You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Gerald Kallas <ca...@mailbox.org> on 2020/06/28 16:12:25 UTC
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Hi all,
I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
With both entries, as you found Grzegorz, the authentication doesn't work.
Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
Best
- Gerald
2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
at java.lang.Class.forName0(Native Method) ~[?:?]
at java.lang.Class.forName(Class.java:398) ~[?:?]
at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
... 62 more
> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>
>
> Hello
>
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
>
> But I checked how it works with pax-web-jetty in the debugger.
>
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
>
> else if (list.size() == 1)
> service = list.iterator().next();
>
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
>
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
>
> Now, with your Camel route, I got:
>
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
>
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
>
> In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
>
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
>
> regards
> Grzegorz Grzybek
>
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> napisał(a):
>
> > Hi,
> >
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> >
> > Can be found here:
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > and here:
> >
> > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >
> > regards, Achim
> >
> >
> > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > >:
> >
> > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > Maybe somebody from the Pax-Web team can help you.
> > > The only suspicious thing is the warning:
> > >
> > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> > > Which suggest something is misconfigured.
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > wrote:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Thanks, I saw the Jira. I will take a look.
Regards
JB
> Le 29 juin 2020 à 09:26, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> See for detailed description and code sample the ticket
>
> https://issues.apache.org/jira/browse/KARAF-6772
>
> Best
> - Gerald
>
>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 08:34 geschrieben:
>>
>>
>> Thanks, I will take a look.
>>
>> Regards
>> JB
>>
>>> Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
>>>
>>> I'm going to create the tickets for the issues. We may extend these so far with additional information.
>>>
>>> Best
>>> - Gerald
>>>
>>>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>>>>
>>>>
>>>> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>>>>
>>>> Regards
>>>> JB
>>>>
>>>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>>>>>
>>>>> I think it's good to have the details shared in public.
>>>>>
>>>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
>>>>> Hi,
>>>>>
>>>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>>>>
>>>>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>>>>
>>>>> Thanks,
>>>>> Regards
>>>>> JB
>>>>>
>>>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>>>>>
>>>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>>>>
>>>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>>>>
>>>>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
>>>>>>>
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>>>>
>>>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>>>>>>
>>>>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>>>>
>>>>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>>>>>>
>>>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>>>>>>
>>>>>>> Best
>>>>>>> - Gerald
>>>>>>>
>>>>>>>
>>>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>>>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>>>>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>>>>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>>>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>>>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>>>>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>>>>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>>>>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>>>>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>>>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>>>>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>>>>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>>>>>>> ... 62 more
>>>>>>>
>>>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hello
>>>>>>>>
>>>>>>>> I have some answer. First, the "http context processing" feature was mainly
>>>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>>>>>>> pax-web-undertow.
>>>>>>>>
>>>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>>>>
>>>>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>>>>>>> this:
>>>>>>>>
>>>>>>>> else if (list.size() == 1)
>>>>>>>> service = list.iterator().next();
>>>>>>>>
>>>>>>>> So I simply made it working by ensuring there's only one
>>>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>>>>
>>>>>>>> list = {java.util.ArrayList@9544} size = 1
>>>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>>>> LOG: org.eclipse.jetty.util.log.Logger =
>>>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>>>>>>> {java.lang.String[1]@9551}
>>>>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>>>>>>> _callbackHandlerClass: java.lang.String = null
>>>>>>>> _realmName: java.lang.String = "karaf"
>>>>>>>> _loginModuleName: java.lang.String = "karaf"
>>>>>>>>
>>>>>>>> Now, with your Camel route, I got:
>>>>>>>>
>>>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>>>> * Trying ::1:8181...
>>>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>>>> Host: localhost:8181
>>>>>>>>> User-Agent: curl/7.69.1
>>>>>>>>> Accept: */*
>>>>>>>>>
>>>>>>>> * Mark bundle as not supporting multiuse
>>>>>>>> < HTTP/1.1 404 Not Found
>>>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>>>> < Content-Length: 456
>>>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>>>> <
>>>>>>>>
>>>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>>>> * Trying ::1:8181...
>>>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>>>> Host: localhost:8181
>>>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>>>> User-Agent: curl/7.69.1
>>>>>>>>> Accept: */*
>>>>>>>>>
>>>>>>>> * Mark bundle as not supporting multiuse
>>>>>>>> < HTTP/1.1 200 OK
>>>>>>>> < Content-Type: application/json
>>>>>>>> < Accept: */*
>>>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>>>> < User-Agent: curl/7.69.1
>>>>>>>> < Transfer-Encoding: chunked
>>>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>>>> <
>>>>>>>> * Connection #0 to host localhost left intact
>>>>>>>> "Hello World"
>>>>>>>>
>>>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>>>> <Configure> element) instance of SecurityHandler and simply set there the
>>>>>>>> "realmName" property to "Karaf", so even with two different beans with
>>>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>>>>>>> right one. But in Pax Web security handler is part of every
>>>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>>>>
>>>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>>>>>>> etc/jetty.xml
>>>>>>>>
>>>>>>>> regards
>>>>>>>> Grzegorz Grzybek
>>>>>>>>
>>>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
>>>>>>>> napisał(a):
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I already also answered Gerald in another mail.
