Installing the Jespa example webapp is the simplest way to get started with the HttpSecurityService and confirm that everything is working before trying to integerate it into your application.
The Jespa example webapp simply displays the identity of the user like this:
Your current identity is:
MEGA\abaker
These examples are protected by the Jespa HttpSecurityFilter and should be accessible only to authorized clients.
| IsMemberOf | Check group membership of authenticated user |
| Login | Perform a manual form-based login |
| Logout | Delete the session state for the Jespa HttpSecurityFilter |
It will also provide a list of options to check group membership, perform an explicit login or to logout.
Selecting Logout and then Back to index will delete the client's authentication state from the HTTP session and trigger re-authenticatation. This is useful when testing different properties and settings.
The following steps for installing the Jespa example webapp assume that the webapp context path is jespa and that the container supports automatically deploying an exploded webapp (like Tomcat or Jetty). Interpolate as necessary for your environment.
Download and extract the Jespa package (into the application base directory in this example).
From the Jespa package, copy the examples\jespa directory (or symlink it) into your container webapps directory.
With the Java application server running, run HssSetup to generate the HSS properties file.
If you have already generated thie properties file, just copy it into webapps\jespa\WEB-INF and skip to the next step.
Otherwise, for Windows, run:
>jespa-2.1.0\bin\HssSetup.bat webapps\jespa\WEB-INF\jespa1.prp
or for Linux / macOS, run:
$ jespa-2.1.0/bin/HssSetup.sh webapps/jespa/WEB-INF/jespa1.prp
Note: These scripts assume that java is in your PATH. If that's a problem, edit the script to set the full path to java.
See also: Install the HttpSecurityService for Windows Silent SSO with SPNEGO
See also: The HssSetup Console Menu Program
Assuming the new Computer account was created successfully, open the webapps\jespa\WEB-INF\jespa1.prp properties file with a text editor and add or modify the following application specific properties to be:
# Application Specific Properties http.parameter.username.name = username http.parameter.password.name = password http.parameter.logout.name = logout fallback.location = /jespa/Login.jsp excludes = /Login.jsp
The complete example file might look like the following:
# IOPLEX Jespa HttpSecurityService properties # for Windows Silent SSO # # Set the properties.path init-param in the # web.xml to reference this file provider.classname = jespa.spnego.SpnegoSecurityProvider # Application Specific Properties http.parameter.username.name = username http.parameter.password.name = password http.parameter.logout.name = logout fallback.location = /jespa/Login.jsp excludes = /Login.jsp # Require SPN and Channel Bindings (EPA) #bindings.targetSpns.policy = 2 #bindings.cert.hash.policy = 2 bindings.cert.url = https://rkyas15.mega.corp:8443 bindings.cert.hash = 271965EF93EEA33A3FC09170F2870108 bindings.targetSpns = HTTP/rkyas15.mega.corp # SecurityProvider properties jespa.log.path = logs/jespa.log jespa.log.level = 4 jespa.account.canonicalForm = 3 jespa.dns.servers = 10.44.100.22 jespa.dns.site = Default-First-Site-Name jespa.service.acctname = jespa1$@mega.corp jespa.service.password = DN8?8mi7M7m9%5S5v4_k#v+IQ4YA87fs # uncomment bindstr for testing jespa.bindstr = dcb3.mega.corp
Edit webapps\jespa\WEB-INF\web.xml and set properties.path to /WEB-INF/jespa1.prp .
Copy the Jespa jespa-jakarta-2.1.0.jar (or jespa-2.1.0.jar for a pre-Jakarta application server) into the webapps\jespa\WEB-INF\lib\ directory.
Reload the webapp and visit the /jespa/index.jsp resource.
If you get the network password dialog, run inetcpl.cpl and add the target URL base as described in Modify browser client settings to perform Silent SSO.