You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Alex Soto <al...@envieta.com> on 2020/05/08 16:41:03 UTC
Basic authentication of WAB using Jaas in Karaf
Hello,
Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
<!-- =========================================================== -->
<!-- Configure Authentication Realms -->
<!-- Realms may be configured for the entire server here, or -->
<!-- they can be configured for a specific web app in a context -->
<!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
<!-- example). -->
<!-- =========================================================== —>
It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
Best regards,
Alex soto
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Achim Nierbeck <bc...@googlemail.com>.
Yes, the configuration is case sensitive.
regarding sample for Karaf, I can do that, but there had been a reason for
consuming 10 Pages in the "Apache Karaf Cookbook" :)
regards, Achim
Am Di., 12. Mai 2020 um 23:10 Uhr schrieb Gerald Kallas <
catshout@mailbox.org>:
> Hi Alex,
>
> we did make some experience with TLS and basic authentication on HTTP
> consumers in between (and with the help of this mailing list).
>
> I started a article series on my blog, see
>
> https://www.catshout.de/?p=161
>
> for a single HTTP consumer with TLS and basic authentication enabled. It's
> based on camel-jetty. All examples are written in Blueprint DSL. Hope this
> helps a bit. Feel free to comment.
>
> I'll proceed with a REST API secured in same manner and some discussions
> about the limitations and options.
>
> Best
> - Gerald
>
> > Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
> >
> >
> > This threads talks about the need to :
> >
> >
> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
> >
> > Quote:
> >
> >
> > > you need to use the OSGi HTTP service
> > > api to properly configure the security bits (by implementing
> > > org.osgi.service.http.HttpContext interface).
> >
> >
> >
> > Are there any examples of this?
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> >
> > > On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
> > > Thanks, JB.
> > >
> > > I found the problem was, a typo in the `realm-name` in the web.xml
> file. It appears to be case-sensitive. I had:
> > >
> > > <login-config>
> > > <auth-method>BASIC</auth-method>
> > > <realm-name>Karaf</realm-name>
> > > </login-config>
> > >
> > >
> > > But in the jetty.xml:
> > >
> > > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > > <Set name="name">karaf</Set>
> > >
> > >
> > > So I think it could not match the `Karaf` in the Web.xml to the
> `karaf` in the Jetty.xml.
> > > I wish the error message was more explicit. Anyway, now the web app is
> properly initialized, BUT… the security constraint is not being applied to
> my Camel Rest services, only to the ‘/admin’. URL.
> > > For example:
> > >
> > > http://localhost:8181/admin/api/rest/executions
> > >
> > > Does not prompt for a password, it successfully returns the data from
> the Camel Rest DSL route. And this url
> > >
> > > http://localhost:8181/admin
> > >
> > > is protected with basic authentication, so the browser prompts me for
> the user name and password.
> > >
> > > What I need is protect everything starting with '/admin’
> > >
> > > Any ideas?
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > >
> > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net>
> wrote:
> > > > Hi,
> > > >
> > > > It sounds like a class loader issue, so possible.
> > > >
> > > > Let me add an example in Karaf showing basic auth.
> > > >
> > > > Regards
> > > > JB
> > > >
> > > >
> > > >
> > > > > Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit
> :
> > > > > I found that I have multiple versions of Jetty deployed in Karaf,
> that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > > Would this be the reason for the following exception:
> > > > >
> > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 |
> WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 |
> Error deploying web application
> > > > > java.lang.IllegalStateException: No LoginService for
> org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in
> ConstraintSecurityHandler@64779d1e{STARTING}
> > > > > at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> > > > > at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129)
> ~[?:?]
> > > > > at
> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)
> ~[osgi.core-6.0.0.jar:?]
> > > > > at
> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)
> ~[osgi.core-6.0.0.jar:?]
> > > > > at
> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
> ~[osgi.core-6.0.0.jar:?]
> > > > > at
> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)
> ~[osgi.core-6.0.0.jar:?]
> > > > > at
> org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318)
> ~[osgi.core-6.0.0.jar:?]
> > > > > at
> org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
> ~[osgi.core-6.0.0.jar:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59)
> ~[?:?]
> > > > > at
> org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277)
> ~[?:?]
> > > > > at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [?:1.8.0_171]
> > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [?:1.8.0_171]
> > > > > at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
> [?:1.8.0_171]
> > > > > at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> [?:1.8.0_171]
> > > > > at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:1.8.0_171]
> > > > > at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:1.8.0_171]
> > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com>
> wrote:
> > > > > > A little more info. The class appears in many bundles:
> > > > > >
> > > > > >
> > > > > > karaf@root
> ()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > >
> > > > > > Jetty :: Security (229)
> > > > > >
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > >
> > > > > > Jetty :: Security (230)
> > > > > >
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > >
> > > > > > Jetty :: JASPI Security (231)
> > > > > >
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > >
> > > > > > Jetty :: JASPI Security (232)
> > > > > >
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > >
> > > > > > OPS4J Pax Web - Jetty (309)
> > > > > >
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > Best regards,
> > > > > > Alex soto
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com>
> wrote:
> > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > >
> > > > >
> > > >
> > >
> >
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Fwd: Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
And .. is there a way in the servlet approach with Jetty to have multiple properties files for users and roles (eg 1 per servlet)?
---------- Ursprüngliche Nachricht ----------
Von: Gerald Kallas <ca...@mailbox.org>
An: Grzegorz Grzybek <gr...@gmail.com>, users@camel.apache.org
Datum: 18. Mai 2020 23:39
Betreff: Re: Basic authentication of WAB using Jaas in Karaf
Hi Grzegorz,
perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!
Thanks a lot for digging into the details! I really appreciate this.
Is there a reason that in the default jetty.xml exist 2 org.eclipse.jetty.jaas.JAASLoginService definitions?
One further question .. would it be possible to extend Jetty to use an other port additionally and bind the servlets to this additional port only (it's for security reasons because I don't want to expose the web console externally, only the functional servlets).
I tried some other approach too, described here https://www.catshout.de/?p=161. This one is tricky as a Jetty security handler can be bind only once to a port.
You mentioned Undertow. It's also contained in Camel. So I wonder what might be finally the best and straightforward approach for the following requirements
1. Define multiple URIs on on single port
2. Secure the communication with TLS
3. Define independently an authentication for each URI on this single port
Jetty?
Servlet inside Jetty?
Undertow?
I'll test now multiple servlets inside Jetty for independent co-existence.
Best
- Gerald
> Grzegorz Grzybek <gr...@gmail.com> hat am 18. Mai 2020 15:24 geschrieben:
>
>
> Hello
>
> I have some answer. First, the "http context processing" feature was mainly tested to "inject" Keycloak authenticator and I mostly tested it with pax-web-undertow.
>
> But I checked how it works with pax-web-jetty in the debugger.
>
> The key problem is that when Jetty's SecurityHandler is starting, it tries to find/discover org.eclipse.jetty.security.LoginService instance.
>
> With default etc/jetty.xml, there are TWO beans with org.eclipse.jetty.jaas.JAASLoginService class and org.eclipse.jetty.security.SecurityHandler#findLoginService() method does this:
>
> else if (list.size() == 1)
> service = list.iterator().next();
>
> So I simply made it working by ensuring there's only one org.eclipse.jetty.jaas.JAASLoginService:
>
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger = {org.eclipse.jetty.util.log.Slf4jLog@9549} "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
>
> Now, with your Camel route, I got:
>
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
>
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
>
> In theory it should be possible to grab (in etc/jetty.xml, using <Configure> element) instance of SecurityHandler and simply set there the "realmName" property to "Karaf", so even with two different beans with org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right one. But in Pax Web security handler is part of every org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and only in Pax Web 8 I'd be able to fix this in more clean way.
>
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your etc/jetty.xml
>
> regards
> Grzegorz Grzybek
>
>
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid> napisał(a):
> > Hi,
> >
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> >
> > Can be found here:
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > and here:
> > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >
> > regards, Achim
> >
> >
> > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <al...@envieta.com>:
> >
> > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > Maybe somebody from the Pax-Web team can help you.
> > > The only suspicious thing is the warning:
> > >
> > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> > > Which suggest something is misconfigured.
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
wt., 19 maj 2020 o 16:25 Gerald Kallas <ca...@mailbox.org> napisał(a):
> Thanks, that helps also a lot.
>
> So, what's with the other question, is it possible to define roles, users
> and passwords in multiple files and assign to a HTTP context?
>
I think it's not the role of this "http context processing" to act as
credential repository. The "connection" is via JAAS realm and you can also
point the context to e.g., LDAP realm and have roles/users defined there.
regards
Grzegorz Grzybek
>
> Best
> - Gerald
>
> > Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 19. Mai 2020 07:02
> geschrieben:
> >
> >
> > Hi,
> >
> > Sorry I was busy with Karaf 4.2.9 preparation and ActiveMQ releases.
> >
> > About several port, yes, it’s possible:
> >
> > http://blog.nanthrax.net/?p=352
> >
> > Then you have to assign servlet to port using VirtualHosts (no other way
> for now). I already created couple of Jira to deal with that easily:
> >
> > https://issues.apache.org/jira/browse/KARAF-6632
> >
> > I will focus on web improvements for 4.2.10 and 4.3.0.RC2.
> >
> > Regards
> > JB
> >
> >
> >
> > > Le 18 mai 2020 à 23:39, Gerald Kallas <ca...@mailbox.org> a écrit :
> > > Hi Grzegorz,
> > >
> > > perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it
> works!
> > >
> > > Thanks a lot for digging into the details! I really appreciate this.
> > >
> > > Is there a reason that in the default jetty.xml exist 2
> org.eclipse.jetty.jaas.JAASLoginService definitions?
> > >
> > > One further question .. would it be possible to extend Jetty to use an
> other port additionally and bind the servlets to this additional port only
> (it's for security reasons because I don't want to expose the web console
> externally, only the functional servlets).
> > >
> > > I tried some other approach too, described here
> https://www.catshout.de/?p=161. This one is tricky as a Jetty security
> handler can be bind only once to a port.
> > >
> > > You mentioned Undertow. It's also contained in Camel. So I wonder what
> might be finally the best and straightforward approach for the following
> requirements
> > >
> > > 1. Define multiple URIs on on single port
> > > 2. Secure the communication with TLS
> > > 3. Define independently an authentication for each URI on this single
> port
> > >
> > > Jetty?
> > > Servlet inside Jetty?
> > > Undertow?
> > >
> > > I'll test now multiple servlets inside Jetty for independent
> co-existence.
> > >
> > > Best
> > > - Gerald
> > >
> > >
> > > > Grzegorz Grzybek <gr...@gmail.com> hat am 18. Mai 2020 15:24
> geschrieben:
> > > >
> > > >
> > > > Hello
> > > >
> > > > I have some answer. First, the "http context processing" feature was
> mainly tested to "inject" Keycloak authenticator and I mostly tested it
> with pax-web-undertow.
> > > >
> > > > But I checked how it works with pax-web-jetty in the debugger.
> > > >
> > > > The key problem is that when Jetty's SecurityHandler is starting, it
> tries to find/discover org.eclipse.jetty.security.LoginService instance.
> > > >
> > > > With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
> > > >
> > > > else if (list.size() == 1)
> > > > service = list.iterator().next();
> > > >
> > > > So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
> > > >
> > > > list = {java.util.ArrayList@9544} size = 1
> > > > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> > > > LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > > > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> > > > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> > > > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > > > _callbackHandlerClass: java.lang.String = null
> > > > _realmName: java.lang.String = "karaf"
> > > > _loginModuleName: java.lang.String = "karaf"
> > > >
> > > > Now, with your Camel route, I got:
> > > >
> > > > $ curl -v http://localhost:8181/camel/api/say/hello
> > > > * Trying ::1:8181...
> > > > * Connected to localhost (::1) port 8181 (#0)
> > > >
> > > > > GET /camel/api/say/hello HTTP/1.1
> > > > > Host: localhost:8181
> > > > > User-Agent: curl/7.69.1
> > > > > Accept: */*
> > > > >
> > > > * Mark bundle as not supporting multiuse
> > > > < HTTP/1.1 404 Not Found
> > > > < Cache-Control: must-revalidate,no-cache,no-store
> > > > < Content-Type: text/html;charset=iso-8859-1
> > > > < Content-Length: 456
> > > > < Server: Jetty(9.4.22.v20191022)
> > > > <
> > > >
> > > > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > > > * Trying ::1:8181...
> > > > * Connected to localhost (::1) port 8181 (#0)
> > > > * Server auth using Basic with user 'karaf'
> > > >
> > > > > GET /camel/api/say/hello HTTP/1.1
> > > > > Host: localhost:8181
> > > > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > > > User-Agent: curl/7.69.1
> > > > > Accept: */*
> > > > >
> > > > * Mark bundle as not supporting multiuse
> > > > < HTTP/1.1 200 OK
> > > > < Content-Type: application/json
> > > > < Accept: */*
> > > > < Authorization: Basic a2FyYWY6a2FyYWY=
> > > > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > > > < User-Agent: curl/7.69.1
> > > > < Transfer-Encoding: chunked
> > > > < Server: Jetty(9.4.22.v20191022)
> > > > <
> > > > * Connection #0 to host localhost left intact
> > > > "Hello World"
> > > >
> > > > In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
> > > >
> > > > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in
> your etc/jetty.xml
> > > >
> > > > regards
> > > > Grzegorz Grzybek
> > > >
> > > >
> > > > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> napisał(a):
> > > >
> > > > > Hi,
> > > > >
> > > > > I already also answered Gerald in another mail.
> > > > > I'm not quite sure but what might be an issue, is that the default
> > > > > http-context used in his application isn't bound to the underlying
> security
> > > > > realm.
> > > > > Therefore it's quite a possibility that there needs to be a
> configuration
> > > > > done in his own application, using his own http-Context.
> > > > >
> > > > > Can be found here:
> > > > >
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > > > >
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > > > and here:
> > > > >
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > > > >
> > > > > regards, Achim
> > > > >
> > > > >
> > > > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.soto@envieta.com>:
> > > > >
> > > > >
> > > > > > I’m sorry, I don’t know why it's not working; it looks correct
> to me.
> > > > > > Maybe somebody from the Pax-Web team can help you.
> > > > > > The only suspicious thing is the warning:
> > > > > >
> > > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> > > > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > > > authenticator for: {RoleInfo,C[admin],None}
> > > > > >
> > > > > >
> > > > > > Which suggest something is misconfigured.
> > > > > >
> > > > > > Best regards,
> > > > > > Alex soto
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <
> catshout@mailbox.org> wrote:
> > > > > > >
> > > > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> > > > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > > > authenticator for: {RoleInfo,C[admin],None}
> > > > > >
> > > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Apache Member
> > > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> > > > > Project Lead
> > > > > blog <http://notizblog.nierbeck.de/>
> > > > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Thanks, that helps also a lot.
So, what's with the other question, is it possible to define roles, users and passwords in multiple files and assign to a HTTP context?
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 19. Mai 2020 07:02 geschrieben:
>
>
> Hi,
>
> Sorry I was busy with Karaf 4.2.9 preparation and ActiveMQ releases.
>
> About several port, yes, it’s possible:
>
> http://blog.nanthrax.net/?p=352
>
> Then you have to assign servlet to port using VirtualHosts (no other way for now). I already created couple of Jira to deal with that easily:
>
> https://issues.apache.org/jira/browse/KARAF-6632
>
> I will focus on web improvements for 4.2.10 and 4.3.0.RC2.
>
> Regards
> JB
>
>
>
> > Le 18 mai 2020 à 23:39, Gerald Kallas <ca...@mailbox.org> a écrit :
> > Hi Grzegorz,
> >
> > perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!
> >
> > Thanks a lot for digging into the details! I really appreciate this.
> >
> > Is there a reason that in the default jetty.xml exist 2 org.eclipse.jetty.jaas.JAASLoginService definitions?
> >
> > One further question .. would it be possible to extend Jetty to use an other port additionally and bind the servlets to this additional port only (it's for security reasons because I don't want to expose the web console externally, only the functional servlets).
> >
> > I tried some other approach too, described here https://www.catshout.de/?p=161. This one is tricky as a Jetty security handler can be bind only once to a port.
> >
> > You mentioned Undertow. It's also contained in Camel. So I wonder what might be finally the best and straightforward approach for the following requirements
> >
> > 1. Define multiple URIs on on single port
> > 2. Secure the communication with TLS
> > 3. Define independently an authentication for each URI on this single port
> >
> > Jetty?
> > Servlet inside Jetty?
> > Undertow?
> >
> > I'll test now multiple servlets inside Jetty for independent co-existence.
> >
> > Best
> > - Gerald
> >
> >
> > > Grzegorz Grzybek <gr...@gmail.com> hat am 18. Mai 2020 15:24 geschrieben:
> > >
> > >
> > > Hello
> > >
> > > I have some answer. First, the "http context processing" feature was mainly tested to "inject" Keycloak authenticator and I mostly tested it with pax-web-undertow.
> > >
> > > But I checked how it works with pax-web-jetty in the debugger.
> > >
> > > The key problem is that when Jetty's SecurityHandler is starting, it tries to find/discover org.eclipse.jetty.security.LoginService instance.
> > >
> > > With default etc/jetty.xml, there are TWO beans with org.eclipse.jetty.jaas.JAASLoginService class and org.eclipse.jetty.security.SecurityHandler#findLoginService() method does this:
> > >
> > > else if (list.size() == 1)
> > > service = list.iterator().next();
> > >
> > > So I simply made it working by ensuring there's only one org.eclipse.jetty.jaas.JAASLoginService:
> > >
> > > list = {java.util.ArrayList@9544} size = 1
> > > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} "JAASLoginService@7ba67d0b{STARTED}"
> > > LOG: org.eclipse.jetty.util.log.Logger = {org.eclipse.jetty.util.log.Slf4jLog@9549} "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > > DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
> > > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551}
> > > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > > _callbackHandlerClass: java.lang.String = null
> > > _realmName: java.lang.String = "karaf"
> > > _loginModuleName: java.lang.String = "karaf"
> > >
> > > Now, with your Camel route, I got:
> > >
> > > $ curl -v http://localhost:8181/camel/api/say/hello
> > > * Trying ::1:8181...
> > > * Connected to localhost (::1) port 8181 (#0)
> > >
> > > > GET /camel/api/say/hello HTTP/1.1
> > > > Host: localhost:8181
> > > > User-Agent: curl/7.69.1
> > > > Accept: */*
> > > >
> > > * Mark bundle as not supporting multiuse
> > > < HTTP/1.1 404 Not Found
> > > < Cache-Control: must-revalidate,no-cache,no-store
> > > < Content-Type: text/html;charset=iso-8859-1
> > > < Content-Length: 456
> > > < Server: Jetty(9.4.22.v20191022)
> > > <
> > >
> > > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > > * Trying ::1:8181...
> > > * Connected to localhost (::1) port 8181 (#0)
> > > * Server auth using Basic with user 'karaf'
> > >
> > > > GET /camel/api/say/hello HTTP/1.1
> > > > Host: localhost:8181
> > > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > > User-Agent: curl/7.69.1
> > > > Accept: */*
> > > >
> > > * Mark bundle as not supporting multiuse
> > > < HTTP/1.1 200 OK
> > > < Content-Type: application/json
> > > < Accept: */*
> > > < Authorization: Basic a2FyYWY6a2FyYWY=
> > > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > > < User-Agent: curl/7.69.1
> > > < Transfer-Encoding: chunked
> > > < Server: Jetty(9.4.22.v20191022)
> > > <
> > > * Connection #0 to host localhost left intact
> > > "Hello World"
> > >
> > > In theory it should be possible to grab (in etc/jetty.xml, using <Configure> element) instance of SecurityHandler and simply set there the "realmName" property to "Karaf", so even with two different beans with org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right one. But in Pax Web security handler is part of every org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and only in Pax Web 8 I'd be able to fix this in more clean way.
> > >
> > > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your etc/jetty.xml
> > >
> > > regards
> > > Grzegorz Grzybek
> > >
> > >
> > > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid> napisał(a):
> > >
> > > > Hi,
> > > >
> > > > I already also answered Gerald in another mail.
> > > > I'm not quite sure but what might be an issue, is that the default
> > > > http-context used in his application isn't bound to the underlying security
> > > > realm.
> > > > Therefore it's quite a possibility that there needs to be a configuration
> > > > done in his own application, using his own http-Context.
> > > >
> > > > Can be found here:
> > > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > > and here:
> > > > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > > >
> > > > regards, Achim
> > > >
> > > >
> > > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <al...@envieta.com>:
> > > >
> > > >
> > > > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > > > Maybe somebody from the Pax-Web team can help you.
> > > > > The only suspicious thing is the warning:
> > > > >
> > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > > authenticator for: {RoleInfo,C[admin],None}
> > > > >
> > > > >
> > > > > Which suggest something is misconfigured.
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > > >
> > > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > > authenticator for: {RoleInfo,C[admin],None}
> > > > >
> > > > >
> > > >
> > > > --
> > > >
> > > > Apache Member
> > > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > > > Project Lead
> > > > blog <http://notizblog.nierbeck.de/>
> > > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
Sorry I was busy with Karaf 4.2.9 preparation and ActiveMQ releases.
About several port, yes, it’s possible:
http://blog.nanthrax.net/?p=352 <http://blog.nanthrax.net/?p=352>
Then you have to assign servlet to port using VirtualHosts (no other way for now). I already created couple of Jira to deal with that easily:
https://issues.apache.org/jira/browse/KARAF-6632 <https://issues.apache.org/jira/browse/KARAF-6632>
I will focus on web improvements for 4.2.10 and 4.3.0.RC2.
Regards
JB
> Le 18 mai 2020 à 23:39, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> Hi Grzegorz,
>
> perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!
>
> Thanks a lot for digging into the details! I really appreciate this.
>
> Is there a reason that in the default jetty.xml exist 2 org.eclipse.jetty.jaas.JAASLoginService definitions?
>
> One further question .. would it be possible to extend Jetty to use an other port additionally and bind the servlets to this additional port only (it's for security reasons because I don't want to expose the web console externally, only the functional servlets).
>
> I tried some other approach too, described here https://www.catshout.de/?p=161. This one is tricky as a Jetty security handler can be bind only once to a port.
>
> You mentioned Undertow. It's also contained in Camel. So I wonder what might be finally the best and straightforward approach for the following requirements
>
> 1. Define multiple URIs on on single port
> 2. Secure the communication with TLS
> 3. Define independently an authentication for each URI on this single port
>
> Jetty?
