We Keep Coding

No LoginService for org.eclipse.jetty.security.authentication.SslClientCertAuthenticator

I try to implement an client-cert-authentication to access jetty-based content. E.g. the URL http://www.example.com/testsystem/idp/spapi should be only accessed with valid client-certificate.
I get following error on jetty-start:
2021-08-12 14:25:22.967:WARN :oejuc.AbstractLifeCycle:main: FAILED org.eclipse.jetty.server.session.SessionHandler1528923159==dftMaxIdleSec=1800: java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.SslClientCertAuthenticator#49dbaaf3 in ConstraintSecurityHandler#6c284af{STARTING}
Using:
openjdk 11.0.12
Jetty 10.0.6
Configuration:
start.ini
--module=server
jetty.httpConfig.sendServerVersion=false
--module=jsp
--module=annotations
--module=deploy
--module=logging-jetty
--module=console-capture
--module=ext
--module=requestlog
--module=http-forwarded
--module=plus
--module=rewrite
--module=jstl
--module=servlets
--module=http
--module=ssl
--module=https
jetty.sslContext.keyStorePath=credentials/server.keystore
jetty.sslContext.keyStorePassword=mypassword
jetty.sslContext.keyManagerPassword=mypassword
jetty.sslContext.trustStorePath=credentials/server.keystore
jetty.sslContext.trustStorePassword=mypassword
jetty.sslContext.needClientAuth=true
idp.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="war">/opt/shibboleth-idp/war/idp.war</Set>
<Set name="contextPath">/testsystem/idp</Set>
<Set name="extractWAR">false</Set>
<Set name="copyWebDir">false</Set>
<Set name="copyWebInf">true</Set>
<Set name="persistTempDirectory">false</Set>
</Configure>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<display-name>Shibboleth Identity Provider</display-name>
<!-- Spring application context files. Files are loaded in the order they appear with subsequent files overwriting
same named beans in previous files. -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value>
</context-param>
<context-param>
<param-name>contextClass</param-name>
<param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value>
</context-param>
<context-param>
<param-name>contextInitializerClasses</param-name>
<param-value>net.shibboleth.idp.spring.IdPPropertiesApplicationContextInitializer</param-value>
</context-param>
<!-- Spring listener used to load up the configuration -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Filters and filter mappings -->
<!-- Try and force I18N, probably won't help much. -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- Automates SameSite handling until Java API catches up. -->
<filter>
<filter-name>SameSiteCookieFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>shibboleth.SameSiteCookieFilter</param-value>
</init-param>
</filter>
<!-- Lets us lump repeated Set-Cookie headers into one, something containers rarely support. -->
<filter>
<filter-name>CookieBufferingFilter</filter-name>
<filter-class>net.shibboleth.utilities.java.support.net.CookieBufferingFilter</filter-class>
</filter>
<!-- Allows control of response headers from within Spring beans. -->
<filter>
<filter-name>DynamicResponseHeaderFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>shibboleth.ResponseHeaderFilter</param-value>
</init-param>
</filter>
<!-- Automates TLS-based propagation of HttpServletRequest/Response into beans. -->
<filter>
<filter-name>RequestResponseContextFilter</filter-name>
<filter-class>net.shibboleth.utilities.java.support.net.RequestResponseContextFilter</filter-class>
</filter>
<!-- Manages logging MDC. -->
<filter>
<filter-name>SLF4JMDCServletFilter</filter-name>
<filter-class>net.shibboleth.idp.log.SLF4JMDCServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SameSiteCookieFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CookieBufferingFilter</filter-name>
<url-pattern>/profile/admin/*</url-pattern>
<url-pattern>/profile/Logout</url-pattern>
<url-pattern>/profile/Shibboleth/SSO</url-pattern>
<url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern>
