You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (Jira)" <ji...@apache.org> on 2021/02/18 07:31:00 UTC
[jira] [Updated] (KARAF-6772) Removing JAASLoginService entry in
jetty.xml causes an error (workaround for camel-servlet basic auth) in
Karaf 4.2.9
[ https://issues.apache.org/jira/browse/KARAF-6772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-6772:
----------------------------------------
Fix Version/s: (was: 4.3.1)
(was: 4.2.11)
Target Version/s: 4.2.11, 4.3.1
> Removing JAASLoginService entry in jetty.xml causes an error (workaround for camel-servlet basic auth) in Karaf 4.2.9
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: KARAF-6772
> URL: https://issues.apache.org/jira/browse/KARAF-6772
> Project: Karaf
> Issue Type: Bug
> Components: karaf
> Affects Versions: 4.2.9
> Reporter: Gerald Kallas
> Priority: Major
> Attachments: hello1.xml, jetty.xml, org.ops4j.pax.web.context-admin.hello1.cfg, org.ops4j.pax.web.context-admin.hello1.cfg, undertow.xml, users.properties
>
>
> I've following route (hello1.xml)
> {code:java}
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd">
> <reference id="httpService" interface="org.osgi.service.http.HttpService" />
> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
> <bean class="org.apache.camel.component.osgi.OsgiServletRegisterer"
> init-method="register"
> destroy-method="unregister">
> <property name="servletName" value="httpServlet" />
> <property name="alias" value="/camel/services" />
> <property name="httpService" ref="httpService" />
> <property name="servlet" ref="camelServlet" />
> </bean>
> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent" />
> <camelContext xmlns="http://camel.apache.org/schema/blueprint">
> <route>
> <from uri="servlet://hello1?servletName=httpServlet" />
> <setBody>
> <constant>Hello 1</constant>
> </setBody>
> </route>
> </camelContext>
> </blueprint>
> {code}
> and following cfg file (org.ops4j.pax.web.context-admin.hello1.cfg)
> {code:java}
> bundle.symbolicName=hello1.xml
> login.config.authMethod=BASIC
> login.config.realmName=default
> context.id=default
> security.constraint.1.url = /camel/services/*
> security.constraint.1.method = *
> security.constraint.1.roles = admin
> {code}
> For proper working of the http basic auth with this configuration [~ggrzybek] was providing a workaround as following
> {code:java}
> Hello
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
> But I checked how it works with pax-web-jetty in the debugger.
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
> else if (list.size() == 1)
> service = list.iterator().next();
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
> list = {java.util.ArrayList@9544} size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> _callbackHandlerClass: java.lang.String = null
> _realmName: java.lang.String = "karaf"
> _loginModuleName: java.lang.String = "karaf"
> Now, with your Camel route, I got:
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> GET /camel/api/say/hello HTTP/1.1
> Host: localhost:8181
> User-Agent: curl/7.69.1
> Accept: */*
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> GET /camel/api/say/hello HTTP/1.1
> Host: localhost:8181
> Authorization: Basic a2FyYWY6a2FyYWY=
> User-Agent: curl/7.69.1
> Accept: */*
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
> In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
> regards
> Grzegorz Grzybek{code}
>
> This worked fine in the combination of Karaf 4.2.8 and Camel 3.3.0. The jetty.xml does only have one entry for JAASLoginService. It looks like
> {code:java}
> <?xml version="1.0"?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements. See the NOTICE file
> distributed with this work for additional information
> regarding copyright ownership. The ASF licenses this file
> to you under the Apache License, Version 2.0 (the
> "License"); you may not use this file except in compliance
> with the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing,
> software distributed under the License is distributed on an
> "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> KIND, either express or implied. See the License for the
> specific language governing permissions and limitations
> under the License.
> -->
> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
> <Configure id="Server" class="org.eclipse.jetty.server.Server">
> <!-- =========================================================== -->
> <!-- Set connectors -->
> <!-- =========================================================== -->
> <!-- One of each type! -->
> <!-- =========================================================== -->
> <!-- Use this connector for many frequently idle connections and for
> threadless continuations. -->
> <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
> <Set name="secureScheme">https</Set>
> <Set name="securePort">
> <Property name="jetty.secure.port" default="8443" />
> </Set>
> <Set name="outputBufferSize">32768</Set>
> <Set name="requestHeaderSize">8192</Set>
> <Set name="responseHeaderSize">8192</Set>
> <Set name="sendServerVersion">true</Set>
> <Set name="sendDateHeader">false</Set>
> <Set name="headerCacheSize">512</Set>
> </New>
> <!-- =========================================================== -->
> <!-- Special server connectors -->
> <!-- =========================================================== -->
> <!-- This is a sample for alternative connectors, enable if needed -->
> <!-- =========================================================== -->
> <!--
> <Call name="addConnector">
> <Arg>
> <New class="org.eclipse.jetty.server.ServerConnector">
> <Arg name="server">
> <Ref refid="Server" />
> </Arg>
> <Arg name="factories">
> <Array type="org.eclipse.jetty.server.ConnectionFactory">
> <Item>
> <New class="org.eclipse.jetty.server.HttpConnectionFactory">
> <Arg name="config">
> <Ref refid="httpConfig" />
> </Arg>
> </New>
> </Item>
> </Array>
> </Arg>
> <Set name="host">
> <Property name="jetty.host" default="localhost" />
> </Set>
> <Set name="port">
> <Property name="jetty.port" default="8282" />
> </Set>
> <Set name="idleTimeout">
> <Property name="http.timeout" default="30000" />
> </Set>
> <Set name="name">jettyConn1</Set>
> </New>
> </Arg>
> </Call>
> -->
> <!-- =========================================================== -->
> <!-- Configure Authentication Realms -->
> <!-- Realms may be configured for the entire server here, or -->
> <!-- they can be configured for a specific web app in a context -->
> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
> <!-- example). -->
> <!-- =========================================================== -->
> <Call name="addBean">
> <Arg>
> <New class="org.eclipse.jetty.jaas.JAASLoginService">
> <Set name="name">default</Set>
> <Set name="loginModuleName">karaf</Set>
> <Set name="roleClassNames">
> <Array type="java.lang.String">
> <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal
> </Item>
> </Array>
> </Set>
> </New>
> </Arg>
> </Call>
> </Configure>
> {code}
> With Karaf 4.2.9 and Camel 3.4.0 I'm getting an error when removing one of the Tags "<Call name="addBean"> ..". See the log file below
> {code:java}
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) ~[?:?]
> at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) ~[?:?]
> at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) ~[?:?]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) ~[?:?]
> at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) ~[?:?]
> at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) [!/:?]
> at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) [?:?]
> at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
> at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) [!/:1.10.2]
> at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) [!/:1.10.2]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) [!/:1.10.2]
> at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) [!/:1.10.2]
> at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) [!/:1.10.2]
> at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) [org.apache.felix.framework-5.6.12.jar:?]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) ~[?:?]
> at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) ~[?:?]
> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> at java.lang.Class.forName0(Native Method) ~[?:?]
> at java.lang.Class.forName(Class.java:398) ~[?:?]
> at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) ~[?:?]
> ... 62 more
> {code}
> Seems that relates to a pax-web issue in combination with the Jetty server (that has been updated in Karaf 4.2.9).
> If needed I can provide a ready to run docker image based on Karaf 4.2.9 and Camel 3.4.0 for testing.
> Best
> Gerald
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)