Hello Achim, A further question while I have it on my mind:
(1) If I wanted to verify the host http header is valid (i.e.to protect against a user faking the host), before routing a request to a particular web app, would that be something that could be done in Pax Web...or could that only be done in Jetty? (2) Would it be a foolish idea to be able to choose connectors via a Manifest Header (potentially called "Web-Connectors", again with a default in the Pax Web Configuration)? Something like what is shown in "Alternative" here (I am assuming that the preferred multiple jetty servers implementation would be a substantial amount of work): http://docs.codehaus.org/display/JETTY/How+to+serve+webbapp+A+from+portA+and+webapp+B+from+portB Perhaps this is the better internal/external security option? thanks, Gareth On Thu, Jul 12, 2012 at 3:08 PM, Gareth Collins <[email protected]> wrote: > Hello Achim, > > I believe I am already a member of ops4j team (garethcollins) on > github. I have forked pax-web to > start work on this. Once I am done, if you could verify/provide > feedback on my change it would be much appreciated. > If you are happy that I have not done anything completely foolish and > I have verified the change works then I will > pull and approve my pull. > > A couple of questions I am a little unsure of yet: > (1) Would this be a reasonable prioritization for setting virtual hosts?: > (a) If virtual hosts is set in jetty-web.xml, use that value. > (b) Else if set in Web-VirtualHosts header, use that value. > (c) Else default to the configured value. If that configured value > is null, virtual hosts should not be set. > > (2) If Pax Web configuration is changed via configuration admin, does > Pax Web restart...or does it try to > only change the delta somehow (handling deltas may potentially make my > task harder)? > > thanks again, > Gareth > > > > On Thu, Jul 12, 2012 at 4:29 AM, Achim Nierbeck <[email protected]> > wrote: >> Hi Gareth, >> >> thanks for sharing your thoughts, my comments inline :) >> >> 2012/7/11 Gareth Collins <[email protected]>: >>> Hello Achim, >>> >>> I have a proposal (which solves my problem). Would this be foolish?: >> >> Proposals are never foolish, it's always a good starting point for a >> good discussion :) >> >>> >>> (1) Add a new Manifest Header Web-VirtualHosts which lists the virtual >>> hosts for the webapp. >>> Their are at least two advantages of setting the virtual hosts this way: >>> (a) it is webapp container type independent. >>> (b) the header can be set as part of the war url (I have set >>> arbitrary header names this way in the past). >> >> A new Manifest Header actually could be really useful. >> So +1 for this Idea. >> >>> (2) Add a new configuration item for Pax Web, which, if not null >>> describes a default set >>> of Virtual Hosts (i.e. to allow restrict by default for webapps such >>> as the activemq or karaf console). >> >> +1 for the configuration item. >> The default should be null so I'm quite fine with this idea :) >> >>> >>> I had a look at the Pax Web code. It doesn't appear that it should be >>> that hard to implement (I believe I can see how to pass the >>> information >>> via the WebApp through to the Jetty ContextHandler). If I implemented >>> such a feature would you merge it in? >> >> First of all thank you for willing to contribute, >> second we at ops4j rather give you direct access then applying patches :) >> So If you give me your Github Account name I'll add you to the >> committers list. >> If you want me to review this before "merge" to trunk >> you can either start a branch in the ops4j repo >> or start your own branch in your own repository and I >> will happily review it. >> It turned out in the past that this was a quite good way of working together >> >>> >>> thanks in advance, >>> Gareth >>> >> >> I have to thank you for committing :) >> >> Achim >> >>> >>> >>> On Tue, Jul 10, 2012 at 5:54 PM, Achim Nierbeck <[email