The security bits need to be configured per servlet or per webapp, not globally. Only the authenticator (jaas) can be configured globally.
For example, the web console uses the HTTP osgi service and creates its own HttpContext to do the authentication. If you just expose a servlet from an OSGi bundle, exporting a filter or a webapp security config will work. If you deploy a real war/wab you can use the web.xml For camel, I'm not sure how this is done, so not sure what's the best way, but it should be done per endpoint imho, using the url parameters to cinfigure the auhthenticqtion mechanism (basic, digest, ssl...) On Friday, December 24, 2010, Charles Moulliard <[email protected]> wrote: > It is very difficult to transform spring bean xml into jetty xml > syntax. Here is what I attempt to do but without success > > So it is not possible now to configure jetty + jaas on Karaf > > <Call name="addBean"> > <Arg> > <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> > <Set name="name">ldap</Set> > <Set name="loginModuleName">ldap</Set> > <Set name="roleClassNames"> > <Array type="java.lang.String"> > > <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item> > </Array> > </Set> > </New> > </Arg> > </Call> > <Call name="addBean"> > <Arg> > <New class="org.eclipse.jetty.http.security.Constraint"> > <Set name="name">BASIC</Set> > <Set name="roles"> > <Array type="java.lang.String"> > <Item>admin</Item> > </Array> > </Set> > <Set name="authenticate">true</Set> > </New> > </Arg> > </Call> > > <Call name="addBean"> > <Arg> > <New class="org.eclipse.jetty.security.ConstraintMapping"> > <Set name="constraint"> > <Array type="org.eclipse.jetty.http.security.Constraint"> > <Item> > <New > class="org.eclipse.jetty.http.security.Constraint"> > <Set name="name">BASIC</Set> > <Set name="roles"> > <Array type="java.lang.String"> > <Item>admin</Item> > </Array> > </Set> > <Set name="authenticate">true</Set> > </New> > </Item> > </Array> > </Set> > <Set name="pathSpec">/*</Set> > </New> > </Arg> > </Call> > > <Call name="addBean"> > <Arg> > <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> > <Set name="authenticator"> > <New > class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/> > </Set> > <Set name="constraintMappings"> > <Array type="org.eclipse.jetty.security.ConstraintMapping"> > <New > class="org.eclipse.jetty.security.ConstraintMapping"> > <Set name="constraint"> > <Array > type="org.eclipse.jetty.http.security.Constraint"> > <Item> > <New > class="org.eclipse.jetty.http.security.Constraint"> > <Set > name="name">BASIC</Set> > <Set > name="roles"> > > <Array type="java.lang.String"> > > <Item>admin</Item> > > </Array> > </Set> > <Set > name="authenticate">true</Set> > </New> > </Item> > </Array> > </Set> > <Set name="pathSpec">/*</Set> > </New> > </Array> > </Set> > > <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> > <Set name="name">ldap</Set> > <Set name="loginModuleName">ldap</Set> > <Set name="roleClassNames"> > <Array type="java.lang.String"> > > <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item> > </Array> > </Set> > </New> > > <Set name="strict">false</Set> > <Set name="identityService">identityService</Set> > </New> > </Arg> > </Call> > > On Fri, Dec 24, 2010 at 10:29 AM, Guillaume Nodet <[email protected]> wrote: >> Yeah, but it's just a bit nicer, as we can already do that using the >> etc/jetty.xml, so I think it's not very high priority improvement. >> >> On Friday, December 24, 2010, Charles Moulliard <[email protected]> wrote: >>> The less resources + time consuming approach is to extend ConfigAdmin >>> (as you propose) and use the file : >>> >>> org.ops4j.pax.web.cfg file >>> >>> and adding parameters that we need to instantiate the constraint, >>> constraintMapping and securityHandler of Jetty >>> >>> >>> On Fri, Dec 24, 2010 at 8:26 AM, Guillaume Nodet <[email protected]> wrote: >>>> On Friday, December 24, 2010, Charles Moulliard <[email protected]> >>>> wrote: >>>>> Indeed this will not be easy as pax-web must be changed because it >>>>> uses a method of jetty to load the resource file (jetty.xml). >>>> >>>> Yes, that's clearly not an easy task. >>>> >>>> >>>>> >>>>> public void start() { >>>>> LOG.debug("Starting " + this); >>>>> try { >>>>> //PAXWEB-193 suggested we should open this up for >>>>> external configuration >>>>> URL jettyResource = >>>>> getClass().getResource("/jetty.xml"); >>>>> File serverConfigurationFile = >>>>> getServerConfigDir(); >>>>> if (serverConfigurationFile != null) { >>>>> if (LOG.isDebugEnabled()) >>>>> LOG.debug("found server >>>>> configuration file: "+serverConfigurationFile); >>>>> if >>>>> (!serverConfigurationFile.isDirectory() && >>>>> serverConfigurationFile.canRead()) { >>>>> if (LOG.isDebugEnabled()) { >>>>> LOG.debug("server config >>>>> dir is readable and exists"); >>>>> } >>>>> String fileName = >>>>> serverConfigurationFile.getName(); >>>>> if >>>>> (fileName.equalsIgnoreCase("jetty.xml")) >>>>> jettyResource = >>>>> serverConfigurationFile.toURI().toURL(); >>>>> } >>>>> } >>>>> if (jettyResource != null) { >>>>> ClassLoader loader = -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