<url-pattern>/profile/SAML2/Redirect/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern>
<url-pattern>/profile/SAML2/Artifact/SSO</url-pattern>
<url-pattern>/profile/SAML2/Redirect/SLO</url-pattern>
<url-pattern>/profile/SAML2/POST/SLO</url-pattern>
<url-pattern>/profile/SAML2/POST-SimpleSign/SLO</url-pattern>
<url-pattern>/profile/SAML2/Artifact/SLO</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>DynamicResponseHeaderFilter</filter-name>
<url-pattern>/profile/admin/*</url-pattern>
<url-pattern>/profile/Shibboleth/SSO</url-pattern>
<url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern>
<url-pattern>/profile/SAML2/Redirect/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST/SSO</url-pattern>
<url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern>
<url-pattern>/profile/SAML2/Artifact/SSO</url-pattern>
<url-pattern>/Authn/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>RequestResponseContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SLF4JMDCServletFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets and servlet mappings -->
<servlet>
<servlet-name>idp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>${idp.home}/system/conf/mvc-beans.xml, ${idp.home}/system/conf/webflow-config.xml</param-value>
</init-param>
<init-param>
<param-name>contextClass</param-name>
<param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>idp</servlet-name>
<url-pattern>/status</url-pattern>
<url-pattern>/profile/*</url-pattern>
</servlet-mapping>
<!-- Servlet protected by container used for RemoteUser authentication -->
<servlet>
<servlet-name>RemoteUserAuthHandler</servlet-name>
<servlet-class>net.shibboleth.idp.authn.impl.RemoteUserAuthServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RemoteUserAuthHandler</servlet-name>
<url-pattern>/Authn/RemoteUser</url-pattern>
</servlet-mapping>
<!-- Servlet protected by container used for X.509 authentication -->
<servlet>
<servlet-name>X509AuthHandler</servlet-name>
<servlet-class>net.shibboleth.idp.authn.impl.X509AuthServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>X509AuthHandler</servlet-name>
<url-pattern>/Authn/X509</url-pattern>
</servlet-mapping>
<!-- Send request for the EntityID to the SAML metadata echoing JSP. -->
<servlet>
<servlet-name>shibboleth_jsp</servlet-name>
<jsp-file>/WEB-INF/jsp/metadata.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>shibboleth_jsp</servlet-name>
<url-pattern>/shibboleth</url-pattern>
</servlet-mapping>
<!-- Send servlet errors through the IdP's MVC error handling. -->
<error-page>
<exception-type>net.shibboleth.idp.authn.ExternalAuthenticationException</exception-type>
<location>/profile/RaiseError</location>
</error-page>
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<!-- Allow intended methods by using an absent auth-constraint. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-API Content</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<!-- no auth-constraint tag here -->
</security-constraint>
<!-- Disallow other methods by using an empty auth-constraint. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Non-API Content</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method-omission>GET</http-method-omission>
<http-method-omission>HEAD</http-method-omission>
<http-method-omission>OPTIONS</http-method-omission>
<http-method-omission>POST</http-method-omission>
</web-resource-collection>
<authn-constraint/>
</security-constraint>
<!-- Allow any HTTP methods to the API flows. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative APIs</web-resource-name>
<url-pattern>/profile/admin/*</url-pattern>
</web-resource-collection>
<!-- no auth-constraint tag here -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Api</web-resource-name>
<url-pattern>/spapi/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
</web-app>
If I remove the last security-constraint Jetty starts without any error but also without any client-cert-support.
Any hints are welcome.