> Servlet inside Jetty?
> Undertow?
>
> I'll test now multiple servlets inside Jetty for independent co-existence.
>
> Best
> - Gerald
>
>> Grzegorz Grzybek <gr...@gmail.com> hat am 18. Mai 2020 15:24 geschrieben:
>>
>>
>> Hello
>>
>> I have some answer. First, the "http context processing" feature was mainly tested to "inject" Keycloak authenticator and I mostly tested it with pax-web-undertow.
>>
>> But I checked how it works with pax-web-jetty in the debugger.
>>
>> The key problem is that when Jetty's SecurityHandler is starting, it tries to find/discover org.eclipse.jetty.security.LoginService instance.
>>
>> With default etc/jetty.xml, there are TWO beans with org.eclipse.jetty.jaas.JAASLoginService class and org.eclipse.jetty.security.SecurityHandler#findLoginService() method does this:
>>
>> else if (list.size() == 1)
>> service = list.iterator().next();
>>
>> So I simply made it working by ensuring there's only one org.eclipse.jetty.jaas.JAASLoginService:
>>
>> list = {java.util.ArrayList@9544} size = 1
>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} "JAASLoginService@7ba67d0b{STARTED}"
>> LOG: org.eclipse.jetty.util.log.Logger = {org.eclipse.jetty.util.log.Slf4jLog@9549} "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>> DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551}
>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>> _callbackHandlerClass: java.lang.String = null
>> _realmName: java.lang.String = "karaf"
>> _loginModuleName: java.lang.String = "karaf"
>>
>> Now, with your Camel route, I got:
>>
>> $ curl -v http://localhost:8181/camel/api/say/hello
>> * Trying ::1:8181...
>> * Connected to localhost (::1) port 8181 (#0)
>>> GET /camel/api/say/hello HTTP/1.1
>>> Host: localhost:8181
>>> User-Agent: curl/7.69.1
>>> Accept: */*
>>>
>> * Mark bundle as not supporting multiuse
>> < HTTP/1.1 404 Not Found
>> < Cache-Control: must-revalidate,no-cache,no-store
>> < Content-Type: text/html;charset=iso-8859-1
>> < Content-Length: 456
>> < Server: Jetty(9.4.22.v20191022)
>> <
>>
>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
>> * Trying ::1:8181...
>> * Connected to localhost (::1) port 8181 (#0)
>> * Server auth using Basic with user 'karaf'
>>> GET /camel/api/say/hello HTTP/1.1
>>> Host: localhost:8181
>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>> User-Agent: curl/7.69.1
>>> Accept: */*
>>>
>> * Mark bundle as not supporting multiuse
>> < HTTP/1.1 200 OK
>> < Content-Type: application/json
>> < Accept: */*
>> < Authorization: Basic a2FyYWY6a2FyYWY=
>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>> < User-Agent: curl/7.69.1
>> < Transfer-Encoding: chunked
>> < Server: Jetty(9.4.22.v20191022)
>> <
>> * Connection #0 to host localhost left intact
>> "Hello World"
>>
>> In theory it should be possible to grab (in etc/jetty.xml, using <Configure> element) instance of SecurityHandler and simply set there the "realmName" property to "Karaf", so even with two different beans with org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right one. But in Pax Web security handler is part of every org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and only in Pax Web 8 I'd be able to fix this in more clean way.
>>
>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your etc/jetty.xml
>>
>> regards
>> Grzegorz Grzybek
>>
>>
>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid> napisał(a):
>>> Hi,
>>>
>>> I already also answered Gerald in another mail.
>>> I'm not quite sure but what might be an issue, is that the default
>>> http-context used in his application isn't bound to the underlying security
>>> realm.
>>> Therefore it's quite a possibility that there needs to be a configuration
>>> done in his own application, using his own http-Context.
>>>
>>> Can be found here:
>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>>> and here:
>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>>>
>>> regards, Achim
>>>
>>>
>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <al...@envieta.com>:
>>>
>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>> Maybe somebody from the Pax-Web team can help you.
>>>> The only suspicious thing is the warning:
>>>>
>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>
>>>>
>>>> Which suggest something is misconfigured.
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>>>
>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>
>>>>
>>>
>>> --
>>>
>>> Apache Member
>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
>>> Project Lead
>>> blog <http://notizblog.nierbeck.de/>
>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi Grzegorz,
perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!
Thanks a lot for digging into the details! I really appreciate this.
Is there a reason that in the default jetty.xml exist 2 org.eclipse.jetty.jaas.JAASLoginService definitions?
One further question .. would it be possible to extend Jetty to use an other port additionally and bind the servlets to this additional port only (it's for security reasons because I don't want to expose the web console externally, only the functional servlets).
I tried some other approach too, described here https://www.catshout.de/?p=161. This one is tricky as a Jetty security handler can be bind only once to a port.
You mentioned Undertow. It's also contained in Camel. So I wonder what might be finally the best and straightforward approach for the following requirements
1. Define multiple URIs on on single port
2. Secure the communication with TLS
3. Define independently an authentication for each URI on this single port
Jetty?
Servlet inside Jetty?
Undertow?
I'll test now multiple servlets inside Jetty for independent co-existence.
Best
- Gerald
> Grzegorz Grzybek <gr...@gmail.com> hat am 18. Mai 2020 15:24 geschrieben:
>
>
> Hello
>
> I have some answer. First, the "http context processing" feature was mainly tested to "inject" Keycloak authenticator and I mostly tested it with pax-web-undertow.
>
> But I checked how it works with pax-web-jetty in the debugger.
>
> The key problem is that when Jetty's SecurityHandler is starting, it tries to find/discover org.eclipse.jetty.security.LoginService instance.
>
> With default etc/jetty.xml, there are TWO beans with org.eclipse.jetty.jaas.JAASLoginService class and org.eclipse.jetty.security.SecurityHandler#findLoginService() method does this:
>
> else if (list.size() == 1)
> service = list.iterator().next();
>
> So I simply made it working by ensuring there's only one org.eclipse.jetty.jaas.JAASLoginService:
>
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger = {org.eclipse.jetty.util.log.Slf4jLog@9549} "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
>
> Now, with your Camel route, I got:
>
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
>
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
>
> In theory it should be possible to grab (in etc/jetty.xml, using <Configure> element) instance of SecurityHandler and simply set there the "realmName" property to "Karaf", so even with two different beans with org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right one. But in Pax Web security handler is part of every org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and only in Pax Web 8 I'd be able to fix this in more clean way.
>
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your etc/jetty.xml
>
> regards
> Grzegorz Grzybek
>
>
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid> napisał(a):
> > Hi,
> >
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> >
> > Can be found here:
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > and here:
> > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >
> > regards, Achim
> >
> >
> > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <al...@envieta.com>:
> >
> > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > Maybe somebody from the Pax-Web team can help you.
> > > The only suspicious thing is the warning:
> > >
> > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> > > Which suggest something is misconfigured.
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Thanks, I saw the Jira. I will take a look.
Regards
JB
> Le 29 juin 2020 à 09:26, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> See for detailed description and code sample the ticket
>
> https://issues.apache.org/jira/browse/KARAF-6772
>
> Best
> - Gerald
>
>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 08:34 geschrieben:
>>
>>
>> Thanks, I will take a look.
>>
>> Regards
>> JB
>>
>>> Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
>>>
>>> I'm going to create the tickets for the issues. We may extend these so far with additional information.
>>>
>>> Best
>>> - Gerald
>>>
>>>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>>>>
>>>>
>>>> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>>>>
>>>> Regards
>>>> JB
>>>>
>>>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>>>>>
>>>>> I think it's good to have the details shared in public.
>>>>>
>>>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
>>>>> Hi,
>>>>>
>>>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>>>>
>>>>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>>>>
>>>>> Thanks,
>>>>> Regards
>>>>> JB
>>>>>
>>>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>>>>>
>>>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>>>>
>>>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>>>>
>>>>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
>>>>>>>
>>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>>>>
>>>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>>>>>>
>>>>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>>>>
>>>>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>>>>>>
>>>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>>>>>>
>>>>>>> Best
>>>>>>> - Gerald
>>>>>>>
>>>>>>>
>>>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>>>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>>>>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>>>>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>>>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>>>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>>>>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>>>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>>>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>>>>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>>>>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>>>>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>>>>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>>>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>>>>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>>>>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>>>>>>> ... 62 more
>>>>>>>
>>>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
>>>>>>>>
>>>>>>>>
>>>>>>>> Hello
>>>>>>>>
>>>>>>>> I have some answer. First, the "http context processing" feature was mainly
>>>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>>>>>>> pax-web-undertow.
>>>>>>>>
>>>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>>>>
>>>>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>>>>>>> this:
>>>>>>>>
>>>>>>>> else if (list.size() == 1)
>>>>>>>> service = list.iterator().next();
>>>>>>>>
>>>>>>>> So I simply made it working by ensuring there's only one
>>>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>>>>
>>>>>>>> list = {java.util.ArrayList@9544} size = 1
>>>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>>>> LOG: org.eclipse.jetty.util.log.Logger =
>>>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>>>>>>> {java.lang.String[1]@9551}
>>>>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>>>>>>> _callbackHandlerClass: java.lang.String = null
>>>>>>>> _realmName: java.lang.String = "karaf"
>>>>>>>> _loginModuleName: java.lang.String = "karaf"
>>>>>>>>
>>>>>>>> Now, with your Camel route, I got:
>>>>>>>>
>>>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>>>> * Trying ::1:8181...
>>>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>>>> Host: localhost:8181
>>>>>>>>> User-Agent: curl/7.69.1
>>>>>>>>> Accept: */*
>>>>>>>>>
>>>>>>>> * Mark bundle as not supporting multiuse
>>>>>>>> < HTTP/1.1 404 Not Found
>>>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>>>> < Content-Length: 456
>>>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>>>> <
>>>>>>>>
>>>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>>>> * Trying ::1:8181...
>>>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>>>> Host: localhost:8181
>>>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>>>> User-Agent: curl/7.69.1
>>>>>>>>> Accept: */*
>>>>>>>>>
>>>>>>>> * Mark bundle as not supporting multiuse
>>>>>>>> < HTTP/1.1 200 OK
>>>>>>>> < Content-Type: application/json
>>>>>>>> < Accept: */*
>>>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>>>> < User-Agent: curl/7.69.1
>>>>>>>> < Transfer-Encoding: chunked
>>>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>>>> <
>>>>>>>> * Connection #0 to host localhost left intact
>>>>>>>> "Hello World"
>>>>>>>>
>>>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>>>> <Configure> element) instance of SecurityHandler and simply set there the
>>>>>>>> "realmName" property to "Karaf", so even with two different beans with
>>>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>>>>>>> right one. But in Pax Web security handler is part of every
>>>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>>>>
>>>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>>>>>>> etc/jetty.xml
>>>>>>>>
>>>>>>>> regards
>>>>>>>> Grzegorz Grzybek
>>>>>>>>
>>>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
>>>>>>>> napisał(a):
>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I already also answered Gerald in another mail.
>>>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>>>> http-context used in his application isn't bound to the underlying security
>>>>>>>>> realm.
>>>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>>>> done in his own application, using his own http-Context.
>>>>>>>>>
>>>>>>>>> Can be found here:
>>>>>>>>>
>>>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>>>>
>>>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>>>> and here:
>>>>>>>>>
>>>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>>>>
>>>>>>>>> regards, Achim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
>>>>>>>>>> :
>>>>>>>>>
>>>>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>>>> The only suspicious thing is the warning:
>>>>>>>>>>
>>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Which suggest something is misconfigured.
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Alex soto
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> Apache Member
>>>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>>>> Project Lead
>>>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>>>>
>>>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
See for detailed description and code sample the ticket
https://issues.apache.org/jira/browse/KARAF-6772
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 08:34 geschrieben:
>
>
> Thanks, I will take a look.
>
> Regards
> JB
>
> > Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
> >
> > I'm going to create the tickets for the issues. We may extend these so far with additional information.
> >
> > Best
> > - Gerald
> >
> >> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
> >>
> >>
> >> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
> >>
> >> Regards
> >> JB
> >>
> >>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
> >>>
> >>> I think it's good to have the details shared in public.
> >>>
> >>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> >>> Hi,
> >>>
> >>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> >>>
> >>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> >>>
> >>> Thanks,
> >>> Regards
> >>> JB
> >>>
> >>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> >>>>
> >>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> >>>>
> >>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> >>>>
> >>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> >>>>>
> >>>>>
> >>>>> Hi all,
> >>>>>
> >>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>>>>
> >>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> >>>>>
> >>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>>>>
> >>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
> >>>>>
> >>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> >>>>>
> >>>>> Best
> >>>>> - Gerald
> >>>>>
> >>>>>
> >>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> >>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> >>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> >>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> >>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> >>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> >>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> >>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> >>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> >>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> >>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> >>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> >>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> >>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> >>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> >>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> >>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> >>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> >>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> >>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> >>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
> >>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> >>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> >>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> >>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
> >>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> >>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> >>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> >>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> >>>>> ... 62 more
> >>>>>
> >>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> >>>>>>
> >>>>>>
> >>>>>> Hello
> >>>>>>
> >>>>>> I have some answer. First, the "http context processing" feature was mainly
> >>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>>>>> pax-web-undertow.
> >>>>>>
> >>>>>> But I checked how it works with pax-web-jetty in the debugger.
> >>>>>>
> >>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> >>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>>>>> With default etc/jetty.xml, there are TWO beans with
> >>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> >>>>>> this:
> >>>>>>
> >>>>>> else if (list.size() == 1)
> >>>>>> service = list.iterator().next();
> >>>>>>
> >>>>>> So I simply made it working by ensuring there's only one
> >>>>>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>>>>
> >>>>>> list = {java.util.ArrayList@9544} size = 1
> >>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>>>>> "JAASLoginService@7ba67d0b{STARTED}"
> >>>>>> LOG: org.eclipse.jetty.util.log.Logger =
> >>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>>>>> "org.eclipse.jetty.jaas.JAASRole"
> >>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>>>>> {java.lang.String[1]@9551}
> >>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>>>>> _callbackHandlerClass: java.lang.String = null
> >>>>>> _realmName: java.lang.String = "karaf"
> >>>>>> _loginModuleName: java.lang.String = "karaf"
> >>>>>>
> >>>>>> Now, with your Camel route, I got:
> >>>>>>
> >>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>>>>> * Trying ::1:8181...
> >>>>>> * Connected to localhost (::1) port 8181 (#0)
> >>>>>>> GET /camel/api/say/hello HTTP/1.1
> >>>>>>> Host: localhost:8181
> >>>>>>> User-Agent: curl/7.69.1
> >>>>>>> Accept: */*
> >>>>>>>
> >>>>>> * Mark bundle as not supporting multiuse
> >>>>>> < HTTP/1.1 404 Not Found
> >>>>>> < Cache-Control: must-revalidate,no-cache,no-store
> >>>>>> < Content-Type: text/html;charset=iso-8859-1
> >>>>>> < Content-Length: 456
> >>>>>> < Server: Jetty(9.4.22.v20191022)
> >>>>>> <
> >>>>>>
> >>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>>>>> * Trying ::1:8181...
> >>>>>> * Connected to localhost (::1) port 8181 (#0)
> >>>>>> * Server auth using Basic with user 'karaf'
> >>>>>>> GET /camel/api/say/hello HTTP/1.1
> >>>>>>> Host: localhost:8181
> >>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>>>>> User-Agent: curl/7.69.1
> >>>>>>> Accept: */*
> >>>>>>>
> >>>>>> * Mark bundle as not supporting multiuse
> >>>>>> < HTTP/1.1 200 OK
> >>>>>> < Content-Type: application/json
> >>>>>> < Accept: */*
> >>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>>>>> < User-Agent: curl/7.69.1
> >>>>>> < Transfer-Encoding: chunked
> >>>>>> < Server: Jetty(9.4.22.v20191022)
> >>>>>> <
> >>>>>> * Connection #0 to host localhost left intact
> >>>>>> "Hello World"
> >>>>>>
> >>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>>>>> <Configure> element) instance of SecurityHandler and simply set there the
> >>>>>> "realmName" property to "Karaf", so even with two different beans with
> >>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>>>>> right one. But in Pax Web security handler is part of every
> >>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>>>>
> >>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>>>>> etc/jetty.xml
> >>>>>>
> >>>>>> regards
> >>>>>> Grzegorz Grzybek
> >>>>>>
> >>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> >>>>>> napisał(a):
> >>>>>>
> >>>>>>> Hi,
> >>>>>>>
> >>>>>>> I already also answered Gerald in another mail.
> >>>>>>> I'm not quite sure but what might be an issue, is that the default
> >>>>>>> http-context used in his application isn't bound to the underlying security
> >>>>>>> realm.
> >>>>>>> Therefore it's quite a possibility that there needs to be a configuration
> >>>>>>> done in his own application, using his own http-Context.
> >>>>>>>
> >>>>>>> Can be found here:
> >>>>>>>
> >>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> >>>>>>>
> >>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> >>>>>>> and here:
> >>>>>>>
> >>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> >>>>>>>
> >>>>>>> regards, Achim
> >>>>>>>
> >>>>>>>
> >>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> >>>>>>>> :
> >>>>>>>
> >>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>>>>> The only suspicious thing is the warning:
> >>>>>>>>
> >>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> Which suggest something is misconfigured.
> >>>>>>>>
> >>>>>>>> Best regards,
> >>>>>>>> Alex soto
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> >>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>>
> >>>>>>> Apache Member
> >>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> >>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> >>>>>>> Project Lead
> >>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> >>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> >>>>>>>
> >>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Thanks, I will take a look.
Regards
JB
> Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I'm going to create the tickets for the issues. We may extend these so far with additional information.
>
> Best
> - Gerald
>
>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>>
>>
>> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>>
>> Regards
>> JB
>>
>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>>>
>>> I think it's good to have the details shared in public.
>>>
>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
>>> Hi,
>>>
>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>>
>>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>>
>>> Thanks,
>>> Regards
>>> JB
>>>
>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>>>
>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>>
>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>>
>>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
>>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>>
>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>>>>
>>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>>
>>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>>>>
>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>>>>
>>>>> Best
>>>>> - Gerald
>>>>>
>>>>>
>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>>>>> ... 62 more
>>>>>
>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
>>>>>>
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> I have some answer. First, the "http context processing" feature was mainly
>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>>>>> pax-web-undertow.
>>>>>>
>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>>
>>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>>>>> this:
>>>>>>
>>>>>> else if (list.size() == 1)
>>>>>> service = list.iterator().next();
>>>>>>
>>>>>> So I simply made it working by ensuring there's only one
>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>>
>>>>>> list = {java.util.ArrayList@9544} size = 1
>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>> LOG: org.eclipse.jetty.util.log.Logger =
>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>>>>> {java.lang.String[1]@9551}
>>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>>>>> _callbackHandlerClass: java.lang.String = null
>>>>>> _realmName: java.lang.String = "karaf"
>>>>>> _loginModuleName: java.lang.String = "karaf"
>>>>>>
>>>>>> Now, with your Camel route, I got:
>>>>>>
>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 404 Not Found
>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>> < Content-Length: 456
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>>
>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 200 OK
>>>>>> < Content-Type: application/json
>>>>>> < Accept: */*
>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>> < User-Agent: curl/7.69.1
>>>>>> < Transfer-Encoding: chunked
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>> * Connection #0 to host localhost left intact
>>>>>> "Hello World"
>>>>>>
>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>> <Configure> element) instance of SecurityHandler and simply set there the
>>>>>> "realmName" property to "Karaf", so even with two different beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>>>>> right one. But in Pax Web security handler is part of every
>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>>
>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>>>>> etc/jetty.xml
>>>>>>
>>>>>> regards
>>>>>> Grzegorz Grzybek
>>>>>>
>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
>>>>>> napisał(a):
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I already also answered Gerald in another mail.
>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>> http-context used in his application isn't bound to the underlying security
>>>>>>> realm.
>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>> done in his own application, using his own http-Context.
>>>>>>>
>>>>>>> Can be found here:
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>> and here:
>>>>>>>
>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>>
>>>>>>> regards, Achim
>>>>>>>
>>>>>>>
>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
>>>>>>>> :
>>>>>>>
>>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>> The only suspicious thing is the warning:
>>>>>>>>
>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>> Which suggest something is misconfigured.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Alex soto
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Apache Member
>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>> Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>>
>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Thanks, I will take a look.
Regards
JB
> Le 29 juin 2020 à 08:31, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I'm going to create the tickets for the issues. We may extend these so far with additional information.
>
> Best
> - Gerald
>
>> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>>
>>
>> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>>
>> Regards
>> JB
>>
>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>>>
>>> I think it's good to have the details shared in public.
>>>
>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
>>> Hi,
>>>
>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>>
>>> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>>
>>> Thanks,
>>> Regards
>>> JB
>>>
>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
>>>>
>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>>
>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>>
>>>>> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
>>>>>
>>>>>
>>>>> Hi all,
>>>>>
>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>>
>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>>>>
>>>>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>>
>>>>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>>>>
>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>>>>
>>>>> Best
>>>>> - Gerald
>>>>>
>>>>>
>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>>>>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>>>>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>>>>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>>>>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>>>>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>>>>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>>>>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>>>>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>>>>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>>>>> at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>>>>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>>>>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>> at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>>>>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>>>>> ... 62 more
>>>>>
>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
>>>>>>
>>>>>>
>>>>>> Hello
>>>>>>
>>>>>> I have some answer. First, the "http context processing" feature was mainly
>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>>>>> pax-web-undertow.
>>>>>>
>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>>
>>>>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>>>>> this:
>>>>>>
>>>>>> else if (list.size() == 1)
>>>>>> service = list.iterator().next();
>>>>>>
>>>>>> So I simply made it working by ensuring there's only one
>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>>
>>>>>> list = {java.util.ArrayList@9544} size = 1
>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>> LOG: org.eclipse.jetty.util.log.Logger =
>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>>>>> {java.lang.String[1]@9551}
>>>>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>>>>> _callbackHandlerClass: java.lang.String = null
>>>>>> _realmName: java.lang.String = "karaf"
>>>>>> _loginModuleName: java.lang.String = "karaf"
>>>>>>
>>>>>> Now, with your Camel route, I got:
>>>>>>
>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 404 Not Found
>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>> < Content-Length: 456
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>>
>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> * Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>>
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 200 OK
>>>>>> < Content-Type: application/json
>>>>>> < Accept: */*
>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>> < User-Agent: curl/7.69.1
>>>>>> < Transfer-Encoding: chunked
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>> * Connection #0 to host localhost left intact
>>>>>> "Hello World"
>>>>>>
>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>> <Configure> element) instance of SecurityHandler and simply set there the
>>>>>> "realmName" property to "Karaf", so even with two different beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>>>>> right one. But in Pax Web security handler is part of every
>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>>
>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>>>>> etc/jetty.xml
>>>>>>
>>>>>> regards
>>>>>> Grzegorz Grzybek
>>>>>>
>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
>>>>>> napisał(a):
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I already also answered Gerald in another mail.
