Hi Gareth, my comments inline.
2012/7/13 Gareth Collins <[email protected]>: > Hello Achim, > > A further question while I have it on my mind: > > (1) If I wanted to verify the host http header is valid (i.e.to > protect against a user faking the host), before routing a request to a > particular > web app, would that be something that could be done in Pax Web...or > could that only be done in Jetty? I'm not sure if this could be done with jetty or is already a "valid" method there. So Pax web might be a good place. But beware this test might stale the startup of Pax Web when it tries to look for a valid address. > > (2) Would it be a foolish idea to be able to choose connectors via a > Manifest Header (potentially called "Web-Connectors", again with a > default in the Pax Web Configuration)? Something like what is shown in > "Alternative" here (I am assuming that the preferred multiple jetty > servers implementation would be a substantial amount of work): > Well what already can be done is the posibility to configure multiple Jetty Connectors through the jetty.xml. So I think adding a special Manifest Entry for the webapp might be a nice addon. I think that this might be even a nice idea to make this configuration somehow available for servlets beeing registered either through the http service or through the whiteboard extender. > http://docs.codehaus.org/display/JETTY/How+to+serve+webbapp+A+from+portA+and+webapp+B+from+portB > > Perhaps this is the better internal/external security option? > > thanks, > Gareth > > On Thu, Jul 12, 2012 at 3:08 PM, Gareth Collins > <[email protected]> wrote: >> Hello Achim, >> >> I believe I am already a member of ops4j team (garethcollins) on >> github. I have forked pax-web to >> start work on this. Once I am done, if you could verify/provide >> feedback on my change it would be much appreciated. Of course, this has proven to be a quite practial thing in the past :) >> If you are happy that I have not done anything completely foolish and >> I have verified the change works then I will >> pull and approve my pull. +1 :) >> >> A couple of questions I am a little unsure of yet: >> (1) Would this be a reasonable prioritization for setting virtual hosts?: >> (a) If virtual hosts is set in jetty-web.xml, use that value. >> (b) Else if set in Web-VirtualHosts header, use that value. >> (c) Else default to the configured value. If that configured value >> is null, virtual hosts should not be set. sounds fair enough since a jetty-web.xml might be a valid configuration for a "standalon" war also. >> >> (2) If Pax Web configuration is changed via configuration admin, does >> Pax Web restart...or does it try to >> only change the delta somehow (handling deltas may potentially make my >> task harder)? >> Since it's a managed Service the default behaviour of OSGi is taking care of this. So the service in question is stoped and restarted. In this case you don't need think about a delta behaviour :) >> thanks again, >> Gareth Actually I have to thank you, cause this is the work the community needs to be a successfull community. Regards, Achim >> >> >> >> On Thu, Jul 12, 2012 at 4:29 AM, Achim Nierbeck <[email protected]> >> wrote: >>> Hi Gareth, >>> >>> thanks for sharing your thoughts, my comments inline :) >>> >>> 2012/7/11 Gareth Collins <[email protected]>: >>>> Hello Achim, >>>> >>>> I have a proposal (which solves my problem). Would this be foolish?: >>> >>> Proposals are never foolish, it's always a good starting point for a >>> good discussion :) >>> >>>> >>>> (1) Add a new Manifest Header Web-VirtualHosts which lists the virtual >>>> hosts for the webapp. >>>> Their are at least two advantages of setting the virtual hosts this way: >>>> (a) it is webapp container type independent. >>>> (b) the header can be set as part of the war url (I have set >>>> arbitrary header names this way in the past). >>> >>> A new Manifest Header actually could be really useful. >>> So +1 for this Idea. >>> >>>> (2) Add a new configuration item for Pax Web, which, if not null >>>> describes a default set >>>> of Virtual Hosts (i.e. to allow restrict by default for webapps such >>>> as the activemq or karaf console). >>> >>> +1 for the configuration item. >>> The default should be null so I'm quite fine with this idea :) >>> >>>> >>>> I had a look at the Pax Web code. It doesn't appear that it should be >>>> that hard to implement (I believe