On Tue, Feb 15, 2011 at 16:08, Charles Moulliard <[email protected]> wrote: > Why don't we use pax-exam whiteboard for doing that (registering the > camelServlet + JAASecurity) ?
Well, we could, but that would not work on anything else than pax-web. Felix and Equinox both provide their own http service, and i don't really see why we would not support those. > It could be also interesting that we provide a Generic Servlet Filter > to work with JAAS of Karaf. In this case, we don't have to create for > each servlet that we would like to use its own JAAS SecurityManager + > HttpContext? Not sure to follow. What I had suggested was to improve the camel-servlet to better behave when deployed as an OSGi bundle. So that would be done only once I think. But you're right that the security bits may be different if you want to use spring-security or jaas, as it's done in Karaf. The problem with not using JAAS is that you end up with a lot more dependencies and being tie to a given project. Maybe at some point we'll need a security abstraction in Camel, not sure though... I guess if it's too specific to Karaf, we could put an enhanced version of camel-servlet into http://svn.apache.org/repos/asf/camel/trunk/platforms/karaf/ > On Fri, Jan 14, 2011 at 5:36 PM, Guillaume Nodet <[email protected]> wrote: >> Shouldn't the component be registered automatically using an activator ? >> Registering a serlvet is not the standard way in OSGi, it would only work >> with pax-web. >> So I think registering the servlet directly in the HttpService would allow >> you to create your own HttpContext and use it to do the authentication. >> >> Though forcing the use of JAAS may not be a good idea from a pure Karaf >> perspective ... >> >> On Fri, Jan 14, 2011 at 08:27, Guillaume Nodet <[email protected]> wrote: >> >>> Right, see how it's done in Karaf for the web console: >>> >>> http://svn.apache.org/repos/asf/karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java >>> >>> That one is called by the HttpContext created by the webconsole in the >>> handleSecurity() method: >>> >>> http://svn.apache.org/repos/asf/felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java >>> >>> On Fri, Jan 14, 2011 at 07:33, Achim Nierbeck >>> <[email protected]>wrote: >>> >>>> I think for the OSGI Servlets, the OSGi container does the security >>>> directly like done with the webconsole plugin. Could you please take a >>>> look at it. Never the less I will take a deeper look at this later >>>> today :) >>>> >>>> >>>> 2011/1/14 Charles Moulliard <[email protected]>: >>>> > Hi, >>>> > >>>> > I have deployed successfully camel OSGI Servlet (as mentioned in the >>>> > wiki page updated of camel) - 2.6-SNAPSHOT and being able to use it >>>> > with a camel >>>> > >>>> > Now I would like to configure jetty using the configuration file >>>> > deployed in /etc/jetty.xml like this >>>> > >>>> > <?xml version="1.0" encoding="UTF-8"?> >>>> > <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting// DTD >>>> > Configure//EN" "http://jetty.mortbay.org/configure.dtd";> >>>> > <Configure class="org.eclipse.jetty.server.Server"> >>>> > >>>> > <!-- =========================================================== --> >>>> > <!-- Set connectors --> >>>> > <!-- =========================================================== --> >>>> > <!-- One of each type! --> >>>> > <!-- =========================================================== --> >>>> > >>>> > <!-- Use this connector for many frequently idle connections >>>> > and for threadless continuations. >>>> > --> >>>> > <Call name="addConnector"> >>>> > <Arg> >>>> > <New >>>> class="org.eclipse.jetty.server.nio.SelectChannelConnector"> >>>> > <Set name="host"><Property name="jetty.host"/></Set> >>>> > <Set name="port"><Property name="jetty.port" >>>> default="8282"/></Set> >>>> > <Set name="maxIdleTime">300000</Set> >>>> > <Set name="Acceptors">2</Set> >>>> > <Set name="statsOn">false</Set> >>>> > <Set name="confidentialPort">8443</Set> >>>> > <Set name="lowResourcesConnections">20000</Set> >>>> > <Set name="lowResourcesMaxIdleTime">5000</Set> >>>> > </New> >>>> > </Arg> >>>> > </Call> >>>> > >>>> > <Call name="addBean"> >>>> > <Arg> >>>> > <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> >>>> > <Set name="name">karaf</Set> >>>> > <Set name="loginModuleName">karaf</Set> >>>> > </New> >>>> > </Arg> >>>> > </Call> >>>> > >>>> > - This option is enable using the following property : >>>> > org.ops4j.pax.web.config.file=./etc/jetty.xml >>>> > - The security is enable with the JAASLoginService >>>> > >>>> > Unfortunately the client is not authenticated when the browser sends >>>> > the request to the Jetty Server and receive well an answer from camel >>>> > route. >>>> > >>>> > Any idea is welcome ? >>>> > >>>> > Here is the list of bundles deployed. >>>> > >>>> > [ 240] [Active ] [ ] [ ] [ 60] camel-http >>>> > (2.6.0.SNAPSHOT) >>>> > [ 241] [Active ] [ ] [ ] [ 60] camel-servlet >>>> > (2.6.0.SNAPSHOT) >>>> > [ 242] [Active ] [ ] [ ] [ 60] CAMEL :: OSGI :: >>>> > Servlet (1.0.0) >>>> > [ 248] [Active ] [ ] [Started] [ 60] spring-context.xml >>>> (0.0.0) >>>> > [ 249] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > Extender - Whiteboard (0.8.2.SNAPSHOT) >>>> > [ 250] [Active ] [ ] [ ] [ 60] OPS4J Pax Url - >>>> > war:, war-i: (1.2.1) >>>> > [ 251] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > Jsp Support (0.8.2.SNAPSHOT) >>>> > [ 252] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > Extender - WAR (0.8.2.SNAPSHOT) >>>> > [ 253] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > FileInstall Deployer (0.8.2.SNAPSHOT) >>>> > [ 254] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > API (0.8.2.SNAPSHOT) >>>> > [ 255] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > Service SPI (0.8.2.SNAPSHOT) >>>> > [ 256] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > Runtime (0.8.2.SNAPSHOT) >>>> > [ 257] [Active ] [ ] [ ] [ 60] OPS4J Pax Web - >>>> > Jetty (0.8.2.SNAPSHOT) >>>> > [ 269] [Active ] [ ] [ ] [ 60] Jetty :: >>>> > Utilities (7.2.2.v20101205) >>>> > [ 270] [Active ] [ ] [ ] [ 60] Jetty :: Plus >>>> > (7.2.2.v20101205) >>>> > [ 271] [Active ] [ ] [ ] [ 60] Jetty :: JNDI >>>> > Naming (7.2.2.v20101205) >>>> > >>>> > >>>> > >>>> > Regards, >>>> > >>>> > >>>> > Charles Moulliard >>>> > >>>> > Sr. Principal Solution Architect - FuseSource >>>> > Apache Committer >>>> > >>>> > Blog : http://cmoulliard.blogspot.com >>>> > Twitter : http://twitter.com/cmoulliard >>>> > Linkedin : http://www.linkedin.com/in/charlesmoulliard >>>> > Skype: cmoulliard >>>> > >>>> >>> >>> >>> >>> -- >>> Cheers, >>> Guillaume Nodet >>> ------------------------ >>> Blog: http://gnodet.blogspot.com/ >>> ------------------------ >>> Open Source SOA >>> http://fusesource.com >>> >>> >>> >> >> >> -- >> Cheers, >> Guillaume Nodet >> ------------------------ >> Blog: http://gnodet.blogspot.com/ >> ------------------------ >> Open Source SOA >> http://fusesource.com >> > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