>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>> http-context used in his application isn't bound to the underlying security
>>>>>>> realm.
>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>> done in his own application, using his own http-Context.
>>>>>>>
>>>>>>> Can be found here:
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>>
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>> and here:
>>>>>>>
>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>>
>>>>>>> regards, Achim
>>>>>>>
>>>>>>>
>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
>>>>>>>> :
>>>>>>>
>>>>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>> The only suspicious thing is the warning:
>>>>>>>>
>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>> Which suggest something is misconfigured.
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Alex soto
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> Apache Member
>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>> Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>>
>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I'm going to create the tickets for the issues. We may extend these so far with additional information.
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>
>
> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>
> Regards
> JB
>
> > Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
> >
> > I think it's good to have the details shared in public.
> >
> > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> > Hi,
> >
> > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> >
> > Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> >
> > Thanks,
> > Regards
> > JB
> >
> > > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> > >
> > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> > >
> > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> > >
> > >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> > >>
> > >>
> > >> Hi all,
> > >>
> > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> > >>
> > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> > >>
> > >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> > >>
> > >> With both entries, as you found Grzegorz, the authentication doesn't work.
> > >>
> > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> > >>
> > >> Best
> > >> - Gerald
> > >>
> > >>
> > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> > >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> > >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> > >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> > >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> > >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> > >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> > >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> > >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> > >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> > >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> > >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at java.lang.Thread.run(Thread.java:834) [?:?]
> > >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> > >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> > >> at java.lang.Class.forName0(Native Method) ~[?:?]
> > >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> > >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> > >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> > >> ... 62 more
> > >>
> > >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> > >>>
> > >>>
> > >>> Hello
> > >>>
> > >>> I have some answer. First, the "http context processing" feature was mainly
> > >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> > >>> pax-web-undertow.
> > >>>
> > >>> But I checked how it works with pax-web-jetty in the debugger.
> > >>>
> > >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> > >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> > >>> With default etc/jetty.xml, there are TWO beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class and
> > >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > >>> this:
> > >>>
> > >>> else if (list.size() == 1)
> > >>> service = list.iterator().next();
> > >>>
> > >>> So I simply made it working by ensuring there's only one
> > >>> org.eclipse.jetty.jaas.JAASLoginService:
> > >>>
> > >>> list = {java.util.ArrayList@9544} size = 1
> > >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > >>> "JAASLoginService@7ba67d0b{STARTED}"
> > >>> LOG: org.eclipse.jetty.util.log.Logger =
> > >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > >>> "org.eclipse.jetty.jaas.JAASRole"
> > >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > >>> {java.lang.String[1]@9551}
> > >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > >>> _callbackHandlerClass: java.lang.String = null
> > >>> _realmName: java.lang.String = "karaf"
> > >>> _loginModuleName: java.lang.String = "karaf"
> > >>>
> > >>> Now, with your Camel route, I got:
> > >>>
> > >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 404 Not Found
> > >>> < Cache-Control: must-revalidate,no-cache,no-store
> > >>> < Content-Type: text/html;charset=iso-8859-1
> > >>> < Content-Length: 456
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>>
> > >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>> * Server auth using Basic with user 'karaf'
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 200 OK
> > >>> < Content-Type: application/json
> > >>> < Accept: */*
> > >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> > >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > >>> < User-Agent: curl/7.69.1
> > >>> < Transfer-Encoding: chunked
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>> * Connection #0 to host localhost left intact
> > >>> "Hello World"
> > >>>
> > >>> In theory it should be possible to grab (in etc/jetty.xml, using
> > >>> <Configure> element) instance of SecurityHandler and simply set there the
> > >>> "realmName" property to "Karaf", so even with two different beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > >>> right one. But in Pax Web security handler is part of every
> > >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> > >>>
> > >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > >>> etc/jetty.xml
> > >>>
> > >>> regards
> > >>> Grzegorz Grzybek
> > >>>
> > >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> > >>> napisał(a):
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> I already also answered Gerald in another mail.
> > >>>> I'm not quite sure but what might be an issue, is that the default
> > >>>> http-context used in his application isn't bound to the underlying security
> > >>>> realm.
> > >>>> Therefore it's quite a possibility that there needs to be a configuration
> > >>>> done in his own application, using his own http-Context.
> > >>>>
> > >>>> Can be found here:
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> > >>>> and here:
> > >>>>
> > >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> > >>>>
> > >>>> regards, Achim
> > >>>>
> > >>>>
> > >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> > >>>>> :
> > >>>>
> > >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> > >>>>> Maybe somebody from the Pax-Web team can help you.
> > >>>>> The only suspicious thing is the warning:
> > >>>>>
> > >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>> Which suggest something is misconfigured.
> > >>>>>
> > >>>>> Best regards,
> > >>>>> Alex soto
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> > >>>> wrote:
> > >>>>>>
> > >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> --
> > >>>>
> > >>>> Apache Member
> > >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> > >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> > >>>> Project Lead
> > >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> > >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> > >>>>
> >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I'm going to create the tickets for the issues. We may extend these so far with additional information.
Best
- Gerald
> Jean-Baptiste Onofre <jb...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>
>
> I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
>
> Regards
> JB
>
> > Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
> >
> > I think it's good to have the details shared in public.
> >
> > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> > Hi,
> >
> > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> >
> > Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> >
> > Thanks,
> > Regards
> > JB
> >
> > > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> > >
> > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> > >
> > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> > >
> > >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> > >>
> > >>
> > >> Hi all,
> > >>
> > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> > >>
> > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> > >>
> > >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> > >>
> > >> With both entries, as you found Grzegorz, the authentication doesn't work.
> > >>
> > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> > >>
> > >> Best
> > >> - Gerald
> > >>
> > >>
> > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> > >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> > >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> > >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> > >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> > >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> > >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> > >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> > >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> > >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> > >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> > >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> > >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> > >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> > >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> > >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> > >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> > >> at java.lang.Thread.run(Thread.java:834) [?:?]
> > >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> > >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> > >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> > >> at java.lang.Class.forName0(Native Method) ~[?:?]
> > >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> > >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> > >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> > >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> > >> ... 62 more
> > >>
> > >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> > >>>
> > >>>
> > >>> Hello
> > >>>
> > >>> I have some answer. First, the "http context processing" feature was mainly
> > >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> > >>> pax-web-undertow.
> > >>>
> > >>> But I checked how it works with pax-web-jetty in the debugger.
> > >>>
> > >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> > >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> > >>> With default etc/jetty.xml, there are TWO beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class and
> > >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > >>> this:
> > >>>
> > >>> else if (list.size() == 1)
> > >>> service = list.iterator().next();
> > >>>
> > >>> So I simply made it working by ensuring there's only one
> > >>> org.eclipse.jetty.jaas.JAASLoginService:
> > >>>
> > >>> list = {java.util.ArrayList@9544} size = 1
> > >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > >>> "JAASLoginService@7ba67d0b{STARTED}"
> > >>> LOG: org.eclipse.jetty.util.log.Logger =
> > >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > >>> "org.eclipse.jetty.jaas.JAASRole"
> > >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > >>> {java.lang.String[1]@9551}
> > >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > >>> _callbackHandlerClass: java.lang.String = null
> > >>> _realmName: java.lang.String = "karaf"
> > >>> _loginModuleName: java.lang.String = "karaf"
> > >>>
> > >>> Now, with your Camel route, I got:
> > >>>
> > >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 404 Not Found
> > >>> < Cache-Control: must-revalidate,no-cache,no-store
> > >>> < Content-Type: text/html;charset=iso-8859-1
> > >>> < Content-Length: 456
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>>
> > >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> * Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>> * Server auth using Basic with user 'karaf'
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>>
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 200 OK
> > >>> < Content-Type: application/json
> > >>> < Accept: */*
> > >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> > >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > >>> < User-Agent: curl/7.69.1
> > >>> < Transfer-Encoding: chunked
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>> * Connection #0 to host localhost left intact
> > >>> "Hello World"
> > >>>
> > >>> In theory it should be possible to grab (in etc/jetty.xml, using
> > >>> <Configure> element) instance of SecurityHandler and simply set there the
> > >>> "realmName" property to "Karaf", so even with two different beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > >>> right one. But in Pax Web security handler is part of every
> > >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> > >>>
> > >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > >>> etc/jetty.xml
> > >>>
> > >>> regards
> > >>> Grzegorz Grzybek
> > >>>
> > >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> > >>> napisał(a):
> > >>>
> > >>>> Hi,
> > >>>>
> > >>>> I already also answered Gerald in another mail.
> > >>>> I'm not quite sure but what might be an issue, is that the default
> > >>>> http-context used in his application isn't bound to the underlying security
> > >>>> realm.
> > >>>> Therefore it's quite a possibility that there needs to be a configuration
> > >>>> done in his own application, using his own http-Context.
> > >>>>
> > >>>> Can be found here:
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> > >>>>
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> > >>>> and here:
> > >>>>
> > >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> > >>>>
> > >>>> regards, Achim
> > >>>>
> > >>>>
> > >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> > >>>>> :
> > >>>>
> > >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> > >>>>> Maybe somebody from the Pax-Web team can help you.
> > >>>>> The only suspicious thing is the warning:
> > >>>>>
> > >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>> Which suggest something is misconfigured.
> > >>>>>
> > >>>>> Best regards,
> > >>>>> Alex soto
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> > >>>> wrote:
> > >>>>>>
> > >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> --
> > >>>>
> > >>>> Apache Member
> > >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> > >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> > >>>> Project Lead
> > >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> > >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> > >>>>
> >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
Regards
JB
> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>
> I think it's good to have the details shared in public.
>
> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> >
> >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> >>>> and here:
> >>>>
> >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> >>>>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
I thought Gerald already explained it on the mailing list. My intention is more to create the Jira with the details.
Regards
JB
> Le 29 juin 2020 à 07:33, Andrea Cosentino <an...@gmail.com> a écrit :
>
> I think it's good to have the details shared in public.
>
> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> >
> >> Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> hat am 28.06.2020 18:12 geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> >> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> >> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> >> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> >> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> >> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> >> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> >> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> >> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> >> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> >> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> >> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> >> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> >> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> >> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> >> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> >> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> >> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> >> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> >> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr.grzybek@gmail.com <ma...@gmail.com>> hat am 18.05.2020 15:24 geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>.invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> >>>>
> >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> >>>> and here:
> >>>>
> >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> >>>>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Andrea Cosentino <an...@gmail.com>.
I think it's good to have the details shared in public.
Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb...@nanthrax.net> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf
> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the
> workaround works as expected. Seems that Jetty has been updated in Karaf
> 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other
> issues.)
> >
> >> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12
> geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService
> entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now
> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't
> work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
> have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel |
> HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime
> - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> >> at
> Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source)
> [?:?]
> >> at
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
> [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> >> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> >> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at
> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
> [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
> [!/:1.10.2]
> >> at
> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
> ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at
> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
> ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
> ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24
> geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was
> mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
> does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there
> the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
> .invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying
> security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a
> configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >>>> and here:
> >>>>
> >>>>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.soto@envieta.com
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >>>>
>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Andrea Cosentino <an...@gmail.com>.
I think it's good to have the details shared in public.
Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb...@nanthrax.net> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf
> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the
> workaround works as expected. Seems that Jetty has been updated in Karaf
> 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other
> issues.)
> >
> >> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12
> geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService
> entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now
> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't
> work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
> have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel |
> HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime
> - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> >> at
> Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source)
> [?:?]
> >> at
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
> [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> >> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> >> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at
> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
> [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
> [!/:1.10.2]
> >> at
> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
> ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at
> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
> ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
> ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24
> geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was
> mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
> does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there
> the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
> .invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying
> security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a
> configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >>>> and here:
> >>>>
> >>>>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.soto@envieta.com
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >>>>
>
>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
Thanks,
Regards
JB
> Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>
> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>
>> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>>
>>
>> Hi all,
>>
>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>
>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>
>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>
>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>
>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>
>> Best
>> - Gerald
>>
>>
>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>> at java.lang.Thread.run(Thread.java:834) [?:?]
>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>> at java.lang.Class.forName0(Native Method) ~[?:?]
>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>> ... 62 more
>>
>>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>>>
>>>
>>> Hello
>>>
>>> I have some answer. First, the "http context processing" feature was mainly
>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>> pax-web-undertow.
>>>
>>> But I checked how it works with pax-web-jetty in the debugger.
>>>
>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>> With default etc/jetty.xml, there are TWO beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>> this:
>>>
>>> else if (list.size() == 1)
>>> service = list.iterator().next();
>>>
>>> So I simply made it working by ensuring there's only one
>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>
>>> list = {java.util.ArrayList@9544} size = 1
>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>> "JAASLoginService@7ba67d0b{STARTED}"
>>> LOG: org.eclipse.jetty.util.log.Logger =
>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>> "org.eclipse.jetty.jaas.JAASRole"
>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>> {java.lang.String[1]@9551}
>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>> _callbackHandlerClass: java.lang.String = null
>>> _realmName: java.lang.String = "karaf"
>>> _loginModuleName: java.lang.String = "karaf"
>>>
>>> Now, with your Camel route, I got:
>>>
>>> $ curl -v http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 404 Not Found
>>> < Cache-Control: must-revalidate,no-cache,no-store
>>> < Content-Type: text/html;charset=iso-8859-1
>>> < Content-Length: 456
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>>
>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>> * Server auth using Basic with user 'karaf'
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 200 OK
>>> < Content-Type: application/json
>>> < Accept: */*
>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>> < User-Agent: curl/7.69.1
>>> < Transfer-Encoding: chunked
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>> * Connection #0 to host localhost left intact
>>> "Hello World"
>>>
>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>> <Configure> element) instance of SecurityHandler and simply set there the
>>> "realmName" property to "Karaf", so even with two different beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>> right one. But in Pax Web security handler is part of every
>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>
>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>> etc/jetty.xml
>>>
>>> regards
>>> Grzegorz Grzybek
>>>
>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
>>> napisał(a):
>>>
>>>> Hi,
>>>>
>>>> I already also answered Gerald in another mail.
>>>> I'm not quite sure but what might be an issue, is that the default
>>>> http-context used in his application isn't bound to the underlying security
>>>> realm.
>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>> done in his own application, using his own http-Context.
>>>>
>>>> Can be found here:
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>>>> and here:
>>>>
>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>>>>
>>>> regards, Achim
>>>>
>>>>
>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
>>>>> :
>>>>
>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>> The only suspicious thing is the warning:
>>>>>
>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>> Which suggest something is misconfigured.
>>>>>
>>>>> Best regards,
>>>>> Alex soto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
>>>> wrote:
>>>>>>
>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
>>>> Project Lead
>>>> blog <http://notizblog.nierbeck.de/>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
Can you please send a private message about issues you have with Karaf 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
Thanks,
Regards
JB
> Le 28 juin 2020 à 22:02, Gerald Kallas <ca...@mailbox.org> a écrit :
>
> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>
> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>
>> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>>
>>
>> Hi all,
>>
>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>
>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>>
>> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>
>> With both entries, as you found Grzegorz, the authentication doesn't work.
>>
>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>>
>> Best
>> - Gerald
>>
>>
>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
>> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
>> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
>> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
>> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
>> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
>> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
>> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
>> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
>> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
>> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
>> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
>> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
>> at java.lang.Thread.run(Thread.java:834) [?:?]
>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
>> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>> at java.lang.Class.forName0(Native Method) ~[?:?]
>> at java.lang.Class.forName(Class.java:398) ~[?:?]
>> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
>> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
>> ... 62 more
>>
>>> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>>>
>>>
>>> Hello
>>>
>>> I have some answer. First, the "http context processing" feature was mainly
>>> tested to "inject" Keycloak authenticator and I mostly tested it with
>>> pax-web-undertow.
>>>
>>> But I checked how it works with pax-web-jetty in the debugger.
>>>
>>> The key problem is that when Jetty's SecurityHandler is starting, it tries
>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>> With default etc/jetty.xml, there are TWO beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
>>> this:
>>>
>>> else if (list.size() == 1)
>>> service = list.iterator().next();
>>>
>>> So I simply made it working by ensuring there's only one
>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>
>>> list = {java.util.ArrayList@9544} size = 1
>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>> "JAASLoginService@7ba67d0b{STARTED}"
>>> LOG: org.eclipse.jetty.util.log.Logger =
>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
>>> "org.eclipse.jetty.jaas.JAASRole"
>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
>>> {java.lang.String[1]@9551}
>>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
>>> _callbackHandlerClass: java.lang.String = null
>>> _realmName: java.lang.String = "karaf"
>>> _loginModuleName: java.lang.String = "karaf"
>>>
>>> Now, with your Camel route, I got:
>>>
>>> $ curl -v http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 404 Not Found
>>> < Cache-Control: must-revalidate,no-cache,no-store
>>> < Content-Type: text/html;charset=iso-8859-1
>>> < Content-Length: 456
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>>
>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
>>> * Trying ::1:8181...
>>> * Connected to localhost (::1) port 8181 (#0)
>>> * Server auth using Basic with user 'karaf'
>>>> GET /camel/api/say/hello HTTP/1.1
>>>> Host: localhost:8181
>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>> User-Agent: curl/7.69.1
>>>> Accept: */*
>>>>
>>> * Mark bundle as not supporting multiuse
>>> < HTTP/1.1 200 OK
>>> < Content-Type: application/json
>>> < Accept: */*
>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>> < User-Agent: curl/7.69.1
>>> < Transfer-Encoding: chunked
>>> < Server: Jetty(9.4.22.v20191022)
>>> <
>>> * Connection #0 to host localhost left intact
>>> "Hello World"
>>>
>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>> <Configure> element) instance of SecurityHandler and simply set there the
>>> "realmName" property to "Karaf", so even with two different beans with
>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
>>> right one. But in Pax Web security handler is part of every
>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>
>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
>>> etc/jetty.xml
>>>
>>> regards
>>> Grzegorz Grzybek
>>>
>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
>>> napisał(a):
>>>
>>>> Hi,
>>>>
>>>> I already also answered Gerald in another mail.
>>>> I'm not quite sure but what might be an issue, is that the default
>>>> http-context used in his application isn't bound to the underlying security
>>>> realm.
>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>> done in his own application, using his own http-Context.
>>>>
>>>> Can be found here:
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>>>>
>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>>>> and here:
>>>>
>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>>>>
>>>> regards, Achim
>>>>
>>>>
>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
>>>>> :
>>>>
>>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>> The only suspicious thing is the warning:
>>>>>
>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>> Which suggest something is misconfigured.
>>>>>
>>>>> Best regards,
>>>>> Alex soto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
>>>> wrote:
>>>>>>
>>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
>>>> Project Lead
>>>> blog <http://notizblog.nierbeck.de/>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
(The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>
>
> Hi all,
>
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>
> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>
> With both entries, as you found Grzegorz, the authentication doesn't work.
>
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>
> Best
> - Gerald
>
>
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> at java.lang.Class.forName0(Native Method) ~[?:?]
> at java.lang.Class.forName(Class.java:398) ~[?:?]
> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> ... 62 more
>
> > Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
> >
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> > service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544} size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> > LOG: org.eclipse.jetty.util.log.Logger =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > "org.eclipse.jetty.jaas.JAASRole"
> > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > {java.lang.String[1]@9551}
> > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > _callbackHandlerClass: java.lang.String = null
> > _realmName: java.lang.String = "karaf"
> > _loginModuleName: java.lang.String = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> > <Configure> element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> > napisał(a):
> >
> > > Hi,
> > >
> > > I already also answered Gerald in another mail.
> > > I'm not quite sure but what might be an issue, is that the default
> > > http-context used in his application isn't bound to the underlying security
> > > realm.
> > > Therefore it's quite a possibility that there needs to be a configuration
> > > done in his own application, using his own http-Context.
> > >
> > > Can be found here:
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > and here:
> > >
> > > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > >
> > > regards, Achim
> > >
> > >
> > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > > >:
> > >
> > > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > > Maybe somebody from the Pax-Web team can help you.
> > > > The only suspicious thing is the warning:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > > > Which suggest something is misconfigured.
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > > wrote:
> > > > >
> > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > >
> > > --
> > >
> > > Apache Member
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > > Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> > >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
(The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> Gerald Kallas <ca...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>
>
> Hi all,
>
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
>
> Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>
> With both entries, as you found Grzegorz, the authentication doesn't work.
>
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
>
> Best
> - Gerald
>
>
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> at java.lang.Class.forName0(Native Method) ~[?:?]
> at java.lang.Class.forName(Class.java:398) ~[?:?]
> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> ... 62 more
>
> > Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
> >
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> > service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544} size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> > LOG: org.eclipse.jetty.util.log.Logger =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > "org.eclipse.jetty.jaas.JAASRole"
> > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > {java.lang.String[1]@9551}
> > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > _callbackHandlerClass: java.lang.String = null
> > _realmName: java.lang.String = "karaf"
> > _loginModuleName: java.lang.String = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> > <Configure> element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> > napisał(a):
> >
> > > Hi,
> > >
> > > I already also answered Gerald in another mail.
> > > I'm not quite sure but what might be an issue, is that the default
> > > http-context used in his application isn't bound to the underlying security
> > > realm.
> > > Therefore it's quite a possibility that there needs to be a configuration
> > > done in his own application, using his own http-Context.
> > >
> > > Can be found here:
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > and here:
> > >
> > > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > >
> > > regards, Achim
> > >
> > >
> > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > > >:
> > >
> > > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > > Maybe somebody from the Pax-Web team can help you.
> > > > The only suspicious thing is the warning:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > > > Which suggest something is misconfigured.
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > > wrote:
> > > > >
> > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > >
> > > --
> > >
> > > Apache Member
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > > Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> > >
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi all,
I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
With both entries, as you found Grzegorz, the authentication doesn't work.
Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
Best
- Gerald
2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
at java.lang.Class.forName0(Native Method) ~[?:?]
at java.lang.Class.forName(Class.java:398) ~[?:?]
at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
... 62 more
> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>
>
> Hello
>
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
>
> But I checked how it works with pax-web-jetty in the debugger.
