You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by cooshal <ku...@gmail.com> on 2019/06/04 07:34:35 UTC
Re: Simply Protect HTTP servlet
Hi:
I have similar concerns. I wanted to protect a particular endpoint. Here's
what I have done, so far:
// pom file
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>3.3.0</version>
<inherited>true</inherited>
<extensions>true</extensions>
<configuration>
<instructions>
<Web-ContextPath>/management</Web-ContextPath>
<Private-Package>*</Private-Package>
<Include-Resource>src</Include-Resource>
<_wab>src/main/webapp</_wab>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
and, as per the suggestion from JB in previous post on this thread, I added
following in src/main/webapp/WEB-INF/web.xml. I am trying to protect
http://localhost:8181/management/ endpoint.
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>PRS-EAI Monitoring Console</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>authenticated</display-name>
<web-resource-collection>
<web-resource-name>management</web-resource-name>
<description/>
<url-pattern>/management/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>karaf</realm-name>
</login-config>
<security-role>
<description/>
<role-name>user</role-name>
</security-role>
</web-app>
I checked few examples from pax-web as well. Did I do something wrong?
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html