The problem that we have with camel-servlet is that if we provide a securityHandler using parameter (like we do for camel-jetty), then the component becomes specific to jetty and in fact camel-servlet can be deployed in every j2ee server.
Does it make sense to deploy camel-servlet in a WAR on Karaf just to have the security features ? On Fri, Dec 24, 2010 at 1:04 PM, Guillaume Nodet <[email protected]> wrote: > The security bits need to be configured per servlet or per webapp, not > globally. Only the authenticator (jaas) can be configured globally. > > For example, the web console uses the HTTP osgi service and creates > its own HttpContext to do the authentication. If you just expose a > servlet from an OSGi bundle, exporting a filter or a webapp security > config will work. If you deploy a real war/wab you can use the > web.xml > > For camel, I'm not sure how this is done, so not sure what's the best > way, but it should be done per endpoint imho, using the url parameters > to cinfigure the auhthenticqtion mechanism (basic, digest, ssl...) > > On Friday, December 24, 2010, Charles Moulliard <[email protected]> wrote: >> It is very difficult to transform spring bean xml into jetty xml >> syntax. Here is what I attempt to do but without success >> >> So it is not possible now to configure jetty + jaas on Karaf >> >> <Call name="addBean"> >> <Arg> >> <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> >> <Set name="name">ldap</Set> >> <Set name="loginModuleName">ldap</Set> >> <Set name="roleClassNames"> >> <Array type="java.lang.String"> >> >> <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item> >> </Array> >> </Set> >> </New> >> </Arg> >> </Call> >> <Call name="addBean"> >> <Arg> >> <New class="org.eclipse.jetty.http.security.Constraint"> >> <Set name="name">BASIC</Set> >> <Set name="roles"> >> <Array type="java.lang.String"> >> <Item>admin</Item> >> </Array> >> </Set> >> <Set name="authenticate">true</Set> >> </New> >> </Arg> >> </Call> >> >> <Call name="addBean"> >> <Arg> >> <New class="org.eclipse.jetty.security.ConstraintMapping"> >> <Set name="constraint"> >> <Array type="org.eclipse.jetty.http.security.Constraint"> >> <Item> >> <New >> class="org.eclipse.jetty.http.security.Constraint"> >> <Set name="name">BASIC</Set> >> <Set name="roles"> >> <Array type="java.lang.String"> >> <Item>admin</Item> >> </Array> >> </Set> >> <Set name="authenticate">true</Set> >> </New> >> </Item> >> </Array> >> </Set> >> <Set name="pathSpec">/*</Set> >> </New> >> </Arg> >> </Call> >> >> <Call name="addBean"> >> <Arg> >> <New class="org.eclipse.jetty.security.ConstraintSecurityHandler"> >> <Set name="authenticator"> >> <New >> class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/> >> </Set> >> <Set name="constraintMappings"> >> <Array type="org.eclipse.jetty.security.ConstraintMapping"> >> <New >> class="org.eclipse.jetty.security.ConstraintMapping"> >> <Set name="constraint"> >> <Array >> type="org.eclipse.jetty.http.security.Constraint"> >> <Item> >> <New >> class="org.eclipse.jetty.http.security.Constraint"> >> <Set >> name="name">BASIC</Set> >> <Set >> name="roles"> >> >> <Array type="java.lang.String"> >> >> <Item>admin</Item> >> >> </Array> >> </Set> >> <Set >> name="authenticate">true</Set> >> </New> >> </Item> >> </Array> >> </Set> >> <Set name="pathSpec">/*</Set> >> </New> >> </Array> >> </Set> >> >> <New class="org.eclipse.jetty.plus.jaas.JAASLoginService"> >> <Set name="name">ldap</Set> >> <Set name="loginModuleName">ldap</Set> >> <Set name="roleClassNames"> >> <Array type="java.lang.String"> >> >> <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item> >> </Array> >> </Set> >> </New> >> >> <Set name="strict">false</Set> >> <Set name="identityService">identityService</Set> >> </New> >> </Arg> >> </Call> >> >> On Fri, Dec 24, 2010 at 10:29 AM, Guillaume Nodet <[email protected]> wrote: >>> Yeah, but it's just a bit nicer, as we can already do that using the >>> etc/jetty.xml, so I think it's not very high priority improvement. >>> >>> On Friday, December 24, 2010, Charles Moulliard <[email protected]> >>> wrote: >>>> The less resources + time consuming approach is to extend ConfigAdmin >>>> (as you propose) and use the file : >>>> >>>> org.ops4j.pax.web.cfg file >>>> >>>> and adding parameters that we need to instantiate the constraint, >>>> constraintMapping and securityHandler of Jetty >>>> >>>> >>>> On Fri, Dec 24, 2010 at 8:26 AM, Guillaume Nodet <[email protected]> wrote: >>>>> On Friday, December 24, 2010, Charles Moulliard <[email protected]> >>>>> wrote: >>>>>> Indeed this will not be easy as pax-web must be changed because it >>>>>> uses a method of jetty to load the resource file (jetty.xml). >>>>> >>>>> Yes, that's clearly not an easy task. >>>>> >>>>> >>>>>> >>>>>> public void start() { >>>>>> LOG.debug("Starting " + this); >>>>>> try { >>>>>> //PAXWEB-193 suggested we should open this up >>>>>> for external configuration >>>>>> URL jettyResource = >>>>>> getClass().getResource("/jetty.xml"); >>>>>> File serverConfigurationFile = >>>>>> getServerConfigDir(); >>>>>> if (serverConfigurationFile != null) { >>>>>> if (LOG.isDebugEnabled()) >>>>>> LOG.debug("found server >>>>>> configuration file: "+serverConfigurationFile); >>>>>> if >>>>>> (!serverConfigurationFile.isDirectory() && >>>>>> serverConfigurationFile.canRead()) { >>>>>> if (LOG.isDebugEnabled()) { >>>>>> LOG.debug("server config >>>>>> dir is readable and exists"); >>>>>> } >>>>>> String fileName = >>>>>> serverConfigurationFile.getName(); >>>>>> if >>>>>> (fileName.equalsIgnoreCase("jetty.xml")) >>>>>> jettyResource = >>>>>> serverConfigurationFile.toURI().toURL(); >>>>>> } >>>>>> } >>>>>> if (jettyResource != null) { >>>>>> ClassLoader loader = > > -- > Cheers, > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > ------------------------ > Open Source SOA > http://fusesource.com >