>
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
>
> else if (list.size() == 1)
> service = list.iterator().next();
>
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
>
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
>
> Now, with your Camel route, I got:
>
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
>
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
>
> In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
>
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
>
> regards
> Grzegorz Grzybek
>
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> napisał(a):
>
> > Hi,
> >
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> >
> > Can be found here:
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > and here:
> >
> > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >
> > regards, Achim
> >
> >
> > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > >:
> >
> > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > Maybe somebody from the Pax-Web team can help you.
> > > The only suspicious thing is the warning:
> > >
> > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> > > Which suggest something is misconfigured.
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > wrote:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
I'm glad you like it.
Unfortunately it's OSGi specific solution. But the fact that OSGi allows
that may still mean that flat-classpath approach is not the only one left
out there ;)
regards
Grzegorz Grzybek
pon., 18 maj 2020 o 17:01 Alex Soto <al...@envieta.com> napisał(a):
> Thank you, Grzegorz, this is excellent news!
> I'm looking forward for this to be improved in version 8, as it is very
> useful, and not only for Keycloak.
> In particular, for securing Camel Rest services, and perhaps there are
> many other use cases as well.
>
> Best regards,
> Alex soto
>
>
>
>
> > On May 18, 2020, at 9:24 AM, Grzegorz Grzybek <gr...@gmail.com>
> wrote:
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was
> mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> > service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544} size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> > LOG: org.eclipse.jetty.util.log.Logger =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > "org.eclipse.jetty.jaas.JAASRole"
> > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > {java.lang.String[1]@9551}
> > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > _callbackHandlerClass: java.lang.String = null
> > _realmName: java.lang.String = "karaf"
> > _loginModuleName: java.lang.String = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> >> GET /camel/api/say/hello HTTP/1.1
> >> Host: localhost:8181
> >> User-Agent: curl/7.69.1
> >> Accept: */*
> >>
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> >> GET /camel/api/say/hello HTTP/1.1
> >> Host: localhost:8181
> >> Authorization: Basic a2FyYWY6a2FyYWY=
> >> User-Agent: curl/7.69.1
> >> Accept: */*
> >>
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> > <Configure> element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
> .invalid>
> > napisał(a):
> >
> >> Hi,
> >>
> >> I already also answered Gerald in another mail.
> >> I'm not quite sure but what might be an issue, is that the default
> >> http-context used in his application isn't bound to the underlying
> security
> >> realm.
> >> Therefore it's quite a possibility that there needs to be a
> configuration
> >> done in his own application, using his own http-Context.
> >>
> >> Can be found here:
> >>
> >>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>
> >>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >> and here:
> >>
> >>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >>
> >> regards, Achim
> >>
> >>
> >> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.soto@envieta.com
> >>> :
> >>
> >>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>> Maybe somebody from the Pax-Web team can help you.
> >>> The only suspicious thing is the warning:
> >>>
> >>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>> authenticator for: {RoleInfo,C[admin],None}
> >>>
> >>>
> >>> Which suggest something is misconfigured.
> >>>
> >>> Best regards,
> >>> Alex soto
> >>>
> >>>
> >>>
> >>>
> >>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> >> wrote:
> >>>>
> >>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>> authenticator for: {RoleInfo,C[admin],None}
> >>>
> >>>
> >>
> >> --
> >>
> >> Apache Member
> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> >> Project Lead
> >> blog <http://notizblog.nierbeck.de/>
> >> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >>
>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Thank you, Grzegorz, this is excellent news!
I'm looking forward for this to be improved in version 8, as it is very useful, and not only for Keycloak.
In particular, for securing Camel Rest services, and perhaps there are many other use cases as well.
Best regards,
Alex soto
> On May 18, 2020, at 9:24 AM, Grzegorz Grzybek <gr...@gmail.com> wrote:
>
> Hello
>
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
>
> But I checked how it works with pax-web-jetty in the debugger.
>
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
>
> else if (list.size() == 1)
> service = list.iterator().next();
>
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
>
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
>
> Now, with your Camel route, I got:
>
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
>> GET /camel/api/say/hello HTTP/1.1
>> Host: localhost:8181
>> User-Agent: curl/7.69.1
>> Accept: */*
>>
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
>
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
>> GET /camel/api/say/hello HTTP/1.1
>> Host: localhost:8181
>> Authorization: Basic a2FyYWY6a2FyYWY=
>> User-Agent: curl/7.69.1
>> Accept: */*
>>
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
>
> In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
>
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
>
> regards
> Grzegorz Grzybek
>
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> napisał(a):
>
>> Hi,
>>
>> I already also answered Gerald in another mail.
>> I'm not quite sure but what might be an issue, is that the default
>> http-context used in his application isn't bound to the underlying security
>> realm.
>> Therefore it's quite a possibility that there needs to be a configuration
>> done in his own application, using his own http-Context.
>>
>> Can be found here:
>>
>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>>
>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>> and here:
>>
>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>>
>> regards, Achim
>>
>>
>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
>>> :
>>
>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>> Maybe somebody from the Pax-Web team can help you.
>>> The only suspicious thing is the warning:
>>>
>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>> authenticator for: {RoleInfo,C[admin],None}
>>>
>>>
>>> Which suggest something is misconfigured.
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
>> wrote:
>>>>
>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>> authenticator for: {RoleInfo,C[admin],None}
>>>
>>>
>>
>> --
>>
>> Apache Member
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
>> Project Lead
>> blog <http://notizblog.nierbeck.de/>
>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>
Re: Basic authentication of WAB using Jaas in Karaf - the trick
doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi all,
I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my etc/jetty.xml I'm getting an error as attached below.
Neither hawtio nor my servlet are working any longer. Seems that now both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
With both entries, as you found Grzegorz, the authentication doesn't work.
Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have another workaround for that behaviour?
Best
- Gerald
2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
at java.lang.Class.forName0(Native Method) ~[?:?]
at java.lang.Class.forName(Class.java:398) ~[?:?]
at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
... 62 more
> Grzegorz Grzybek <gr...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
>
>
> Hello
>
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
>
> But I checked how it works with pax-web-jetty in the debugger.
>
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
>
> else if (list.size() == 1)
> service = list.iterator().next();
>
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
>
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
>
> Now, with your Camel route, I got:
>
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
>
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
>
> In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
>
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
>
> regards
> Grzegorz Grzybek
>
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
> napisał(a):
>
> > Hi,
> >
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> >
> > Can be found here:
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > and here:
> >
> > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >
> > regards, Achim
> >
> >
> > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> > >:
> >
> > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > Maybe somebody from the Pax-Web team can help you.
> > > The only suspicious thing is the warning:
> > >
> > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> > > Which suggest something is misconfigured.
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> > wrote:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
I have some answer. First, the "http context processing" feature was mainly
tested to "inject" Keycloak authenticator and I mostly tested it with
pax-web-undertow.
But I checked how it works with pax-web-jetty in the debugger.
The key problem is that when Jetty's SecurityHandler is starting, it tries
to find/discover org.eclipse.jetty.security.LoginService instance.
With default etc/jetty.xml, there are TWO beans with
org.eclipse.jetty.jaas.JAASLoginService class and
org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
this:
else if (list.size() == 1)
service = list.iterator().next();
So I simply made it working by ensuring there's only one
org.eclipse.jetty.jaas.JAASLoginService:
list = {java.util.ArrayList@9544} size = 1
0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
"JAASLoginService@7ba67d0b{STARTED}"
LOG: org.eclipse.jetty.util.log.Logger =
{org.eclipse.jetty.util.log.Slf4jLog@9549}
"org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
DEFAULT_ROLE_CLASS_NAME: java.lang.String =
"org.eclipse.jetty.jaas.JAASRole"
DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
{java.lang.String[1]@9551}
_roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
_callbackHandlerClass: java.lang.String = null
_realmName: java.lang.String = "karaf"
_loginModuleName: java.lang.String = "karaf"
Now, with your Camel route, I got:
$ curl -v http://localhost:8181/camel/api/say/hello
* Trying ::1:8181...
* Connected to localhost (::1) port 8181 (#0)
> GET /camel/api/say/hello HTTP/1.1
> Host: localhost:8181
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 456
< Server: Jetty(9.4.22.v20191022)
<
$ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
* Trying ::1:8181...
* Connected to localhost (::1) port 8181 (#0)
* Server auth using Basic with user 'karaf'
> GET /camel/api/say/hello HTTP/1.1
> Host: localhost:8181
> Authorization: Basic a2FyYWY6a2FyYWY=
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Accept: */*
< Authorization: Basic a2FyYWY6a2FyYWY=
< breadcrumbId: ID-everfree-forest-1589807499756-0-1
< User-Agent: curl/7.69.1
< Transfer-Encoding: chunked
< Server: Jetty(9.4.22.v20191022)
<
* Connection #0 to host localhost left intact
"Hello World"
In theory it should be possible to grab (in etc/jetty.xml, using
<Configure> element) instance of SecurityHandler and simply set there the
"realmName" property to "Karaf", so even with two different beans with
org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
right one. But in Pax Web security handler is part of every
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
only in Pax Web 8 I'd be able to fix this in more clean way.
So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
etc/jetty.xml
regards
Grzegorz Grzybek
pon., 18 maj 2020 o 10:25 Achim Nierbeck <bc...@googlemail.com.invalid>
napisał(a):
> Hi,
>
> I already also answered Gerald in another mail.
> I'm not quite sure but what might be an issue, is that the default
> http-context used in his application isn't bound to the underlying security
> realm.
> Therefore it's quite a possibility that there needs to be a configuration
> done in his own application, using his own http-Context.
>
> Can be found here:
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> and here:
>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>
> regards, Achim
>
>
> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
> >:
>
> > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > Maybe somebody from the Pax-Web team can help you.
> > The only suspicious thing is the warning:
> >
> > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > authenticator for: {RoleInfo,C[admin],None}
> >
> >
> > Which suggest something is misconfigured.
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> > > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org>
> wrote:
> > >
> > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > authenticator for: {RoleInfo,C[admin],None}
> >
> >
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Achim Nierbeck <bc...@googlemail.com.INVALID>.
Hi,
I already also answered Gerald in another mail.
I'm not quite sure but what might be an issue, is that the default
http-context used in his application isn't bound to the underlying security
realm.
Therefore it's quite a possibility that there needs to be a configuration
done in his own application, using his own http-Context.
Can be found here:
https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
and here:
https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
regards, Achim
Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <al...@envieta.com>:
> I’m sorry, I don’t know why it's not working; it looks correct to me.
> Maybe somebody from the Pax-Web team can help you.
> The only suspicious thing is the warning:
>
> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> authenticator for: {RoleInfo,C[admin],None}
>
>
> Which suggest something is misconfigured.
>
> Best regards,
> Alex soto
>
>
>
>
> > On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> >
> > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> authenticator for: {RoleInfo,C[admin],None}
>
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
I’m sorry, I don’t know why it's not working; it looks correct to me. Maybe somebody from the Pax-Web team can help you.
The only suspicious thing is the warning:
2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator for: {RoleInfo,C[admin],None}
Which suggest something is misconfigured.
Best regards,
Alex soto
> On May 15, 2020, at 2:23 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>
> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator for: {RoleInfo,C[admin],None}
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
With "BASIC" the same.
2020-05-15T18:20:39,881 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.f4d0bd8c-6751-447f-8067-2da2e2b7c45a) | HttpContextProcessing | 264 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Updated configuration for pid=org.ops4j.pax.web.context.f4d0bd8c-6751-447f-8067-2da2e2b7c45a
2020-05-15T18:20:39,883 | INFO | paxweb-context-4-thread-5 | HttpContextProcessing | 264 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Found bundle "api.xml", scheduling customization of its WebContainer
2020-05-15T18:20:39,884 | INFO | paxweb-context-4-thread-5 | HttpContextProcessing | 264 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | HTTP Context Processor {bundle=api.xml [290]}: Restoring WebContainer for bundle api.xml/0.0.0
2020-05-15T18:20:39,885 | INFO | paxweb-context-4-thread-5 | CamelHttpTransportServlet | 132 - org.apache.camel.camel-servlet - 3.2.0 | Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-15T18:20:39,885 | INFO | paxweb-context-4-thread-5 | ContextHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], contextID=default]}
2020-05-15T18:20:39,886 | INFO | paxweb-context-4-thread-5 | HttpServiceContext | 262 - org.ops4j.pax.web.pax-web-jetty - 7.2.14 | registering JasperInitializer
2020-05-15T18:20:40,117 | INFO | paxweb-context-4-thread-5 | CamelHttpTransportServlet | 132 - org.apache.camel.camel-servlet - 3.2.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-15T18:20:40,117 | INFO | paxweb-context-4-thread-5 | ContextHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], contextID=default]}
2020-05-15T18:20:40,118 | INFO | paxweb-context-4-thread-5 | HttpContextProcessing | 264 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Customizing WebContainer for bundle api.xml/0.0.0
2020-05-15T18:20:40,130 | INFO | paxweb-context-4-thread-5 | HttpContextProcessing | 264 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Registering login configuration in WebContainer for bundle "api.xml": method=BASIC, realm=karaf
2020-05-15T18:20:40,130 | INFO | paxweb-context-4-thread-5 | CamelHttpTransportServlet | 132 - org.apache.camel.camel-servlet - 3.2.0 | Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-15T18:20:40,131 | INFO | paxweb-context-4-thread-5 | ContextHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], contextID=default]}
2020-05-15T18:20:40,131 | INFO | paxweb-context-4-thread-5 | HttpContextProcessing | 264 - org.ops4j.pax.web.pax-web-runtime - 7.2.14 | Registering security mappings in WebContainer for bundle "api.xml": SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', roles=[admin]}
2020-05-15T18:20:40,132 | INFO | paxweb-context-4-thread-5 | HttpServiceContext | 262 - org.ops4j.pax.web.pax-web-jetty - 7.2.14 | registering JasperInitializer
2020-05-15T18:20:40,290 | INFO | paxweb-context-4-thread-5 | CamelHttpTransportServlet | 132 - org.apache.camel.camel-servlet - 3.2.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-15T18:20:40,290 | INFO | paxweb-context-4-thread-5 | ContextHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], contextID=default]}
2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator for: {RoleInfo,C[admin],None}
etc/jetty.xml looks like
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Set connectors -->
<!-- =========================================================== -->
<!-- One of each type! -->
<!-- =========================================================== -->
<!-- Use this connector for many frequently idle connections and for
threadless continuations. -->
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort">
<Property name="jetty.secure.port" default="8443" />
</Set>
<Set name="outputBufferSize">32768</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
<Set name="sendServerVersion">true</Set>
<Set name="sendDateHeader">false</Set>
<Set name="headerCacheSize">512</Set>
</New>
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">karaf</Set>
<Set name="loginModuleName">karaf</Set>
<Set name="roleClassNames">
<Array type="java.lang.String">
<Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
</Item>
</Array>
</Set>
</New>
</Arg>
</Call>
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">default</Set>
<Set name="loginModuleName">karaf</Set>
<Set name="roleClassNames">
<Array type="java.lang.String">
<Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
</Item>
</Array>
</Set>
</New>
</Arg>
</Call>
</Configure>
etc/org.ops4j.pax.web.cfg looks like
org.osgi.service.http.enabled=true
org.osgi.service.http.port=8181
org.ops4j.pax.web.session.cookie.httpOnly=true
org.osgi.service.http.secure.enabled=true
org.osgi.service.http.port.secure=8443
org.ops4j.pax.web.ssl.keystore=${karaf.etc}/keystore.p12
org.ops4j.pax.web.ssl.password=xxxxx
org.ops4j.pax.web.ssl.keypassword=xxxxx
javax.servlet.context.tempdir=${karaf.data}/pax-web-jsp
org.ops4j.pax.web.config.file=${karaf.etc}/jetty.xml
org.apache.karaf.features.configKey = org.ops4j.pax.web
Best
- Gerald
> Alex Soto <al...@envieta.com> hat am 15. Mai 2020 18:38 geschrieben:
>
>
> I’m not sure what is happening, but I noticed, you have ‘basic’ as lowercase, maybe it is case sensitive. Try uppercase:
>
>
> login.config.authMethod = BASIC
>
>
> Also, what is in your 'etc/jetty.xml’ and ‘etc/org.ops4j.pax.web.cfg’ files ?
>
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 15, 2020, at 11:22 AM, Gerald Kallas <ca...@mailbox.org> wrote:
> > Hi Alex,
> >
> > yes, I'm passing the HTTP "Authorization" header for basic authentication.
> >
> > My users.properties looks like
> >
> > karaf = xxx,_g_:admingroup
> > _g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
> >
> > username1 = password1,admin
> >
> > I'm testing with the username1 password1 combination, the request looks like
> >
> > curl --insecure --location --request GET 'https://localhost:8443/camel/api/say/hello' \
> > --header 'Authorization: Basic dXNlcm5hbWUxOnBhc3N3b3JkMQ=='
> >
> > With or without the Authorization header I'm always getting a HTTP 403 response.
> >
> > While trying to access I'm getting a log entry
> >
> > 2020-05-15T15:20:34,031 | WARN | qtp1611313605-186 | SecurityHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator for: {RoleInfo,C[admin],None}
> >
> > Again my org.ops4j.pax.web.context-admin.cfg, it looks like
> >
> > bundle.symbolicName=api.xml
> > login.config.authMethod=Basic
> > login.config.realmName=karaf
> > context.id (http://context.id)=default
> >
> > security.constraint.1.url = /camel/api/*
> > security.constraint.1.method = *
> > security.constraint.1.roles = admin
> >
> > And my route (Blueprint DSL "api.xml") again as well
> >
> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> > https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
> >
> > <reference id="httpService" interface="org.osgi.service.http.HttpService" />
> >
> > <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
> >
> > <bean class="org.apache.camel.component.osgi.OsgiServletRegisterer"
> > init-method="register"
> > destroy-method="unregister">
> > <property name="servletName" value="MyServlet" />
> > <property name="alias" value="/camel/api" />
> > <property name="httpService" ref="httpService" />
> > <property name="servlet" ref="camelServlet" />
> > </bean>
> >
> > <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent" />
> >
> > <camelContext xmlns="http://camel.apache.org/schema/blueprint">
> > <restConfiguration
> > component="servlet"
> > bindingMode="json"
> > enableCORS="false"
> > skipBindingOnErrorCode="false"
> > clientRequestValidation="true">
> >
> > <componentProperty key="matchOnUriPrefix" value="true" />
> >
> > <endpointProperty key="servletName" value="MyServlet" />
> > <endpointProperty key="disableStreamCache" value="true" />
> >
> > <dataFormatProperty key="contentTypeHeader" value="false" />
> > <dataFormatProperty key="baseUri" value ="/came/api" />
> > </restConfiguration >
> >
> > <rest path="/say">
> > <get uri="/hello">
> > <to uri="direct:hello"/>
> > </get>
> > </rest>
> >
> > <route>
> > <from uri="direct:hello"/>
> > <transform>
> > <constant>Hello World</constant>
> > </transform>
> > </route>
> >
> > </camelContext>
> >
> > </blueprint>
> >
> > Best
> > - Gerald
> >
> >
> > > Alex Soto <al...@envieta.com> hat am 15. Mai 2020 14:35 geschrieben:
> > >
> > >
> > > Are passing the BASIC Authentication header with user name and password?
> > >
> > > The user names and roles are defined in the 'etc/users.properties’ file, check Karaf documentation https://karaf.apache.org/manual/latest/#_security_2 <https://karaf.apache.org/manual/latest/#_security_2>
> > >
> > >
> > > The 'security.constraint.1.* entries' in your file 'org.ops4j.pax.web.context-admin.cfg’ define the permissions for each route, just need to add new ones replacing 1 with 2, and so on, the url matching the Camel route.
> > >
> > >
> > >
> > >
> > > > On May 14, 2020, at 5:17 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > >
> > > > Thanks Alex,
> > > >
> > > > the API now is working after removing the "httpRegistry" part.
> > > >
> > > > Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
> > > >
> > > > bundle.symbolicName=api.xml
> > > > login.config.authMethod=BASIC
> > > > login.config.realmName=karaf
> > > > context.id (http://context.id)=default
> > > >
> > > > security.constraint.1.url = /camel/api/*
> > > > security.constraint.1.method = *
> > > > security.constraint.1.roles = admin
> > > >
> > > > Saving this creates the log file entries as below.
> > > >
> > > > The return code with this file is now always a HTTP 403 (forbidden). What might be wrong now?
> > > >
> > > > And .. where can I define the roles, users and passwords for each of the routes with a servlet consumer?
> > > >
> > > > Best
> > > > - Gerald
> > > >
> > > > 2020-05-14T21:15:18,817 | INFO | fileinstall-/opt/apache-karaf-4.2.7/etc | fileinstall | 10 - org.apache.felix.fileinstall - 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
> > > > 2020-05-14T21:15:18,819 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Updated configuration for pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
> > > > 2020-05-14T21:15:18,821 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
> > > > 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring WebContainer for bundle api.xml/0.0.0
> > > > 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> > > > 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > > > 2020-05-14T21:15:18,823 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
> > > > 2020-05-14T21:15:18,902 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> > > > 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > > > 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
> > > > 2020-05-14T21:15:18,906 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering login configuration in WebContainer for bundle "api.xml": method=BASIC, realm=karaf
> > > > 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> > > > 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > > > 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', roles=[admin]}
> > > > 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
> > > > 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> > > > 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > > >
> > > >
> > > > > Alex Soto <al...@envieta.com> hat am 14. Mai 2020 18:42 geschrieben:
> > > > >
> > > > >
> > > > > Looks good to me: '/camel/api/say/hello' should be correct.
> > > > >
> > > > > The only difference I see is that in my case I am not using the ‘httpRegistry'; try removing that part.
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 14, 2020, at 12:21 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > > > Thanks Alex.
> > > > > >
> > > > > > I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
> > > > > >
> > > > > > See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
> > > > > >
> > > > > > I'm assuming that the URL
> > > > > >
> > > > > > https://localhost:8443/camel/api/say/hello
> > > > > >
> > > > > > should be the one to call. Do I still miss something? Many thanks in advance.
