====== Configuring jetty webserver in embedded mode ======
Here's how to configure [[http://www.eclipse.org/jetty/|Jetty Webserver]] in embedded mode to obtain
  * Servlet holder
  * memory based sessions
  * cookie based session tracking
  * server for static files
  * common filter (class Authenticationfilter, see below) for servlets and static files 

<code java>
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;

import javax.servlet.DispatcherType;
import javax.servlet.SessionTrackingMode;

[...]

	private static void startServer(Configuration config) throws Exception {

		Server server = new Server(8080);

		//Init servlet context
		ServletContextHandler context = new ServletContextHandler(
				ServletContextHandler.SESSIONS);
		context.setContextPath("/");
		context.addFilter(AuthenticationFilter.class, "/*",
				EnumSet.of(DispatcherType.REQUEST));


		//Memory based session handling
		SessionHandler sessionHandler = new SessionHandler();
		sessionHandler.setSessionTrackingModes(EnumSet
				.of(SessionTrackingMode.COOKIE));

		context.setSessionHandler(sessionHandler);

		// if needed use this to set Attributes on servlet context
		// context.setAttribute(CONNECTION_POOL, connectionPool);

		// Jetty should also serve static files
		ServletHolder staticHolder = new ServletHolder(new DefaultServlet());
		staticHolder.setInitParameter("resourceBase", "WebContent"); // static content is in Directory "WebContent"
		staticHolder.setInitParameter("pathInfoOnly", "true");
		staticHolder.setInitParameter("dirAllowed", "false");
		// register staticHolder with same context as servlets so that 
		// Authenticationfilter is also invoked
		context.addServlet(staticHolder, "/*"); 	

                // I have plugins which have their own static files. 
                // Here's how i setup their webcontent directories:
		for (Plugin plugin : ModuleManager.getPlugins()) {

			staticHolder = new ServletHolder(new DefaultServlet());
			staticHolder.setInitParameter("resourceBase", plugin
					.getWebContentDir().toAbsolutePath().toString());
			staticHolder.setInitParameter("pathInfoOnly", "true");
			staticHolder.setInitParameter("dirAllowed", "false");
			context.addServlet(staticHolder,
					"/modules/" + plugin.getIdentifier() + "/*");

		}

		// Examples for registering servlets.
		context.addServlet(LoginServlet.class, "/login/*");
		context.addServlet(MainFrameServlet.class, "/main/*"); 
		context.addServlet(ProgressServlet.class, "/progress");
		context.addServlet(DefinitionsServlet.class, "/definitions");
		context.addServlet(HtmlFragmentServlet.class, "/fragments/*");

		// register servlets of modules and plugins
		ModuleManager.addServlets(context);

		// Add default servlet for 404 Error messages
		context.addServlet(DefaultServlet.class, "/");

		server.setHandler(context);

		server.start();
		server.join();

	}
</code>

Here's the sceleton of my Authenticationfilter class:

<code java>
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


public class AuthenticationFilter implements Filter {

	@Override
	public void destroy() {

	}

	@Override
	public void doFilter(ServletRequest req, ServletResponse resp,
			FilterChain chain) throws IOException, ServletException {

		long time = System.currentTimeMillis();

		// Before servlet
		HttpServletRequest request = (HttpServletRequest) req;
		HttpServletResponse response = (HttpServletResponse) resp;

		boolean allowedRequest = false;

		String pathInfo = request.getPathInfo();
		String servletPath = request.getServletPath();
		// System.out.println("pathInfo:" + pathInfo);

                // static files in folder /public and servlet with path /login are served without valid session:
		if (pathInfo != null && pathInfo.startsWith("/public/")
				|| servletPath != null && (servletPath.equals("/login"))) {
			allowedRequest = true;
		} else {

			HttpSession session = request.getSession();
			User user = (User) session.getAttribute("user");

                        allowedRequest = ... test if user has valid credentials ...
                    
		}

		if (allowedRequest) {
			// Invoke servlet
			chain.doFilter(request, response);

			time = System.currentTimeMillis() - time;
			Logger logger = LoggerFactory.getLogger(AuthenticationFilter.class);
			logger.info("Request " + request.getRequestURI() + ": " + time
					+ " ms");

			// After servlet
		} else {
			response.sendRedirect("/login");
		}

	}

	@Override
	public void init(FilterConfig arg0) throws ServletException {

	}

}

</code>