You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by cooshal <ku...@gmail.com> on 2019/06/11 10:07:39 UTC
Authentication in a custom web application in karaf
Hi:
I have a sample web application, which I need to be protected by
authentication, just the way it does for Hawtio or other similar
applications.
I have my sample code here
(https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console).
t's an extremely basic web app with an index.html. The endpoint will be
exposed to /management/. I am trying to use it with the maven-bundle-plugin.
I had followed few examples from pax-web project.
I tried with 'war' packaging. The authentication works in that case, but I
was not able to serve my index.html (for example). Could be some config
issues.
It would be great, if anyone could provide me some info on this.
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi:
yes ! and I have already configured that in web.xml as well.
https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi:
I just tried adding 'war' in the bootFeatures.
I tried deploying the same webconsole bundle in the karaf instance. This
does not seem to trigger the web.xml's configuration options.
Is my pom
(https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/pom.xml)
correct?
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi again !
I have further updates on this issue.
I tried two different approaches:
1. Tried deploying this project as a war. I used the same web.xml file, but
changed the packaging type ko war. But, the Web-ContextPath in `web:list`
doesn't show management. And I struggled a bit to configure that. Thus, my
application was available at: *:8181/demo-web-console rather than at
*:/management
But important thing here is that the authentication works for the protected
pages.
2. I tried deploying it as an osgi bundle. Although I have specified
<_wab>src/main/webapp</_wab>, it does not seem to pick up the settings of
web.xml. Thus, the authentication rule is never invoked.
In both cases, I have installed war feature.
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi:
thanks. I will try that out.
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
You have to add the war feature in your bootFeatures.
regards,
François
fpapon@apache.org
Le 11/06/2019 à 22:50, Francois Papon a écrit :
> Hi,
>
> Let me try with your repo.
>
> regards,
>
> François
> fpapon@apache.org
>
> Le 11/06/2019 à 19:16, cooshal a écrit :
>> Hi again fpapon,
>>
>> As I have pointed out in my previous post, I have configured the web.xml
>> (https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24)
>> to use the karaf realm. But, I am still not able to get the authentication
>> functionality working.
>>
>> Do you have any suggestions on this ? My demo project is available at:
>> https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console
>>
>> Regards,
>> Cooshal.
>>
>>
>>
>> --
>> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
Let me try with your repo.
regards,
François
fpapon@apache.org
Le 11/06/2019 à 19:16, cooshal a écrit :
> Hi again fpapon,
>
> As I have pointed out in my previous post, I have configured the web.xml
> (https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24)
> to use the karaf realm. But, I am still not able to get the authentication
> functionality working.
>
> Do you have any suggestions on this ? My demo project is available at:
> https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console
>
> Regards,
> Cooshal.
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi again fpapon,
As I have pointed out in my previous post, I have configured the web.xml
(https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24)
to use the karaf realm. But, I am still not able to get the authentication
functionality working.
Do you have any suggestions on this ? My demo project is available at:
https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Francois Papon <fr...@openobject.fr>.
Hi,
Do you want to use Karaf realm?
regards,
François
fpapon@apache.org
Le 11/06/2019 à 14:07, cooshal a écrit :
> Hi:
>
> I have a sample web application, which I need to be protected by
> authentication, just the way it does for Hawtio or other similar
> applications.
>
> I have my sample code here
> (https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console).
> t's an extremely basic web app with an index.html. The endpoint will be
> exposed to /management/. I am trying to use it with the maven-bundle-plugin.
> I had followed few examples from pax-web project.
>
> I tried with 'war' packaging. The authentication works in that case, but I
> was not able to serve my index.html (for example). Could be some config
> issues.
>
> It would be great, if anyone could provide me some info on this.
>
> Regards,
> Cooshal.
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
I'm on the way to merge the example.
Regards
JB
On 18/06/2019 13:01, cooshal wrote:
> Hi:
>
> thank you !
>
> I will look at it and will get back to you.
>
> When I started this project, I used a very simple approach, which did not
> require any involvement of web.xml configuration. Later, I realized that I
> chose the wrong architecture.
>
> I will try and test with your approach.
>
> Thanks again.
>
> Regards,
> Cooshal.
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi:
I had other issues. Thus, I could not try this out. I will try this today,
and get back.
Thank you for your time :)
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Steinar Bang <sb...@dod.no>.
>>>>> cooshal <ku...@gmail.com>:
> Hi:
> thank you !
> I will look at it and will get back to you.
> When I started this project, I used a very simple approach, which did not
> require any involvement of web.xml configuration. Later, I realized that I
> chose the wrong architecture.
> I will try and test with your approach.
I have create a sample/boilerplate project that perhaps will make it
easier:
https://github.com/steinarb/authservice-sampleclient
You can test it out and verify that it works:
https://github.com/steinarb/authservice-sampleclient#try-this-code
You can copy it and modify it and fit it into your own multimodule maven
project:
https://github.com/steinarb/authservice-sampleclient#adapt-this-project-to-your-project
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi:
thank you !
I will look at it and will get back to you.
When I started this project, I used a very simple approach, which did not
require any involvement of web.xml configuration. Later, I realized that I
chose the wrong architecture.
I will try and test with your approach.
Thanks again.
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Steinar Bang <sb...@dod.no>.
>>>>> cooshal <ku...@gmail.com>:
> Hi:
> thank you for your reply.