> > > > > >
> > > > > > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> > > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > > > > > xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> > > > > > https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
> > > > > >
> > > > > > <reference id="httpService" interface="org.osgi.service.http.HttpService" />
> > > > > >
> > > > > > <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
> > > > > >
> > > > > > <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
> > > > > > init-method="register"
> > > > > > destroy-method="unregister">
> > > > > > <property name="servletName" value="MyServlet" />
> > > > > > <property name="alias" value="/camel/api" />
> > > > > > <property name="httpService" ref="httpService" />
> > > > > > <property name="servlet" ref="camelServlet" />
> > > > > > </bean>
> > > > > >
> > > > > > <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
> > > > > >
> > > > > > <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
> > > > > > <property name="httpRegistry" ref="httpRegistry" />
> > > > > > </bean>
> > > > > >
> > > > > > <camelContext xmlns="http://camel.apache.org/schema/blueprint">
> > > > > > <restConfiguration
> > > > > > component="servlet"
> > > > > > bindingMode="json"
> > > > > > enableCORS="false"
> > > > > > skipBindingOnErrorCode="false"
> > > > > > clientRequestValidation="true">
> > > > > >
> > > > > > <componentProperty key="matchOnUriPrefix" value="true" />
> > > > > >
> > > > > > <endpointProperty key="servletName" value="MyServlet" />
> > > > > > <endpointProperty key="disableStreamCache" value="true" />
> > > > > >
> > > > > > <dataFormatProperty key="contentTypeHeader" value="false" />
> > > > > > <dataFormatProperty key="baseUri" value ="/came/api" />
> > > > > > </restConfiguration >
> > > > > >
> > > > > > <rest path="/say">
> > > > > > <get uri="/hello">
> > > > > > <to uri="direct:hello"/>
> > > > > > </get>
> > > > > > </rest>
> > > > > >
> > > > > > <route>
> > > > > > <from uri="direct:hello"/>
> > > > > > <transform>
> > > > > > <constant>Hello World</constant>
> > > > > > </transform>
> > > > > > </route>
> > > > > >
> > > > > > </camelContext>
> > > > > >
> > > > > > </blueprint>
> > > > > >
> > > > > > Best
> > > > > > - Gerald
> > > > > >
> > > > > >
> > > > > >
> > > > > > > Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
> > > > > > >
> > > > > > >
> > > > > > > Hi Gerald,
> > > > > > >
> > > > > > > I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
> > > > > > > Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
> > > > > > >
> > > > > > > security.constraint.1.url = /camel/services/*
> > > > > > > security.constraint.1.method = *
> > > > > > > security.constraint.1.roles = admin
> > > > > > >
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Alex soto
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > > > > > <property name="alias" value="/camel/services" />
> > > > > > >
> > > > >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
I’m not sure what is happening, but I noticed, you have ‘basic’ as lowercase, maybe it is case sensitive. Try uppercase:
login.config.authMethod = BASIC
Also, what is in your 'etc/jetty.xml’ and ‘etc/org.ops4j.pax.web.cfg’ files ?
Best regards,
Alex soto
> On May 15, 2020, at 11:22 AM, Gerald Kallas <ca...@mailbox.org> wrote:
>
> Hi Alex,
>
> yes, I'm passing the HTTP "Authorization" header for basic authentication.
>
> My users.properties looks like
>
> karaf = xxx,_g_:admingroup
> _g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
>
> username1 = password1,admin
>
> I'm testing with the username1 password1 combination, the request looks like
>
> curl --insecure --location --request GET 'https://localhost:8443/camel/api/say/hello' \
> --header 'Authorization: Basic dXNlcm5hbWUxOnBhc3N3b3JkMQ=='
>
> With or without the Authorization header I'm always getting a HTTP 403 response.
>
> While trying to access I'm getting a log entry
>
> 2020-05-15T15:20:34,031 | WARN | qtp1611313605-186 | SecurityHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator for: {RoleInfo,C[admin],None}
>
> Again my org.ops4j.pax.web.context-admin.cfg, it looks like
>
> bundle.symbolicName=api.xml
> login.config.authMethod=Basic
> login.config.realmName=karaf
> context.id=default
>
> security.constraint.1.url = /camel/api/*
> security.constraint.1.method = *
> security.constraint.1.roles = admin
>
> And my route (Blueprint DSL "api.xml") again as well
>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
>
> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
>
> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
>
> <bean class="org.apache.camel.component.osgi.OsgiServletRegisterer"
> init-method="register"
> destroy-method="unregister">
> <property name="servletName" value="MyServlet" />
> <property name="alias" value="/camel/api" />
> <property name="httpService" ref="httpService" />
> <property name="servlet" ref="camelServlet" />
> </bean>
>
> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent" />
>
> <camelContext xmlns="http://camel.apache.org/schema/blueprint">
> <restConfiguration
> component="servlet"
> bindingMode="json"
> enableCORS="false"
> skipBindingOnErrorCode="false"
> clientRequestValidation="true">
>
> <componentProperty key="matchOnUriPrefix" value="true" />
>
> <endpointProperty key="servletName" value="MyServlet" />
> <endpointProperty key="disableStreamCache" value="true" />
>
> <dataFormatProperty key="contentTypeHeader" value="false" />
> <dataFormatProperty key="baseUri" value ="/came/api" />
> </restConfiguration >
>
> <rest path="/say">
> <get uri="/hello">
> <to uri="direct:hello"/>
> </get>
> </rest>
>
> <route>
> <from uri="direct:hello"/>
> <transform>
> <constant>Hello World</constant>
> </transform>
> </route>
>
> </camelContext>
>
> </blueprint>
>
> Best
> - Gerald
>
>> Alex Soto <al...@envieta.com> hat am 15. Mai 2020 14:35 geschrieben:
>>
>>
>> Are passing the BASIC Authentication header with user name and password?
>>
>> The user names and roles are defined in the 'etc/users.properties’ file, check Karaf documentation https://karaf.apache.org/manual/latest/#_security_2 <https://karaf.apache.org/manual/latest/#_security_2>
>>
>>
>> The 'security.constraint.1.* entries' in your file 'org.ops4j.pax.web.context-admin.cfg’ define the permissions for each route, just need to add new ones replacing 1 with 2, and so on, the url matching the Camel route.
>>
>>
>>
>>> On May 14, 2020, at 5:17 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>
>>> Thanks Alex,
>>>
>>> the API now is working after removing the "httpRegistry" part.
>>>
>>> Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
>>>
>>> bundle.symbolicName=api.xml
>>> login.config.authMethod=BASIC
>>> login.config.realmName=karaf
>>> context.id=default
>>>
>>> security.constraint.1.url = /camel/api/*
>>> security.constraint.1.method = *
>>> security.constraint.1.roles = admin
>>>
>>> Saving this creates the log file entries as below.
>>>
>>> The return code with this file is now always a HTTP 403 (forbidden). What might be wrong now?
>>>
>>> And .. where can I define the roles, users and passwords for each of the routes with a servlet consumer?
>>>
>>> Best
>>> - Gerald
>>>
>>> 2020-05-14T21:15:18,817 | INFO | fileinstall-/opt/apache-karaf-4.2.7/etc | fileinstall | 10 - org.apache.felix.fileinstall - 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
>>> 2020-05-14T21:15:18,819 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Updated configuration for pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
>>> 2020-05-14T21:15:18,821 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
>>> 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring WebContainer for bundle api.xml/0.0.0
>>> 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
>>> 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
>>> 2020-05-14T21:15:18,823 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
>>> 2020-05-14T21:15:18,902 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
>>> 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
>>> 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
>>> 2020-05-14T21:15:18,906 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering login configuration in WebContainer for bundle "api.xml": method=BASIC, realm=karaf
>>> 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
>>> 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
>>> 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', roles=[admin]}
>>> 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
>>> 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
>>> 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
>>>
>>>> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 18:42 geschrieben:
>>>>
>>>>
>>>> Looks good to me: '/camel/api/say/hello' should be correct.
>>>>
>>>> The only difference I see is that in my case I am not using the ‘httpRegistry'; try removing that part.
>>>>
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On May 14, 2020, at 12:21 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>>> Thanks Alex.
>>>>>
>>>>> I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
>>>>>
>>>>> See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
>>>>>
>>>>> I'm assuming that the URL
>>>>>
>>>>> https://localhost:8443/camel/api/say/hello
>>>>>
>>>>> should be the one to call. Do I still miss something? Many thanks in advance.
>>>>>
>>>>> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
>>>>> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
>>>>>
>>>>> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
>>>>>
>>>>> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
>>>>>
>>>>> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
>>>>> init-method="register"
>>>>> destroy-method="unregister">
>>>>> <property name="servletName" value="MyServlet" />
>>>>> <property name="alias" value="/camel/api" />
>>>>> <property name="httpService" ref="httpService" />
>>>>> <property name="servlet" ref="camelServlet" />
>>>>> </bean>
>>>>>
>>>>> <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
>>>>>
>>>>> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
>>>>> <property name="httpRegistry" ref="httpRegistry" />
>>>>> </bean>
>>>>>
>>>>> <camelContext xmlns="http://camel.apache.org/schema/blueprint">
>>>>> <restConfiguration
>>>>> component="servlet"
>>>>> bindingMode="json"
>>>>> enableCORS="false"
>>>>> skipBindingOnErrorCode="false"
>>>>> clientRequestValidation="true">
>>>>>
>>>>> <componentProperty key="matchOnUriPrefix" value="true" />
>>>>>
>>>>> <endpointProperty key="servletName" value="MyServlet" />
>>>>> <endpointProperty key="disableStreamCache" value="true" />
>>>>>
>>>>> <dataFormatProperty key="contentTypeHeader" value="false" />
>>>>> <dataFormatProperty key="baseUri" value ="/came/api" />
>>>>> </restConfiguration >
>>>>>
>>>>> <rest path="/say">
>>>>> <get uri="/hello">
>>>>> <to uri="direct:hello"/>
>>>>> </get>
>>>>> </rest>
>>>>>
>>>>> <route>
>>>>> <from uri="direct:hello"/>
>>>>> <transform>
>>>>> <constant>Hello World</constant>
>>>>> </transform>
>>>>> </route>
>>>>>
>>>>> </camelContext>
>>>>>
>>>>> </blueprint>
>>>>>
>>>>> Best
>>>>> - Gerald
>>>>>
>>>>>
>>>>>> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
>>>>>>
>>>>>>
>>>>>> Hi Gerald,
>>>>>>
>>>>>> I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
>>>>>> Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
>>>>>>
>>>>>> security.constraint.1.url = /camel/services/*
>>>>>> security.constraint.1.method = *
>>>>>> security.constraint.1.roles = admin
>>>>>>
>>>>>>
>>>>>> Best regards,
>>>>>> Alex soto
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>>>>> <property name="alias" value="/camel/services" />
>>>>>>
>>>>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi Alex,
yes, I'm passing the HTTP "Authorization" header for basic authentication.
My users.properties looks like
karaf = xxx,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
username1 = password1,admin
I'm testing with the username1 password1 combination, the request looks like
curl --insecure --location --request GET 'https://localhost:8443/camel/api/say/hello' \
--header 'Authorization: Basic dXNlcm5hbWUxOnBhc3N3b3JkMQ=='
With or without the Authorization header I'm always getting a HTTP 403 response.
While trying to access I'm getting a log entry
2020-05-15T15:20:34,031 | WARN | qtp1611313605-186 | SecurityHandler | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator for: {RoleInfo,C[admin],None}
Again my org.ops4j.pax.web.context-admin.cfg, it looks like
bundle.symbolicName=api.xml
login.config.authMethod=Basic
login.config.realmName=karaf
context.id=default
security.constraint.1.url = /camel/api/*
security.constraint.1.method = *
security.constraint.1.roles = admin
And my route (Blueprint DSL "api.xml") again as well
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
<reference id="httpService" interface="org.osgi.service.http.HttpService" />
<bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
<bean class="org.apache.camel.component.osgi.OsgiServletRegisterer"
init-method="register"
destroy-method="unregister">
<property name="servletName" value="MyServlet" />
<property name="alias" value="/camel/api" />
<property name="httpService" ref="httpService" />
<property name="servlet" ref="camelServlet" />
</bean>
<bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent" />
<camelContext xmlns="http://camel.apache.org/schema/blueprint">
<restConfiguration
component="servlet"
bindingMode="json"
enableCORS="false"
skipBindingOnErrorCode="false"
clientRequestValidation="true">
<componentProperty key="matchOnUriPrefix" value="true" />
<endpointProperty key="servletName" value="MyServlet" />
<endpointProperty key="disableStreamCache" value="true" />
<dataFormatProperty key="contentTypeHeader" value="false" />
<dataFormatProperty key="baseUri" value ="/came/api" />
</restConfiguration >
<rest path="/say">
<get uri="/hello">
<to uri="direct:hello"/>
</get>
</rest>
<route>
<from uri="direct:hello"/>
<transform>
<constant>Hello World</constant>
</transform>
</route>
</camelContext>
</blueprint>
Best
- Gerald
> Alex Soto <al...@envieta.com> hat am 15. Mai 2020 14:35 geschrieben:
>
>
> Are passing the BASIC Authentication header with user name and password?
>
> The user names and roles are defined in the 'etc/users.properties’ file, check Karaf documentation https://karaf.apache.org/manual/latest/#_security_2 <https://karaf.apache.org/manual/latest/#_security_2>
>
>
> The 'security.constraint.1.* entries' in your file 'org.ops4j.pax.web.context-admin.cfg’ define the permissions for each route, just need to add new ones replacing 1 with 2, and so on, the url matching the Camel route.
>
>
>
> > On May 14, 2020, at 5:17 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> >
> > Thanks Alex,
> >
> > the API now is working after removing the "httpRegistry" part.
> >
> > Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
> >
> > bundle.symbolicName=api.xml
> > login.config.authMethod=BASIC
> > login.config.realmName=karaf
> > context.id=default
> >
> > security.constraint.1.url = /camel/api/*
> > security.constraint.1.method = *
> > security.constraint.1.roles = admin
> >
> > Saving this creates the log file entries as below.
> >
> > The return code with this file is now always a HTTP 403 (forbidden). What might be wrong now?
> >
> > And .. where can I define the roles, users and passwords for each of the routes with a servlet consumer?
> >
> > Best
> > - Gerald
> >
> > 2020-05-14T21:15:18,817 | INFO | fileinstall-/opt/apache-karaf-4.2.7/etc | fileinstall | 10 - org.apache.felix.fileinstall - 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
> > 2020-05-14T21:15:18,819 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Updated configuration for pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
> > 2020-05-14T21:15:18,821 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
> > 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring WebContainer for bundle api.xml/0.0.0
> > 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> > 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > 2020-05-14T21:15:18,823 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
> > 2020-05-14T21:15:18,902 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> > 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
> > 2020-05-14T21:15:18,906 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering login configuration in WebContainer for bundle "api.xml": method=BASIC, realm=karaf
> > 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> > 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> > 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', roles=[admin]}
> > 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
> > 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> > 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> >
> >> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 18:42 geschrieben:
> >>
> >>
> >> Looks good to me: '/camel/api/say/hello' should be correct.
> >>
> >> The only difference I see is that in my case I am not using the ‘httpRegistry'; try removing that part.
> >>
> >>
> >> Best regards,
> >> Alex soto
> >>
> >>
> >>
> >>
> >>
> >>> On May 14, 2020, at 12:21 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> >>> Thanks Alex.
> >>>
> >>> I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
> >>>
> >>> See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
> >>>
> >>> I'm assuming that the URL
> >>>
> >>> https://localhost:8443/camel/api/say/hello
> >>>
> >>> should be the one to call. Do I still miss something? Many thanks in advance.
> >>>
> >>> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> >>> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
> >>>
> >>> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
> >>>
> >>> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
> >>>
> >>> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
> >>> init-method="register"
> >>> destroy-method="unregister">
> >>> <property name="servletName" value="MyServlet" />
> >>> <property name="alias" value="/camel/api" />
> >>> <property name="httpService" ref="httpService" />
> >>> <property name="servlet" ref="camelServlet" />
> >>> </bean>
> >>>
> >>> <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
> >>>
> >>> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
> >>> <property name="httpRegistry" ref="httpRegistry" />
> >>> </bean>
> >>>
> >>> <camelContext xmlns="http://camel.apache.org/schema/blueprint">
> >>> <restConfiguration
> >>> component="servlet"
> >>> bindingMode="json"
> >>> enableCORS="false"
> >>> skipBindingOnErrorCode="false"
> >>> clientRequestValidation="true">
> >>>
> >>> <componentProperty key="matchOnUriPrefix" value="true" />
> >>>
> >>> <endpointProperty key="servletName" value="MyServlet" />
> >>> <endpointProperty key="disableStreamCache" value="true" />
> >>>
> >>> <dataFormatProperty key="contentTypeHeader" value="false" />
> >>> <dataFormatProperty key="baseUri" value ="/came/api" />
> >>> </restConfiguration >
> >>>
> >>> <rest path="/say">
> >>> <get uri="/hello">
> >>> <to uri="direct:hello"/>
> >>> </get>
> >>> </rest>
> >>>
> >>> <route>
> >>> <from uri="direct:hello"/>
> >>> <transform>
> >>> <constant>Hello World</constant>
> >>> </transform>
> >>> </route>
> >>>
> >>> </camelContext>
> >>>
> >>> </blueprint>
> >>>
> >>> Best
> >>> - Gerald
> >>>
> >>>
> >>>> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
> >>>>
> >>>>
> >>>> Hi Gerald,
> >>>>
> >>>> I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
> >>>> Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
> >>>>
> >>>> security.constraint.1.url = /camel/services/*
> >>>> security.constraint.1.method = *
> >>>> security.constraint.1.roles = admin
> >>>>
> >>>>
> >>>> Best regards,
> >>>> Alex soto
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >>>>> On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> >>>>> <property name="alias" value="/camel/services" />
> >>>>
> >>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Are passing the BASIC Authentication header with user name and password?
The user names and roles are defined in the 'etc/users.properties’ file, check Karaf documentation https://karaf.apache.org/manual/latest/#_security_2 <https://karaf.apache.org/manual/latest/#_security_2>
The 'security.constraint.1.* entries' in your file 'org.ops4j.pax.web.context-admin.cfg’ define the permissions for each route, just need to add new ones replacing 1 with 2, and so on, the url matching the Camel route.
> On May 14, 2020, at 5:17 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>
> Thanks Alex,
>
> the API now is working after removing the "httpRegistry" part.
>
> Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
>
> bundle.symbolicName=api.xml
> login.config.authMethod=BASIC
> login.config.realmName=karaf
> context.id=default
>
> security.constraint.1.url = /camel/api/*
> security.constraint.1.method = *
> security.constraint.1.roles = admin
>
> Saving this creates the log file entries as below.
>
> The return code with this file is now always a HTTP 403 (forbidden). What might be wrong now?
>
> And .. where can I define the roles, users and passwords for each of the routes with a servlet consumer?
>
> Best
> - Gerald
>
> 2020-05-14T21:15:18,817 | INFO | fileinstall-/opt/apache-karaf-4.2.7/etc | fileinstall | 10 - org.apache.felix.fileinstall - 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
> 2020-05-14T21:15:18,819 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Updated configuration for pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
> 2020-05-14T21:15:18,821 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
> 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring WebContainer for bundle api.xml/0.0.0
> 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> 2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> 2020-05-14T21:15:18,823 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
> 2020-05-14T21:15:18,902 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> 2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
> 2020-05-14T21:15:18,906 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering login configuration in WebContainer for bundle "api.xml": method=BASIC, realm=karaf
> 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> 2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', roles=[admin]}
> 2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
> 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> 2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
>
>> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 18:42 geschrieben:
>>
>>
>> Looks good to me: '/camel/api/say/hello' should be correct.
>>
>> The only difference I see is that in my case I am not using the ‘httpRegistry'; try removing that part.
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>
>>> On May 14, 2020, at 12:21 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>> Thanks Alex.
>>>
>>> I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
>>>
>>> See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
>>>
>>> I'm assuming that the URL
>>>
>>> https://localhost:8443/camel/api/say/hello
>>>
>>> should be the one to call. Do I still miss something? Many thanks in advance.
>>>
>>> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
>>> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
>>>
>>> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
>>>
>>> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
>>>
>>> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
>>> init-method="register"
>>> destroy-method="unregister">
>>> <property name="servletName" value="MyServlet" />
>>> <property name="alias" value="/camel/api" />
>>> <property name="httpService" ref="httpService" />
>>> <property name="servlet" ref="camelServlet" />
>>> </bean>
>>>
>>> <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
>>>
>>> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
>>> <property name="httpRegistry" ref="httpRegistry" />
>>> </bean>
>>>
>>> <camelContext xmlns="http://camel.apache.org/schema/blueprint">
>>> <restConfiguration
>>> component="servlet"
>>> bindingMode="json"
>>> enableCORS="false"
>>> skipBindingOnErrorCode="false"
>>> clientRequestValidation="true">
>>>
>>> <componentProperty key="matchOnUriPrefix" value="true" />
>>>
>>> <endpointProperty key="servletName" value="MyServlet" />
>>> <endpointProperty key="disableStreamCache" value="true" />
>>>
>>> <dataFormatProperty key="contentTypeHeader" value="false" />
>>> <dataFormatProperty key="baseUri" value ="/came/api" />
>>> </restConfiguration >
>>>
>>> <rest path="/say">
>>> <get uri="/hello">
>>> <to uri="direct:hello"/>
>>> </get>
>>> </rest>
>>>
>>> <route>
>>> <from uri="direct:hello"/>
>>> <transform>
>>> <constant>Hello World</constant>
>>> </transform>
>>> </route>
>>>
>>> </camelContext>
>>>
>>> </blueprint>
>>>
>>> Best
>>> - Gerald
>>>
>>>
>>>> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
>>>>
>>>>
>>>> Hi Gerald,
>>>>
>>>> I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
>>>> Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
>>>>
>>>> security.constraint.1.url = /camel/services/*
>>>> security.constraint.1.method = *
>>>> security.constraint.1.roles = admin
>>>>
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>>> <property name="alias" value="/camel/services" />
>>>>
>>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Thanks Alex,
the API now is working after removing the "httpRegistry" part.
Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
bundle.symbolicName=api.xml
login.config.authMethod=BASIC
login.config.realmName=karaf
context.id=default
security.constraint.1.url = /camel/api/*
security.constraint.1.method = *
security.constraint.1.roles = admin
Saving this creates the log file entries as below.
The return code with this file is now always a HTTP 403 (forbidden). What might be wrong now?
And .. where can I define the roles, users and passwords for each of the routes with a servlet consumer?
