jetty · lachlan-roberts · Aug 26, 2024 · Jul 5, 2024 · Jul 5, 2024 · Jul 5, 2024
diff --git a/documentation/jetty/modules/code/examples/pom.xml b/documentation/jetty/modules/code/examples/pom.xml
@@ -26,6 +26,10 @@
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-client</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-ethereum</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-infinispan-embedded-query</artifactId>
@@ -54,6 +58,10 @@
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-session</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-slf4j-impl</artifactId>
+    </dependency>
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-unixdomain-server</artifactId>

diff --git a/...es/src/main/java/org/eclipse/jetty/docs/programming/security/siwe/SignInWithEthereum.java b/...es/src/main/java/org/eclipse/jetty/docs/programming/security/siwe/SignInWithEthereum.java
@@ -0,0 +1,58 @@
+//
+// ========================================================================
+// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+// which is available at https://www.apache.org/licenses/LICENSE-2.0.
+//
+// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+// ========================================================================
+//
+
+package org.eclipse.jetty.security.siwe.example;
+
+import java.io.PrintWriter;
+import java.nio.file.Paths;
+import java.util.Objects;
+
+import org.eclipse.jetty.http.HttpHeader;
+import org.eclipse.jetty.io.Content;
+import org.eclipse.jetty.security.AuthenticationState;
+import org.eclipse.jetty.security.Constraint;
+import org.eclipse.jetty.security.SecurityHandler;
+import org.eclipse.jetty.security.siwe.EthereumAuthenticator;
+import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.handler.ContextHandler;
+import org.eclipse.jetty.server.handler.ResourceHandler;
+import org.eclipse.jetty.session.SessionHandler;
+import org.eclipse.jetty.util.Callback;
+
+public class SignInWithEthereum
+{
+    public static SecurityHandler createSecurityHandler(Handler handler)
+    {
+        // tag::configureSecurityHandler[]
+        // This uses jetty-core, but you can configure a ConstraintSecurityHandler for use with EE10.
+        SecurityHandler.PathMapped securityHandler = new SecurityHandler.PathMapped();
+        securityHandler.setHandler(handler);
+        securityHandler.put("/*", Constraint.ANY_USER);
+
+        // Add the EthereumAuthenticator to the securityHandler.
+        EthereumAuthenticator authenticator = new EthereumAuthenticator();
+        securityHandler.setAuthenticator(authenticator);
+
+        // In embedded you can configure via EthereumAuthenticator APIs.
+        authenticator.setLoginPath("/login.html");
+
+        // Or you can configure with parameters on the SecurityHandler.
+        securityHandler.setParameter(EthereumAuthenticator.LOGIN_PATH_PARAM, "/login.html");
+        // end::configureSecurityHandler[]
+        return securityHandler;
+    }
+}
diff --git a/...a/org/eclipse/jetty/docs/programming/security/siwe/SignInWithEthereumEmbeddedExample.java b/...a/org/eclipse/jetty/docs/programming/security/siwe/SignInWithEthereumEmbeddedExample.java
@@ -0,0 +1,117 @@
+//
+// ========================================================================
+// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+// which is available at https://www.apache.org/licenses/LICENSE-2.0.
+//
+// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+// ========================================================================
+//
+
+package org.eclipse.jetty.docs.programming.security.siwe;
+
+import java.io.PrintWriter;
+import java.nio.file.Paths;
+import java.util.Objects;
+
+import org.eclipse.jetty.http.HttpHeader;
+import org.eclipse.jetty.io.Content;
+import org.eclipse.jetty.security.AuthenticationState;
+import org.eclipse.jetty.security.Constraint;
+import org.eclipse.jetty.security.SecurityHandler;
+import org.eclipse.jetty.security.siwe.EthereumAuthenticator;
+import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.server.Response;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.handler.ContextHandler;
+import org.eclipse.jetty.server.handler.ResourceHandler;
+import org.eclipse.jetty.session.SessionHandler;
+import org.eclipse.jetty.util.Callback;
+
+public class SignInWithEthereumEmbeddedExample
+{
+    public static void main(String[] args) throws Exception
+    {
+        Server server = new Server();
+        ServerConnector connector = new ServerConnector(server);
+        connector.setPort(8080);
+        server.addConnector(connector);
+
+        String resourcePath = Paths.get(Objects.requireNonNull(SignInWithEthereumEmbeddedExample.class.getClassLoader().getResource("")).toURI())
+            .resolve("../../src/main/resources/")
+            .normalize().toString();
+        System.err.println(resourcePath);
+        ResourceHandler resourceHandler = new ResourceHandler();
+        resourceHandler.setDirAllowed(false);
+        resourceHandler.setBaseResourceAsString(resourcePath);
+
+        Handler.Abstract handler = new Handler.Wrapper(resourceHandler)
+        {
+            @Override
+            public boolean handle(Request request, Response response, Callback callback) throws Exception
+            {
+                String pathInContext = Request.getPathInContext(request);
+                if ("/login.html".equals(pathInContext))
+                {
+                    return super.handle(request, response, callback);
+                }
+                else if ("/logout".equals(pathInContext))
+                {
+                    AuthenticationState.logout(request, response);
+                    Response.sendRedirect(request, response, callback, "/");
+                    callback.succeeded();
+                    return true;
+                }
+
+                AuthenticationState authState = Objects.requireNonNull(AuthenticationState.getAuthenticationState(request));
+                response.getHeaders().add(HttpHeader.CONTENT_TYPE, "text/html");
+                try (PrintWriter writer = new PrintWriter(Content.Sink.asOutputStream(response)))
+                {
+                    writer.write("UserPrincipal: " + authState.getUserPrincipal());
+                    writer.write("<br><a href=\"/logout\">Logout</a>");
+                }
+                callback.succeeded();
+                return true;
+            }
+        };
+
+        SecurityHandler securityHandler = createSecurityHandler(handler);
+        SessionHandler sessionHandler = new SessionHandler();
+        sessionHandler.setHandler(securityHandler);
+
+        ContextHandler contextHandler = new ContextHandler();
+        contextHandler.setContextPath("/");
+        contextHandler.setHandler(sessionHandler);
+
+        server.setHandler(contextHandler);
+        server.start();
+        server.join();
+    }
+
+    public static SecurityHandler createSecurityHandler(Handler handler)
+    {
+        // tag::configureSecurityHandler[]
+        // This uses jetty-core, but you can configure a ConstraintSecurityHandler for use with EE10.