>>>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>>>> http-context used in his application isn't bound to the underlying security
>>>>>>>>> realm.
>>>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>>>> done in his own application, using his own http-Context.
>>>>>>>>>
>>>>>>>>> Can be found here:
>>>>>>>>>
>>>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>>>>
>>>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>>>> and here:
>>>>>>>>>
>>>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>>>>
>>>>>>>>> regards, Achim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
>>>>>>>>>> :
>>>>>>>>>
>>>>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>>>> The only suspicious thing is the warning:
>>>>>>>>>>
>>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Which suggest something is misconfigured.
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Alex soto
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Apache Member
>>>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>>>> Project Lead
>>>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>>>>
>>>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
See for detailed description and code sample the ticket
https://issues.apache.org/jira/browse/KARAF-6772
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 08:34 geschrieben:
>
>
> Thanks, I will take a look.
>
> Regards
> JB
>
> > Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
> >
> > I'm going to create the tickets for the issues. We may extend these so far with additional information.
> >
> > Best
> > - Gerald
> >
> >> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
> >>
> >>
> >> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
> >>
> >> Regards
> >> JB
> >>
> >>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
> >>>
> >>> I think it's good to have the details shared in public.
> >>>
> >>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> >>> Hi,
> >>>
> >>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> >>>
> >>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> >>>
> >>> Thanks,
> >>> Regards
> >>> JB
> >>>
> >>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> >>>>
> >>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> >>>>
> >>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> >>>>
> >>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> >>>>>
> >>>>>
> >>>>> Hi all,
> >>>>>
> >>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>>>>
> >>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> >>>>>
> >>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>>>>
> >>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
> >>>>>
> >>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> >>>>>
> >>>>> Best
> >>>>> - Gerald
> >>>>>
> >>>>>
> >>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> >>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> >>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> >>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> >>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> >>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> >>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> >>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> >>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> >>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> >>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> >>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> >>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> >>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> >>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
> >>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> >>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> >>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> >>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
> >>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> >>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> >>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> >>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> >>>>> ... 62 more
> >>>>>
> >>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> >>>>>>
> >>>>>>
> >>>>>> Hello
> >>>>>>
> >>>>>> I have some answer. First, the "http context processing" feature was mainly
> >>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>>>>> pax-web-undertow.
> >>>>>>
> >>>>>> But I checked how it works with pax-web-jetty in the debugger.
> >>>>>>
> >>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> >>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>>>>> With default etc/jetty.xml, there are TWO beans with
> >>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> >>>>>> this:
> >>>>>>
> >>>>>> else if (list.size() == 1)
> >>>>>> service = list.iterator().next();
> >>>>>>
> >>>>>> So I simply made it working by ensuring there's only one
> >>>>>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>>>>
> >>>>>> list = {java.util.ArrayList@9544} size = 1
> >>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>>>>> "JAASLoginService@7ba67d0b{STARTED}"
> >>>>>> LOG: org.eclipse.jetty.util.log.Logger =
> >>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>>>>> "org.eclipse.jetty.jaas.JAASRole"
> >>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>>>>> {java.lang.String[1]@9551}
> >>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>>>>> _callbackHandlerClass: java.lang.String = null
> >>>>>> _realmName: java.lang.String = "karaf"
> >>>>>> _loginModuleName: java.lang.String = "karaf"
> >>>>>>
> >>>>>> Now, with your Camel route, I got:
> >>>>>>
> >>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>>>>> * Trying ::1:8181...
> >>>>>> * Connected to localhost (::1) port 8181 (#0)
> >>>>>>> GET /camel/api/say/hello HTTP/1.1
> >>>>>>> Host: localhost:8181
> >>>>>>> User-Agent: curl/7.69.1
> >>>>>>> Accept: */*
> >>>>>>>
> >>>>>> * Mark bundle as not supporting multiuse
> >>>>>> < HTTP/1.1 404 Not Found
> >>>>>> < Cache-Control: must-revalidate,no-cache,no-store
> >>>>>> < Content-Type: text/html;charset=iso-8859-1
> >>>>>> < Content-Length: 456
> >>>>>> < Server: Jetty(9.4.22.v20191022)
> >>>>>> <
> >>>>>>
> >>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>>>>> * Trying ::1:8181...
