I'd use JAAS as there's no need to tie to jetty in that case. You can find an implementation of HttpContext in the webconsole: http://svn.apache.org/repos/asf/felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java http://svn.apache.org/repos/asf/karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java
On Mon, Dec 20, 2010 at 15:08, Charles Moulliard <[email protected]> wrote: > As I configure the camelServlet using a Servlet Activator, I will follow the > way of OSGI and > > org.osgi.service.http.HttpContext > > > Do you suggest to call JAAS or to register the handlers required by Jetty in > the osgi servlet? > > On 20/12/10 14:59, Guillaume Nodet wrote: >> >> On Mon, Dec 20, 2010 at 14:42, Charles Moulliard<[email protected]> >> wrote: >>> >>> Hi, >>> >>> I would like to start a discussion around the following point as it does >>> not >>> seem obvious to find an answer. To authenticate a HTTP user with camel on >>> Karaf we can use the component camel-jetty and camel-servlet. Jetty + >>> JAAS + >>> camel can be easily configured using Spring beans + securityHandler with >>> camel but this does not seem the case with camel-servlet. >>> >>> The component camel-servlet does not accept as parameter a handler(s) for >>> Jetty. This is normal as camel can be deployed in different Application >>> Servers which are not build with Jetty. So what alternative(s) exist to >>> configure camel-servlet with Jetty + JAAS on Karaf ? Using jetty.xml (in >>> etc >>> folder) but how to link camel servlet with jetty security handler ? >>> >> Unless I'm wrong, when you use camel-servlet, you're responsible for >> setting up the CamelHttpTransportServlet servlet. >> In OSGi, it could be done either using a standard web application >> (deployed using the war support), or directly using the OSGi HTTP >> service. In the former case, you'd have to configure the web.xml for >> security. In the latter case, you need to use the OSGi HTTP service >> api to properly configure the security bits (by implementing >> org.osgi.service.http.HttpContext interface). >> >> I agree we could have an example of showing the last way in camel . >> Configuring the war for security isn't specific to OSGi or Camel fwiw. >> >>> Regards, >>> >>> Charles >>> >> >> > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
