You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by Robert Munteanu <ro...@apache.org> on 2022/08/04 12:40:14 UTC
Re: Running Oak on Apache Karaf (or other OSGi platform)
Hi Damiano,
On Thu, 2022-07-28 at 22:44 +0200, Damiano Albani wrote:
> Hello,
>
> I've been using Oak for some time now, in a custom Spring Boot based
> application.
> Basically like what's suggested in
> https://github.com/apache/jackrabbit-oak/tree/trunk/oak-examples/standalone
> .
> Yet, I'd like to be able to make use of more "advanced" OSGi features
> like
> dynamic bundle management.
> But from what I could see/test, that's not what PojoSR supports.
> Thus the need to run Oak in a proper, "full blown" OSGi environment.
>
> I saw that Sling provides a Karaf distribution:
> https://sling.apache.org/documentation/karaf.html.
> Given that Sling uses Oak, I suppose that it's possible to run Oak
> only on
> Karaf.
> But I couldn't find any ready-made recipe or instructions to do so.
> So has anyone already tried to run Oak on Karaf? If so, could you
> share
> your work?
> Or, alternatively, would there be another OSGi platform that you
> would
> recommend?
You can try the Sling Karaf Features [1] or the Sling Starter [2] and
progressively remove the parts that you don't want/need.
Thanks,
Robert
[1]: https://sling.apache.org/documentation/karaf.html
[2]: https://github.com/apache/sling-org-apache-sling-starter
>
> Thanks for your help!
>
> Regards,
>
Re: Running Oak on Sling Starter: JAAS related issue
Posted by Robert Munteanu <ro...@apache.org>.
Hi Damiano,
On Mon, 2022-12-26 at 18:57 +0100, Damiano Albani wrote:
> Hello,
>
> It has taken me some time (weeks!) but I think I've found the
> solution to
> the problem:
(snip)
That is great to know and thanks for sharing the resolution! I took a
look at your feature model definition, and one thing that is missing
(because it's Sling-specific) is the definition of the "oak-server"
OSGi bundle [1]
That bundle bridges between the Sling world and the Oak world, and
plays a couple of classloader tricks, which I suspect have the same
effect as the bootdelegation that you perform [2].
You could review that code and check if you can apply the same patterns
in your codebase, which would allow you to do away with the boot
delegation.
Thanks,
Robert
[1]:
https://github.com/apache/sling-org-apache-sling-starter/blob/2535962ee0f3d98235ff941872bf0811d1f6cfea/src/main/features/oak/oak_base.json#L121
[2]:
https://github.com/apache/sling-org-apache-sling-jcr-oak-server/tree/master/src/main/java/org/apache/sling/jcr/oak/server/internal
Re: Running Oak on Sling Starter: JAAS related issue
Posted by Damiano Albani <da...@gmail.com>.
Hello,
It has taken me some time (weeks!) but I think I've found the solution to
the problem:
1. Added "org.apache.felix.jaas.boot" to
"org.osgi.framework.bootdelegation".
2. Added
"-Xbootclasspath/a:/opt/sling/artifacts/org/apache/felix/org.apache.felix.jaas/1.0.2/org.apache.felix.jaas-1.0.2.jar"
to the JVM arguments.
And the null context class loader was apparently not the sign of an issue,
from what I read about OSGi, but also as seen in practice:
> [LoginContext]: Build ServiceProviders cache for ClassLoader: null
> [LoginContext]: Discovered ServiceProviders for ClassLoader: null
> java.util.ServiceLoader$ProviderImpl@5a0e195d
> [LoginContext]: org.apache.felix.jaas.boot.ProxyLoginModule loaded via
> reflection
>
Why this bit of configuration was not necessary for the full Sling
distribution to work, I have no idea.
If someone knows and can enlighten me, I'd be curious.