> >>>>>> * Connected to localhost (::1) port 8181 (#0)
> >>>>>> * Server auth using Basic with user 'karaf'
> >>>>>>> GET /camel/api/say/hello HTTP/1.1
> >>>>>>> Host: localhost:8181
> >>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>>>>> User-Agent: curl/7.69.1
> >>>>>>> Accept: */*
> >>>>>>>
> >>>>>> * Mark bundle as not supporting multiuse
> >>>>>> < HTTP/1.1 200 OK
> >>>>>> < Content-Type: application/json
> >>>>>> < Accept: */*
> >>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>>>>> < User-Agent: curl/7.69.1
> >>>>>> < Transfer-Encoding: chunked
> >>>>>> < Server: Jetty(9.4.22.v20191022)
> >>>>>> <
> >>>>>> * Connection #0 to host localhost left intact
> >>>>>> "Hello World"
> >>>>>>
> >>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>>>>> <Configure> element) instance of SecurityHandler and simply set there the
> >>>>>> "realmName" property to "Karaf", so even with two different beans with
> >>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>>>>> right one. But in Pax Web security handler is part of every
> >>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>>>>
> >>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>>>>> etc/jetty.xml
> >>>>>>
> >>>>>> regards
> >>>>>> Grzegorz Grzybek
> >>>>>>
> >>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> >>>>>> napisał(a):
> >>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> I already also answered Gerald in another mail.
> >>>>>>> I'm not quite sure but what might be an issue, is that the default
> >>>>>>> http-context used in his application isn't bound to the underlying security
> >>>>>>> realm.
> >>>>>>> Therefore it's quite a possibility that there needs to be a configuration
> >>>>>>> done in his own application, using his own http-Context.
> >>>>>>>
> >>>>>>> Can be found here:
> >>>>>>>
> >>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> >>>>>>>
> >>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> >>>>>>> and here:
> >>>>>>>
> >>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> >>>>>>>
> >>>>>>> regards, Achim
> >>>>>>>
> >>>>>>>
> >>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> >>>>>>>> :
> >>>>>>>
> >>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>>>>> The only suspicious thing is the warning:
> >>>>>>>>
> >>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Which suggest something is misconfigured.
> >>>>>>>>
> >>>>>>>> Best regards,
> >>>>>>>> Alex soto
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> >>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>>
> >>>>>>> Apache Member
> >>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> >>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> >>>>>>> Project Lead
> >>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> >>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> >>>>>>>
> >>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Thanks, I will take a look.
Regards
JB
> Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I'm going to create the tickets for the issues. We may extend these so far with additional information.
>
> Best
> - Gerald
>
>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>>
>>
>> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>>
>> Regards
>> JB
>>
>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>>>
>>> I think it's good to have the details shared in public.
>>>
>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
>>> Hi,
>>>
>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>>
>>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>>
>>> Thanks,
>>> Regards
>>> JB
>>>
>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>>>
>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>>
>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>>
>>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
>>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>>
>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>>>>
>>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>>
>>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>>>>
>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>>>>
>>>>> Best
>>>>> - Gerald
>>>>>
>>>>>
>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>>>>> ... 62 more
>>>>>
>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
>>>>>>
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> I have some answer. First, the "http context processing" feature was mainly
>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>>>>> pax-web-undertow.
>>>>>>
>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>>
>>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>>>>> this:
>>>>>>
>>>>>> else if (list.size() == 1)
>>>>>> service = list.iterator().next();
>>>>>>
>>>>>> So I simply made it working by ensuring there's only one
>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>>
>>>>>> list = {java.util.ArrayList@9544} size = 1
>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>> LOG: org.eclipse.jetty.util.log.Logger =
>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>>>>> {java.lang.String[1]@9551}
>>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>>>>> _callbackHandlerClass: java.lang.String = null
>>>>>> _realmName: java.lang.String = "karaf"
>>>>>> _loginModuleName: java.lang.String = "karaf"
>>>>>>
>>>>>> Now, with your Camel route, I got:
>>>>>>
>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 404 Not Found
>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>> < Content-Length: 456
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>>
>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 200 OK
>>>>>> < Content-Type: application/json
>>>>>> < Accept: */*
>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>> < User-Agent: curl/7.69.1
>>>>>> < Transfer-Encoding: chunked
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>> * Connection #0 to host localhost left intact
>>>>>> "Hello World"
>>>>>>
>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>> <Configure> element) instance of SecurityHandler and simply set there the
>>>>>> "realmName" property to "Karaf", so even with two different beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>>>>> right one. But in Pax Web security handler is part of every
>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>>
>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>>>>> etc/jetty.xml
>>>>>>
>>>>>> regards
>>>>>> Grzegorz Grzybek
>>>>>>
>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
>>>>>> napisał(a):
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I already also answered Gerald in another mail.
