I now did some more in detail inspection, the exception is thrown while
loginContext.login() is executed and somehow it seems to be somewhere
invokePriv(LOGIN_METHOD); <<< Here in class LoginContext
invokePriv(COMMIT_METHOD);
private void invokePriv(final String methodName) throws LoginException {
try {
java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction() {
public Object run() throws LoginException {
invoke(methodName); <<<---- Here
return null;
}
});
// instantiate the LoginModule
Class c = Class.forName <<< This class is not found
:(
(moduleStack[i].entry.getLoginModuleName(),
true,
contextClassLoader);
This is the contextClassLoader:
BundleClassLoader{bundle=org.apache.felix.webconsole_3.1.0 [95],parent=null}
parent=null doesn't seem to be right, or am I wrong?
At least this is the place where the CNF Exception is comming from.
When I hit a packages:exports 0
I can see the package in question though.
...
OSGi System Bundle (0): org.apache.karaf.jaas.boot;
version="1.99.0.SNAPSHOT"
OSGi System Bundle (0): org.apache.karaf.version; version="1.99.0.SNAPSHOT"
...
any ideas so far?
Achim Nierbeck wrote:
>
> Unfortunately, it still doesn't work. I now use the original
> config.properties and use the custom.properties to configure to use
> equinox as osgi framework
>
>
> Achim Nierbeck wrote:
>>
>> Ok, somehow i merged the jaas.boot stuff to system.packages.extra and not
>> to system.packages :(
>>
>> One more thing about the exception, I think a WARN with the Information
>> that there has been an Exception could be logged.
>>
>> Now I will try with the "right" configuration. Another PEBKAC :(
>>
>>
>> Guillaume Nodet wrote:
>>>
>>> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <[email protected]>
>>> wrote:
>>>>
>>>> OK, got it.
>>>>
>>>> Got an LoginException which says it can't find the class
>>>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>>>
>>>> but just to mention, I don't think it is a good style to catch an
>>>> exception
>>>> and not to do anything with it.
>>>> At leas you should log a warning, just for the records :)
>>>
>>> Yes, but the problem is that this is a security related exception, so
>>> you certainly don't want to expose passwords in the log ...
>>> We've had users complaining about such exposure of sensitive data.
>>>
>>>>
>>>> Now, what can I do about the "missing" Class :-)
>>>>
>>>
>>> I bet you changed the default config.properties. The
>>> org.apache.karaf.jaas.boot should be boot delegated.
>>>
>>>>
>>>> Guillaume Nodet wrote:
>>>>>
>>>>> Yeah, debugging is a good solution in that case.
>>>>> You should try to put a breakpoint in
>>>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>>>> and see what happens.
>>>>> If you don't hit that breakpoint, it means the webconsole does not see
>>>>> karaf authenticator, else you should see an exception in that method.
>>>>>
>>>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck
>>>>> <[email protected]>
>>>>> wrote:
>>>>>>
>>>>>> That's what is driving me nuts, I do not have any exceptions.
>>>>>> It asks me for the credentials over and over again :(
>>>>>>
>>>>>> I just started the whole server with DEBUG log level and the sift
>>>>>> logger
>>>>>> enabled.
>>>>>> It looks like I'm not authorized, I'll attach the
>>>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>>>
>>>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>>>
>>>>>>
>>>>>> Guillaume Nodet wrote:
>>>>>>>
>>>>>>> Any exception in the log ? Also, I'm not sure to understand what you
>>>>>>> see, is the http request denied ?
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>>>> <[email protected]>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> I already did that, and I also configured
>>>>>>>> the pax-web Container with the following file:
>>>>>>>>
>>>>>>>> org.ops4j.pax.web.cfg
>>>>>>>>
>>>>>>>> and the following properties:
>>>>>>>>
>>>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>>>> org.osgi.service.http.port=8080
>>>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>>>
>>>>>>>> so if I call
>>>>>>>>
>>>>>>>> http://localhost:8080/system/console
>>>>>>>>
>>>>>>>> i do get the request for username and passwort, but I'm still not
>>>>>>>> able
>>>>>>>> to
>>>>>>>> get to the webconsole,
>>>>>>>> which is quite strange since I did this also with the Karaf 1.6.0
>>>>>>>> release
>>>>>>>> where it did work.
>>>>>>>>
>>>>>>>>
>>>>>>>> Guillaume Nodet wrote:
>>>>>>>>>
>>>>>>>>> I think that' s because the webconsole feature has some additional
>>>>>>>>> config:
>>>>>>>>>
>>>>>>>>> <config name="org.apache.karaf.webconsole">
>>>>>>>>> realm=karaf
>>>>>>>>> </config>
>>>>>>>>>
>>>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg in the etc
>>>>>>>>> dir
>>>>>>>>> with the above properties, it should work.
>>>>>>>>>
>>>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>>>> <[email protected]>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some additional
>>>>>>>>>> bundles.
>>>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>>>> spring
>>>>>>>>>> spring-dm
>>>>>>>>>> http
>>>>>>>>>> war
>>>>>>>>>> webconsole
>>>>>>>>>>
>>>>>>>>>> and some additional bundles for all kinds of apache commons
>>>>>>>>>> stuff.
>>>>>>>>>>
>>>>>>>>>> when i call the webconsole I do get the prompt for the
>>>>>>>>>> credentials,
>>>>>>>>>> but
>>>>>>>>>> they
>>>>>>>>>> are not accepted.
>>>>>>>>>>
>>>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those features
>>>>>>>>>> later it
>>>>>>>>>> works,
>>>>>>>>>> so I don't know right now where the
>>>>>>>>>> problem is.
