gerrit.xml (https://eclipse.org/jetty/documentation/current/configuring-specific-webapp-deployment.html):

<Configure id="wac" class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="contextPath">/gerrit</Set>
  <Set name="war">/path/to/gerrit-2.11.1.war</Set>

  <New id="datasourceGerrit" class="org.eclipse.jetty.plus.jndi.Resource">
    <Arg><Ref refid='wac'/></Arg>
    <Arg>jdbc/ReviewDb</Arg>
    <Arg>
      <New class="org.h2.jdbcx.JdbcDataSource">
        <Set name="url">jdbc:h2:file:gerrit\db\ReviewDB</Set>
      </New>
    </Arg>
  </New>

  <Get name="securityHandler">
    <Set name="loginService">
      <New class="org.eclipse.jetty.security.HashLoginService">
        <Set name="name">GerritRealm</Set>
        <Set name="config"><SystemProperty name="jetty.base" default="."/>/etc/gerrit-realm.properties</Set>
      </New>
    </Set>
  </Get>

</Configure>

${jetty-base}/etc/gerrit-realm.properties:

username: password

in gerrit.war file add this to the web.xml file:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>basicauth</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>**</role-name>
    </auth-constraint>
  </security-constraint>

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>GerritRealm</realm-name>
  </login-config>