protected]> >>> wrote: >>>> Hi Gareth, >>>> >>>> sorry it took me a bit longer :) >>>> >>>> yes you need to make sure the jetty-web.xml file is contained inside >>>> the war/wab next to >>>> the std. web.xml file. >>>> Concerning the jetty.xml file you might be able to "alter" certain >>>> behaviour for >>>> allready deployed applications, though I have to admitt thinking more >>>> about this >>>> this probably won't work due to the way the war/wabs are deployed. >>>> >>>> regards, Achim >>>> >>>> 2012/7/9 Gareth Collins <[email protected]>: >>>>> Hello Achim, >>>>> >>>>> Thank you very much for the response. I did look at the Jetty Eclipse >>>>> wiki and it wasn't obvious >>>>> to me how I could do what I think I need via jetty.xml. I will keep >>>>> researching. >>>>> >>>>> Say I wanted to add this jetty-web.xml file to the war/wab on install >>>>> (because I don't know until install >>>>> what the virtual hosts will be). Would this be something that >>>>> logically would be part of the war >>>>> url handler...or would this need to be something different (especially >>>>> since it would be jetty specific - e.g. >>>>> a "jvh - Jetty Virtual Host" url handler?)? >>>>> >>>>> Just trying to understand how this potentially could be done (I am >>>>> assuming that if I wanted this I would >>>>> need to implement it). >>>>> >>>>> thanks in advance, >>>>> Gareth >>>>> >>>>> On Sat, Jul 7, 2012 at 3:32 PM, Achim Nierbeck <[email protected]> >>>>> wrote: >>>>>> Hi Gareth, >>>>>> >>>>>> comments inline >>>>>> >>>>>> 2012/7/6 Gareth Collins <[email protected]>: >>>>>>> Hello Achim, >>>>>>> >>>>>>> Just letting you know I have migrated all my webapps over to the pax >>>>>>> web trunk (i.e. which includes >>>>>>> the fix) successfully. It is working great now. Thankyou! >>>>>> >>>>>> great to hear >>>>>> always welcome :) >>>>>> >>>>>>> >>>>>>> The next thing I wanted to try out was the new Virtual Hosts feature. >>>>>>> I looked at the pax web examples >>>>>>> and the jetty documentation. For pax web, it appears like the only way >>>>>>> to do this is via a file (jetty-web.xml) in the war. >>>>>>> Is this correct? >>>>>>> >>>>>> >>>>>> indeed as pax-web does only "configure" jetty it's the jetty-web.xml >>>>>> for configuring. >>>>>> >>>>>> >>>>>>> I ask because I was hoping to restrict access to third-party wars >>>>>>> (such as the activemq web war or the karaf console) >>>>>>> to specific virtual hosts (i.e. I don't want these on an external >>>>>>> facing port/IP). Is that something I can do without editing >>>>>>> these third-party wars and adding the jetty-web.xml file (if I have >>>>>>> to, I have to - just seeing if I am missing something here)? >>>>>>> >>>>>> >>>>>> ok, to restrict to specific virtual hosts is a kind of tricky >>>>>> please follow the instructions in [1]. >>>>>> But you will have a hard time configuring this to different ports. >>>>>> What I haven't tried yet but might be a possible solution to not >>>>>> alter certain wars is to try to configure this via the jetty.xml. >>>>>> >>>>>> regards, Achim >>>>>> >>>>>> [1] - http://wiki.eclipse.org/Jetty/Howto/Configure_Virtual_Hosts >>>>>> >>>>>>> thanks in advance, >>>>>>> Gareth >>>>>>> >>>>>>> On Thu, Jun 21, 2012 at 8:50 AM, Gareth Collins >>>>>>> <[email protected]> wrote: >>>>>>>> Thanks very much! >>>>>>>> >>>>>>>> Gareth >>>>>>>> >>>>>>>> On Tue, Jun 19, 2012 at 9:25 PM, Achim Nierbeck >>>>>>>> <[email protected]> wrote: >>>>>>>>> Hi Gareth, >>>>>>>>> >>>>>>>>> I just took care of it. >>>>>>>>> I'm going to release a new version of Pax web ASAP, latest beginning >>>>>>>>> of next >>>>>>>>> week :) >>>>>>>>> >>>>>>>>> regards, Achim >>>>>>>>> >>>>>>>>> Am 19.06.2012 19:18, schrieb Gareth Collins: >>>>>>>>> >>>>>>>>>> Hello Achim, >>>>>>>>>> >>>>>>>>>> Added: >>>>>>>>>> >>>>>>>>>> http://team.ops4j.org/browse/PAXWEB-384 >>>>>>>>>> >>>>>>>>>> I can have a go at fixing it next week (as it is somewhat a >>>>>>>>>> showstopper >>>>>>>>>> for