Regards,
On Sun, Dec 25, 2022 at 1:52 PM Damiano Albani <da...@gmail.com>
wrote:
> Hello,
>
> By the way, when running the JVM with:
>
>> -Djava.security.debug=logincontext
>>
> I get the following in the logs:
>
>> [LoginContext]: Build ServiceProviders cache for ClassLoader: null
>> 2022-12-25T12:44:12.098782749Z [LoginContext]: Discovered
>> ServiceProviders for ClassLoader: null
>> 2022-12-25T12:44:12.099238285Z
>> java.util.ServiceLoader$ProviderImpl@aa8a886e
>> 2022-12-25T12:44:12.099896168Z [LoginContext]: login OPTIONAL failure
>> 2022-12-25T12:44:12.100246110Z [LoginContext]: login OPTIONAL failure
>> 2022-12-25T12:44:12.100525812Z [LoginContext]: login REQUIRED failure
>> 2022-12-25T12:44:12.100869944Z [LoginContext]: login REQUIRED failure
>> 2022-12-25T12:44:12.101177253Z [LoginContext]: abort OPTIONAL failure
>> 2022-12-25T12:44:12.101655572Z [LoginContext]: abort OPTIONAL failure
>> 2022-12-25T12:44:12.101914557Z [LoginContext]: abort REQUIRED failure
>> 2022-12-25T12:44:12.102136095Z [LoginContext]: abort REQUIRED failure
>>
>
> And this is how the context class loader is initialized in
> *javax.security.auth.login.LoginContext*:
>
>> contextClassLoader = java.security.AccessController.doPrivileged
>> (new java.security.PrivilegedAction<ClassLoader>() {
>> public ClassLoader run() {
>> ClassLoader loader =
>>
>> Thread.currentThread().getContextClassLoader();
>> if (loader == null) {
>> // Don't use bootstrap class loader directly to
>> ensure
>> // proper package access control!
>> loader = ClassLoader.getSystemClassLoader();
>> }
>>
>> return loader;
>> }
>> });
>>
>
> Yet, this method returns *null* apparently, as seen in the logs above.
> So, could the issue be class loader related??
>
> Regards,
>
> On Thu, Dec 22, 2022 at 5:01 PM Damiano Albani <da...@gmail.com>
> wrote:
>
>> Hi Robert,
>>
>> Yes, sure, this is the whole configuration:
>> https://gist.github.com/dalbani/b9e8e10e8a61499f7e56900c858e15b2.
>> Thanks!
>>
>> Regards,
>>
>> On Thu, Dec 22, 2022 at 1:49 PM Robert Munteanu <ro...@apache.org>
>> wrote:
>>
>>> On Tue, 2022-12-20 at 16:06 +0100, Damiano Albani wrote:
>>> > Hi,
>>> >
>>> > I just picked up my effort to use (a trimmed down flavor of) Sling
>>> > Starter
>>> > to deploy Oak *only*.
>>> > I'm running into this issue when code tries to log into the JCR
>>> > repository:
>>> >
>>> > > javax.security.auth.login.LoginException: No LoginModule found for
>>> > > org.apache.felix.jaas.boot.ProxyLoginModule
>>>
>>> (snip)
>>>
>>> Is there any chance that you could post your feature model definitions
>>> somewhere? I don't see anything obviously wrong in your setup, and
>>> running it myself might help.
>>>
>>> Thanks,
>>> Robert
>>>
>>
>>
>> --
>> Damiano Albani
>>
>
>
> --
> Damiano Albani
>
--
Damiano Albani
Re: Running Oak on Sling Starter: JAAS related issue
Posted by Damiano Albani <da...@gmail.com>.
