text/html; charset=UTF-8" %>
+<%@ page import="java.util.*"%>
+<%@ page import="javax.servlet.*" %>
+<%@ page import="javax.servlet.http.*" %>
+<html>
+<head>
+<title>Logout</title>
+</head>
+
+<body>
+  <% 
+    HttpSession s = request.getSession(false);
+    s.invalidate();
+   %>
+   <h1>Logout</h1>
+
+   <p>You are now logged out.</p> 
+   <a href="auth.html"/>Login</a>
+</body>
+
+</html>