>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>> http-context used in his application isn't bound to the underlying security
>>>>>>> realm.
>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>> done in his own application, using his own http-Context.
>>>>>>>
>>>>>>> Can be found here:
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>> and here:
>>>>>>>
>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>>
>>>>>>> regards, Achim
>>>>>>>
>>>>>>>
>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
>>>>>>>> :
>>>>>>>
>>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>> The only suspicious thing is the warning:
>>>>>>>>
>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>> Which suggest something is misconfigured.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Alex soto
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Apache Member
>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>> Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>>
>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Thanks, I will take a look.
Regards
JB
> Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I'm going to create the tickets for the issues. We may extend these so far with additional information.
>
> Best
> - Gerald
>
>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>>
>>
>> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>>
>> Regards
>> JB
>>
>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>>>
>>> I think it's good to have the details shared in public.
>>>
>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
>>> Hi,
>>>
>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>>
>>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>>
>>> Thanks,
>>> Regards
>>> JB
>>>
>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>>>
>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>>
>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>>
>>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
>>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>>
>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>>>>
>>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>>
>>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>>>>
>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>>>>
>>>>> Best
>>>>> - Gerald
>>>>>
>>>>>
>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>>>>> ... 62 more
>>>>>
>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
>>>>>>
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> I have some answer. First, the "http context processing" feature was mainly
>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>>>>> pax-web-undertow.
>>>>>>
>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>>
>>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>>>>> this:
>>>>>>
>>>>>> else if (list.size() == 1)
>>>>>> service = list.iterator().next();
>>>>>>
>>>>>> So I simply made it working by ensuring there's only one
>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>>
>>>>>> list = {java.util.ArrayList@9544} size = 1
>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>> LOG: org.eclipse.jetty.util.log.Logger =
>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>>>>> {java.lang.String[1]@9551}
>>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>>>>> _callbackHandlerClass: java.lang.String = null
>>>>>> _realmName: java.lang.String = "karaf"
>>>>>> _loginModuleName: java.lang.String = "karaf"
>>>>>>
>>>>>> Now, with your Camel route, I got:
>>>>>>
>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 404 Not Found
>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>> < Content-Length: 456
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>>
>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 200 OK
>>>>>> < Content-Type: application/json
>>>>>> < Accept: */*
>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>> < User-Agent: curl/7.69.1
>>>>>> < Transfer-Encoding: chunked
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>> * Connection #0 to host localhost left intact
>>>>>> "Hello World"
>>>>>>
>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>> <Configure> element) instance of SecurityHandler and simply set there the
>>>>>> "realmName" property to "Karaf", so even with two different beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>>>>> right one. But in Pax Web security handler is part of every
>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>>
>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>>>>> etc/jetty.xml
>>>>>>
>>>>>> regards
>>>>>> Grzegorz Grzybek
>>>>>>
>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
>>>>>> napisał(a):
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I already also answered Gerald in another mail.
>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>> http-context used in his application isn't bound to the underlying security
>>>>>>> realm.
>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>> done in his own application, using his own http-Context.
>>>>>>>
>>>>>>> Can be found here:
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>> and here:
>>>>>>>
>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>>
>>>>>>> regards, Achim
>>>>>>>
>>>>>>>
>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
>>>>>>>> :
>>>>>>>
>>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>> The only suspicious thing is the warning:
>>>>>>>>
>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>> Which suggest something is misconfigured.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Alex soto
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Apache Member
>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>> Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>>
>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I'm going to create the tickets for the issues. We may extend these so far with additional information.
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>
>
> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>
> Regards
> JB
>
> > Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
> >
> > I think it's good to have the details shared in public.
> >
> > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> > Hi,
> >
> > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> >
> > Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> >
> > Thanks,
> > Regards
> > JB
> >
> > > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> > >
> > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> > >
> > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> > >
> > >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> > >>
> > >>
> > >> Hi all,
> > >>
> > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> > >>
> > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> > >>
> > >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> > >>
> > >> With both entries, as you found Grzegorz, the authentication doesn't work.
> > >>
> > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> > >>
> > >> Best
> > >> - Gerald
> > >>
> > >>
> > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> > >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> > >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> > >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> > >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> > >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> > >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> > >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> > >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> > >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> > >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> > >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at java.lang.Thread.run(Thread.java:834) [?:?]
> > >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> > >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> > >> at java.lang.Class.forName0(Native Method) ~[?:?]