>>>>>>>>>>
>>>>>>>>>> Thanks in advance :)
>>>>>>>>>>
>>>>>>>>>> Achim
>>>>>>>>>> --
>>>>>>>>>> View this message in context:
>>>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Cheers,
>>>>>>>>> Guillaume Nodet
>>>>>>>>> ------------------------
>>>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>>>> ------------------------
>>>>>>>>> Open Source SOA
>>>>>>>>> http://fusesource.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Guillaume Nodet
>>>>>>> ------------------------
>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>> ------------------------
>>>>>>> Open Source SOA
>>>>>>> http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Guillaume Nodet
>>>>> ------------------------
>>>>> Blog: http://gnodet.blogspot.com/
>>>>> ------------------------
>>>>> Open Source SOA
>>>>> http://fusesource.com
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>>
>>>
>>
>> Guillaume Nodet wrote:
>>>
>>> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <[email protected]>
>>> wrote:
>>>>
>>>> OK, got it.
>>>>
>>>> Got an LoginException which says it can't find the class
>>>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>>>
>>>> but just to mention, I don't think it is a good style to catch an
>>>> exception
>>>> and not to do anything with it.
>>>> At leas you should log a warning, just for the records :)
>>>
>>> Yes, but the problem is that this is a security related exception, so
>>> you certainly don't want to expose passwords in the log ...
>>> We've had users complaining about such exposure of sensitive data.
>>>
>>>>
>>>> Now, what can I do about the "missing" Class :-)
>>>>
>>>
>>> I bet you changed the default config.properties. The
>>> org.apache.karaf.jaas.boot should be boot delegated.
>>>
>>>>
>>>> Guillaume Nodet wrote:
>>>>>
>>>>> Yeah, debugging is a good solution in that case.
>>>>> You should try to put a breakpoint in
>>>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>>>> and see what happens.
>>>>> If you don't hit that breakpoint, it means the webconsole does not see
>>>>> karaf authenticator, else you should see an exception in that method.
>>>>>
>>>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck
>>>>> <[email protected]>
>>>>> wrote:
>>>>>>
>>>>>> That's what is driving me nuts, I do not have any exceptions.
>>>>>> It asks me for the credentials over and over again :(
>>>>>>
>>>>>> I just started the whole server with DEBUG log level and the sift
>>>>>> logger
>>>>>> enabled.
>>>>>> It looks like I'm not authorized, I'll attach the
>>>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>>>
>>>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>>>
>>>>>>
>>>>>> Guillaume Nodet wrote:
>>>>>>>
>>>>>>> Any exception in the log ? Also, I'm not sure to understand what you
>>>>>>> see, is the http request denied ?
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>>>> <[email protected]>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> I already did that, and I also configured
>>>>>>>> the pax-web Container with the following file:
>>>>>>>>
>>>>>>>> org.ops4j.pax.web.cfg
>>>>>>>>
>>>>>>>> and the following properties:
>>>>>>>>
>>>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>>>> org.osgi.service.http.port=8080
>>>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>>>
>>>>>>>> so if I call
>>>>>>>>
>>>>>>>> http://localhost:8080/system/console
>>>>>>>>
>>>>>>>> i do get the request for username and passwort, but I'm still not
>>>>>>>> able
>>>>>>>> to
>>>>>>>> get to the webconsole,
>>>>>>>> which is quite strange since I did this also with the Karaf 1.6.0
>>>>>>>> release
>>>>>>>> where it did work.
>>>>>>>>
>>>>>>>>
>>>>>>>> Guillaume Nodet wrote:
>>>>>>>>>
>>>>>>>>> I think that' s because the webconsole feature has some additional
>>>>>>>>> config:
>>>>>>>>>
>>>>>>>>> <config name="org.apache.karaf.webconsole">
>>>>>>>>> realm=karaf
>>>>>>>>> </config>
>>>>>>>>>
>>>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg in the etc
>>>>>>>>> dir
>>>>>>>>> with the above properties, it should work.
>>>>>>>>>
>>>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>>>> <[email protected]>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some additional
>>>>>>>>>> bundles.
>>>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>>>> spring
>>>>>>>>>> spring-dm
>>>>>>>>>> http
>>>>>>>>>> war
>>>>>>>>>> webconsole
>>>>>>>>>>
>>>>>>>>>> and some additional bundles for all kinds of apache commons
>>>>>>>>>> stuff.
>>>>>>>>>>
>>>>>>>>>> when i call the webconsole I do get the prompt for the
>>>>>>>>>> credentials,
>>>>>>>>>> but
>>>>>>>>>> they
>>>>>>>>>> are not accepted.
>>>>>>>>>>
>>>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those features
>>>>>>>>>> later it
>>>>>>>>>> works,
>>>>>>>>>> so I don't know right now where the
>>>>>>>>>> problem is.
>>>>>>>>>>
>>>>>>>>>> Thanks in advance :)
>>>>>>>>>>
>>>>>>>>>> Achim
>>>>>>>>>> --
>>>>>>>>>> View this message in context:
>>>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Cheers,
>>>>>>>>> Guillaume Nodet
>>>>>>>>> ------------------------
>>>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>>>> ------------------------
>>>>>>>>> Open Source SOA
>>>>>>>>> http://fusesource.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Guillaume Nodet
>>>>>>> ------------------------
>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>> ------------------------
>>>>>>> Open Source SOA
>>>>>>> http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Guillaume Nodet
>>>>> ------------------------
>>>>> Blog: http://gnodet.blogspot.com/
>>>>> ------------------------
>>>>> Open Source SOA
>>>>> http://fusesource.com
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>>
>>>
>>
>>
>
>
--
View this message in context:
http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p965847.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
