You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@karaf.apache.org by "z8sbk@yahoo.com.ar.INVALID" <z8...@yahoo.com.ar.INVALID> on 2023/04/19 19:52:38 UTC
which is the right way to use Spring MVC and Spring Security in Karaf?
Hi, I'm tyring to use Spring MVC to expose some business logic already coded in bundles through @Controller endpoints and secure them using Spring Security.
In 4.2.15, when installing spring-security feature, the following dependencies are added:
karaf@root()> feature:install spring-securitykaraf@root()> la | grep -i spring 69 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-aop 70 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-beans 71 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-context 72 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-context-support 73 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-core 74 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-expression 75 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-jdbc 76 | Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-acl 77 | Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-config 78 | Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-core 79 | Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-taglibs 80 | Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-web 81 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-tx 82 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-web 83 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-webmvc
As far as I understand (I'm very new to Spring) if there's a spring-security feature, It can be use, more, you could use Spring to code your bundles, but I'm very confused.Since the feature adds spring-web and spring-webmvc dependencies, It means that I will be using Spring MVC, which is "programatically" different from Spring Boot. Also, I found that there's something called Spring Dynamic Modules which google/stackoverflow says it's already dead (or almost).
How should I use Spring MVC in Karaf? How could a bundle activator starts a Spring app? Does anyonw have an example on using Spring MVC and Spring Security in Karaf?
Thank you very much in advanced.Nick.
Re: which is the right way to use Spring MVC and Spring Security in Karaf?
Posted by "z8sbk@yahoo.com.ar.INVALID" <z8...@yahoo.com.ar.INVALID>.
Thank you very very much Grzegorz for this complete answer. I'll start playing with the Pax Web examples and probably write again :)
El jueves, 20 de abril de 2023, 02:40:37 ART, Grzegorz Grzybek <gr...@gmail.com> escribió:
Hello
If you are new to Spring and know a bit more about OSGi then there's some
explanation required.
- spring-mvc (and spring-web) helps you a lot with standard JavaEE web
applications (where you have a WAR application with WEB-INF/web.xml). With
Spring you need only one Servlet - the "dispatcher servlet" and the rest is
handled by Spring, including various (better than JSP) view technologies
like Thymeleaf)
- Spring DM (a.k.a. Spring OSGi) is ancient Spring project from the
golden age of OSGi around the time of Spring 2.5/3.0 and is no longer
maintained, which means Spring has no interest in integration Spring's
application context's lifecycle to OSGi lifecycle
- OSGi on the other hand always promoted separation of deployments
(bundles / packages) where your applications are sets of bundles working
together (or not being aware of each other if needed)
Karaf itself, for web purposes uses Pax Web project. And with Karaf 4.4
it's Pax Web 8 which is complete refactor of previous versions. Most of the
functionality is not changed, just polished and made consistent across
different runtimes (Jetty, Tomcat, Undertow).
The easiest way to use Spring MVC application is to use pure WAB installed
using webbundle: URI. Pax Web has two samples:
-
https://github.com/ops4j/org.ops4j.pax.web/tree/web-8.0.20/samples/samples-war/war-spring
-
https://github.com/ops4j/org.ops4j.pax.web/tree/web-8.0.20/samples/samples-war/war-spring-wired
The first one is full WAR with Spring libraries packaged in WEB-INF/lib and
it has to be installed using
webbundle:mvn:org.ops4j.pax.web.samples/war-spring/8.0.20/war?Web-ContextPath=/path-of-your-choice
The second one is a WAB (Web Application Bundle) which can be installed
with mvn:org.ops4j.pax.web.samples/war-spring-wired/8.0.20/war, but the
dependencies (Spring libraries) have to be installed separately - for
example using Karaf's "spring" and "spring-web" features.
The first approach is easier, but less in the spirit of OSGi.
Please have a look at the samples (available directly from Maven Central:
https://repo1.maven.org/maven2/org/ops4j/pax/web/samples/ and if you have
more questions, do not hesitate to ask here.
regards
Grzegorz Grzybek
śr., 19 kwi 2023 o 21:52 z8sbk@yahoo.com.ar.INVALID
<z8...@yahoo.com.ar.invalid> napisał(a):
> Hi, I'm tyring to use Spring MVC to expose some business logic already
> coded in bundles through @Controller endpoints and secure them using Spring
> Security.
>
> In 4.2.15, when installing spring-security feature, the following
> dependencies are added:
> karaf@root()> feature:install spring-securitykaraf@root()> la | grep -i
> spring 69 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles ::
> spring-aop 70 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles ::
> spring-beans 71 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles
> :: spring-context 72 | Active | 30 | 5.3.9.1 | Apache ServiceMix ::
> Bundles :: spring-context-support 73 | Active | 30 | 5.3.9.1 | Apache
> ServiceMix :: Bundles :: spring-core 74 | Active | 30 | 5.3.9.1 |
> Apache ServiceMix :: Bundles :: spring-expression 75 | Active | 30 |
> 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-jdbc 76 | Active | 30
> | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-acl 77 |
> Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles ::
> spring-security-config 78 | Active | 30 | 5.4.6.1 | Apache ServiceMix
> :: Bundles :: spring-security-core 79 | Active | 30 | 5.4.6.1 | Apache
> ServiceMix :: Bundles :: spring-security-taglibs 80 | Active | 30 |
> 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-web 81 | Active
> | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-tx 82 | Active
> | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-web 83 | Active
> | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-webmvc
>
> As far as I understand (I'm very new to Spring) if there's a
> spring-security feature, It can be use, more, you could use Spring to code
> your bundles, but I'm very confused.Since the feature adds spring-web
> and spring-webmvc dependencies, It means that I will be using Spring MVC,
> which is "programatically" different from Spring Boot. Also, I found that
> there's something called Spring Dynamic Modules which google/stackoverflow
> says it's already dead (or almost).