To use <auth-method>CLIENT-CERT</auth-method> you need a realm defined, that provides what Servlet security roles each Certificate Subject belongs to.
That means you need to define a LoginService that will pull that information for your "realm" in.
You have many options here.
JAASLoginService - use a dynamic JAAS source to configure the realm/subject/roles
HashLoginService - use a static text file to configure the realm/subject/roles
DataSourceLoginService - use a dynamic JNDI DataSource to configure the realm/subject/roles
JDBCLoginService - use a JDBC driver to configure the realm/subject/roles
Note: there are two LoginService implementations that do not support <auth-method>CLIENT-CERT</auth-method>, so ignore both ConfigurableSpnegoLoginService and OpenIDLoginService
Each implementation has it's own configuration techniques unique to that LoginService. JAAS is configured both on the server and the webapp. The rest are configured only on the webapp.
Are you sure you want all of this?
Or do you just want to enable TLS Client Certificates?
If so, you configure the SslContextFactory.Server and one (or both) of the options
setWantClientAuth(true) which turns on JVM features on the SSL connection related to javax.net.ssl.SSLParameters.getWantClientAuth()
setNeedClientAuth(true) which turns on JVM features on the SSL connection related to javax.net.ssl.SSLParameters.getNeedClientAuth()
See more information on these settings in Java here - https://stackoverflow.com/a/14876605/775715