Best
- Gerald
2020-05-14T21:15:18,817 | INFO | fileinstall-/opt/apache-karaf-4.2.7/etc | fileinstall | 10 - org.apache.felix.fileinstall - 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
2020-05-14T21:15:18,819 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Updated configuration for pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
2020-05-14T21:15:18,821 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring WebContainer for bundle api.xml/0.0.0
2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-14T21:15:18,822 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
2020-05-14T21:15:18,823 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
2020-05-14T21:15:18,902 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
2020-05-14T21:15:18,905 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
2020-05-14T21:15:18,906 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering login configuration in WebContainer for bundle "api.xml": method=BASIC, realm=karaf
2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-14T21:15:18,908 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', roles=[admin]}
2020-05-14T21:15:18,909 | INFO | paxweb-context-4-thread-22 | HttpServiceContext | 256 - org.ops4j.pax.web.pax-web-jetty - 7.2.11 | registering JasperInitializer
2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | CamelHttpTransportServlet | 288 - org.apache.camel.camel-servlet - 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-14T21:15:19,003 | INFO | paxweb-context-4-thread-22 | ContextHandler | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], contextID=default]}
> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 18:42 geschrieben:
>
>
> Looks good to me: '/camel/api/say/hello' should be correct.
>
> The only difference I see is that in my case I am not using the ‘httpRegistry'; try removing that part.
>
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 14, 2020, at 12:21 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > Thanks Alex.
> >
> > I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
> >
> > See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
> >
> > I'm assuming that the URL
> >
> > https://localhost:8443/camel/api/say/hello
> >
> > should be the one to call. Do I still miss something? Many thanks in advance.
> >
> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> > https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
> >
> > <reference id="httpService" interface="org.osgi.service.http.HttpService" />
> >
> > <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
> >
> > <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
> > init-method="register"
> > destroy-method="unregister">
> > <property name="servletName" value="MyServlet" />
> > <property name="alias" value="/camel/api" />
> > <property name="httpService" ref="httpService" />
> > <property name="servlet" ref="camelServlet" />
> > </bean>
> >
> > <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
> >
> > <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
> > <property name="httpRegistry" ref="httpRegistry" />
> > </bean>
> >
> > <camelContext xmlns="http://camel.apache.org/schema/blueprint">
> > <restConfiguration
> > component="servlet"
> > bindingMode="json"
> > enableCORS="false"
> > skipBindingOnErrorCode="false"
> > clientRequestValidation="true">
> >
> > <componentProperty key="matchOnUriPrefix" value="true" />
> >
> > <endpointProperty key="servletName" value="MyServlet" />
> > <endpointProperty key="disableStreamCache" value="true" />
> >
> > <dataFormatProperty key="contentTypeHeader" value="false" />
> > <dataFormatProperty key="baseUri" value ="/came/api" />
> > </restConfiguration >
> >
> > <rest path="/say">
> > <get uri="/hello">
> > <to uri="direct:hello"/>
> > </get>
> > </rest>
> >
> > <route>
> > <from uri="direct:hello"/>
> > <transform>
> > <constant>Hello World</constant>
> > </transform>
> > </route>
> >
> > </camelContext>
> >
> > </blueprint>
> >
> > Best
> > - Gerald
> >
> >
> > > Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
> > >
> > >
> > > Hi Gerald,
> > >
> > > I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
> > > Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
> > >
> > > security.constraint.1.url = /camel/services/*
> > > security.constraint.1.method = *
> > > security.constraint.1.roles = admin
> > >
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > >
> > >
> > > > On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > <property name="alias" value="/camel/services" />
> > >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
CC forum
> On May 14, 2020, at 12:42 PM, Alex Soto <al...@envieta.com> wrote:
>
> Looks good to me: '/camel/api/say/hello' should be correct.
>
> The only difference I see is that in my case I am not using the ‘httpRegistry'; try removing that part.
>
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 14, 2020, at 12:21 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> wrote:
>>
>> Thanks Alex.
>>
>> I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
>>
>> See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
>>
>> I'm assuming that the URL
>>
>> https://localhost:8443/camel/api/say/hello <https://localhost:8443/camel/api/say/hello>
>>
>> should be the one to call. Do I still miss something? Many thanks in advance.
>>
>> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
>> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
>>
>> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
>>
>> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
>>
>> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
>> init-method="register"
>> destroy-method="unregister">
>> <property name="servletName" value="MyServlet" />
>> <property name="alias" value="/camel/api" />
>> <property name="httpService" ref="httpService" />
>> <property name="servlet" ref="camelServlet" />
>> </bean>
>>
>> <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
>>
>> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
>> <property name="httpRegistry" ref="httpRegistry" />
>> </bean>
>>
>> <camelContext xmlns="http://camel.apache.org/schema/blueprint">
>> <restConfiguration
>> component="servlet"
>> bindingMode="json"
>> enableCORS="false"
>> skipBindingOnErrorCode="false"
>> clientRequestValidation="true">
>>
>> <componentProperty key="matchOnUriPrefix" value="true" />
>>
>> <endpointProperty key="servletName" value="MyServlet" />
>> <endpointProperty key="disableStreamCache" value="true" />
>>
>> <dataFormatProperty key="contentTypeHeader" value="false" />
>> <dataFormatProperty key="baseUri" value ="/came/api" />
>> </restConfiguration >
>>
>> <rest path="/say">
>> <get uri="/hello">
>> <to uri="direct:hello"/>
>> </get>
>> </rest>
>>
>> <route>
>> <from uri="direct:hello"/>
>> <transform>
>> <constant>Hello World</constant>
>> </transform>
>> </route>
>>
>> </camelContext>
>>
>> </blueprint>
>>
>> Best
>> - Gerald
>>
>>> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
>>>
>>>
>>> Hi Gerald,
>>>
>>> I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
>>> Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
>>>
>>> security.constraint.1.url = /camel/services/*
>>> security.constraint.1.method = *
>>> security.constraint.1.roles = admin
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>
>>>> On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>> <property name="alias" value="/camel/services" />
>>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Thanks Alex.
I'm still struggling upfront. I was copying your example and have combined the parts in one Blueprint DSL.
See my complete Blueprint DSL file below. I'm always getting a HTTP 404 (not found).
I'm assuming that the URL
https://localhost:8443/camel/api/say/hello
should be the one to call. Do I still miss something? Many thanks in advance.
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
<reference id="httpService" interface="org.osgi.service.http.HttpService" />
<bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
<bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
init-method="register"
destroy-method="unregister">
<property name="servletName" value="MyServlet" />
<property name="alias" value="/camel/api" />
<property name="httpService" ref="httpService" />
<property name="servlet" ref="camelServlet" />
</bean>
<bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
<bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
<property name="httpRegistry" ref="httpRegistry" />
</bean>
<camelContext xmlns="http://camel.apache.org/schema/blueprint">
<restConfiguration
component="servlet"
bindingMode="json"
enableCORS="false"
skipBindingOnErrorCode="false"
clientRequestValidation="true">
<componentProperty key="matchOnUriPrefix" value="true" />
<endpointProperty key="servletName" value="MyServlet" />
<endpointProperty key="disableStreamCache" value="true" />
<dataFormatProperty key="contentTypeHeader" value="false" />
<dataFormatProperty key="baseUri" value ="/came/api" />
</restConfiguration >
<rest path="/say">
<get uri="/hello">
<to uri="direct:hello"/>
</get>
</rest>
<route>
<from uri="direct:hello"/>
<transform>
<constant>Hello World</constant>
</transform>
</route>
</camelContext>
</blueprint>
Best
- Gerald
> Alex Soto <al...@envieta.com> hat am 14. Mai 2020 14:55 geschrieben:
>
>
> Hi Gerald,
>
> I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
> Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
>
> security.constraint.1.url = /camel/services/*
> security.constraint.1.method = *
> security.constraint.1.roles = admin
>
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > <property name="alias" value="/camel/services" />
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Hi Gerald,
I would put the Servlet in the same bundle; I don’t see the need to separate it for reuse.
Looks like you are missing security constraint in the 'etc/org.ops4j.pax.web.context-admin.cfg' file
security.constraint.1.url = /camel/services/*
security.constraint.1.method = *
security.constraint.1.roles = admin
Best regards,
Alex soto
> On May 13, 2020, at 7:02 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>
> <property name="alias" value="/camel/services" />
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Tried this following you sample but the access to
curl --location --request GET 'https://localhost:8443/camel/services/hello1'
gives a HTTP 404 (not found) back.
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
<reference id ="httpService" interface ="org.osgi.service.http.HttpService" />
<bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet" />
<bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer" init-method="register" destroy-method="unregister" >
<property name="servletName" value="apiServlet" />
<property name="alias" value="/camel/services" />
<property name="httpService" ref="httpService" />
<property name="servlet" ref="camelServlet" />
</bean >
<bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
<bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
<property name="httpRegistry" ref="httpRegistry" />
</bean>
<camelContext xmlns="http://camel.apache.org/schema/blueprint">
<route>
<from uri="servlet://hello1?servletName=apiServlet" />
<setBody><constant>Hello 1</constant></setBody>
</route>
</camelContext>
</blueprint>
> Alex Soto <al...@envieta.com> hat am 13. Mai 2020 19:24 geschrieben:
>
>
> I tested Pax-Web Context Processing as explained here:
>
>
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing
>
>
> And it does in fact, work. I was able to add BASIC authentication to my Camel Routes outside of the bundle itself, and using Servlet Rest DSL with Blueprint. I did not need to add a web.xml file. So basically, my Camel Rest DSL is like this:
>
> <restConfiguration
> component="servlet"
> bindingMode="json"
> enableCORS="false"
> skipBindingOnErrorCode="false"
> clientRequestValidation="true">
>
> <componentProperty key="matchOnUriPrefix" value="true"/>
>
> <endpointProperty key="servletName" value=“MyServlet"/>
> <endpointProperty key="disableStreamCache" value="true"/>
>
> <dataFormatProperty key="contentTypeHeader" value="false" />
> <dataFormatProperty key="baseUri" value="{{context.path}}{{api.root.path}}" />
> </restConfiguration>
>
>
>
> Register the Camel Servlet:
>
>
> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
>
> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
>
> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
> init-method="register"
> destroy-method="unregister">
> <property name="servletName" value=“MyServlet"/>
> <property name="alias" value="#{context.path}#{api.root.path}" />
> <property name="httpService" ref="httpService" />
> <property name="servlet" ref="camelServlet" />
> </bean>
>
>
> Then, add file
>
> org.ops4j.pax.web.context-admin.cfg
>
> to Karaf’s etc directory. Postfix ‘admin’ can be whatever you want.
>
>
> > bundle.symbolicName = <thesymbolic name of bundle with Camel routes>
> > login.config.authMethod = BASIC
> > login.config.realmName = karaf
> > context.id (http://context.id) = default
>
>
> This solution has important advantages:
>
> 1. Only one Jetty instance for all bundles
> 2. Security is external, at the container level, which means it can be adapted to use a different mechanism without changing the code of the Camel routes.
> 3. Leverages Karaf’s built in JAAS features.
>
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 13, 2020, at 12:56 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > As I have only Blueprint DSL routes it would be interesting how to configure this either in a Blueprint DSL file or globally in a config.
> >
> > Best
> > - Gerald
> >
> >
> > > Alex Soto <al...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben:
> > >
> > >
> > > This looks promising:
> > >
> > > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing
> > >
> > >
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > >
> > >
> > > > On May 13, 2020, at 10:26 AM, Alex Soto <al...@envieta.com> wrote:
> > > > Re-sending to group
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 13, 2020, at 9:38 AM, Alex Soto <al...@envieta.com> wrote:
> > > > > Thank you Gerald, I appreciate the link.
> > > > >
> > > > > I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 12, 2020, at 5:10 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > > > Hi Alex,
> > > > > >
> > > > > > we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
> > > > > >
> > > > > > I started a article series on my blog, see
> > > > > >
> > > > > > https://www.catshout.de/?p=161
> > > > > >
> > > > > > for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
> > > > > >
> > > > > > I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
> > > > > >
> > > > > > Best
> > > > > > - Gerald
> > > > > >
> > > > > >
> > > > > >
> > > > > > > Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
> > > > > > >
> > > > > > >
> > > > > > > This threads talks about the need to :
> > > > > > >
> > > > > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
> > > > > > >
> > > > > > > Quote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > you need to use the OSGi HTTP service
> > > > > > > > api to properly configure the security bits (by implementing
> > > > > > > > org.osgi.service.http.HttpContext interface).
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Are there any examples of this?
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Alex soto
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > Thanks, JB.
> > > > > > > >
> > > > > > > > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> > > > > > > >
> > > > > > > > <login-config>
> > > > > > > > <auth-method>BASIC</auth-method>
> > > > > > > > <realm-name>Karaf</realm-name>
> > > > > > > > </login-config>
> > > > > > > >
> > > > > > > >
> > > > > > > > But in the jetty.xml:
> > > > > > > >
> > > > > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > > > > > > > <Set name="name">karaf</Set>
> > > > > > > >
> > > > > > > >
> > > > > > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > > > > > > > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > > > > > > > For example:
> > > > > > > >
> > > > > > > > http://localhost:8181/admin/api/rest/executions
> > > > > > > >
> > > > > > > > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> > > > > > > >
> > > > > > > > http://localhost:8181/admin
> > > > > > > >
> > > > > > > > is protected with basic authentication, so the browser prompts me for the user name and password.
> > > > > > > >
> > > > > > > > What I need is protect everything starting with '/admin’
> > > > > > > >
> > > > > > > > Any ideas?
> > > > > > > >
> > > > > > > > Best regards,
> > > > > > > > Alex soto
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > It sounds like a class loader issue, so possible.
> > > > > > > > >
> > > > > > > > > Let me add an example in Karaf showing basic auth.
> > > > > > > > >
> > > > > > > > > Regards
> > > > > > > > > JB
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
> > > > > > > > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > > > > > > > Would this be the reason for the following exception:
> > > > > > > > > >
> > > > > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > > > > > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > > > > > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > > > > > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Best regards,
> > > > > > > > > > Alex soto
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > > > A little more info. The class appears in many bundles:
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: Security (229)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: Security (230)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: JASPI Security (231)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: JASPI Security (232)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > OPS4J Pax Web - Jetty (309)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Best regards,
> > > > > > > > > > > Alex soto
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > > >
> > >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi Alex,
I think I'm missing some details. I have 3 files (see below). The log shows me when updating the cfg
2020-05-13T22:17:59,528 | INFO | fileinstall-/opt/apache-karaf-4.2.7/etc | fileinstall | 10 - org.apache.felix.fileinstall - 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
2020-05-13T22:17:59,546 | INFO | CM Configuration Updater (Update: pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Updated configuration for pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
2020-05-13T22:17:59,549 | INFO | paxweb-context-3-thread-2 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Found bundle "routeServlet1.xml", scheduling customization of its WebContainer
2020-05-13T22:17:59,552 | INFO | paxweb-context-3-thread-2 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | HTTP Context Processor {bundle=routeServlet1.xml [298]}: Restoring WebContainer for bundle routeServlet1.xml/0.0.0
2020-05-13T22:17:59,553 | INFO | paxweb-context-3-thread-2 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Customizing WebContainer for bundle routeServlet1.xml/0.0.0
2020-05-13T22:17:59,553 | INFO | paxweb-context-3-thread-2 | HttpContextProcessing | 258 - org.ops4j.pax.web.pax-web-runtime - 7.2.11 | Registering login configuration in WebContainer for bundle "routeServlet1.xml": method=BASIC, realm=karaf
The call
curl --location --request GET 'https://localhost:8443/camel/services/hello1'
works but no authentication required/challenged.
Do I miss something? Maybe you could share the full code of your working example?
1. etc/org.ops4j.pax.web.context-admin.cfg
bundle.symbolicName=routeServlet1.xml
login.config.authMethod=BASIC
login.config.realmName=karaf
context.id=default
2. deploy/camelServlet.xml
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
<bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet" />
<service ref="camelServlet">
<interfaces>
<value>javax.servlet.Servlet</value>
<value>org.apache.camel.http.common.CamelServlet</value>
</interfaces>
<service-properties>
<entry key="alias" value="/camel/services" />
<entry key="matchOnUriPrefix" value="true" />
<entry key="servlet-name" value="CamelServlet" />
</service-properties>
</service>
</blueprint>
3. deploy/routeServlet1.xml
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
<reference id="servletref" ext:proxy-method="classes" interface="org.apache.camel.http.common.CamelServlet">
<reference-listener ref="httpRegistry" bind-method="register" unbind-method="unregister" />
</reference>
<bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" />
<bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent">
<property name="httpRegistry" ref="httpRegistry" />
</bean>
<camelContext xmlns="http://camel.apache.org/schema/blueprint">
<route>
<!-- Notice how we can use the servlet scheme which is that reference above -->
<from uri="servlet://hello1" />
<setBody><constant>Hello 1</constant></setBody>
</route>
</camelContext>
</blueprint>
Many thanks in advance
- Gerald
> Alex Soto <al...@envieta.com> hat am 13. Mai 2020 19:24 geschrieben:
>
>
> I tested Pax-Web Context Processing as explained here:
>
>
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing
>
>
> And it does in fact, work. I was able to add BASIC authentication to my Camel Routes outside of the bundle itself, and using Servlet Rest DSL with Blueprint. I did not need to add a web.xml file. So basically, my Camel Rest DSL is like this:
>
> <restConfiguration
> component="servlet"
> bindingMode="json"
> enableCORS="false"
> skipBindingOnErrorCode="false"
> clientRequestValidation="true">
>
> <componentProperty key="matchOnUriPrefix" value="true"/>
>
> <endpointProperty key="servletName" value=“MyServlet"/>
> <endpointProperty key="disableStreamCache" value="true"/>
>
> <dataFormatProperty key="contentTypeHeader" value="false" />
> <dataFormatProperty key="baseUri" value="{{context.path}}{{api.root.path}}" />
> </restConfiguration>
>
>
>
> Register the Camel Servlet:
>
>
> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
>
> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
>
> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
> init-method="register"
> destroy-method="unregister">
> <property name="servletName" value=“MyServlet"/>
> <property name="alias" value="#{context.path}#{api.root.path}" />
> <property name="httpService" ref="httpService" />
> <property name="servlet" ref="camelServlet" />
> </bean>
>
>
> Then, add file
>
> org.ops4j.pax.web.context-admin.cfg
>
> to Karaf’s etc directory. Postfix ‘admin’ can be whatever you want.
>
>
> > bundle.symbolicName = <thesymbolic name of bundle with Camel routes>
> > login.config.authMethod = BASIC
> > login.config.realmName = karaf
> > context.id (http://context.id) = default
>
>
> This solution has important advantages:
>
> 1. Only one Jetty instance for all bundles
> 2. Security is external, at the container level, which means it can be adapted to use a different mechanism without changing the code of the Camel routes.
> 3. Leverages Karaf’s built in JAAS features.
>
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 13, 2020, at 12:56 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > As I have only Blueprint DSL routes it would be interesting how to configure this either in a Blueprint DSL file or globally in a config.
> >
> > Best
> > - Gerald
> >
> >
> > > Alex Soto <al...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben:
> > >
> > >
> > > This looks promising:
> > >
> > > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing
> > >
> > >
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > >
> > >
> > > > On May 13, 2020, at 10:26 AM, Alex Soto <al...@envieta.com> wrote:
> > > > Re-sending to group
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 13, 2020, at 9:38 AM, Alex Soto <al...@envieta.com> wrote:
> > > > > Thank you Gerald, I appreciate the link.
> > > > >
> > > > > I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 12, 2020, at 5:10 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > > > Hi Alex,
> > > > > >
> > > > > > we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
> > > > > >
> > > > > > I started a article series on my blog, see
> > > > > >
> > > > > > https://www.catshout.de/?p=161
> > > > > >
> > > > > > for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
> > > > > >
> > > > > > I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
> > > > > >
> > > > > > Best
> > > > > > - Gerald
> > > > > >
> > > > > >
> > > > > >
> > > > > > > Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
> > > > > > >
> > > > > > >
> > > > > > > This threads talks about the need to :
> > > > > > >
> > > > > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
> > > > > > >
> > > > > > > Quote:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > you need to use the OSGi HTTP service
> > > > > > > > api to properly configure the security bits (by implementing
> > > > > > > > org.osgi.service.http.HttpContext interface).
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Are there any examples of this?
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Alex soto
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > Thanks, JB.
> > > > > > > >
> > > > > > > > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> > > > > > > >
> > > > > > > > <login-config>
> > > > > > > > <auth-method>BASIC</auth-method>
> > > > > > > > <realm-name>Karaf</realm-name>
> > > > > > > > </login-config>
> > > > > > > >
> > > > > > > >
> > > > > > > > But in the jetty.xml:
> > > > > > > >
> > > > > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > > > > > > > <Set name="name">karaf</Set>
> > > > > > > >
> > > > > > > >
> > > > > > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > > > > > > > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > > > > > > > For example:
> > > > > > > >
> > > > > > > > http://localhost:8181/admin/api/rest/executions
> > > > > > > >
> > > > > > > > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> > > > > > > >
> > > > > > > > http://localhost:8181/admin
> > > > > > > >
> > > > > > > > is protected with basic authentication, so the browser prompts me for the user name and password.
> > > > > > > >
> > > > > > > > What I need is protect everything starting with '/admin’
> > > > > > > >
> > > > > > > > Any ideas?
> > > > > > > >
> > > > > > > > Best regards,
> > > > > > > > Alex soto
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
> > > > > > > > > Hi,
> > > > > > > > >
> > > > > > > > > It sounds like a class loader issue, so possible.
> > > > > > > > >
> > > > > > > > > Let me add an example in Karaf showing basic auth.