> > >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> > >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> > >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> > >> ... 62 more
> > >>
> > >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> > >>>
> > >>>
> > >>> Hello
> > >>>
> > >>> I have some answer. First, the "http context processing" feature was mainly
> > >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> > >>> pax-web-undertow.
> > >>>
> > >>> But I checked how it works with pax-web-jetty in the debugger.
> > >>>
> > >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> > >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> > >>> With default etc/jetty.xml, there are TWO beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class and
> > >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > >>> this:
> > >>>
> > >>> else if (list.size() == 1)
> > >>> service = list.iterator().next();
> > >>>
> > >>> So I simply made it working by ensuring there's only one
> > >>> org.eclipse.jetty.jaas.JAASLoginService:
> > >>>
> > >>> list = {java.util.ArrayList@9544} size = 1
> > >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > >>> "JAASLoginService@7ba67d0b{STARTED}"
> > >>> LOG: org.eclipse.jetty.util.log.Logger =
> > >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > >>> "org.eclipse.jetty.jaas.JAASRole"
> > >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > >>> {java.lang.String[1]@9551}
> > >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > >>> _callbackHandlerClass: java.lang.String = null
> > >>> _realmName: java.lang.String = "karaf"
> > >>> _loginModuleName: java.lang.String = "karaf"
> > >>>
> > >>> Now, with your Camel route, I got:
> > >>>
> > >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 404 Not Found
> > >>> < Cache-Control: must-revalidate,no-cache,no-store
> > >>> < Content-Type: text/html;charset=iso-8859-1
> > >>> < Content-Length: 456
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>>
> > >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>> * Server auth using Basic with user 'karaf'
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 200 OK
> > >>> < Content-Type: application/json
> > >>> < Accept: */*
> > >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> > >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > >>> < User-Agent: curl/7.69.1
> > >>> < Transfer-Encoding: chunked
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>> * Connection #0 to host localhost left intact
> > >>> "Hello World"
> > >>>
> > >>> In theory it should be possible to grab (in etc/jetty.xml, using
> > >>> <Configure> element) instance of SecurityHandler and simply set there the
> > >>> "realmName" property to "Karaf", so even with two different beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > >>> right one. But in Pax Web security handler is part of every
> > >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> > >>>
> > >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > >>> etc/jetty.xml
> > >>>
> > >>> regards
> > >>> Grzegorz Grzybek
> > >>>
> > >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> > >>> napisał(a):
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> I already also answered Gerald in another mail.
> > >>>> I'm not quite sure but what might be an issue, is that the default
> > >>>> http-context used in his application isn't bound to the underlying security
> > >>>> realm.
> > >>>> Therefore it's quite a possibility that there needs to be a configuration
> > >>>> done in his own application, using his own http-Context.
> > >>>>
> > >>>> Can be found here:
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> > >>>> and here:
> > >>>>
> > >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> > >>>>
> > >>>> regards, Achim
> > >>>>
> > >>>>
> > >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> > >>>>> :
> > >>>>
> > >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> > >>>>> Maybe somebody from the Pax-Web team can help you.
> > >>>>> The only suspicious thing is the warning:
> > >>>>>
> > >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>> Which suggest something is misconfigured.
> > >>>>>
> > >>>>> Best regards,
> > >>>>> Alex soto
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> > >>>> wrote:
> > >>>>>>
> > >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> --
> > >>>>
> > >>>> Apache Member
> > >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> > >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> > >>>> Project Lead
> > >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> > >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> > >>>>
> >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I'm going to create the tickets for the issues. We may extend these so far with additional information.
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>
>
> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>
> Regards
> JB
>
> > Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
> >
> > I think it's good to have the details shared in public.
> >
> > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> > Hi,
> >
> > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> >
> > Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> >
> > Thanks,
> > Regards
> > JB
> >
> > > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> > >
> > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> > >
> > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> > >
> > >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> > >>
> > >>
> > >> Hi all,
> > >>
> > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> > >>
> > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> > >>
> > >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> > >>
> > >> With both entries, as you found Grzegorz, the authentication doesn't work.
> > >>
> > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> > >>
> > >> Best
> > >> - Gerald
> > >>
> > >>
> > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> > >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> > >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> > >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> > >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> > >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> > >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> > >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> > >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> > >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> > >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> > >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at java.lang.Thread.run(Thread.java:834) [?:?]
> > >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> > >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> > >> at java.lang.Class.forName0(Native Method) ~[?:?]
> > >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> > >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> > >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> > >> ... 62 more
> > >>
> > >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> > >>>
> > >>>
> > >>> Hello
> > >>>
> > >>> I have some answer. First, the "http context processing" feature was mainly
> > >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> > >>> pax-web-undertow.
> > >>>
> > >>> But I checked how it works with pax-web-jetty in the debugger.