I can see how to pass the >>>> information >>>> via the WebApp through to the Jetty ContextHandler). If I implemented >>>> such a feature would you merge it in? >>> >>> First of all thank you for willing to contribute, >>> second we at ops4j rather give you direct access then applying patches :) >>> So If you give me your Github Account name I'll add you to the >>> committers list. >>> If you want me to review this before "merge" to trunk >>> you can either start a branch in the ops4j repo >>> or start your own branch in your own repository and I >>> will happily review it. >>> It turned out in the past that this was a quite good way of working together >>> >>>> >>>> thanks in advance, >>>> Gareth >>>> >>> >>> I have to thank you for committing :) >>> >>> Achim >>> >>>> >>>> >>>> On Tue, Jul 10, 2012 at 5:54 PM, Achim Nierbeck <[email protected]> >>>> wrote: >>>>> Hi Gareth, >>>>> >>>>> sorry it took me a bit longer :) >>>>> >>>>> yes you need to make sure the jetty-web.xml file is contained inside >>>>> the war/wab next to >>>>> the std. web.xml file. >>>>> Concerning the jetty.xml file you might be able to "alter" certain >>>>> behaviour for >>>>> allready deployed applications, though I have to admitt thinking more >>>>> about this >>>>> this probably won't work due to the way the war/wabs are deployed. >>>>> >>>>> regards, Achim >>>>> >>>>> 2012/7/9 Gareth Collins <[email protected]>: >>>>>> Hello Achim, >>>>>> >>>>>> Thank you very much for the response. I did look at the Jetty Eclipse >>>>>> wiki and it wasn't obvious >>>>>> to me how I could do what I think I need via jetty.xml. I will keep >>>>>> researching. >>>>>> >>>>>> Say I wanted to add this jetty-web.xml file to the war/wab on install >>>>>> (because I don't know until install >>>>>> what the virtual hosts will be). Would this be something that >>>>>> logically would be part of the war >>>>>> url handler...or would this need to be something different (especially >>>>>> since it would be jetty specific - e.g. >>>>>> a "jvh - Jetty Virtual Host" url handler?)? >>>>>> >>>>>> Just trying to understand how this potentially could be done (I am >>>>>> assuming that if I wanted this I would >>>>>> need to implement it). >>>>>> >>>>>> thanks in advance, >>>>>> Gareth >>>>>> >>>>>> On Sat, Jul 7, 2012 at 3:32 PM, Achim Nierbeck <[email protected]> >>>>>> wrote: >>>>>>> Hi Gareth, >>>>>>> >>>>>>> comments inline >>>>>>> >>>>>>> 2012/7/6 Gareth Collins <[email protected]>: >>>>>>>> Hello Achim, >>>>>>>> >>>>>>>> Just letting you know I have migrated all my webapps over to the pax >>>>>>>> web trunk (i.e. which includes >>>>>>>> the fix) successfully. It is working great now. Thankyou! >>>>>>> >>>>>>> great to hear >>>>>>> always welcome :) >>>>>>> >>>>>>>> >>>>>>>> The next thing I wanted to try out was the new Virtual Hosts feature. >>>>>>>> I looked at the pax web examples >>>>>>>> and the jetty documentation. For pax web, it appears like the only way >>>>>>>> to do this is via a file (jetty-web.xml) in the war. >>>>>>>> Is this correct? >>>>>>>> >>>>>>> >>>>>>> indeed as pax-web does only "configure" jetty it's the jetty-web.xml >>>>>>> for configuring. >>>>>>> >>>>>>> >>>>>>>> I ask because I was hoping to restrict access to third-party wars >>>>>>>> (such as the activemq web war or the karaf console) >>>>>>>> to specific virtual hosts (i.e. I don't want these on an external >>>>>>>> facing port/IP). Is that something I can do without editing >>>>>>>> these third-party wars and adding the jetty-web.xml file (if I have >>>>>>>> to, I have to - just seeing if I am missing something here)? >>>>>>>> >>>>>>> >>>>>>> ok, to restrict to specific virtual hosts is a kind of tricky >>>>>>> please follow the instructions in [1]. >>>>>>> But you will have a hard time configuring this to different ports. >>>>>>> What I haven't tried yet but might be a possible solution to not >>>>>>> alter certain wars is to try to configure this via the jetty.xml. >>>>>>> >>>>>>> regards, Achim >>>>>>> >>>>>>> [1] - http://wiki.eclipse.org/Jetty/Howto/Configure_Virtual_Hosts >>>>>>> >>>>>>>> thanks in advance, >>>>>>>> Gareth >>>>>>>> >>>>>>>> On Thu, Jun 21, 2012 at 8:50 AM, Gareth Collins >>>>>>>> <[email protected]> wrote: >>>>>>>>> Thanks very much! >>>>>>>>> >>>>>>>>> Gareth >>>>>>>>> >>>>>>>>> On Tue, Jun 19, 2012 at 9:25 PM, Achim Nierbeck >>>>>>>>> <[email protected]> wrote: >>>>>>>>>> Hi Gareth, >>>>>>>>>> >>>>>>>>>> I