me) >>>>>>>>>> when I get back home. >>>>>>>>>> >>>>>>>>>> thanks again, >>>>>>>>>> Gareth >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Sun, Jun 17, 2012 at 6:36 PM, Achim Nierbeck >>>>>>>>>> <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Gareth, >>>>>>>>>>> >>>>>>>>>>> could you open an issue for this, I think limiting this to just 2 >>>>>>>>>>> *.xml >>>>>>>>>>> files is probably wrong. >>>>>>>>>>> This is probably more a thinking of the old times where the web.xml >>>>>>>>>>> was >>>>>>>>>>> supposed to be a single file. >>>>>>>>>>> Opening this to include a jetty-web.xml is probably the cause for >>>>>>>>>>> this. >>>>>>>>>>> >>>>>>>>>>> Regards, Achim >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Am 16.06.2012 05:08, schrieb Gareth Collins: >>>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> >>>>>>>>>>>> As I see that some new software has been updated recently (such as >>>>>>>>>>>> Pax >>>>>>>>>>>> Web 2.0.0 - thankyou!) I decided to go back >>>>>>>>>>>> and try to update my OSGi dependencies and streamline my >>>>>>>>>>>> environment >>>>>>>>>>>> (which is why I was interested in removing >>>>>>>>>>>> the start ordering dependency in pax confman). >>>>>>>>>>>> >>>>>>>>>>>> Anyway one of the first things I am trying to do in my updated >>>>>>>>>>>> environment is to get the updated 5.6.0 activemq web console >>>>>>>>>>>> to play nicely with the updated Pax Web. I am getting an error from >>>>>>>>>>>> Pax Web and I am not sure what it means (this is with equinox 3.6.2 >>>>>>>>>>>> with the bndtools launcher). Is this suggesting there is something >>>>>>>>>>>> wrong with the activemq web console war or is this suggesting >>>>>>>>>>>> something else? There are seven XML files in the activemq WEB-INF >>>>>>>>>>>> directory: >>>>>>>>>>>> >>>>>>>>>>>> 20:50:23,521 | DEBUG | Gogo shell | >>>>>>>>>>>> ..swissbox.extender.BundleWatcher[216] | []:[] | Found resources >>>>>>>>>>>> [bundleentry://11.fwk2060982148/WEB-INF/web.xml, >>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-default.xml, >>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-embedded.xml, >>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-invm.xml, >>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-jndi.xml, >>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-properties.xml, >>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-query.xml] >>>>>>>>>>>> 20:50:23,527 | INFO | Executor: 1 | >>>>>>>>>>>> ..war.internal.WebXmlObserver[117] | []:[] | Using [activemqweb] as >>>>>>>>>>>> web application context name >>>>>>>>>>>> 20:50:23,527 | DEBUG | Framework Event Dispatcher | >>>>>>>>>>>> ..apache.activemq.activemq-web-console[?] | []:[] | BundleEvent >>>>>>>>>>>> STARTED >>>>>>>>>>>> 20:50:23,527 | ERROR | Executor: 1 | >>>>>>>>>>>> ..war.internal.WebXmlObserver[124] | []:[] | Number of xml's was >>>>>>>>>>>> not >>>>>>>>>>>> lesser than 3. Was: 7 >>>>>>>>>>>> org.ops4j.lang.PreConditionException: Number of xml's was not >>>>>>>>>>>> lesser >>>>>>>>>>>> than 3. Was: 7 >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> org.ops4j.lang.PreConditionException.validateLesserThan(PreConditionException.java:155)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebXmlObserver.addingEntries(WebXmlObserver.java:121)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> org.ops4j.pax.swissbox.extender.BundleWatcher$3.run(BundleWatcher.java:224)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)[:1.6.0_31] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)[:1.6.0_31] >>>>>>>>>>>> at >>>>>>>>>>>> java.util.concurrent.FutureTask.run(FutureTask.java:138)[:1.6.0_31] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)[:1.6.0_31] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)[:1.6.0_31] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)[:1.6.0_31] >>>>>>>>>>>> at >>>>>>>>>>>> >>>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)[:1.6.0_31] >>>>>>>>>>>> at java.lang.Thread.run(Thread.java:680)[:1.6.0_31] >>>>>>>>>>>> 