> > >>>
> > >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> > >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> > >>> With default etc/jetty.xml, there are TWO beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class and
> > >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > >>> this:
> > >>>
> > >>> else if (list.size() == 1)
> > >>> service = list.iterator().next();
> > >>>
> > >>> So I simply made it working by ensuring there's only one
> > >>> org.eclipse.jetty.jaas.JAASLoginService:
> > >>>
> > >>> list = {java.util.ArrayList@9544} size = 1
> > >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > >>> "JAASLoginService@7ba67d0b{STARTED}"
> > >>> LOG: org.eclipse.jetty.util.log.Logger =
> > >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > >>> "org.eclipse.jetty.jaas.JAASRole"
> > >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > >>> {java.lang.String[1]@9551}
> > >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > >>> _callbackHandlerClass: java.lang.String = null
> > >>> _realmName: java.lang.String = "karaf"
> > >>> _loginModuleName: java.lang.String = "karaf"
> > >>>
> > >>> Now, with your Camel route, I got:
> > >>>
> > >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 404 Not Found
> > >>> < Cache-Control: must-revalidate,no-cache,no-store
> > >>> < Content-Type: text/html;charset=iso-8859-1
> > >>> < Content-Length: 456
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>>
> > >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>> * Server auth using Basic with user 'karaf'
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 200 OK
> > >>> < Content-Type: application/json
> > >>> < Accept: */*
> > >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> > >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > >>> < User-Agent: curl/7.69.1
> > >>> < Transfer-Encoding: chunked
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>> * Connection #0 to host localhost left intact
> > >>> "Hello World"
> > >>>
> > >>> In theory it should be possible to grab (in etc/jetty.xml, using
> > >>> <Configure> element) instance of SecurityHandler and simply set there the
> > >>> "realmName" property to "Karaf", so even with two different beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > >>> right one. But in Pax Web security handler is part of every
> > >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> > >>>
> > >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > >>> etc/jetty.xml
> > >>>
> > >>> regards
> > >>> Grzegorz Grzybek
> > >>>
> > >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> > >>> napisał(a):
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> I already also answered Gerald in another mail.
> > >>>> I'm not quite sure but what might be an issue, is that the default
> > >>>> http-context used in his application isn't bound to the underlying security
> > >>>> realm.
> > >>>> Therefore it's quite a possibility that there needs to be a configuration
> > >>>> done in his own application, using his own http-Context.
> > >>>>
> > >>>> Can be found here:
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> > >>>> and here:
> > >>>>
> > >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> > >>>>
> > >>>> regards, Achim
> > >>>>
> > >>>>
> > >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> > >>>>> :
> > >>>>
> > >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> > >>>>> Maybe somebody from the Pax-Web team can help you.
> > >>>>> The only suspicious thing is the warning:
> > >>>>>
> > >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>> Which suggest something is misconfigured.
> > >>>>>
> > >>>>> Best regards,
> > >>>>> Alex soto
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> > >>>> wrote:
> > >>>>>>
> > >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> --
> > >>>>
> > >>>> Apache Member
> > >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> > >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> > >>>> Project Lead
> > >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> > >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> > >>>>
> >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
Regards
JB
> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>
> I think it's good to have the details shared in public.
>
> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> >
> >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> >>>> and here:
> >>>>
> >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> >>>>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
Regards
JB
> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>
> I think it's good to have the details shared in public.
>
> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> >
> >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> >>>> and here:
> >>>>
> >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> >>>>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Andrea Cosentino <an...@gmail.com>.
I think it's good to have the details shared in public.
Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb...@nanthrax.net> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf
> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the
> workaround works as expected. Seems that Jetty has been updated in Karaf
> 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other
> issues.)
> >
> >> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12
> geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService
> entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now
> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't
> work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
> have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel |
> HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime
> - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> >> at
> Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source)
> [?:?]
> >> at
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
> [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> >> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> >> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at
> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
> [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
> [!/:1.10.2]
> >> at
> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
> ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at
> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
> ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
> ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24
> geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was
> mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
> does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there
> the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
> .invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying
> security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a
> configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >>>> and here:
> >>>>
> >>>>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.soto@envieta.com
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >>>>
>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Andrea Cosentino <an...@gmail.com>.
I think it's good to have the details shared in public.
Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb...@nanthrax.net> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf
> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the
> workaround works as expected. Seems that Jetty has been updated in Karaf
> 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other
> issues.)
> >
> >> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12
> geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService
> entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now
> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't
> work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
> have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel |
> HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime
> - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> >> at
> Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source)
> [?:?]
