You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Hilderich <hi...@yahoo.de> on 2014/11/03 12:12:17 UTC
Re: Adding jaas authentication to a cxf endpoint in karaf
Hello Christian,
I did exactly as you described above but no authentication mechanism is
triggered. I have tried your two approaches as well and no authentication
mechanism ever came into action. Maybe there is something wrong with my
versions:
Apache Karaf 2.3.2
Apache CXF 2.7.6
Apache Camel 2.11.1
I have read this
https://issues.apache.org/jira/browse/CXF-5863
but I am not sure if this is the reason.
Last week I have commenced with an update to Karaf 3.0.2 but so far I am not
able to start my bundle because cxf bus in blueprint cannot initialized
(this part in bluprint.xml: <httpj:engine-factory bus="cxf">). Probably this
has something to do with wrong versions and missing imports. I am very
discouraged.
Kind regards,
Hilderich
--
View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758448.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Hilderich <hi...@yahoo.de>.
Hello Daniel,
Unfortunately I have worked almost 4 days to incorporate a Basic
Authentication to Karaf, CXF, Camel and Blueprint but with no success.
This Java domain, OSGi and its frameworks, is quite difficult to grasp
though I have read partly OSGi in Action and Enterprise OSGi in Action.
How many years you think I need to get a member of these secret bond of the
known?
Seriously, I have to do it in my leisure time to shift it to Karaf 3.0.2.
However I don't know if it wil help to establish a Basic Authentication.
I will report here next.
Kind regards,
Hilderich
--
View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758494.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Daniel Kulp <dk...@apache.org>.
I’ll let Sergey handle most of this, but…..
> On Nov 3, 2014, at 6:12 AM, Hilderich <hi...@yahoo.de> wrote:
>
>
> Last week I have commenced with an update to Karaf 3.0.2 but so far I am not
> able to start my bundle because cxf bus in blueprint cannot initialized
> (this part in bluprint.xml: <httpj:engine-factory bus="cxf">). Probably this
> has something to do with wrong versions and missing imports. I am very
> discouraged.
>
I’m a bit curious by this one. Do you have a test case for this? I’d really like to know what would cause this.
--
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 03/11/14 14:42, Hilderich wrote:
> Hello Sergey,
>
> First of all what you have suggested I have done as you can see above. But
> this incorporation of an interceptor has no effect and no one requires a
> login if I do a request to the address in my browser.
> My question about JAAS was intended to get a feedback from you if I have
> grasp JAAS correctly. In Karaf the JAAS login mechanism looks into
> <karaf_home>/etc/users.properties, isn't it?
As far as I recall yes
> I don't know what you mean when you are talking about anonymous users and I
> cannot find any property /allowAnonymous/. I just want to know if one entry
> as stated above in users.propties is enough
> for an authorization?
No, that entry should be enough for populating a security context -
which still needs to be acted upon.
>However this is not the point at the moment because no
> one is asking for any authorization - what a shame.
>
I do not even recall you talking about the authorization in this thread
before so I'm not sure why you are surprised.
What is you plan to enforce the authorization, do you use RBAC rules
like @RolesAllowed
> Do I have to create any web app context file for any other authentication
> stuff beyond /blueprint.xml/ and /users.properties/? Do I have to configure
> <karaf_home>/etc/org.apache.karaf.jaas.cfg ???
>
No idea - ask at the Karaf list. As far as CXF is concerned, please
check the same page I linked to earlier on how to set up simple
authorizing interceptors which can check RolesAllowed.
By the way: sorry if I hijacked the thread - may be the solution
proposed originally should've been explored till the end...
Thanks, Sergey
> Kind regards,
> Hilderich
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758462.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Hilderich <hi...@yahoo.de>.
Hello Sergey,
First of all what you have suggested I have done as you can see above. But
this incorporation of an interceptor has no effect and no one requires a
login if I do a request to the address in my browser.
My question about JAAS was intended to get a feedback from you if I have
grasp JAAS correctly. In Karaf the JAAS login mechanism looks into
<karaf_home>/etc/users.properties, isn't it?
I don't know what you mean when you are talking about anonymous users and I
cannot find any property /allowAnonymous/. I just want to know if one entry
as stated above in users.propties is enough
for an authorization? However this is not the point at the moment because no
one is asking for any authorization - what a shame.
Do I have to create any web app context file for any other authentication
stuff beyond /blueprint.xml/ and /users.properties/? Do I have to configure
<karaf_home>/etc/org.apache.karaf.jaas.cfg ???
Kind regards,
Hilderich
--
View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758462.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 03/11/14 14:09, Hilderich wrote:
> Hello Sergey,
>
> Thank your for your help. I've tried as here:
>
>
>
> In /<karaf_home>/etc/users.properties/ is one entry:
>
> *karaf=karaf,admin*
>
> I think this should be okay, isn't it?
>
> If I understand JAAS correctly any login is referenced to users.properties
> and if a match exist you are authorized.
> However so far no login is required at the moment and that is the problem at
> all.
>
Do you mean that anonymous users are still accepted ? if so then the
interceptor's allowAnonymous property should be set to false
Cheers, Sergey
> Kind regards,
> Hilderich
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758455.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Hilderich <hi...@yahoo.de>.
Hello Sergey,
Thank your for your help. I've tried as here:
In /<karaf_home>/etc/users.properties/ is one entry:
*karaf=karaf,admin*
I think this should be okay, isn't it?
If I understand JAAS correctly any login is referenced to users.properties
and if a match exist you are authorized.
However so far no login is required at the moment and that is the problem at
all.
Kind regards,
Hilderich
--
View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758455.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Adding jaas authentication to a cxf endpoint in karaf
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
Can CXF JAASLoginInterceptor help ?
CXF endpoint declaration in Spring or Blueprint with its interceptors
section referencing JAASLoginInterceptor (with one or two properties
set) is all what is needed to have a user authenticated against JAAS, be
it in Karaf or Tomcat.
http://cxf.apache.org/docs/security.html#Security-JAASLoginInterceptor
Thanks, Sergey
On 03/11/14 11:12, Hilderich wrote:
> Hello Christian,
>
> I did exactly as you described above but no authentication mechanism is
> triggered. I have tried your two approaches as well and no authentication
> mechanism ever came into action. Maybe there is something wrong with my
> versions:
>
> Apache Karaf 2.3.2
> Apache CXF 2.7.6
> Apache Camel 2.11.1
>
> I have read this
>
> https://issues.apache.org/jira/browse/CXF-5863
>
> but I am not sure if this is the reason.
>
> Last week I have commenced with an update to Karaf 3.0.2 but so far I am not
> able to start my bundle because cxf bus in blueprint cannot initialized
> (this part in bluprint.xml: <httpj:engine-factory bus="cxf">). Probably this
> has something to do with wrong versions and missing imports. I am very
> discouraged.
>
> Kind regards,
> Hilderich
>
>
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758448.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>