[
https://issues.apache.org/jira/browse/KARAF-785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13079628#comment-13079628
]
Achim Nierbeck edited comment on KARAF-785 at 8/4/11 9:55 PM:
--------------------------------------------------------------
Just tested the latest war and it works without any problem.
- Used the latest 2.2.x-SNAPSHOT version of Karaf
- installed features spring-dm-web (which in sub sequence does install the
other spring related features)
- installed the war feature, no war works without that
- installed the transaction bundle
-- install -s
mvn:org.springframework/org.springframework.transaction/3.0.5.RELEASE
- installed the needed spring-security bundles:
-- install -s
mvn:org.springframework.security/spring-security-core/3.0.5.RELEASE
-- install -s
mvn:org.springframework.security/spring-security-config/3.0.5.RELEASE
-- install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE
-- install -s mvn:org.springframework.security/spring-security-web/3.0.5.RELEASE
-- install -s
mvn:org.springframework.security/spring-security-taglibs/3.0.5.RELEASE
dropped the provided test war in the deploy folder
called http://localhost:8181/sste
with my browser:
used wrong credential:
dummy
dummy
failed to log in
retry with the credentials provided:
rod
koala
The login works out allright.
Now if I http://localhost:8181/sste/sst
I do get the information about the credentials.
But I also see the log statement.
wich is quite reasonable I'd think.
In the web.xml there is nothing configured telling Jetty how the credentials
are
given to the server, so it falls back to the configured Karaf JAAS
mechanism. Btw. a login with working std. karaf credentials doesn't work.
Now if I do interpret the stack-trace in a correct way jetty doesn't know
how to handle the given credentials since they do not exist in the
Karaf JAAS configuration. Which let's you know by throwing this exception
in WARN level.
So I guess this is alright since the initial request of
using the credentials of Spring-Security works for me and
the credentials of the underlying Karaf aren't touched at all.
The only not so nice about it is the point that Jetty complains
about not beeing able to find the credentials.
Besides that it seems to me the spring-security bundles
could be packed into a specialized features descriptor :-)
So if this is OK with you I'd suggest closing this issue.
regards, Achim
was (Author: achim_nierbeck):
Just tested the latest war and it works without any problem.
- Used the latest 2.2.x-SNAPSHOT version of Karaf
- installed features spring-dm-web (which in sub sequence does install the
other spring related features)
- installed the war feature, no war works without that
- installed the transaction bundle
-- install -s
mvn:org.springframework/org.springframework.transaction/3.0.5.RELEASE
- installed the needed spring-security bundles:
-- install -s
mvn:org.springframework.security/spring-security-core/3.0.5.RELEASE
-- install -s
mvn:org.springframework.security/spring-security-config/3.0.5.RELEASE
-- install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE
-- install -s mvn:org.springframework.security/spring-security-web/3.0.5.RELEASE
-- install -s
mvn:org.springframework.security/spring-security-taglibs/3.0.5.RELEASE
dropped the provided test war in the deploy folder
called http://localhost:8181/sste
with my browser:
used wrong credential:
dummy
dummy
failed to log in
retry with the credentials provided:
rod
koala
The login works out allright.
Now if I http://localhost:8181/sste/sst
I do get the information about the credentials.
But I also see the log statement.
wich is quite reasonable I'd think.
In the web.xml there is nothing configured telling Jetty how the credentials
are
given to the server, so it falls back to the configured Karaf JAAS
mechanism. Btw. a login with working std. karaf credentials doesn't work.
Now if I do interpret the stack-trace in a correct way jetty doesn't know
how to handle the given credentials since they do not exist in the
Karaf JAAS configuration. Which let's you know by throwing this exception
in WARN level.
So I guess this is alright since the initial request of
using the credentials of Spring-Security works for me and
the credentials of the underlying Karaf aren't touched at all.
The only not so nice about it is the point that Jetty complains
about not beeing able to find the credentials.
Besides that it seems to me the spring-security bundles
could be packed into a specialized features descriptor :-)
regards, Achim
> Interaction Problem Between Karaf Jetty Security and Spring Security - Jetty
> Exception
> --------------------------------------------------------------------------------------
>
> Key: KARAF-785
> URL: https://issues.apache.org/jira/browse/KARAF-785
> Project: Karaf
> Issue Type: Bug
> Components: karaf-webcontainer
> Affects Versions: 2.2.2
> Environment: Mac Snow Leopard 10.6.8, java version 1.6.0.6. Features
> installed in Karaf: spring/spring-web(3.0.5.RELEASE),
> spring-dm/spring-dm-web(1.2.1),
> config/http/war/webconsole-base/webconsole/ssh/management (2.2.2),
> hazelcast/hazelcast-monitor (1.9.3), cellar/celar-webconsole (2.2.1),
> activemq/activemq-spring/activemq-web-console (5.5.0), jetty
> (7.4.2.v20110526), default karaf jetty configuration.
> Reporter: Gareth Collins
> Priority: Minor
> Attachments: SpringSecurityExtTest.tar.gz, SpringSecurityExtTest.war,
> SpringSecurityTest.jar.gz, SpringSecurityTest.war
>
>
> Hello,
> This issue has been initiated from a thread in the karaf user forum:
> http://karaf.922171.n3.nabble.com/Mixing-Jetty-Security-and-Spring-Security-In-Karaf-tc3202093.html
> I created a simple web application (which I hope I can attach) with two
> locations secured with spring security configured for basic authentication:
> http://localhost:8181/sst/index.html - static web page
> http://localhost:8181/sst/sst - executes a test servlet
> To reproduce the jetty exception, I:
> (1) First connect to http://localhost:8181/sst/index.html - a 401 response is
> returned and I enter username "rod", password "koala" ("rod" is a valid user
> in my sample app). The index.html page "Hello OSGi World" is displayed.
> (2) Now I repoint my browser at the servlet http://localhost:8181/sst/sst. I
> get through to my servlet page which displays "Hello OSGi World Servlet. User
> Principle = <User Principle>". Whilst the page is displayed correctly I also
> see the following exception from Jetty:
> 14:58:52,909 | WARN | 56-57 - /sst/sst | log |
> .eclipse.jetty.util.log.Slf4jLog 50 | 46 - org.eclipse.jetty.util -
> 7.4.2.v20110526 | EXCEPTION
> javax.security.auth.login.FailedLoginException: User rod does not exist
> at
> org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.login(PropertiesLoginModule.java:98)
> at
> org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)[:1.6.0_26]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_26]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_26]
> at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_26]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_26]
> at
> org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[59:org.eclipse.jetty.plus:7.4.2.v20110526]
> at
> org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:77)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at
> org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:100)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.Request.getAuthType(Request.java:353)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at
> javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at
> com.mytestcompany.sst.SSTServlet.service(SSTServlet.java:36)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.internal.WelcomeFilesFilter.doFilter(WelcomeFilesFilter.java:169)[62:org.ops4j.pax.web.pax-web-runtime:1.0.4]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:480)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.Server.handle(Server.java:342)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)[48:org.eclipse.jetty.http:7.4.2.v20110526]
> at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)[48:org.eclipse.jetty.http:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[47:org.eclipse.jetty.io:7.4.2.v20110526]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[47:org.eclipse.jetty.io:7.4.2.v20110526]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[46:org.eclipse.jetty.util:7.4.2.v20110526]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_26]
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