> Thank you for sharing the project. I looked at the project, but I guess this
> implementation is too complicated for my current needs. I have an extremely
> simply HTML/JS application, for which I want it to be authenticated using
> karaf realm, for example.
Well... simple HTML/JS applications is what I use it for. :-)
It's actually pretty simple:
1. You need to create a bundle defining the web context (ie. the local
path of your web application eg. "/myapp"). That's mostly
boilerplate and you can look at my sample projects:
https://github.com/steinarb/authservice/tree/master/authservice.web.security
https://github.com/steinarb/ukelonn/tree/master/ukelonn.web.security
https://github.com/steinarb/handlereg/tree/master/handlereg.web.security
2. The bundle needs to create a web context helper. Some examples of
DS components creating a web context helper
https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceServletContextHelper.java#L22
https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/java/no/priv/bang/ukelonn/web/security/UkelonnServletContextHelper.java#L7
https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/java/no/priv/bang/handlereg/web/security/HandleregServletContextHelper.java#L22
(no actual code, just a DS component with some magical annotations)
3. The bundle needs to create a shiro filter and attach it to the web
context. The shiro filter needs to receive Realm and SessionDAO as
OSGi service injections (authservice provides these):
https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceShiroFilter.java#L44
https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/java/no/priv/bang/ukelonn/web/security/UkelonnShiroFilter.java#L41
https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/java/no/priv/bang/handlereg/web/security/HandleregShiroFilter.java#L38
(have to do the configuration in code instead of using shiro.ini,
because the shiro.ini code can't find the shiro classes in an OSGi
context. However the dependency injections of Realm and SessionDAO
makes things simpler)
4. If you want to have fine control of the paths in your webapp, use a
shiro.ini file, some examples:
https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/resources/shiro.ini
https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/resources/shiro.ini
https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/resources/shiro.ini
Once you have this in place I think you can basically use whatever way
you want to define your web application, you just need to use the
webcontext defined by the web context helper.
And you need to use a reverse proxy to fix the paths of the shiro
authentication cookies. That bit is a bit of a hack, but I don't see it
much myself, since I was using a reverse proxy anyway.
> I was following a sample from pax-web repo for the configuration stuffs,
> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/wab-jetty-web.
> I could configure the web.xml file and set the authentication stuffs there.
> This works perfectly fine, if I package my app as a war, but this does not
> work if I package it as a bundle. That is where I got stuck.
FWIW my way should work fine with web whiteboard OSGi bundles, and
possibly also with WAR bundles. :-)
(I haven't tried WAR bundles with this approach myself. After I got web
whiteboard working I haven't looked back...)
This may be also of interest
1. A simple react frontend example as an OSGi bundle, using web
whiteboard
https://github.com/steinarb/frontend-karaf-demo
a. Use maven to compile a frontend into a bundle.js file that is
added as a resource in the OSGi bundle
https://github.com/steinarb/frontend-karaf-demo/blob/master/pom.xml#L105
https://github.com/steinarb/frontend-karaf-demo/tree/master/src/main/frontend
b. Create a web whiteboard servlet that serves the bundle.js on all
paths leading to your webapp
https://github.com/steinarb/frontend-karaf-demo/blob/master/src/main/java/no/priv/bang/demos/frontendkarafdemo/ReactServlet.java#L24
2. A serving a jersey REST service as an OSGi bundle, using web
whiteboard
https://github.com/steinarb/jersey-karaf-feature
Re: Authentication in a custom web application in karaf
Posted by cooshal <ku...@gmail.com>.
Hi:
thank you for your reply.
Thank you for sharing the project. I looked at the project, but I guess this
implementation is too complicated for my current needs. I have an extremely
simply HTML/JS application, for which I want it to be authenticated using
karaf realm, for example.
I was following a sample from pax-web repo for the configuration stuffs,
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/wab-jetty-web.
I could configure the web.xml file and set the authentication stuffs there.
This works perfectly fine, if I package my app as a war, but this does not
work if I package it as a bundle. That is where I got stuck.
Regards,
Cooshal.
--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Re: Authentication in a custom web application in karaf
Posted by Steinar Bang <sb...@dod.no>.
>>>>> cooshal <ku...@gmail.com>:
> Hi:
> I have a sample web application, which I need to be protected by
> authentication, just the way it does for Hawtio or other similar
> applications.
> I have my sample code here
> (https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console).
> t's an extremely basic web app with an index.html. The endpoint will be
> exposed to /management/. I am trying to use it with the maven-bundle-plugin.
> I had followed few examples from pax-web project.
I've written this:
https://github.com/steinarb/authservice
You can try it out by doing the following commands from the karaf
command line:
feature:repo-add mvn:no.priv.bang.authservice/authservice/LATEST/xml/features
feature:install user-admin-with-derby
This will add an authservice webapp at http://localhost:8181/authservice
You can log in with e.g. admin/admin or jad/1ad (the "admin" user has
user administration privileges).
The webapp is running from a derby database initialized with dummy data.
To use this as authentication for a different web application you
currently have to access the web application to a reverse proxy that can
rewrite the cookie path for the authentication cookies. I have setup
for nginx in the README, but I'm sure apache can be used as well.
In the web application you will need to use apache shiro and accept OSGi
service injections for the Realm and SessionDAO interfaces.