Hello,
By the way, when running the JVM with:
> -Djava.security.debug=logincontext
>
I get the following in the logs:
> [LoginContext]: Build ServiceProviders cache for ClassLoader: null
> 2022-12-25T12:44:12.098782749Z [LoginContext]: Discovered ServiceProviders
> for ClassLoader: null
> 2022-12-25T12:44:12.099238285Z
> java.util.ServiceLoader$ProviderImpl@aa8a886e
> 2022-12-25T12:44:12.099896168Z [LoginContext]: login OPTIONAL failure
> 2022-12-25T12:44:12.100246110Z [LoginContext]: login OPTIONAL failure
> 2022-12-25T12:44:12.100525812Z [LoginContext]: login REQUIRED failure
> 2022-12-25T12:44:12.100869944Z [LoginContext]: login REQUIRED failure
> 2022-12-25T12:44:12.101177253Z [LoginContext]: abort OPTIONAL failure
> 2022-12-25T12:44:12.101655572Z [LoginContext]: abort OPTIONAL failure
> 2022-12-25T12:44:12.101914557Z [LoginContext]: abort REQUIRED failure
> 2022-12-25T12:44:12.102136095Z [LoginContext]: abort REQUIRED failure
>
And this is how the context class loader is initialized in
*javax.security.auth.login.LoginContext*:
> contextClassLoader = java.security.AccessController.doPrivileged
> (new java.security.PrivilegedAction<ClassLoader>() {
> public ClassLoader run() {
> ClassLoader loader =
> Thread.currentThread().getContextClassLoader();
> if (loader == null) {
> // Don't use bootstrap class loader directly to
> ensure
> // proper package access control!
> loader = ClassLoader.getSystemClassLoader();
> }
>
> return loader;
> }
> });
>
Yet, this method returns *null* apparently, as seen in the logs above.
So, could the issue be class loader related??
Regards,
On Thu, Dec 22, 2022 at 5:01 PM Damiano Albani <da...@gmail.com>
wrote:
> Hi Robert,
>
> Yes, sure, this is the whole configuration:
> https://gist.github.com/dalbani/b9e8e10e8a61499f7e56900c858e15b2.
> Thanks!
>
> Regards,
>
> On Thu, Dec 22, 2022 at 1:49 PM Robert Munteanu <ro...@apache.org>
> wrote:
>
>> On Tue, 2022-12-20 at 16:06 +0100, Damiano Albani wrote:
>> > Hi,
>> >
>> > I just picked up my effort to use (a trimmed down flavor of) Sling
>> > Starter
>> > to deploy Oak *only*.
>> > I'm running into this issue when code tries to log into the JCR
>> > repository:
>> >
>> > > javax.security.auth.login.LoginException: No LoginModule found for
>> > > org.apache.felix.jaas.boot.ProxyLoginModule
>>
>> (snip)
>>
>> Is there any chance that you could post your feature model definitions
>> somewhere? I don't see anything obviously wrong in your setup, and
>> running it myself might help.
>>
>> Thanks,
>> Robert
>>
>
>
> --
> Damiano Albani
>
--
Damiano Albani
Re: Running Oak on Sling Starter: JAAS related issue
Posted by Damiano Albani <da...@gmail.com>.
Hi Robert,
Yes, sure, this is the whole configuration:
https://gist.github.com/dalbani/b9e8e10e8a61499f7e56900c858e15b2.
Thanks!
Regards,
On Thu, Dec 22, 2022 at 1:49 PM Robert Munteanu <ro...@apache.org> wrote:
> On Tue, 2022-12-20 at 16:06 +0100, Damiano Albani wrote:
> > Hi,
> >
> > I just picked up my effort to use (a trimmed down flavor of) Sling
> > Starter
> > to deploy Oak *only*.
> > I'm running into this issue when code tries to log into the JCR
> > repository:
> >
> > > javax.security.auth.login.LoginException: No LoginModule found for
> > > org.apache.felix.jaas.boot.ProxyLoginModule
>
> (snip)
>
> Is there any chance that you could post your feature model definitions
> somewhere? I don't see anything obviously wrong in your setup, and
> running it myself might help.
>
> Thanks,
> Robert
>
--
Damiano Albani
Re: Running Oak on Sling Starter: JAAS related issue
Posted by Robert Munteanu <ro...@apache.org>.