reach a webservice on a java angular project deployed on jetty 9.4.12

I have a java angular project that I deploy on jetty 9.4.12
Here is my web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Tourism Applicationwith Angular</display-name>
<description>
This is a simple web application with a source code organization
based on the recommendations of the Application Developer's Guide.
</description>
<display-name>Archetype Created Web Application</display-name>
<listener>
<listener-class>org.jboss.weld.environment.servlet.Listener</listener-class>
</listener>
<listener>
<listener-class>
org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
</listener-class>
</listener>
<resource-env-ref>
<description>Object factory for the CDI Bean Manager</description>
<resource-env-ref-name>BeanManager</resource-env-ref-name>
<resource-env-ref-type>javax.enterprise.inject.spi.BeanManager</resource-env-ref-type>
</resource-env-ref>
<servlet>
<servlet-name>Resteasy</servlet-name>
<servlet-class>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>webservice.TourismWebService</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>resteasy.injector.factory</param-name>
<param-value>org.jboss.resteasy.cdi.CdiInjectorFactory</param-value>
</context-param>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
Here is my web service
package webservice;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.cdi.CdiInjectorFactory;
import org.slf4j.Logger;
import business.TourismBusinessService;
import dto.SearchPathDto;
import dto.TourismPathDto;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
#Path("/tourism")
#Api(value = "analyses", description = "search path by userId, location and max distance")
#Produces(MediaType.APPLICATION_JSON)
#Consumes(MediaType.APPLICATION_JSON)
public class TourismWebService extends Application {
#Inject
private Logger logger;
#Inject
private TourismBusinessService tourismBusinessService;
#GET
#Path("searchPath/{userId}/{longitude}/{latitude}/{distanceMax}")
#ApiOperation("Get analysis by Id")
#ApiResponse(code = 200, message = "OK")
public Response searchPath(#PathParam("userId") long userId,#PathParam("longitude") double longitude,#PathParam("latitude") double latitude,#PathParam("distanceMax") double distanceMax) {
SearchPathDto responseDto = new SearchPathDto();
//org.jboss.resteasy.cdi.CdiInjectorFactory test = new org.jboss.resteasy.cdi.CdiInjectorFactory();
List<TourismPathDto> tourismPathDtoList = new ArrayList<>();
TourismPathDto tourismPathDto1 = new TourismPathDto();
tourismPathDto1.setCategoryId(1);
tourismPathDto1.setDistance((double)100);
tourismPathDto1.setLongitude(2.3313926);
tourismPathDto1.setLatitude(48.873278);
tourismPathDto1.setRoot("root1");
tourismPathDto1.setLeaf("leaf1");
tourismPathDto1.setWeight((double)2);
tourismPathDto1.setMark((double)3);
tourismPathDtoList.add(tourismPathDto1);
TourismPathDto tourismPathDto2 = new TourismPathDto();
tourismPathDto2.setCategoryId(2);
tourismPathDto2.setDistance((double)200);
tourismPathDto2.setLongitude(2.3368291);
tourismPathDto2.setLatitude(48.8747394);
tourismPathDto2.setRoot("root2");
tourismPathDto2.setLeaf("leaf2");
tourismPathDto2.setWeight((double)3);
tourismPathDto2.setMark((double)4);
tourismPathDtoList.add(tourismPathDto2);
responseDto.setDistanceMax(distanceMax);
responseDto.setLatitude(latitude);
responseDto.setLongitude(longitude);
responseDto.setUserId(userId);
responseDto.setTourismPathDtoList(tourismPathDtoList);
//SearchPathDto responseDto = tourismBusinessService.getTourismPathList(userId, longitude, latitude, distanceMax);
if (responseDto == null)
throw new WebApplicationException(Response.Status.NOT_FOUND);
return Response.ok(responseDto).build();
}
}
I ran jetty : java -jar start.jar
But when I try to reach the following web service
http://localhost:8080/tourism-services/tourism/searchPath/1/2.3313926/48.873278/200
I have a
HTTP ERROR 404
Problem accessing /tourism-services/tourism/searchPath/1/2.3313926/48.873278/200. Reason:
Not Found
error
Thank you for your help
Here is the continuation......
the jetty.xml that I modified is the following
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- =============================================================== -->
<!-- Documentation of this file format can be found at: -->
<!-- https://www.eclipse.org/jetty/documentation/current/ -->
<!-- -->
<!-- Additional configuration files are available in $JETTY_HOME/etc -->
<!-- and can be mixed in. See start.ini file for the default -->
<!-- configuration files. -->
<!-- -->
<!-- For a description of the configuration mechanism, see the -->
<!-- output of: -->
<!-- java -jar start.jar -? -->
<!-- =============================================================== -->
<!-- =============================================================== -->
<!-- Configure a Jetty Server instance with an ID "Server" -->
<!-- Other configuration files may also configure the "Server" -->
<!-- ID, in which case they are adding configuration to the same -->
<!-- instance. If other configuration have a different ID, they -->
<!-- will create and configure another instance of Jetty. -->
<!-- Consult the javadoc of o.e.j.server.Server for all -->
<!-- configuration that may be set here. -->
<!-- =============================================================== -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Arg name="threadpool"><Ref refid="threadPool"/></Arg>
<!-- =========================================================== -->
<!-- Add shared Scheduler instance -->
<!-- =========================================================== -->
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
</Arg>
</Call>
<Ref refid="DeploymentManager">
<Call name="addLifeCycleBinding">
<Arg>
<New
class="org.eclipse.jetty.cdi.servlet.WeldDeploymentBinding">