just took care of it. >>>>>>>>>> I'm going to release a new version of Pax web ASAP, latest beginning >>>>>>>>>> of next >>>>>>>>>> week :) >>>>>>>>>> >>>>>>>>>> regards, Achim >>>>>>>>>> >>>>>>>>>> Am 19.06.2012 19:18, schrieb Gareth Collins: >>>>>>>>>> >>>>>>>>>>> Hello Achim, >>>>>>>>>>> >>>>>>>>>>> Added: >>>>>>>>>>> >>>>>>>>>>> http://team.ops4j.org/browse/PAXWEB-384 >>>>>>>>>>> >>>>>>>>>>> I can have a go at fixing it next week (as it is somewhat a >>>>>>>>>>> showstopper >>>>>>>>>>> for me) >>>>>>>>>>> when I get back home. >>>>>>>>>>> >>>>>>>>>>> thanks again, >>>>>>>>>>> Gareth >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Sun, Jun 17, 2012 at 6:36 PM, Achim Nierbeck >>>>>>>>>>> <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Hi Gareth, >>>>>>>>>>>> >>>>>>>>>>>> could you open an issue for this, I think limiting this to just 2 >>>>>>>>>>>> *.xml >>>>>>>>>>>> files is probably wrong. >>>>>>>>>>>> This is probably more a thinking of the old times where the >>>>>>>>>>>> web.xml was >>>>>>>>>>>> supposed to be a single file. >>>>>>>>>>>> Opening this to include a jetty-web.xml is probably the cause for >>>>>>>>>>>> this. >>>>>>>>>>>> >>>>>>>>>>>> Regards, Achim >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Am 16.06.2012 05:08, schrieb Gareth Collins: >>>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> >>>>>>>>>>>>> As I see that some new software has been updated recently (such >>>>>>>>>>>>> as Pax >>>>>>>>>>>>> Web 2.0.0 - thankyou!) I decided to go back >>>>>>>>>>>>> and try to update my OSGi dependencies and streamline my >>>>>>>>>>>>> environment >>>>>>>>>>>>> (which is why I was interested in removing >>>>>>>>>>>>> the start ordering dependency in pax confman). >>>>>>>>>>>>> >>>>>>>>>>>>> Anyway one of the first things I am trying to do in my updated >>>>>>>>>>>>> environment is to get the updated 5.6.0 activemq web console >>>>>>>>>>>>> to play nicely with the updated Pax Web. I am getting an error >>>>>>>>>>>>> from >>>>>>>>>>>>> Pax Web and I am not sure what it means (this is with equinox >>>>>>>>>>>>> 3.6.2 >>>>>>>>>>>>> with the bndtools launcher). Is this suggesting there is something >>>>>>>>>>>>> wrong with the activemq web console war or is this suggesting >>>>>>>>>>>>> something else? There are seven XML files in the activemq WEB-INF >>>>>>>>>>>>> directory: >>>>>>>>>>>>> >>>>>>>>>>>>> 20:50:23,521 | DEBUG | Gogo shell | >>>>>>>>>>>>> ..swissbox.extender.BundleWatcher[216] | []:[] | Found resources >>>>>>>>>>>>> [bundleentry://11.fwk2060982148/WEB-INF/web.xml, >>>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-default.xml, >>>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-embedded.xml, >>>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-invm.xml, >>>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-jndi.xml, >>>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-properties.xml, >>>>>>>>>>>>> bundleentry://11.fwk2060982148/WEB-INF/webconsole-query.xml] >>>>>>>>>>>>> 20:50:23,527 | INFO | Executor: 1 | >>>>>>>>>>>>> ..war.internal.WebXmlObserver[117] | []:[] | Using [activemqweb] >>>>>>>>>>>>> as >>>>>>>>>>>>> web application context name >>>>>>>>>>>>> 20:50:23,527 | DEBUG | Framework Event Dispatcher | >>>>>>>>>>>>> ..apache.activemq.activemq-web-console[?] | []:[] | BundleEvent >>>>>>>>>>>>> STARTED >>>>>>>>>>>>> 20:50:23,527 | ERROR | Executor: 1 | >>>>>>>>>>>>> ..war.internal.WebXmlObserver[124] | []:[] | Number of xml's was >>>>>>>>>>>>> not >>>>>>>>>>>>> lesser than 3. Was: 7 >>>>>>>>>>>>> org.ops4j.lang.PreConditionException: Number of xml's was not >>>>>>>>>>>>> lesser >>>>>>>>>>>>> than 3. Was: 7 >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> org.ops4j.lang.PreConditionException.validateLesserThan(PreConditionException.java:155)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebXmlObserver.addingEntries(WebXmlObserver.java:121)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> org.ops4j.pax.swissbox.extender.BundleWatcher$3.run(BundleWatcher.java:224)[33:org.ops4j.pax.web.pax-web-extender-war:2.0.0] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)[:1.6.0_31] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)[:1.6.0_31] >>>>>>>>>>>>> at >>>>>>>>>>>>> java.util.concurrent.FutureTask.run(FutureTask.java:138)[:1.6.0_31] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)[:1.6.0_31] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)[:1.6.0_31] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)[:1.6.0_31] >>>>>>>>>>>>> at >>>>>>>>>>>>> >>>>>>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)[:1.6.0_31] >>>>>>>>>>>>> at java.lang.Thread.run(Thread.java:680)[:1.6.0_31] >>>>>>>>>>>>> 20:50:23,528 | DEBUG | Executor: 1 | >>>>>>>>>>>>> ..war.internal.WebEventDispatcher[130] | []:[] | Sending web event >>>>>>>>>>>>> WebEvent [replay=false, type=5, >>>>>>>>>>>>> bundle=org.apache.activemq.activemq-web-console_5.6.0 [11], >>>>>>>>>>>>> extenderBundle=org.ops4j.pax.web.pax-web-extender-war_2.0.0 [33], >>>>>>>>>>>>> cause=org.ops4j.lang.PreConditionException: Number of xml's was >>>>>>>>>>>>> not >>>>>>>>>>>>> lesser than 3. Was: 7, timestamp=1339807823528, >>>>>>>>>>>>> contextPath=/activemqweb, collisionIds=null, httpService=null, >>>>>>>>>>>>> httpContext=null] for bundle >>>>>>>>>>>>> org.apache.activemq.activemq-web-console >>>>>>>>>>>>> 20:50:23,531 | DEBUG | WebListenerExecutor: 2 | >>>>>>>>>>>>> ..pax.web.pax-web-extender-war[?] | []:[] | >>>>>>>>>>>>> org/osgi/service/web/FAILED >>>>>>>>>>>>> >>>>>>>>>>>>> If anyone could indicate what this error may mean (is there >>>>>>>>>>>>> really a >>>>>>>>>>>>> max xml file limit in this directory?), it would be much >>>>>>>>>>>>> appreciated. >>>>>>>>>>>>> >>>>>>>>>>>>> thanks in advance, >>>>>>>>>>>>> Gareth >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> general mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> - Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>>>>>>>>> - OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>>>>>>>>> Committer & >>>>>>>>>>>> Project Lead >>>>>>>>>>>> - OPS4J Pax for Vaadin >>>>>>>>>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> >>>>>>>>>>>> Committer & Project Lead >>>>>>>>>>>> - Blog <http://notizblog.nierbeck.de/> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> general mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> general mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> - Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>>>>>>> - OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>>>>>>> Committer & >>>>>>>>>> Project Lead >>>>>>>>>> - OPS4J Pax for Vaadin >>>>>>>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> >>>>>>>>>> Committer & Project Lead >>>>>>>>>> - Blog <http://notizblog.nierbeck.de/> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> general mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> general mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>>>> Committer & Project Lead >>>>>>> OPS4J Pax for Vaadin >>>>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project >>>>>>> Lead >>>>>>> blog <http://notizblog.nierbeck.de/> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> general mailing list >>>>>>> [email protected] >>>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>>> >>>>>> _______________________________________________ >>>>>> general mailing list >>>>>> [email protected] >>>>>> http://lists.ops4j.org/mailman/listinfo/general >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC >>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>>>> Committer & Project Lead >>>>> OPS4J Pax for Vaadin >>>>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project >>>>> Lead >>>>> blog <http://notizblog.nierbeck.de/> >>>>> >>>>> _______________________________________________ >>>>> general mailing list >>>>> [email protected] >>>>> http://lists.ops4j.org/mailman/listinfo/general >>>> >>>> _______________________________________________ >>>> general mailing list >>>> [email protected] >>>> http://lists.ops4j.org/mailman/listinfo/general >>> >>> >>> >>> -- >>> >>> Apache Karaf <http://karaf.apache.org/> Committer & PMC >>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> >>> Committer & Project Lead >>> OPS4J Pax for Vaadin >>> <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project >>> Lead >>> blog <http://notizblog.nierbeck.de/> >>> >>> _______________________________________________ >>> general mailing list >>> [email protected] >>> http://lists.ops4j.org/mailman/listinfo/general > > _______________________________________________ > general mailing list > [email protected] > http://lists.ops4j.org/mailman/listinfo/general -- Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project Lead blog <http://notizblog.nierbeck.de/> _______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