On Tue, 2022-12-20 at 16:06 +0100, Damiano Albani wrote:
> Hi,
>
> I just picked up my effort to use (a trimmed down flavor of) Sling
> Starter
> to deploy Oak *only*.
> I'm running into this issue when code tries to log into the JCR
> repository:
>
> > javax.security.auth.login.LoginException: No LoginModule found for
> > org.apache.felix.jaas.boot.ProxyLoginModule
(snip)
Is there any chance that you could post your feature model definitions
somewhere? I don't see anything obviously wrong in your setup, and
running it myself might help.
Thanks,
Robert
Re: Running Oak on Sling Starter: JAAS related issue
Posted by Damiano Albani <da...@gmail.com>.
Hi,
I just picked up my effort to use (a trimmed down flavor of) Sling Starter
to deploy Oak *only*.
I'm running into this issue when code tries to log into the JCR repository:
> javax.security.auth.login.LoginException: No LoginModule found for
> org.apache.felix.jaas.boot.ProxyLoginModule
> at java.base/javax.security.auth.login.LoginContext.invoke(Unknown
> Source)
> at java.base/javax.security.auth.login.LoginContext$4.run(Unknown
> Source)
> at java.base/javax.security.auth.login.LoginContext$4.run(Unknown
> Source)
> at java.base/java.security.AccessController.doPrivileged(Unknown
> Source)
> at java.base/javax.security.auth.login.LoginContext.invokePriv(Unknown
> Source)
> at java.base/javax.security.auth.login.LoginContext.login(Unknown
> Source)
> at
> org.apache.jackrabbit.oak.core.ContentRepositoryImpl.login(ContentRepositoryImpl.java:163)
> at
> org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl.login(RepositoryImpl.java:294)
> ... 47 more
>
In the JAAS panel of the Felix Web Console, I see:
> JAAS Configuration Details:
>
> Registered LoginModules
> Realm : jackrabbit.oak
> org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule
> Flag : OPTIONAL
> Type : Configuration
> Ranking : 300
> org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule
> Flag : SUFFICIENT
> Type : Configuration
> Ranking : 200
> org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl
> Flag : REQUIRED
> Type : Configuration
> Ranking : 100
>
> Available LoginModules
> org.apache.jackrabbit.oak-core (105)
> org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule
> org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl
> org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule
>
My understanding is that this *ProxyLoginModule* is a special module, used
to "bootstrap" the JAAS setup in an OSGi environment.
Speaking of JAAS, I do have this bundle installed in my setup by the way:
{
> "id":"org.apache.felix:org.apache.felix.jaas:1.0.2",
> "start-order": "10"
> },
>
And, for the record, those are the relevant configuration items, I think:
"org.apache.felix.jaas.Configuration.factory~GuestLoginModule": {
> "jaas.controlFlag": "optional",
> "jaas.classname":
> "org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule",
> "jaas.ranking": 300
> },
> "org.apache.felix.jaas.Configuration.factory~TokenLoginModule": {
> "jaas.controlFlag": "sufficient",
> "jaas.classname":
> "org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule",
> "jaas.ranking": 200
> },
> "org.apache.felix.jaas.Configuration.factory~LoginModuleImpl": {
> "jaas.controlFlag": "required",
> "jaas.classname":
> "org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl",
> "jaas.ranking": 100
> },
> "org.apache.felix.jaas.ConfigurationSpi": {
> "jaas.configProviderName": "FelixJaasProvider",
> "jaas.defaultRealmName": "jackrabbit.oak",
> "jaas.globalConfigPolicy": "replace"
> },
>
So, what could be the cause of this problem?
And how can I fix it?
Thanks a lot!
Regards,
On Fri, Aug 5, 2022 at 8:43 PM Damiano Albani <da...@gmail.com>
wrote:
> Hello Robert,
>
> Thanks, that's indeed what I ended up doing.