</New>
</Arg>
</Call>
</Ref>
<!-- =========================================================== -->
<!-- Http Configuration. -->
<!-- This is a common configuration instance used by all -->
<!-- connectors that can carry HTTP semantics (HTTP, HTTPS, etc.)-->
<!-- It configures the non wire protocol aspects of the HTTP -->
<!-- semantic. -->
<!-- -->
<!-- This configuration is only defined here and is used by -->
<!-- reference from other XML files such as jetty-http.xml, -->
<!-- jetty-https.xml and other configuration files which -->
<!-- instantiate the connectors. -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.HttpConfiguration -->
<!-- for all configuration that may be set here. -->
<!-- =========================================================== -->
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme"><Property name="jetty.httpConfig.secureScheme" default="https" /></Set>
<Set name="securePort"><Property name="jetty.httpConfig.securePort" deprecated="jetty.secure.port" default="8443" /></Set>
<Set name="outputBufferSize"><Property name="jetty.httpConfig.outputBufferSize" deprecated="jetty.output.buffer.size" default="32768" /></Set>
<Set name="outputAggregationSize"><Property name="jetty.httpConfig.outputAggregationSize" deprecated="jetty.output.aggregation.size" default="8192" /></Set>
<Set name="requestHeaderSize"><Property name="jetty.httpConfig.requestHeaderSize" deprecated="jetty.request.header.size" default="8192" /></Set>
<Set name="responseHeaderSize"><Property name="jetty.httpConfig.responseHeaderSize" deprecated="jetty.response.header.size" default="8192" /></Set>
<Set name="sendServerVersion"><Property name="jetty.httpConfig.sendServerVersion" deprecated="jetty.send.server.version" default="true" /></Set>
<Set name="sendDateHeader"><Property name="jetty.httpConfig.sendDateHeader" deprecated="jetty.send.date.header" default="false" /></Set>
<Set name="headerCacheSize"><Property name="jetty.httpConfig.headerCacheSize" default="4096" /></Set>
<Set name="delayDispatchUntilContent"><Property name="jetty.httpConfig.delayDispatchUntilContent" deprecated="jetty.delayDispatchUntilContent" default="true"/></Set>
<Set name="maxErrorDispatches"><Property name="jetty.httpConfig.maxErrorDispatches" default="10"/></Set>
<Set name="blockingTimeout"><Property deprecated="jetty.httpConfig.blockingTimeout" name="jetty.httpConfig.blockingTimeout.DEPRECATED" default="-1"/></Set>
<Set name="persistentConnectionsEnabled"><Property name="jetty.httpConfig.persistentConnectionsEnabled" default="true"/></Set>
<Set name="cookieCompliance"><Call class="org.eclipse.jetty.http.CookieCompliance" name="valueOf"><Arg><Property name="jetty.httpConfig.cookieCompliance" default="RFC6265"/></Arg></Call></Set>
<Set name="multiPartFormDataCompliance"><Call class="org.eclipse.jetty.server.MultiPartFormDataCompliance" name="valueOf"><Arg><Property name="jetty.httpConfig.multiPartFormDataCompliance" default="RFC7578"/></Arg></Call></Set>
</New>
<!-- =========================================================== -->
<!-- Set the default handler structure for the Server -->
<!-- A handler collection is used to pass received requests to -->
<!-- both the ContextHandlerCollection, which selects the next -->
<!-- handler by context path and virtual host, and the -->
<!-- DefaultHandler, which handles any requests not handled by -->
<!-- the context handlers. -->
<!-- Other handlers may be added to the "Handlers" collection, -->
<!-- for example the jetty-requestlog.xml file adds the -->
<!-- RequestLogHandler after the default handler -->
<!-- =========================================================== -->
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
<!-- =========================================================== -->
<!-- extra server options -->
<!-- =========================================================== -->
<Set name="stopAtShutdown"><Property name="jetty.server.stopAtShutdown" default="true"/></Set>
<Set name="stopTimeout"><Property name="jetty.server.stopTimeout" default="5000"/></Set>
<Set name="dumpAfterStart"><Property name="jetty.server.dumpAfterStart" deprecated="jetty.dump.start" default="false"/></Set>
<Set name="dumpBeforeStop"><Property name="jetty.server.dumpBeforeStop" deprecated="jetty.dump.stop" default="false"/></Set>
</Configure>
In this file, I added the following
<Ref refid="DeploymentManager">
<Call name="addLifeCycleBinding">
<Arg>
<New
class="org.eclipse.jetty.cdi.servlet.WeldDeploymentBinding">
</New>
</Arg>
</Call>
and I added this dependency to maven
<dependency>
<groupId>org.eclipse.jetty.cdi</groupId>
<artifactId>cdi-servlet</artifactId>
<version>9.4.12.v20180830</version>
</dependency>
But I got this error
MBP-de-Admin:jetty-distribution-9.4.12.v20180830 admin$ java -jar start.jar
2019-02-06 07:49:05.745:INFO::main: Logging initialized #841ms to org.eclipse.jetty.util.log.StdErrLog
2019-02-06 07:49:05.912:WARN:oejx.XmlConfiguration:main: Config error at <Ref refid="DeploymentManager"><Call name="addLifeCycleBinding"><Arg>| <New class="org.eclipse.jetty.cdi.servlet.WeldDeploymentBinding"/>| </Arg></Call></Ref> java.lang.IllegalStateException: No object for refid=DeploymentManager in file:/Users/admin/Application-Marwen/Jetty/jetty-distribution-9.4.12.v20180830/etc/jetty.xml
2019-02-06 07:49:05.913:WARN:oejx.XmlConfiguration:main:
java.lang.IllegalStateException: No object for refid=DeploymentManager
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.refObj(XmlConfiguration.java:891)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:487)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:413)
at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:311)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1558)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1512)