>
> How should I use Spring MVC in Karaf? How could a bundle activator starts
> a Spring app? Does anyonw have an example on using Spring MVC and Spring
> Security in Karaf?
> Thank you very much in advanced.Nick.
>
>
Re: which is the right way to use Spring MVC and Spring Security in Karaf?
Posted by Grzegorz Grzybek <gr...@gmail.com>.
Hello
If you are new to Spring and know a bit more about OSGi then there's some
explanation required.
- spring-mvc (and spring-web) helps you a lot with standard JavaEE web
applications (where you have a WAR application with WEB-INF/web.xml). With
Spring you need only one Servlet - the "dispatcher servlet" and the rest is
handled by Spring, including various (better than JSP) view technologies
like Thymeleaf)
- Spring DM (a.k.a. Spring OSGi) is ancient Spring project from the
golden age of OSGi around the time of Spring 2.5/3.0 and is no longer
maintained, which means Spring has no interest in integration Spring's
application context's lifecycle to OSGi lifecycle
- OSGi on the other hand always promoted separation of deployments
(bundles / packages) where your applications are sets of bundles working
together (or not being aware of each other if needed)
Karaf itself, for web purposes uses Pax Web project. And with Karaf 4.4
it's Pax Web 8 which is complete refactor of previous versions. Most of the
functionality is not changed, just polished and made consistent across
different runtimes (Jetty, Tomcat, Undertow).
The easiest way to use Spring MVC application is to use pure WAB installed
using webbundle: URI. Pax Web has two samples:
-
https://github.com/ops4j/org.ops4j.pax.web/tree/web-8.0.20/samples/samples-war/war-spring
-
https://github.com/ops4j/org.ops4j.pax.web/tree/web-8.0.20/samples/samples-war/war-spring-wired
The first one is full WAR with Spring libraries packaged in WEB-INF/lib and
it has to be installed using
webbundle:mvn:org.ops4j.pax.web.samples/war-spring/8.0.20/war?Web-ContextPath=/path-of-your-choice
The second one is a WAB (Web Application Bundle) which can be installed
with mvn:org.ops4j.pax.web.samples/war-spring-wired/8.0.20/war, but the
dependencies (Spring libraries) have to be installed separately - for
example using Karaf's "spring" and "spring-web" features.
The first approach is easier, but less in the spirit of OSGi.
Please have a look at the samples (available directly from Maven Central:
https://repo1.maven.org/maven2/org/ops4j/pax/web/samples/ and if you have
more questions, do not hesitate to ask here.
regards
Grzegorz Grzybek
śr., 19 kwi 2023 o 21:52 z8sbk@yahoo.com.ar.INVALID
<z8...@yahoo.com.ar.invalid> napisał(a):
> Hi, I'm tyring to use Spring MVC to expose some business logic already
> coded in bundles through @Controller endpoints and secure them using Spring
> Security.
>
> In 4.2.15, when installing spring-security feature, the following
> dependencies are added:
> karaf@root()> feature:install spring-securitykaraf@root()> la | grep -i
> spring 69 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles ::
> spring-aop 70 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles ::
> spring-beans 71 | Active | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles
> :: spring-context 72 | Active | 30 | 5.3.9.1 | Apache ServiceMix ::
> Bundles :: spring-context-support 73 | Active | 30 | 5.3.9.1 | Apache
> ServiceMix :: Bundles :: spring-core 74 | Active | 30 | 5.3.9.1 |
> Apache ServiceMix :: Bundles :: spring-expression 75 | Active | 30 |
> 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-jdbc 76 | Active | 30
> | 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-acl 77 |
> Active | 30 | 5.4.6.1 | Apache ServiceMix :: Bundles ::
> spring-security-config 78 | Active | 30 | 5.4.6.1 | Apache ServiceMix
> :: Bundles :: spring-security-core 79 | Active | 30 | 5.4.6.1 | Apache
> ServiceMix :: Bundles :: spring-security-taglibs 80 | Active | 30 |
> 5.4.6.1 | Apache ServiceMix :: Bundles :: spring-security-web 81 | Active
> | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-tx 82 | Active
> | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-web 83 | Active
> | 30 | 5.3.9.1 | Apache ServiceMix :: Bundles :: spring-webmvc
>
> As far as I understand (I'm very new to Spring) if there's a
> spring-security feature, It can be use, more, you could use Spring to code
> your bundles, but I'm very confused.Since the feature adds spring-web
> and spring-webmvc dependencies, It means that I will be using Spring MVC,
> which is "programatically" different from Spring Boot. Also, I found that
> there's something called Spring Dynamic Modules which google/stackoverflow
> says it's already dead (or almost).
>
> How should I use Spring MVC in Karaf? How could a bundle activator starts
> a Spring app? Does anyonw have an example on using Spring MVC and Spring
> Security in Karaf?
> Thank you very much in advanced.Nick.
>
>