> > > > > > > > >
> > > > > > > > > Regards
> > > > > > > > > JB
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
> > > > > > > > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > > > > > > > Would this be the reason for the following exception:
> > > > > > > > > >
> > > > > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > > > > > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > > > > > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > > > > > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > > > > > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Best regards,
> > > > > > > > > > Alex soto
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > > > A little more info. The class appears in many bundles:
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: Security (229)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: Security (230)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: JASPI Security (231)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > Jetty :: JASPI Security (232)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > > OPS4J Pax Web - Jetty (309)
> > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Best regards,
> > > > > > > > > > > Alex soto
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > > >
> > >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
I tested Pax-Web Context Processing as explained here:
https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing <https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing>
And it does in fact, work. I was able to add BASIC authentication to my Camel Routes outside of the bundle itself, and using Servlet Rest DSL with Blueprint. I did not need to add a web.xml file. So basically, my Camel Rest DSL is like this:
<restConfiguration
component="servlet"
bindingMode="json"
enableCORS="false"
skipBindingOnErrorCode="false"
clientRequestValidation="true">
<componentProperty key="matchOnUriPrefix" value="true"/>
<endpointProperty key="servletName" value=“MyServlet"/>
<endpointProperty key="disableStreamCache" value="true"/>
<dataFormatProperty key="contentTypeHeader" value="false" />
<dataFormatProperty key="baseUri" value="{{context.path}}{{api.root.path}}" />
</restConfiguration>
Register the Camel Servlet:
<reference id="httpService" interface="org.osgi.service.http.HttpService" />
<bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
<bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer"
init-method="register"
destroy-method="unregister">
<property name="servletName" value=“MyServlet"/>
<property name="alias" value="#{context.path}#{api.root.path}" />
<property name="httpService" ref="httpService" />
<property name="servlet" ref="camelServlet" />
</bean>
Then, add file
org.ops4j.pax.web.context-admin.cfg
to Karaf’s etc directory. Postfix ‘admin’ can be whatever you want.
bundle.symbolicName = <the symbolic name of bundle with Camel routes>
login.config.authMethod = BASIC
login.config.realmName = karaf
context.id = default
This solution has important advantages:
Only one Jetty instance for all bundles
Security is external, at the container level, which means it can be adapted to use a different mechanism without changing the code of the Camel routes.
Leverages Karaf’s built in JAAS features.
Best regards,
Alex soto
> On May 13, 2020, at 12:56 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>
> As I have only Blueprint DSL routes it would be interesting how to configure this either in a Blueprint DSL file or globally in a config.
>
> Best
> - Gerald
>
>> Alex Soto <al...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben:
>>
>>
>> This looks promising:
>>
>> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing
>>
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>
>>> On May 13, 2020, at 10:26 AM, Alex Soto <al...@envieta.com> wrote:
>>> Re-sending to group
>>>
>>>
>>>
>>>
>>>> On May 13, 2020, at 9:38 AM, Alex Soto <al...@envieta.com> wrote:
>>>> Thank you Gerald, I appreciate the link.
>>>>
>>>> I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
>>>>
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On May 12, 2020, at 5:10 PM, Gerald Kallas <ca...@mailbox.org> wrote:
>>>>> Hi Alex,
>>>>>
>>>>> we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
>>>>>
>>>>> I started a article series on my blog, see
>>>>>
>>>>> https://www.catshout.de/?p=161
>>>>>
>>>>> for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
>>>>>
>>>>> I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
>>>>>
>>>>> Best
>>>>> - Gerald
>>>>>
>>>>>
>>>>>> Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
>>>>>>
>>>>>>
>>>>>> This threads talks about the need to :
>>>>>>
>>>>>> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
>>>>>>
>>>>>> Quote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> you need to use the OSGi HTTP service
>>>>>>> api to properly configure the security bits (by implementing
>>>>>>> org.osgi.service.http.HttpContext interface).
>>>>>>
>>>>>>
>>>>>>
>>>>>> Are there any examples of this?
>>>>>>
>>>>>> Best regards,
>>>>>> Alex soto
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
>>>>>>> Thanks, JB.
>>>>>>>
>>>>>>> I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
>>>>>>>
>>>>>>> <login-config>
>>>>>>> <auth-method>BASIC</auth-method>
>>>>>>> <realm-name>Karaf</realm-name>
>>>>>>> </login-config>
>>>>>>>
>>>>>>>
>>>>>>> But in the jetty.xml:
>>>>>>>
>>>>>>> <New class="org.eclipse.jetty.jaas.JAASLoginService">
>>>>>>> <Set name="name">karaf</Set>
>>>>>>>
>>>>>>>
>>>>>>> So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
>>>>>>> I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
>>>>>>> For example:
>>>>>>>
>>>>>>> http://localhost:8181/admin/api/rest/executions
>>>>>>>
>>>>>>> Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
>>>>>>>
>>>>>>> http://localhost:8181/admin
>>>>>>>
>>>>>>> is protected with basic authentication, so the browser prompts me for the user name and password.
>>>>>>>
>>>>>>> What I need is protect everything starting with '/admin’
>>>>>>>
>>>>>>> Any ideas?
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Alex soto
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> It sounds like a class loader issue, so possible.
>>>>>>>>
>>>>>>>> Let me add an example in Karaf showing basic auth.
>>>>>>>>
>>>>>>>> Regards
>>>>>>>> JB
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
>>>>>>>>> I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
>>>>>>>>> Would this be the reason for the following exception:
>>>>>>>>>
>>>>>>>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
>>>>>>>>> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
>>>>>>>>> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
>>>>>>>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
>>>>>>>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
>>>>>>>>> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
>>>>>>>>> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
>>>>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
>>>>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
>>>>>>>>> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
>>>>>>>>> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
>>>>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
>>>>>>>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
>>>>>>>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
>>>>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
>>>>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
>>>>>>>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Best regards,
>>>>>>>>> Alex soto
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
>>>>>>>>>> A little more info. The class appears in many bundles:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>>>>>>>
>>>>>>>>>> Jetty :: Security (229)
>>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>>>
>>>>>>>>>> Jetty :: Security (230)
>>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>>>
>>>>>>>>>> Jetty :: JASPI Security (231)
>>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>>>
>>>>>>>>>> Jetty :: JASPI Security (232)
>>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>>>
>>>>>>>>>> OPS4J Pax Web - Jetty (309)
>>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Best regards,
>>>>>>>>>> Alex soto
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
>>>>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
As I have only Blueprint DSL routes it would be interesting how to configure this either in a Blueprint DSL file or globally in a config.
Best
- Gerald
> Alex Soto <al...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben:
>
>
> This looks promising:
>
> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing
>
>
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 13, 2020, at 10:26 AM, Alex Soto <al...@envieta.com> wrote:
> > Re-sending to group
> >
> >
> >
> >
> > > On May 13, 2020, at 9:38 AM, Alex Soto <al...@envieta.com> wrote:
> > > Thank you Gerald, I appreciate the link.
> > >
> > > I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
> > >
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > >
> > > > On May 12, 2020, at 5:10 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > > Hi Alex,
> > > >
> > > > we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
> > > >
> > > > I started a article series on my blog, see
> > > >
> > > > https://www.catshout.de/?p=161
> > > >
> > > > for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
> > > >
> > > > I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
> > > >
> > > > Best
> > > > - Gerald
> > > >
> > > >
> > > > > Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
> > > > >
> > > > >
> > > > > This threads talks about the need to :
> > > > >
> > > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
> > > > >
> > > > > Quote:
> > > > >
> > > > >
> > > > >
> > > > > > you need to use the OSGi HTTP service
> > > > > > api to properly configure the security bits (by implementing
> > > > > > org.osgi.service.http.HttpContext interface).
> > > > >
> > > > >
> > > > >
> > > > > Are there any examples of this?
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
> > > > > > Thanks, JB.
> > > > > >
> > > > > > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> > > > > >
> > > > > > <login-config>
> > > > > > <auth-method>BASIC</auth-method>
> > > > > > <realm-name>Karaf</realm-name>
> > > > > > </login-config>
> > > > > >
> > > > > >
> > > > > > But in the jetty.xml:
> > > > > >
> > > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > > > > > <Set name="name">karaf</Set>
> > > > > >
> > > > > >
> > > > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > > > > > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > > > > > For example:
> > > > > >
> > > > > > http://localhost:8181/admin/api/rest/executions
> > > > > >
> > > > > > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> > > > > >
> > > > > > http://localhost:8181/admin
> > > > > >
> > > > > > is protected with basic authentication, so the browser prompts me for the user name and password.
> > > > > >
> > > > > > What I need is protect everything starting with '/admin’
> > > > > >
> > > > > > Any ideas?
> > > > > >
> > > > > > Best regards,
> > > > > > Alex soto
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
> > > > > > > Hi,
> > > > > > >
> > > > > > > It sounds like a class loader issue, so possible.
> > > > > > >
> > > > > > > Let me add an example in Karaf showing basic auth.
> > > > > > >
> > > > > > > Regards
> > > > > > > JB
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
> > > > > > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > > > > > Would this be the reason for the following exception:
> > > > > > > >
> > > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > > > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > > > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > > > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > > > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > > > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > > > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > > > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Best regards,
> > > > > > > > Alex soto
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > A little more info. The class appears in many bundles:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > > >
> > > > > > > > > Jetty :: Security (229)
> > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > >
> > > > > > > > > Jetty :: Security (230)
> > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > >
> > > > > > > > > Jetty :: JASPI Security (231)
> > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > >
> > > > > > > > > Jetty :: JASPI Security (232)
> > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > >
> > > > > > > > > OPS4J Pax Web - Jetty (309)
> > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Best regards,
> > > > > > > > > Alex soto
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > >
> >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
This looks promising:
https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing <https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing>
Best regards,
Alex soto
> On May 13, 2020, at 10:26 AM, Alex Soto <al...@envieta.com> wrote:
>
> Re-sending to group
>
>
>> On May 13, 2020, at 9:38 AM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>
>> Thank you Gerald, I appreciate the link.
>>
>> I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>> On May 12, 2020, at 5:10 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> wrote:
>>>
>>> Hi Alex,
>>>
>>> we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
>>>
>>> I started a article series on my blog, see
>>>
>>> https://www.catshout.de/?p=161 <https://www.catshout.de/?p=161>
>>>
>>> for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
>>>
>>> I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
>>>
>>> Best
>>> - Gerald
>>>
>>>> Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> hat am 12. Mai 2020 19:55 geschrieben:
>>>>
>>>>
>>>> This threads talks about the need to :
>>>>
>>>> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html <http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html>
>>>>
>>>> Quote:
>>>>
>>>>
>>>>> you need to use the OSGi HTTP service
>>>>> api to properly configure the security bits (by implementing
>>>>> org.osgi.service.http.HttpContext interface).
>>>>
>>>>
>>>>
>>>> Are there any examples of this?
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
>>>>> Thanks, JB.
>>>>>
>>>>> I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
>>>>>
>>>>> <login-config>
>>>>> <auth-method>BASIC</auth-method>
>>>>> <realm-name>Karaf</realm-name>
>>>>> </login-config>
>>>>>
>>>>>
>>>>> But in the jetty.xml:
>>>>>
>>>>> <New class="org.eclipse.jetty.jaas.JAASLoginService">
>>>>> <Set name="name">karaf</Set>
>>>>>
>>>>>
>>>>> So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
>>>>> I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
>>>>> For example:
>>>>>
>>>>> http://localhost:8181/admin/api/rest/executions
>>>>>
>>>>> Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
>>>>>
>>>>> http://localhost:8181/admin
>>>>>
>>>>> is protected with basic authentication, so the browser prompts me for the user name and password.
>>>>>
>>>>> What I need is protect everything starting with '/admin’
>>>>>
>>>>> Any ideas?
>>>>>
>>>>> Best regards,
>>>>> Alex soto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
>>>>>> Hi,
>>>>>>
>>>>>> It sounds like a class loader issue, so possible.
>>>>>>
>>>>>> Let me add an example in Karaf showing basic auth.
>>>>>>
>>>>>> Regards
>>>>>> JB
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
>>>>>>> I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
>>>>>>> Would this be the reason for the following exception:
>>>>>>>
>>>>>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
>>>>>>> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
>>>>>>> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
>>>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
>>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
>>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
>>>>>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
>>>>>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
>>>>>>> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
>>>>>>> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
>>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
>>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
>>>>>>> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
>>>>>>> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
>>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
>>>>>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
>>>>>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
>>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
>>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
>>>>>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Alex soto
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
>>>>>>>> A little more info. The class appears in many bundles:
>>>>>>>>
>>>>>>>>
>>>>>>>> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>>>>>
>>>>>>>> Jetty :: Security (229)
>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>
>>>>>>>> Jetty :: Security (230)
>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>
>>>>>>>> Jetty :: JASPI Security (231)
>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>
>>>>>>>> Jetty :: JASPI Security (232)
>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>
>>>>>>>> OPS4J Pax Web - Jetty (309)
>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>> Alex soto
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
>>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi Alex,
you're absolutely right. We ended up for the moment with one Blueprint DSL file that contains the security handler configuration with multiple constraints (for different paths) and one route as kind of a "heartbeat" listening on the port and get assigned the security handler.
All the other routes in separate Blueprint DSL files have a camel-jetty consumer on the same port as above. The security handler is already assigned. The disadvantage is that a new route with a new path requires a change and re-deployment of the security handler configuration Blueprint DSL file.
I'll check the other link you provided, thanks for that. We're also investigating in camel-servlet.
I think the use case is quite common (on listener on one port, multiple URIs (paths) with different auth). So far there must exist a valid solution for.
Best
- Gerald
> Alex Soto <al...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben:
>
>
> Re-sending to group
>
>
>
>
> > On May 13, 2020, at 9:38 AM, Alex Soto <al...@envieta.com> wrote:
> > Thank you Gerald, I appreciate the link.
> >
> > I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
> >
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> >
> > > On May 12, 2020, at 5:10 PM, Gerald Kallas <ca...@mailbox.org> wrote:
> > > Hi Alex,
> > >
> > > we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
> > >
> > > I started a article series on my blog, see
> > >
> > > https://www.catshout.de/?p=161
> > >
> > > for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
> > >
> > > I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
> > >
> > > Best
> > > - Gerald
> > >
> > >
> > > > Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
> > > >
> > > >
> > > > This threads talks about the need to :
> > > >
> > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
> > > >
> > > > Quote:
> > > >
> > > >
> > > >
> > > > > you need to use the OSGi HTTP service
> > > > > api to properly configure the security bits (by implementing
> > > > > org.osgi.service.http.HttpContext interface).
> > > >
> > > >
> > > >
> > > > Are there any examples of this?
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
> > > > > Thanks, JB.
> > > > >
> > > > > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> > > > >
> > > > > <login-config>
> > > > > <auth-method>BASIC</auth-method>
> > > > > <realm-name>Karaf</realm-name>
> > > > > </login-config>
> > > > >
> > > > >
> > > > > But in the jetty.xml:
> > > > >
> > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > > > > <Set name="name">karaf</Set>
> > > > >
> > > > >
> > > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > > > > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > > > > For example:
> > > > >
> > > > > http://localhost:8181/admin/api/rest/executions
> > > > >
> > > > > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> > > > >
> > > > > http://localhost:8181/admin
> > > > >
> > > > > is protected with basic authentication, so the browser prompts me for the user name and password.
> > > > >
> > > > > What I need is protect everything starting with '/admin’
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
> > > > > > Hi,
> > > > > >
> > > > > > It sounds like a class loader issue, so possible.
> > > > > >
> > > > > > Let me add an example in Karaf showing basic auth.
> > > > > >
> > > > > > Regards
> > > > > > JB
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
> > > > > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > > > > Would this be the reason for the following exception:
> > > > > > >
> > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Alex soto
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > A little more info. The class appears in many bundles:
> > > > > > > >
> > > > > > > >
> > > > > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > >
> > > > > > > > Jetty :: Security (229)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > Jetty :: Security (230)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > Jetty :: JASPI Security (231)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > Jetty :: JASPI Security (232)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > OPS4J Pax Web - Jetty (309)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Best regards,
> > > > > > > > Alex soto
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Re-sending to group
> On May 13, 2020, at 9:38 AM, Alex Soto <al...@envieta.com> wrote:
>
> Thank you Gerald, I appreciate the link.
>
> I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 12, 2020, at 5:10 PM, Gerald Kallas <catshout@mailbox.org <ma...@mailbox.org>> wrote:
>>
>> Hi Alex,
>>
>> we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
>>
>> I started a article series on my blog, see
>>
>> https://www.catshout.de/?p=161 <https://www.catshout.de/?p=161>
>>
>> for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
>>
>> I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
>>
>> Best
>> - Gerald
>>
>>> Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
>>>
>>>
>>> This threads talks about the need to :
>>>
>>> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
>>>
>>> Quote:
>>>
>>>
>>>> you need to use the OSGi HTTP service
>>>> api to properly configure the security bits (by implementing
>>>> org.osgi.service.http.HttpContext interface).
>>>
>>>
>>>
>>> Are there any examples of this?
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>
>>>> On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
>>>> Thanks, JB.
>>>>
>>>> I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
>>>>
>>>> <login-config>
>>>> <auth-method>BASIC</auth-method>
>>>> <realm-name>Karaf</realm-name>
>>>> </login-config>
>>>>
>>>>
>>>> But in the jetty.xml:
>>>>
>>>> <New class="org.eclipse.jetty.jaas.JAASLoginService">
>>>> <Set name="name">karaf</Set>
>>>>
>>>>
>>>> So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
>>>> I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
>>>> For example:
>>>>
>>>> http://localhost:8181/admin/api/rest/executions
>>>>
>>>> Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
>>>>
>>>> http://localhost:8181/admin
>>>>
>>>> is protected with basic authentication, so the browser prompts me for the user name and password.
>>>>
>>>> What I need is protect everything starting with '/admin’
>>>>
>>>> Any ideas?
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
>>>>> Hi,
>>>>>
>>>>> It sounds like a class loader issue, so possible.
>>>>>
>>>>> Let me add an example in Karaf showing basic auth.
>>>>>
>>>>> Regards
>>>>> JB
>>>>>
>>>>>
>>>>>
>>>>>> Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
>>>>>> I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
>>>>>> Would this be the reason for the following exception:
>>>>>>
>>>>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
>>>>>> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
>>>>>> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
>>>>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
>>>>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>>>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>>>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>>>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
>>>>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
>>>>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>>>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>>>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
>>>>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
>>>>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
>>>>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
>>>>>> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
>>>>>> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
>>>>>> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
>>>>>> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
>>>>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
>>>>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
>>>>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Best regards,
>>>>>> Alex soto
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
>>>>>>> A little more info. The class appears in many bundles:
>>>>>>>
>>>>>>>
>>>>>>> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>>>>
>>>>>>> Jetty :: Security (229)
>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>
>>>>>>> Jetty :: Security (230)
>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>
>>>>>>> Jetty :: JASPI Security (231)
>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>
>>>>>>> Jetty :: JASPI Security (232)
>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>
>>>>>>> OPS4J Pax Web - Jetty (309)
>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Best regards,
>>>>>>> Alex soto
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Gerald Kallas <ca...@mailbox.org>.
Hi Alex,
we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
I started a article series on my blog, see
https://www.catshout.de/?p=161
for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
Best
- Gerald
> Alex Soto <al...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben:
>
>
> This threads talks about the need to :
>
> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
>
> Quote:
>
>
> > you need to use the OSGi HTTP service
> > api to properly configure the security bits (by implementing
> > org.osgi.service.http.HttpContext interface).
>
>
>
> Are there any examples of this?
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
> > Thanks, JB.
> >
> > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Karaf</realm-name>
> > </login-config>
> >
> >
> > But in the jetty.xml:
> >
> > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > <Set name="name">karaf</Set>
> >
> >
> > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > For example:
> >
> > http://localhost:8181/admin/api/rest/executions
> >
> > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> >
> > http://localhost:8181/admin
> >
> > is protected with basic authentication, so the browser prompts me for the user name and password.
> >
> > What I need is protect everything starting with '/admin’
> >
> > Any ideas?
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> >
> > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
> > > Hi,
> > >
> > > It sounds like a class loader issue, so possible.
> > >
> > > Let me add an example in Karaf showing basic auth.
> > >
> > > Regards
> > > JB
> > >
> > >
> > >
> > > > Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
> > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > Would this be the reason for the following exception:
> > > >
> > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > >
> > > >
> > > >
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > A little more info. The class appears in many bundles:
> > > > >
> > > > >
> > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > >
> > > > > Jetty :: Security (229)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: Security (230)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: JASPI Security (231)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: JASPI Security (232)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > OPS4J Pax Web - Jetty (309)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
> > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > >
> > > >
> > >
> >
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
This threads talks about the need to :
http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html <http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html>
Quote:
> you need to use the OSGi HTTP service
> api to properly configure the security bits (by implementing
> org.osgi.service.http.HttpContext interface).
Are there any examples of this?
Best regards,
Alex soto
> On May 12, 2020, at 11:42 AM, Alex Soto <al...@envieta.com> wrote:
>
> Thanks, JB.
>
> I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Karaf</realm-name>
> </login-config>
>
>
> But in the jetty.xml:
>
> <New class="org.eclipse.jetty.jaas.JAASLoginService">
> <Set name="name">karaf</Set>
>
>
> So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> For example:
>
> http://localhost:8181/admin/api/rest/executions <http://localhost:8181/admin/api/rest/executions>
>
> Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
>
> http://localhost:8181/admin <http://localhost:8181/admin>
>
> is protected with basic authentication, so the browser prompts me for the user name and password.
>
> What I need is protect everything starting with '/admin’
>
> Any ideas?
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
>>
>> Hi,
>>
>> It sounds like a class loader issue, so possible.
>>
>> Let me add an example in Karaf showing basic auth.
>>
>> Regards
>> JB
>>
>>> Le 12 mai 2020 à 15:39, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> a écrit :
>>>
>>> I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
>>> Would this be the reason for the following exception:
>>>
>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
>>> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
>>> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
>>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
>>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
>>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
>>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
>>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
>>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
>>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
>>> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
>>> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
>>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
>>> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
>>> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
>>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>>>
>>>
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>> On May 11, 2020, at 12:50 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>>>
>>>> A little more info. The class appears in many bundles:
>>>>
>>>>
>>>> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>
>>>> Jetty :: Security (229)
>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>
>>>> Jetty :: Security (230)
>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>
>>>> Jetty :: JASPI Security (231)
>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>
>>>> Jetty :: JASPI Security (232)
>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>
>>>> OPS4J Pax Web - Jetty (309)
>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>>
>>>>
>>>>
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>>>>
>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>>
>>>
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Thanks, JB.
I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>
But in the jetty.xml:
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">karaf</Set>
So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
For example:
http://localhost:8181/admin/api/rest/executions <http://localhost:8181/admin/api/rest/executions>
Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
http://localhost:8181/admin <http://localhost:8181/admin>
is protected with basic authentication, so the browser prompts me for the user name and password.
What I need is protect everything starting with '/admin’
Any ideas?
Best regards,
Alex soto
> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
>
> Hi,
>
> It sounds like a class loader issue, so possible.
>
> Let me add an example in Karaf showing basic auth.
