@Override
  protected void doStart() throws Exception {
    // copy security init parameters
    ContextHandler.Context context = ContextHandler.getCurrentContext();
    if (context != null) {
      Enumeration<String> names = context.getInitParameterNames();
      while (names != null && names.hasMoreElements()) {
        String name = names.nextElement();
        if (name.startsWith("org.eclipse.jetty.security.") && getInitParameter(name) == null)
          setInitParameter(name, context.getInitParameter(name));
      }
    }

    // complicated resolution of login and identity service to handle
    // many different ways these can be constructed and injected.

    if (_loginService == null) {
      setLoginService(findLoginService());
      if (_loginService != null) unmanage(_loginService);
    }

    if (_identityService == null) {
      if (_loginService != null) setIdentityService(_loginService.getIdentityService());

      if (_identityService == null) setIdentityService(findIdentityService());

      if (_identityService == null) {
        if (_realmName != null) {
          setIdentityService(new DefaultIdentityService());
          manage(_identityService);
        }
      } else unmanage(_identityService);
    }

    if (_loginService != null) {
      if (_loginService.getIdentityService() == null)
        _loginService.setIdentityService(_identityService);
      else if (_loginService.getIdentityService() != _identityService)
        throw new IllegalStateException("LoginService has different IdentityService to " + this);
    }

    Authenticator.Factory authenticatorFactory = getAuthenticatorFactory();
    if (_authenticator == null && authenticatorFactory != null && _identityService != null)
      setAuthenticator(
          authenticatorFactory.getAuthenticator(
              getServer(),
              ContextHandler.getCurrentContext(),
              this,
              _identityService,
              _loginService));

    if (_authenticator != null) _authenticator.setConfiguration(this);
    else if (_realmName != null) {
      LOG.warn("No Authenticator for " + this);
      throw new IllegalStateException("No Authenticator");
    }

    super.doStart();
  }
  @Override
  protected void doStart() throws Exception {
    // copy security init parameters
    ContextHandler.Context context = ContextHandler.getCurrentContext();
    if (context != null) {
      Enumeration<String> names = context.getInitParameterNames();
      while (names != null && names.hasMoreElements()) {
        String name = names.nextElement();
        if (name.startsWith("org.eclipse.jetty.security.") && getInitParameter(name) == null)
          setInitParameter(name, context.getInitParameter(name));
      }

      // register a session listener to handle securing sessions when authentication is performed
      context
          .getContextHandler()
          .addEventListener(
              new HttpSessionListener() {
                @Override
                public void sessionDestroyed(HttpSessionEvent se) {}

                @Override
                public void sessionCreated(HttpSessionEvent se) {
                  // if current request is authenticated, then as we have just created the session,
                  // mark it as secure, as it has not yet been returned to a user
                  HttpChannel channel = HttpChannel.getCurrentHttpChannel();

                  if (channel == null) return;
                  Request request = channel.getRequest();
                  if (request == null) return;

                  if (request.isSecure()) {
                    se.getSession()
                        .setAttribute(
                            AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED, Boolean.TRUE);
                  }
                }
              });
    }

    // complicated resolution of login and identity service to handle
    // many different ways these can be constructed and injected.

    if (_loginService == null) {
      setLoginService(findLoginService());
      if (_loginService != null) unmanage(_loginService);
    }

    if (_identityService == null) {
      if (_loginService != null) setIdentityService(_loginService.getIdentityService());

      if (_identityService == null) setIdentityService(findIdentityService());

      if (_identityService == null) {
        if (_realmName != null) {
          setIdentityService(new DefaultIdentityService());
          manage(_identityService);
        }
      } else unmanage(_identityService);
    }

    if (_loginService != null) {
      if (_loginService.getIdentityService() == null)
        _loginService.setIdentityService(_identityService);
      else if (_loginService.getIdentityService() != _identityService)
        throw new IllegalStateException("LoginService has different IdentityService to " + this);
    }

    Authenticator.Factory authenticatorFactory = getAuthenticatorFactory();
    if (_authenticator == null && authenticatorFactory != null && _identityService != null)
      setAuthenticator(
          authenticatorFactory.getAuthenticator(
              getServer(),
              ContextHandler.getCurrentContext(),
              this,
              _identityService,
              _loginService));

    if (_authenticator != null) _authenticator.setConfiguration(this);
    else if (_realmName != null) {
      LOG.warn("No Authenticator for " + this);
      throw new IllegalStateException("No Authenticator");
    }

    super.doStart();
  }