> With mostly positive results so far.
> Yet, Karaf is very much new to me, so I'm still trying to find my way
> through it.
>
> Regards,
>
> On Thu, Aug 4, 2022 at 2:40 PM Robert Munteanu <ro...@apache.org> wrote:
>
>> Hi Damiano,
>>
>> On Thu, 2022-07-28 at 22:44 +0200, Damiano Albani wrote:
>> > Hello,
>> >
>> > I've been using Oak for some time now, in a custom Spring Boot based
>> > application.
>> > Basically like what's suggested in
>> >
>> https://github.com/apache/jackrabbit-oak/tree/trunk/oak-examples/standalone
>> > .
>> > Yet, I'd like to be able to make use of more "advanced" OSGi features
>> > like
>> > dynamic bundle management.
>> > But from what I could see/test, that's not what PojoSR supports.
>> > Thus the need to run Oak in a proper, "full blown" OSGi environment.
>> >
>> > I saw that Sling provides a Karaf distribution:
>> > https://sling.apache.org/documentation/karaf.html.
>> > Given that Sling uses Oak, I suppose that it's possible to run Oak
>> > only on
>> > Karaf.
>> > But I couldn't find any ready-made recipe or instructions to do so.
>> > So has anyone already tried to run Oak on Karaf? If so, could you
>> > share
>> > your work?
>> > Or, alternatively, would there be another OSGi platform that you
>> > would
>> > recommend?
>>
>> You can try the Sling Karaf Features [1] or the Sling Starter [2] and
>> progressively remove the parts that you don't want/need.
>>
>> Thanks,
>> Robert
>>
>> [1]: https://sling.apache.org/documentation/karaf.html
>> [2]: https://github.com/apache/sling-org-apache-sling-starter
>>
>> >
>> > Thanks for your help!
>> >
>> > Regards,
>> >
>>
>>
>
> --
> Damiano Albani
>
--
Damiano Albani
Re: Running Oak on Apache Karaf (or other OSGi platform)
Posted by Damiano Albani <da...@gmail.com>.
Hello Robert,
Thanks, that's indeed what I ended up doing.
With mostly positive results so far.
Yet, Karaf is very much new to me, so I'm still trying to find my way
through it.
Regards,
On Thu, Aug 4, 2022 at 2:40 PM Robert Munteanu <ro...@apache.org> wrote:
> Hi Damiano,
>
> On Thu, 2022-07-28 at 22:44 +0200, Damiano Albani wrote:
> > Hello,
> >
> > I've been using Oak for some time now, in a custom Spring Boot based
> > application.
> > Basically like what's suggested in
> >
> https://github.com/apache/jackrabbit-oak/tree/trunk/oak-examples/standalone
> > .
> > Yet, I'd like to be able to make use of more "advanced" OSGi features
> > like
> > dynamic bundle management.
> > But from what I could see/test, that's not what PojoSR supports.
> > Thus the need to run Oak in a proper, "full blown" OSGi environment.
> >
> > I saw that Sling provides a Karaf distribution:
> > https://sling.apache.org/documentation/karaf.html.
> > Given that Sling uses Oak, I suppose that it's possible to run Oak
> > only on
> > Karaf.
> > But I couldn't find any ready-made recipe or instructions to do so.
> > So has anyone already tried to run Oak on Karaf? If so, could you
> > share
> > your work?
> > Or, alternatively, would there be another OSGi platform that you
> > would
> > recommend?
>
> You can try the Sling Karaf Features [1] or the Sling Starter [2] and
> progressively remove the parts that you don't want/need.
>
> Thanks,
> Robert
>
> [1]: https://sling.apache.org/documentation/karaf.html
> [2]: https://github.com/apache/sling-org-apache-sling-starter
>
> >
> > Thanks for your help!
> >
> > Regards,
> >
>
>
--
Damiano Albani