[
https://issues.apache.org/activemq/browse/SM-842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guillaume Nodet updated SM-842:
-------------------------------
Affects Version/s: (was: 3.2)
3.1
Fix Version/s: 3.1.1
Summary: AuthenticationService set on the configuration is not
used (was: about security in servicemix-http (3.2-SNAPSHOT))
> AuthenticationService set on the configuration is not used
> ----------------------------------------------------------
>
> Key: SM-842
> URL: https://issues.apache.org/activemq/browse/SM-842
> Project: ServiceMix
> Issue Type: Bug
> Components: servicemix-http
> Affects Versions: 3.1
> Environment: linux, intel, normal pc
> Reporter: Eduardo Burgos
> Priority: Critical
> Fix For: 3.1.1, 3.2
>
> Attachments: JettyContextManager.java
>
> Original Estimate: 10 minutes
> Remaining Estimate: 10 minutes
>
> I have a servicemix running and I was trying to take over the security
> (including jetty), so I first went to read about servicemix-http in the
> official site and I found out about the "authenticationService" property in
> the http:component.
> First I found out that there are 3 places where you can set this property,
> the first one is the http:component itself, then the
> "AuthenticationServiceName" property in the http:configuration and the
> "authenticationService" property in the http:configuration. That's ok, I made
> my own authenticationService by implementing AuthenticationService interface
> and I set it on the http:component. The problem I had is that no matter which
> of the 3 properties I set, my authenticationService wont take over jetty. So
> I gave a look at the code to both jetty and servicemix-http and I solved my
> problem by modifying a class in servicemix-http. I'll explain the changes
> below:
>
>
> class: JettyContextManager.java (
> servicemix/trunk/deployables/bindingcomponents/servicemix-http/src/main/java/org/apache/servicemix/http/jetty/JettyContextManager.java
> )
>
> svn version: line 198-199
>
> secHandler.setUserRealm(new JaasUserRealm());
> context.setHandler(secHandler);
>
> modified version: line 198-204
>
> JaasUserRealm realm = new JaasUserRealm();
> if (configuration.getAuthenticationService()!= null)
> {
>
> realm.setAuthenticationService(configuration.getAuthenticationService());
> }
> secHandler.setUserRealm(realm);
> context.setHandler(secHandler);
>
>
> So basically the problem I was having is that even if I set an
> authenticationService for my configuration, when jetty was creating the
> JaasUserRealm it was ignoring my settings and was creating a default
> JaasAuthenticationService in its constructor, so I modified it to take into
> account the configuration's authenticationService to be able to use it on the
> newly created JaasUserRealm.
> I will attach my JettyContextManager.java
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