+        SecurityHandler.PathMapped securityHandler = new SecurityHandler.PathMapped();
+        securityHandler.setHandler(handler);
+        securityHandler.put("/*", Constraint.ANY_USER);
+
+        // Add the EthereumAuthenticator to the securityHandler.
+        EthereumAuthenticator authenticator = new EthereumAuthenticator();
+        securityHandler.setAuthenticator(authenticator);
+
+        // In embedded you can configure via EthereumAuthenticator APIs.
+        authenticator.setLoginPath("/login.html");
+
+        // Or you can configure with parameters on the SecurityHandler.
+        securityHandler.setParameter(EthereumAuthenticator.LOGIN_PATH_PARAM, "/login.html");
+        // end::configureSecurityHandler[]
+
+        return securityHandler;
+    }
+}
diff --git a/documentation/jetty/modules/code/examples/src/main/resources/login.html b/documentation/jetty/modules/code/examples/src/main/resources/login.html
@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Sign-In with Ethereum</title>
+    <script src="https://cdn.jsdelivr.net/npm/web3@1.6.1/dist/web3.min.js"></script>
+</head>
+<body>
+<h4>Sign-In with Ethereum</h4>
+<button id="siwe">Sign-In with Ethereum</button>
+<form id="loginForm" action="/auth/login" method="POST" style="display: none;">
+    <input type="hidden" id="signatureField" name="signature">
+    <input type="hidden" id="messageField" name="message">
+</form>
+<p class="alert" style="display: none;">Result: <span id="siweResult"></span></p>
+
+<script>
+    let provider = window.ethereum;
+    let accounts;
+
+    if (!provider) {
+        document.getElementById('siweResult').innerText = 'MetaMask is not installed. Please install MetaMask to use this feature.';
+    } else {
+        document.getElementById('siwe').addEventListener('click', async () => {
+            try {
+                // Request account access if needed
+                accounts = await provider.request({ method: 'eth_requestAccounts' });
+                const domain = window.location.host;
+                const from = accounts[0];
+
+                // Fetch nonce from the server
+                const nonceResponse = await fetch('/auth/nonce');
+                const nonceData = await nonceResponse.json();
+                const nonce = nonceData.nonce;
+
+                const siweMessage = `${domain} wants you to sign in with your Ethereum account:\n${from}\n\nI accept the MetaMask Terms of Service: https://community.metamask.io/tos\n\nURI: https://${domain}\nVersion: 1\nChain ID: 1\nNonce: ${nonce}\nIssued At: ${new Date().toISOString()}`;
+                const signature = await provider.request({
+                    method: 'personal_sign',
+                    params: [siweMessage, from]
+                });
+                console.log("signature: " + signature)
+                console.log("nonce: " + nonce)
+                console.log("length: " + length)
+
+                document.getElementById('signatureField').value = signature;
+                document.getElementById('messageField').value = siweMessage;
+                document.getElementById('loginForm').submit();
+            } catch (error) {
+                console.error('Error during login:', error);
+                document.getElementById('siweResult').innerText = `Error: ${error.message}`;
+                document.getElementById('siweResult').parentElement.style.display = 'block';
+            }
+        });
+    }
+</script>
+</body>
+</html>
diff --git a/documentation/jetty/modules/programming-guide/nav.adoc b/documentation/jetty/modules/programming-guide/nav.adoc
@@ -43,6 +43,8 @@
 ** xref:troubleshooting/state-tracking.adoc[]
 ** xref:troubleshooting/component-dump.adoc[]
 ** xref:troubleshooting/debugging.adoc[]
+* Jetty Security
+** xref:security/siwe-support.adoc[]
 * Migration Guides
 ** xref:migration/94-to-10.adoc[]
 ** xref:migration/11-to-12.adoc[]