Unable to load Context Configuration by IoC XML inside WAR by jetty-9

I am trying to load my webcontext using jetty IoC.
My war name git.ctr-0.0.1-SNAPSHOT.war
My Jetty IoC xml file name ,
jetty-web.xml which is placed inside git.ctr-0.0.1-SNAPSHOT/WEB-INF/
As per document of jetty is says IoC file placed inside war file can be scanned by jetty-deployer and war can be deployed using XML .
Link http://www.eclipse.org/jetty/documentation/current/quickstart-config-what.html
My Ioc XML,
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="war"><SystemProperty name="jetty.home" default="."/>/webapps/git.ctr-0.0.1-SNAPSHOT.war</Set>
<Set name="contextPath">/git</Set>
<Get name="securityHandler">
<!-- Either: -->
<Set name="loginService">
<New class="matrix.git.ctr.MyLoginService">
<Set name="name">matrix-aa</Set>
<Set name="idpUrl">https://10.100.20.83:8091</Set>
</New>
</Set>
<!-- or if you defined a LoginService called "Test Realm" in jetty.xml : -->
<Set name="realmName">matrix-aa</Set>
</Get>
</Configure>
Please suggest how can this configuration loaded by jetty.

Passing Parameters using jetty contextHandler

I'm wanting to make some custom endpoints that point to another endpoint in my jetty setup. For example, I already have and endpoint like http://myserver.com/app that serves up a help page. Further, if I pass certain arguments, I get different pages. So for example http://myserver.com/app?app_id=56 might serve one app and http://myserver.com/app?app_id=48 might serve a static html page that documents functions.
For the sake of some of the users, I'd like to set up simple endpoints for a few of the commonly used apps. So if a user went to http://myserver.com/docs, they'd should see the same thing as http://myserver.com/app?app_id=48.
I've been trying to accomplish this with .xml Configuration files. So far I've got it almost working.
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.eclipse.org/configure.dtd">
<Configure class="org.eclipse.jetty.server.handler.ContextHandler">
<Set name="contextPath">/docs</Set>
<Set name="resourceBase">http://localhost:8080</Set>
<Set name="handler">
<New class="org.eclipse.jetty.server.handler.ResourceHandler">
<Set name="welcomeFiles">
<Array type="String">
<Item>app</Item>
</Array>
</Set>
<Set name="cacheControl">max-age=3600,public</Set>
</New>
</Set>
</Configure>
Using this config file going to /docs serves the aforementioned help page which I would normally see by loading http://myserver.com/app, my hangup is I can't figure out how to pass the appropriate app_id.
I think I may end up creating some sort of custom handler but I'm not exactly sure how to go about implementing it.
And just to complicate the issue, I also want to be able to pass some arbitrary parameter to my endpoint and have it passed along. So http://myserver.com/docs?foo=bar would display http://myserver.com/app?app_id=48&foo=bar.
Should I be going about this another way or can this all be accomplished through the config xml files?

If using Jetty 9.2+ you can just use the built-in static resource serving (magic provided by the deploy module)
Eg:
$ cd /path/to/my.base
$ ls -l webapps
total 4
lrwxrwxrwx. 1 joakim joakim 84 Oct 27 17:24 docs -> /opt/my/docs
$ java -jar /path/to/jetty-dist/start.jar
But if you really want to handle static resources with an XML ...
Don't use ContextHandler and ResourceHandler they are only for the most simplistic and naive of file serving scenarios.
Use an anonymous WebAppContext
Set resourceBase to the directory where your documents are
Here's how you setup a static file serving XML (done right)
$ cd /path/to/my.base
$ cat webapps/docs.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="contextPath">/docs</Set>
<Set name="resourceBase">/opt/my/docs</Set>
<Set name="defaultsDescriptor"><Property name="jetty.base" default="."/>/etc/docs-web.xml</Set>
</Configure>
$ cat etc/docs-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
metadata-complete="false"
version="3.1">
<servlet>
<servlet-name>default</servlet-name>
<servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
<init-param>
<param-name>aliases</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>acceptRanges</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>dirAllowed</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>welcomeServlets</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>redirectWelcome</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>maxCacheSize</param-name>
<param-value>256000000</param-value>
</init-param>
<init-param>
<param-name>maxCachedFileSize</param-name>
<param-value>200000000</param-value>
</init-param>
<init-param>
<param-name>maxCachedFiles</param-name>
<param-value>2048</param-value>
</init-param>
<init-param>
<param-name>gzip</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>etags</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>useFileMappedBuffer</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cacheControl</param-name>
<param-value>max-age=3600,public</param-value>
</init-param>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
</welcome-file-list>
</web-app>
$ java -jar /path/to/jetty-dist/start.jar

redirect from http to https in Jetty

I want make permanent redirect from http:// myurl to https:// myurl, but in Jetty I find only MovedContextHandler, with it I can redirect only context path, for examnple from myurl/bla to myurl/bla/bla
<Configure class="org.mortbay.jetty.handler.MovedContextHandler">
<Set name="contextPath">/bla</Set>
<Set name="newContextURL">/bla/bla</Set>
<Set name="permanent">true</Set>
<Set name="discardPathInfo">false</Set>
<Set name="discardQuery">false</Set>
</Configure>
but how can I work with prefix of url?

Best handled in your /WEB-INF/web.xml
<web-app>
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything in the webapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>