You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Martin Stiborský <ma...@gmail.com> on 2013/06/04 07:31:04 UTC

Configuring SSL client cert auth with JAAS in Karaf/pax-web

Hello,
we have a project in Apache Camel, deployed to Karaf.
There we have a CXF-RS interface exposed in Camel routes. To limit and
"secure" access to the REST interface, we have used SSL client cert
authentication (http://blog.nanthrax.net/2012/12/how-to-enable-https-certificate-client-auth-with-karaf/).
So, only trusted clients with valid certificate are allowed to use the
REST interface.

Now we have a complication, for some cases we need to use different
kind of authentication and "bypass" the SSL client auth cert.
I have found that for example Basic HTTP auth is possible to configure
with JAAS.

My question is, it is possible to configure also this builtin
Karaf/pax-web SSL client auth cert with JAAS?
Or I have to write custom LoginModule for CXF and handle all the SSL
heavy lifting there and get away from the Karaf builtin feature?

Thanks guys!

--
S pozdravem / Best regards
Martin Stiborský

Jabber: stibi@njs.netlab.cz
Twitter: http://www.twitter.com/stibi

Re: Configuring SSL client cert auth with JAAS in Karaf/pax-web

Posted by Achim Nierbeck <bc...@googlemail.com>.

Hi,

pax web does support both, using Basic Authentication and certificates.
Now, I'm not quite sure if both would work coming from the same connector,
but
you should be able to define different connectors and bind those
connectors, either to
the ssl certificate or to the basic authentication. I haven't fully thought
this through and
never tried it but I think it should be possible. This way you're going to
have a port with ssl,
presumably 8443 and another connector on a different port with basic auth.

Regards, Achim


2013/6/4 Martin Stiborský <ma...@gmail.com>

> Hello,
> we have a project in Apache Camel, deployed to Karaf.
> There we have a CXF-RS interface exposed in Camel routes. To limit and
> "secure" access to the REST interface, we have used SSL client cert
> authentication (
> http://blog.nanthrax.net/2012/12/how-to-enable-https-certificate-client-auth-with-karaf/
> ).
> So, only trusted clients with valid certificate are allowed to use the
> REST interface.
>
> Now we have a complication, for some cases we need to use different
> kind of authentication and "bypass" the SSL client auth cert.
> I have found that for example Basic HTTP auth is possible to configure
> with JAAS.
>
> My question is, it is possible to configure also this builtin
> Karaf/pax-web SSL client auth cert with JAAS?
> Or I have to write custom LoginModule for CXF and handle all the SSL
> heavy lifting there and get away from the Karaf builtin feature?
>
> Thanks guys!
>
> --
> S pozdravem / Best regards
> Martin Stiborský
>
> Jabber: stibi@njs.netlab.cz
> Twitter: http://www.twitter.com/stibi
>



-- 

Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home>
Commiter & Project Lead
blog <http://notizblog.nierbeck.de/>