Details

JAAS can be used for two purposes:



for authentication of users, to reliably and securely determine who is currently executing Java code, regardless of whether the code is running as an application, an applet, a bean, or a servlet; and


for authorization of users to ensure they have the access control rights (permissions) required to do the actions performed.



Jetty support for JAAS as a means of bringing greater flexibility to the declarative security models of the J2EE.



NOTE: Please review the benchmark to ensure target compliance.


Solution

Configure a jetty org.eclipse.jetty.plus.jaas.JAASLoginService to match the in your web.xml file.
Set up your LoginModule in a configuration file
You now need to invoke jetty with support for jaas. This involves 3 elements:

adding extra jars to jetty's classpath
adding the jetty config file with the JAASLoginService declaration to the startup sequence
adding the jaas system property java.security.auth.login.config which specifies the location of your login module config file


This control applies to the following type of system Unix.


Source