>
> Regards
> JB
>
>> Le 12 mai 2020 à 15:39, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> a écrit :
>>
>> I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
>> Would this be the reason for the following exception:
>>
>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
>> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
>> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
>> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
>> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
>> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
>> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
>> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
>> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
>> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
>> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
>> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
>> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
>> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
>> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
>> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
>> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
>> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
>> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
>> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>>
>>
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>> On May 11, 2020, at 12:50 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>>
>>> A little more info. The class appears in many bundles:
>>>
>>>
>>> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>
>>> Jetty :: Security (229)
>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>
>>> Jetty :: Security (230)
>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>
>>> Jetty :: JASPI Security (231)
>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>
>>> Jetty :: JASPI Security (232)
>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>
>>> OPS4J Pax Web - Jetty (309)
>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>>
>>>
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>> On May 11, 2020, at 12:44 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>>>
>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>>>
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Hi,
It sounds like a class loader issue, so possible.
Let me add an example in Karaf showing basic auth.
Regards
JB
> Le 12 mai 2020 à 15:39, Alex Soto <al...@envieta.com> a écrit :
>
> I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> Would this be the reason for the following exception:
>
> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>
>
>
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 11, 2020, at 12:50 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>
>> A little more info. The class appears in many bundles:
>>
>>
>> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>>
>> Jetty :: Security (229)
>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>
>> Jetty :: Security (230)
>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>
>> Jetty :: JASPI Security (231)
>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>
>> Jetty :: JASPI Security (232)
>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>
>> OPS4J Pax Web - Jetty (309)
>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>>
>>
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>> On May 11, 2020, at 12:44 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>>
>>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
Would this be the reason for the following exception:
2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Best regards,
Alex soto
> On May 11, 2020, at 12:50 PM, Alex Soto <al...@envieta.com> wrote:
>
> A little more info. The class appears in many bundles:
>
>
> karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
>
> Jetty :: Security (229)
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>
> Jetty :: Security (230)
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>
> Jetty :: JASPI Security (231)
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>
> Jetty :: JASPI Security (232)
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>
> OPS4J Pax Web - Jetty (309)
> org/eclipse/jetty/security/authentication/BasicAuthenticator.class
>
>
>
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 11, 2020, at 12:44 PM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>
>> org.eclipse.jetty.security.authentication.BasicAuthenticator
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
A little more info. The class appears in many bundles:
karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class
Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class
Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class
Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class
OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class
Best regards,
Alex soto
> On May 11, 2020, at 12:44 PM, Alex Soto <al...@envieta.com> wrote:
>
> org.eclipse.jetty.security.authentication.BasicAuthenticator
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Thanks for the effort to help me, Achim.
I believe the Jetty configuration is being added automatically by PAX-Web, because I see it being created after the container starts, so I think that part is fine.
The web.xml is correctly configured too, except I am using BASIC authentication as opposed to Form-based, but I have the required elements:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
However, I am getting the previous class not found error:
2020-05-11T12:34:29,892 | ERROR | paxweb-extender-1-thread-2 | WebAppPublisher | 307 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@5acaf57a in ConstraintSecurityHandler@6ee023ca{STARTING}
I suspect I may be missing a feature. I have deployed:
<feature>war</feature>
Is there anything else I need to deploy?
Shouldn’t these missing Jetty classes be deployed as part of Pax-Web?
Best regards,
Alex soto
> On May 11, 2020, at 12:16 PM, Achim Nierbeck <bc...@googlemail.com> wrote:
>
> Hi Alex,
>
> a wab is nothing else then a war which is already contains the required Web-ApplicationContext parameter.
> That's the only difference, and the sample is actually the same ;)
>
> Needed to look this up from the "Apache Karaf Cookbook" :) (it's been a while I did write this and the code in pax-web)
> First you need to configure your web-container to use the jaas service of the surrounding Karaf.
> For Jetty this is something like the following:
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65 <https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65>
>
> <Call name="addBean">
> <Arg>
> <New class="org.eclipse.jetty.jaas.JAASLoginService">
> <Set name="name">karaf</Set>
> <Set name="loginModuleName">karaf</Set>
> <Set name="roleClassNames">
> <Array type="java.lang.String">
> <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
> </Array>
> </Set>
> </New>
> </Arg>
> </Call>
>
> Second, you need to configure this realm in your WAB/WAR with its corresponding web.xml:
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/samples/war-formauth/src/main/webapp/WEB-INF/web.xml#L98-L119 <https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/samples/war-formauth/src/main/webapp/WEB-INF/web.xml#L98-L119>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <description>Protect the Example Servlet</description>
> <url-pattern>/wc/example</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <description>Authorized Users Group</description>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <description>Test Role</description>
> <role-name>admin</role-name>
> </security-role>
>
> best regards, Achim
>
> P.S. here is the sample from the Apache Karaf Cookbook:
> https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter4/chapter4-recipe7 <https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter4/chapter4-recipe7>
> Am Mo., 11. Mai 2020 um 15:17 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
> Ok, I am not having good luck with this. Using the realm “karaf” and BASIC authentication.
> Mind that my artifact is a WAB, not a WAR.
>
> My web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Karaf</realm-name>
> </login-config>
>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
>
> Error:
>
>
> 9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web application
> java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 in ConstraintSecurityHandler@17b84a6e{STARTING}
> at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>
>
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 11, 2020, at 8:36 AM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>
>> Ok I saw it now, it was hidden:
>>
>> <realm-name>Test Realm</realm-name>
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>> On May 11, 2020, at 8:31 AM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>>
>>> Thanks Achin and JB,
>>>
>>> I looked at that example, but that is is WAR, and I am looking for WAB example. Still, in the ‘web.xml’ file there is no reference to JAAS realm. Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).
>>>
>>> Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>> On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
>>>>
>>>> No rush, I think it’s easier for our users to find "how to" ;)
>>>>
>>>> Thanks !
>>>> Regards
>>>> JB
>>>>
>>>>> Le 11 mai 2020 à 09:09, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>>>
>>>>> Sure ..
>>>>> maybe I find some time during this week to create this there ;)
>>>>>
>>>>> regards, Achim
>>>>>
>>>>> p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)
>>>>>
>>>>> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
>>>>> Maybe worth to add this in the Karaf wab example as well.
>>>>>
>>>>> I will.
>>>>>
>>>>> Regards
>>>>> JB
>>>>>
>>>>>> Le 10 mai 2020 à 13:45, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> there is a sample app for Pax-Web, which is also used in the test-suite:
>>>>>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
>>>>>> And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.
>>>>>>
>>>>>> regards, Achim
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
>>>>>> Hello,
>>>>>>
>>>>>> Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
>>>>>> My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
>>>>>>
>>>>>> <!-- =========================================================== -->
>>>>>> <!-- Configure Authentication Realms -->
>>>>>> <!-- Realms may be configured for the entire server here, or -->
>>>>>> <!-- they can be configured for a specific web app in a context -->
>>>>>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>>>>>> <!-- example). -->
>>>>>> <!-- =========================================================== —>
>>>>>>
>>>>>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
>>>>>> My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
>>>>>>
>>>>>>
>>>>>> Best regards,
>>>>>> Alex soto
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Apache Member
>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Apache Member
>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>
>>>>
>>>
>>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi Alex,
a wab is nothing else then a war which is already contains the required
Web-ApplicationContext parameter.
That's the only difference, and the sample is actually the same ;)
Needed to look this up from the "Apache Karaf Cookbook" :) (it's been a
while I did write this and the code in pax-web)
First you need to configure your web-container to use the jaas service of
the surrounding Karaf.
For Jetty this is something like the following:
https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">karaf</Set>
<Set name="loginModuleName">karaf</Set>
<Set name="roleClassNames">
<Array type="java.lang.String">
<Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
</Array>
</Set>
</New>
</Arg>
</Call>
Second, you need to configure this realm in your WAB/WAR with its
corresponding web.xml:
https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/samples/war-formauth/src/main/webapp/WEB-INF/web.xml#L98-L119
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description>Protect the Example Servlet</description>
<url-pattern>/wc/example</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Authorized Users Group</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Test Role</description>
<role-name>admin</role-name>
</security-role>
best regards, Achim
P.S. here is the sample from the Apache Karaf Cookbook:
https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter4/chapter4-recipe7
Am Mo., 11. Mai 2020 um 15:17 Uhr schrieb Alex Soto <al...@envieta.com>:
> Ok, I am not having good luck with this. Using the realm “karaf” and BASIC
> authentication.
> Mind that my artifact is a WAB, not a WAR.
>
> My web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Karaf</realm-name>
> </login-config>
>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
>
> Error:
>
>
> 9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web
> application
> java.lang.IllegalStateException: No LoginService
> for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2
> in ConstraintSecurityHandler@17b84a6e{STARTING}
> at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344)
> ~[?:?]
> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879)
> ~[?:?]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821)
> ~[?:?]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658)
> ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228)
> ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173)
> ~[?:?]
> at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129)
> ~[?:?]
> at
> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)
> ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318)
> ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59)
> ~[?:?]
>
> at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [?:1.8.0_171]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
>
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
>
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:1.8.0_171]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:1.8.0_171]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>
>
>
> Best regards,
> Alex soto
>
>
>
>
> On May 11, 2020, at 8:36 AM, Alex Soto <al...@envieta.com> wrote:
>
> Ok I saw it now, it was hidden:
>
> <realm-name>Test Realm</realm-name>
>
>
> Best regards,
> Alex soto
>
>
>
>
> On May 11, 2020, at 8:31 AM, Alex Soto <al...@envieta.com> wrote:
>
> Thanks Achin and JB,
>
> I looked at that example, but that is is WAR, and I am looking for WAB
> example. Still, in the ‘web.xml’ file there is no reference to JAAS
> realm. Where do you indicate the realm name? (I have my own realm separate
> from the default Karaf one).
>
> Actually, it is not fun having to guess all this basic stuff, and also a
> productivity drain, I am sorry to say.
>
>
> Best regards,
> Alex soto
>
> On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
>
> No rush, I think it’s easier for our users to find "how to" ;)
>
> Thanks !
> Regards
> JB
>
> Le 11 mai 2020 à 09:09, Achim Nierbeck <bc...@googlemail.com> a écrit :
>
> Sure ..
> maybe I find some time during this week to create this there ;)
>
> regards, Achim
>
> p.s. this just reminds me, that those samples are also in the "Apache
> Karaf Cookbook" :)
>
> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <
> jb@nanthrax.net>:
>
>> Maybe worth to add this in the Karaf wab example as well.
>>
>> I will.
>>
>> Regards
>> JB
>>
>> Le 10 mai 2020 à 13:45, Achim Nierbeck <bc...@googlemail.com> a écrit
>> :
>>
>> Hi,
>>
>> there is a sample app for Pax-Web, which is also used in the test-suite:
>>
>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
>> And actually you just need to reference the jaas of the surrounding Karaf
>> instance in your web.xml file.
>>
>> regards, Achim
>>
>>
>>
>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com
>> >:
>>
>>> Hello,
>>>
>>> Is there a good tutorial or documentation on how to protect a WAB (Web
>>> Application Bundle) with JAAS authentication?
>>> My Karaf version is 4.2.8. Documentation here
>>> https://karaf.apache.org/manual/latest/webcontainer is scarce, only
>>> referring to Jetty global config, (even that failed for me). I have
>>> multiple WABs and WARs in the same Karaf container, and I don’t want to
>>> apply the same JAAS authentication to all of them. From the comment:
>>>
>>> <!-- =========================================================== -->
>>> <!-- Configure Authentication Realms -->
>>> <!-- Realms may be configured for the entire server here, or -->
>>> <!-- they can be configured for a specific web app in a context -->
>>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>>> <!-- example). -->
>>> <!-- =========================================================== —>
>>>
>>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is
>>> unclear on how to apply, and it is Jetty specific.
>>> My preference is for a Jetty agnostic way, for portability reasons.
>>> (Maybe Karaf will change to Undertow in the future)
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>
>>
>> --
>>
>> Apache Member
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer
>> & Project Lead
>> blog <http://notizblog.nierbeck.de/>
>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>>
>>
>>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
>
>
>
>
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Ok, I am not having good luck with this. Using the realm “karaf” and BASIC authentication.
Mind that my artifact is a WAB, not a WAR.
My web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
Error:
9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 in ConstraintSecurityHandler@17b84a6e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
Best regards,
Alex soto
> On May 11, 2020, at 8:36 AM, Alex Soto <al...@envieta.com> wrote:
>
> Ok I saw it now, it was hidden:
>
> <realm-name>Test Realm</realm-name>
>
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 11, 2020, at 8:31 AM, Alex Soto <alex.soto@envieta.com <ma...@envieta.com>> wrote:
>>
>> Thanks Achin and JB,
>>
>> I looked at that example, but that is is WAR, and I am looking for WAB example. Still, in the ‘web.xml’ file there is no reference to JAAS realm. Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).
>>
>> Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.
>>
>>
>> Best regards,
>> Alex soto
>>
>>> On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
>>>
>>> No rush, I think it’s easier for our users to find "how to" ;)
>>>
>>> Thanks !
>>> Regards
>>> JB
>>>
>>>> Le 11 mai 2020 à 09:09, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>>
>>>> Sure ..
>>>> maybe I find some time during this week to create this there ;)
>>>>
>>>> regards, Achim
>>>>
>>>> p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)
>>>>
>>>> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
>>>> Maybe worth to add this in the Karaf wab example as well.
>>>>
>>>> I will.
>>>>
>>>> Regards
>>>> JB
>>>>
>>>>> Le 10 mai 2020 à 13:45, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>>>
>>>>> Hi,
>>>>>
>>>>> there is a sample app for Pax-Web, which is also used in the test-suite:
>>>>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
>>>>> And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.
>>>>>
>>>>> regards, Achim
>>>>>
>>>>>
>>>>>
>>>>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
>>>>> Hello,
>>>>>
>>>>> Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
>>>>> My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
>>>>>
>>>>> <!-- =========================================================== -->
>>>>> <!-- Configure Authentication Realms -->
>>>>> <!-- Realms may be configured for the entire server here, or -->
>>>>> <!-- they can be configured for a specific web app in a context -->
>>>>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>>>>> <!-- example). -->
>>>>> <!-- =========================================================== —>
>>>>>
>>>>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
>>>>> My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
>>>>>
>>>>>
>>>>> Best regards,
>>>>> Alex soto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Apache Member
>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>
>>>
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Ok I saw it now, it was hidden:
<realm-name>Test Realm</realm-name>
Best regards,
Alex soto
> On May 11, 2020, at 8:31 AM, Alex Soto <al...@envieta.com> wrote:
>
> Thanks Achin and JB,
>
> I looked at that example, but that is is WAR, and I am looking for WAB example. Still, in the ‘web.xml’ file there is no reference to JAAS realm. Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).
>
> Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.
>
>
> Best regards,
> Alex soto
>
>> On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
>>
>> No rush, I think it’s easier for our users to find "how to" ;)
>>
>> Thanks !
>> Regards
>> JB
>>
>>> Le 11 mai 2020 à 09:09, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>
>>> Sure ..
>>> maybe I find some time during this week to create this there ;)
>>>
>>> regards, Achim
>>>
>>> p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)
>>>
>>> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
>>> Maybe worth to add this in the Karaf wab example as well.
>>>
>>> I will.
>>>
>>> Regards
>>> JB
>>>
>>>> Le 10 mai 2020 à 13:45, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>>
>>>> Hi,
>>>>
>>>> there is a sample app for Pax-Web, which is also used in the test-suite:
>>>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
>>>> And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.
>>>>
>>>> regards, Achim
>>>>
>>>>
>>>>
>>>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
>>>> Hello,
>>>>
>>>> Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
>>>> My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
>>>>
>>>> <!-- =========================================================== -->
>>>> <!-- Configure Authentication Realms -->
>>>> <!-- Realms may be configured for the entire server here, or -->
>>>> <!-- they can be configured for a specific web app in a context -->
>>>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>>>> <!-- example). -->
>>>> <!-- =========================================================== —>
>>>>
>>>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
>>>> My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
>>>>
>>>>
>>>> Best regards,
>>>> Alex soto
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Apache Member
>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Apache Member
>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Alex Soto <al...@envieta.com>.
Thanks Achin and JB,
I looked at that example, but that is is WAR, and I am looking for WAB example. Still, in the ‘web.xml’ file there is no reference to JAAS realm. Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).
Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.
Best regards,
Alex soto
> On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <jb...@nanthrax.net> wrote:
>
> No rush, I think it’s easier for our users to find "how to" ;)
>
> Thanks !
> Regards
> JB
>
>> Le 11 mai 2020 à 09:09, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>
>> Sure ..
>> maybe I find some time during this week to create this there ;)
>>
>> regards, Achim
>>
>> p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)
>>
>> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
>> Maybe worth to add this in the Karaf wab example as well.
>>
>> I will.
>>
>> Regards
>> JB
>>
>>> Le 10 mai 2020 à 13:45, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>>
>>> Hi,
>>>
>>> there is a sample app for Pax-Web, which is also used in the test-suite:
>>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
>>> And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.
>>>
>>> regards, Achim
>>>
>>>
>>>
>>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
>>> Hello,
>>>
>>> Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
>>> My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
>>>
>>> <!-- =========================================================== -->
>>> <!-- Configure Authentication Realms -->
>>> <!-- Realms may be configured for the entire server here, or -->
>>> <!-- they can be configured for a specific web app in a context -->
>>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>>> <!-- example). -->
>>> <!-- =========================================================== —>
>>>
>>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
>>> My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Apache Member
>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>>
>>
>>
>>
>> --
>>
>> Apache Member
>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
No rush, I think it’s easier for our users to find "how to" ;)
Thanks !
Regards
JB
> Le 11 mai 2020 à 09:09, Achim Nierbeck <bc...@googlemail.com> a écrit :
>
> Sure ..
> maybe I find some time during this week to create this there ;)
>
> regards, Achim
>
> p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)
>
> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <jb@nanthrax.net <ma...@nanthrax.net>>:
> Maybe worth to add this in the Karaf wab example as well.
>
> I will.
>
> Regards
> JB
>
>> Le 10 mai 2020 à 13:45, Achim Nierbeck <bcanhome@googlemail.com <ma...@googlemail.com>> a écrit :
>>
>> Hi,
>>
>> there is a sample app for Pax-Web, which is also used in the test-suite:
>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
>> And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.
>>
>> regards, Achim
>>
>>
>>
>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
>> Hello,
>>
>> Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
>> My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
>>
>> <!-- =========================================================== -->
>> <!-- Configure Authentication Realms -->
>> <!-- Realms may be configured for the entire server here, or -->
>> <!-- they can be configured for a specific web app in a context -->
>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>> <!-- example). -->
>> <!-- =========================================================== —>
>>
>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
>> My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>
>>
>> --
>>
>> Apache Member
>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Achim Nierbeck <bc...@googlemail.com>.
Sure ..
maybe I find some time during this week to create this there ;)
regards, Achim
p.s. this just reminds me, that those samples are also in the "Apache Karaf
Cookbook" :)
Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <
jb@nanthrax.net>:
> Maybe worth to add this in the Karaf wab example as well.
>
> I will.
>
> Regards
> JB
>
> Le 10 mai 2020 à 13:45, Achim Nierbeck <bc...@googlemail.com> a écrit :
>
> Hi,
>
> there is a sample app for Pax-Web, which is also used in the test-suite:
>
> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
> And actually you just need to reference the jaas of the surrounding Karaf
> instance in your web.xml file.
>
> regards, Achim
>
>
>
> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com
> >:
>
>> Hello,
>>
>> Is there a good tutorial or documentation on how to protect a WAB (Web
>> Application Bundle) with JAAS authentication?
>> My Karaf version is 4.2.8. Documentation here
>> https://karaf.apache.org/manual/latest/webcontainer is scarce, only
>> referring to Jetty global config, (even that failed for me). I have
>> multiple WABs and WARs in the same Karaf container, and I don’t want to
>> apply the same JAAS authentication to all of them. From the comment:
>>
>> <!-- =========================================================== -->
>> <!-- Configure Authentication Realms -->
>> <!-- Realms may be configured for the entire server here, or -->
>> <!-- they can be configured for a specific web app in a context -->
>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>> <!-- example). -->
>> <!-- =========================================================== —>
>>
>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is
>> unclear on how to apply, and it is Jetty specific.
>> My preference is for a Jetty agnostic way, for portability reasons.
>> (Maybe Karaf will change to Undertow in the future)
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> Project Lead
> blog <http://notizblog.nierbeck.de/>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
>
>
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Jean-Baptiste Onofre <jb...@nanthrax.net>.
Maybe worth to add this in the Karaf wab example as well.
I will.
Regards
JB
> Le 10 mai 2020 à 13:45, Achim Nierbeck <bc...@googlemail.com> a écrit :
>
> Hi,
>
> there is a sample app for Pax-Web, which is also used in the test-suite:
> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
> And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.
>
> regards, Achim
>
>
>
> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.soto@envieta.com <ma...@envieta.com>>:
> Hello,
>
> Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
> My Karaf version is 4.2.8. Documentation here https://karaf.apache.org/manual/latest/webcontainer <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only referring to Jetty global config, (even that failed for me). I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them. From the comment:
>
> <!-- =========================================================== -->
> <!-- Configure Authentication Realms -->
> <!-- Realms may be configured for the entire server here, or -->
> <!-- they can be configured for a specific web app in a context -->
> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
> <!-- example). -->
> <!-- =========================================================== —>
>
> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is unclear on how to apply, and it is Jetty specific.
> My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)
>
>
> Best regards,
> Alex soto
>
>
>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
>
Re: Basic authentication of WAB using Jaas in Karaf
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi,
there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf
instance in your web.xml file.
regards, Achim
Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <al...@envieta.com>:
> Hello,
>
> Is there a good tutorial or documentation on how to protect a WAB (Web
> Application Bundle) with JAAS authentication?
> My Karaf version is 4.2.8. Documentation here
> https://karaf.apache.org/manual/latest/webcontainer is scarce, only
> referring to Jetty global config, (even that failed for me). I have
> multiple WABs and WARs in the same Karaf container, and I don’t want to
> apply the same JAAS authentication to all of them. From the comment:
>
> <!-- =========================================================== -->
> <!-- Configure Authentication Realms -->
> <!-- Realms may be configured for the entire server here, or -->
> <!-- they can be configured for a specific web app in a context -->
> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
> <!-- example). -->
> <!-- =========================================================== —>
>
> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is
> unclear on how to apply, and it is Jetty specific.
> My preference is for a Jetty agnostic way, for portability reasons. (Maybe
> Karaf will change to Undertow in the future)
>
>
> Best regards,
> Alex soto
>
>
>
>
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>