> >> at
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
> [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> >> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> >> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at
> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
> [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
> [!/:1.10.2]
> >> at
> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
> ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at
> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
> ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
> ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24
> geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was
> mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
> does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there
> the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
> .invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying
> security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a
> configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >>>> and here:
> >>>>
> >>>>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.soto@envieta.com
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >>>>
>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
Thanks,
Regards
JB
> Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>
> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>
>> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>>
>>
>> Hi all,
>>
>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>
>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>
>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>
>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>
>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>
>> Best
>> - Gerald
>>
>>
>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>> at java.lang.Thread.run(Thread.java:834) [?:?]
>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>> at java.lang.Class.forName0(Native Method) ~[?:?]
>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>> ... 62 more
>>
>>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>>>
>>>
>>> Hello
>>>
>>> I have some answer. First, the "http context processing" feature was mainly
>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>> pax-web-undertow.
>>>
>>> But I checked how it works with pax-web-jetty in the debugger.
>>>
>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>> With default etc/jetty.xml, there are TWO beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>> this:
>>>
>>> else if (list.size() == 1)
>>> service = list.iterator().next();
>>>
>>> So I simply made it working by ensuring there's only one
>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>
>>> list = {java.util.ArrayList@9544} size = 1
>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>> "JAASLoginService@7ba67d0b{STARTED}"
>>> LOG: org.eclipse.jetty.util.log.Logger =
>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>> "org.eclipse.jetty.jaas.JAASRole"
>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>> {java.lang.String[1]@9551}
>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>> _callbackHandlerClass: java.lang.String = null
>>> _realmName: java.lang.String = "karaf"
>>> _loginModuleName: java.lang.String = "karaf"
>>>
>>> Now, with your Camel route, I got:
>>>
>>> $ curl -v http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 404 Not Found
>>> < Cache-Control: must-revalidate,no-cache,no-store
>>> < Content-Type: text/html;charset=iso-8859-1
>>> < Content-Length: 456
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>>
>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>> * Server auth using Basic with user 'karaf'
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 200 OK
>>> < Content-Type: application/json
>>> < Accept: */*
>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>> < User-Agent: curl/7.69.1
>>> < Transfer-Encoding: chunked
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>> * Connection #0 to host localhost left intact
>>> "Hello World"
>>>
>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>> <Configure> element) instance of SecurityHandler and simply set there the
>>> "realmName" property to "Karaf", so even with two different beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>> right one. But in Pax Web security handler is part of every
>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>
>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>> etc/jetty.xml
>>>
>>> regards
>>> Grzegorz Grzybek
>>>
>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
>>> napisał(a):
>>>
>>>> Hi,
>>>>
>>>> I already also answered Gerald in another mail.
>>>> I'm not quite sure but what might be an issue, is that the default
>>>> http-context used in his application isn't bound to the underlying security
>>>> realm.
>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>> done in his own application, using his own http-Context.
>>>>
>>>> Can be found here:
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>>>> and here:
>>>>
>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>>>>
>>>> regards, Achim
>>>>
>>>>
>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
>>>>> :
>>>>
>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>> The only suspicious thing is the warning:
>>>>>
>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>> Which suggest something is misconfigured.
>>>>>
>>>>> Best regards,
>>>>> Alex soto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
>>>> wrote:
>>>>>>
>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
>>>> Project Lead
>>>> blog <http://notizblog.nierbeck.de/>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
Thanks,
Regards
JB
> Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>
> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>
>> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>>
>>
>> Hi all,
>>
>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>
>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>
>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>
>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>
>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>
>> Best
>> - Gerald
>>
>>
>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>> at java.lang.Thread.run(Thread.java:834) [?:?]
>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>> at java.lang.Class.forName0(Native Method) ~[?:?]
>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>> ... 62 more
>>
>>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>>>
>>>
>>> Hello
>>>
>>> I have some answer. First, the "http context processing" feature was mainly
>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>> pax-web-undertow.
>>>
>>> But I checked how it works with pax-web-jetty in the debugger.