20:50:23,528 | DEBUG | Executor: 1 | >>>>>>>>>>>> ..war.internal.WebEventDispatcher[130] | []:[] | Sending web event >>>>>>>>>>>> WebEvent [replay=false, type=5, >>>>>>>>>>>> bundle=org.apache.activemq.activemq-web-console_5.6.0 [11], >>>>>>>>>>>> extenderBundle=org.ops4j.pax.web.pax-web-extender-war_2.0.0 [33], >>>>>>>>>>>> cause=org.ops4j.lang.PreConditionException: Number of xml's was not >>>>>>>>>>>> lesser than 3. Was: 7, timestamp=1339807823528, >>>>>>>>>>>> contextPath=/activemqweb, collisionIds=null, httpService=null, >>>>>>>>>>>> httpContext=null] for bundle >>>>>>>>>>>> org.apache.activemq.activemq-web-console >>>>>>>>>>>> 20:50:23,531 | DEBUG | WebListenerExecutor: 2 | >>>>>>>>>>>> ..pax.web.pax-web-extender-war[?] | []:[] | >>>>>>>>>>>> org/osgi/service/web/FAILED >>>>>>>>>>>> >>>>>>>>>>>> If anyone could indicate what this error may mean (is there really >>>>>>>>>>>> a >>>>>>>>>>>> max xml file limit in this directory?), it would be much >>>>>>>>>>>> appreciated. >>>>>>>>>>>> >>>>>>>>>>>> thanks in advance, >>>>>>>>>>>> Gareth >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> general mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> - Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>>>>>>>> - OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>>>>>>>> Committer & >>>>>>>>>>> Project Lead >>>>>>>>>>> - OPS4J Pax for Vaadin >>>>>>>>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> >>>>>>>>>>> Committer & Project Lead >>>>>>>>>>> - Blog <http://notizblog.nierbeck.de/> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> general mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> general mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> - Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>>>>>> - OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>>>>>> Committer & >>>>>>>>> Project Lead >>>>>>>>> - OPS4J Pax for Vaadin >>>>>>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> >>>>>>>>> Committer & Project Lead >>>>>>>>> - Blog <http://notizblog.nierbeck.de/> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> general mailing list >>>>>>>>> [email protected] >>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>> >>>>>>> _______________________________________________ >>>>>>> general mailing list >>>>>>> [email protected] >>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>>> Committer & Project Lead >>>>>> OPS4J Pax for Vaadin >>>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project >>>>>> Lead >>>>>> blog <http://notizblog.nierbeck.de/> >>>>>> >>>>>> _______________________________________________ >>>>>> general mailing list >>>>>> [email protected] >>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>> >>>>> _______________________________________________ >>>>> general mailing list >>>>> [email protected] >>>>> http://lists.ops4j.org/mailman/listinfo/general >>>> >>>> >>>> >>>> -- >>>> >>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>> Committer & Project Lead >>>> OPS4J Pax for Vaadin >>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project >>>> Lead >>>> blog <http://notizblog.nierbeck.de/> >>>> >>>> _______________________________________________ >>>> general mailing list >>>> [email protected] >>>> http://lists.ops4j.org/mailman/listinfo/general >>> >>> _______________________________________________ >>> general mailing list >>> [email protected] >>> http://lists.ops4j.org/mailman/listinfo/general >> >> >> >> -- >> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC >> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >> Committer & Project Lead >> OPS4J Pax for Vaadin >> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project >> Lead >> blog <http://notizblog.nierbeck.de/> >> >> _______________________________________________ >> general mailing list >> [email protected] >> http://lists.ops4j.org/mailman/listinfo/general _______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