>>>
>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>> With default etc/jetty.xml, there are TWO beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>> this:
>>>
>>> else if (list.size() == 1)
>>> service = list.iterator().next();
>>>
>>> So I simply made it working by ensuring there's only one
>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>
>>> list = {java.util.ArrayList@9544} size = 1
>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>> "JAASLoginService@7ba67d0b{STARTED}"
>>> LOG: org.eclipse.jetty.util.log.Logger =
>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>> "org.eclipse.jetty.jaas.JAASRole"
>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>> {java.lang.String[1]@9551}
>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>> _callbackHandlerClass: java.lang.String = null
>>> _realmName: java.lang.String = "karaf"
>>> _loginModuleName: java.lang.String = "karaf"
>>>
>>> Now, with your Camel route, I got:
>>>
>>> $ curl -v http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 404 Not Found
>>> < Cache-Control: must-revalidate,no-cache,no-store
>>> < Content-Type: text/html;charset=iso-8859-1
>>> < Content-Length: 456
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>>
>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>> * Server auth using Basic with user 'karaf'
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 200 OK
>>> < Content-Type: application/json
>>> < Accept: */*
>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>> < User-Agent: curl/7.69.1
>>> < Transfer-Encoding: chunked
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>> * Connection #0 to host localhost left intact
>>> "Hello World"
>>>
>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>> <Configure> element) instance of SecurityHandler and simply set there the
>>> "realmName" property to "Karaf", so even with two different beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>> right one. But in Pax Web security handler is part of every
>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>
>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>> etc/jetty.xml
>>>
>>> regards
>>> Grzegorz Grzybek
>>>
>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
>>> napisał(a):
>>>
>>>> Hi,
>>>>
>>>> I already also answered Gerald in another mail.
>>>> I'm not quite sure but what might be an issue, is that the default
>>>> http-context used in his application isn't bound to the underlying security
>>>> realm.
>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>> done in his own application, using his own http-Context.
>>>>
>>>> Can be found here:
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>>>> and here:
>>>>
>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>>>>
>>>> regards, Achim
>>>>
>>>>
>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
>>>>> :
>>>>
>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>> The only suspicious thing is the warning:
>>>>>
>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>> Which suggest something is misconfigured.
>>>>>
>>>>> Best regards,
>>>>> Alex soto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
>>>> wrote:
>>>>>>
>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
>>>> Project Lead
>>>> blog <http://notizblog.nierbeck.de/>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
(The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>
>
> Hi all,
>
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>
> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>
> With both entries, as you found Grzegorz, the authentication doesn't work.
>
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>
> Best
> - Gerald
>
>
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> at java.lang.Class.forName0(Native Method) ~[?:?]
> at java.lang.Class.forName(Class.java:398) ~[?:?]
> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> ... 62 more
>
> > Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
> >
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> > service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544} size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> > LOG: org.eclipse.jetty.util.log.Logger =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > "org.eclipse.jetty.jaas.JAASRole"
> > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > {java.lang.String[1]@9551}
> > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > _callbackHandlerClass: java.lang.String = null
> > _realmName: java.lang.String = "karaf"
> > _loginModuleName: java.lang.String = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> > <Configure> element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> > napisał(a):
> >
> > > Hi,
> > >
> > > I already also answered Gerald in another mail.
> > > I'm not quite sure but what might be an issue, is that the default
> > > http-context used in his application isn't bound to the underlying security
> > > realm.
> > > Therefore it's quite a possibility that there needs to be a configuration
> > > done in his own application, using his own http-Context.
> > >
> > > Can be found here:
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > and here:
> > >
> > > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > >
> > > regards, Achim
> > >
> > >
> > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > > >:
> > >
> > > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > > Maybe somebody from the Pax-Web team can help you.
> > > > The only suspicious thing is the warning:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > > > Which suggest something is misconfigured.
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > > wrote:
> > > > >
> > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > >
> > > --
> > >
> > > Apache Member
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > > Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> > >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
(The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>
>
> Hi all,
>
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>
> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>
> With both entries, as you found Grzegorz, the authentication doesn't work.
>
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>
> Best
> - Gerald
>
>
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> at java.lang.Class.forName0(Native Method) ~[?:?]
> at java.lang.Class.forName(Class.java:398) ~[?:?]
> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> ... 62 more
>
> > Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
> >
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> > service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544} size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> > LOG: org.eclipse.jetty.util.log.Logger =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > "org.eclipse.jetty.jaas.JAASRole"
> > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > {java.lang.String[1]@9551}
> > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > _callbackHandlerClass: java.lang.String = null
> > _realmName: java.lang.String = "karaf"
> > _loginModuleName: java.lang.String = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> > <Configure> element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> > napisał(a):
> >
> > > Hi,
> > >
> > > I already also answered Gerald in another mail.
> > > I'm not quite sure but what might be an issue, is that the default
> > > http-context used in his application isn't bound to the underlying security
> > > realm.
> > > Therefore it's quite a possibility that there needs to be a configuration
> > > done in his own application, using his own http-Context.
> > >
> > > Can be found here:
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > and here:
> > >
> > > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > >
> > > regards, Achim
> > >
> > >
> > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > > >:
> > >
> > > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > > Maybe somebody from the Pax-Web team can help you.
> > > > The only suspicious thing is the warning:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > > > Which suggest something is misconfigured.
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > > wrote:
> > > > >
> > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > >
> > > --
> > >
> > > Apache Member
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > > Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> > >