[
https://issues.apache.org/jira/browse/KARAF-785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13089201#comment-13089201
]
Gareth Collins commented on KARAF-785:
--------------------------------------
My apologies. I didn't see the response until now.
I can close the JIRA. It isn't a big issue.
Is there any way for me to configure Karaf JAAS/Pax Web/Jetty to not invoke the
JAAS mechanism
for my servlet whilst keeping the JAAS mechanism for the Karaf console? If
someone eventually
needs to monitor this system, it would be nice to have some way to suppress the
exception.
thanks again,
Gareth
> Interaction Problem Between Karaf Jetty Security and Spring Security - Jetty
> Exception
> --------------------------------------------------------------------------------------
>
> Key: KARAF-785
> URL: https://issues.apache.org/jira/browse/KARAF-785
> Project: Karaf
> Issue Type: Bug
> Components: karaf-webcontainer
> Affects Versions: 2.2.2
> Environment: Mac Snow Leopard 10.6.8, java version 1.6.0.6. Features
> installed in Karaf: spring/spring-web(3.0.5.RELEASE),
> spring-dm/spring-dm-web(1.2.1),
> config/http/war/webconsole-base/webconsole/ssh/management (2.2.2),
> hazelcast/hazelcast-monitor (1.9.3), cellar/celar-webconsole (2.2.1),
> activemq/activemq-spring/activemq-web-console (5.5.0), jetty
> (7.4.2.v20110526), default karaf jetty configuration.
> Reporter: Gareth Collins
> Priority: Minor
> Attachments: SpringSecurityExtTest.tar.gz, SpringSecurityExtTest.war,
> SpringSecurityTest.jar.gz, SpringSecurityTest.war
>
>
> Hello,
> This issue has been initiated from a thread in the karaf user forum:
> http://karaf.922171.n3.nabble.com/Mixing-Jetty-Security-and-Spring-Security-In-Karaf-tc3202093.html
> I created a simple web application (which I hope I can attach) with two
> locations secured with spring security configured for basic authentication:
> http://localhost:8181/sst/index.html - static web page
> http://localhost:8181/sst/sst - executes a test servlet
> To reproduce the jetty exception, I:
> (1) First connect to http://localhost:8181/sst/index.html - a 401 response is
> returned and I enter username "rod", password "koala" ("rod" is a valid user
> in my sample app). The index.html page "Hello OSGi World" is displayed.
> (2) Now I repoint my browser at the servlet http://localhost:8181/sst/sst. I
> get through to my servlet page which displays "Hello OSGi World Servlet. User
> Principle = <User Principle>". Whilst the page is displayed correctly I also
> see the following exception from Jetty:
> 14:58:52,909 | WARN | 56-57 - /sst/sst | log |
> .eclipse.jetty.util.log.Slf4jLog 50 | 46 - org.eclipse.jetty.util -
> 7.4.2.v20110526 | EXCEPTION
> javax.security.auth.login.FailedLoginException: User rod does not exist
> at
> org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.login(PropertiesLoginModule.java:98)
> at
> org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)[:1.6.0_26]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_26]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_26]
> at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_26]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_26]
> at
> javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_26]
> at
> org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[59:org.eclipse.jetty.plus:7.4.2.v20110526]
> at
> org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:77)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at
> org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:100)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.Request.getAuthType(Request.java:353)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at
> javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at
> com.mytestcompany.sst.SSTServlet.service(SSTServlet.java:36)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
> at
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)[752:com.mytestcompany.spring-security-test:1.0.0]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.internal.WelcomeFilesFilter.doFilter(WelcomeFilesFilter.java:169)[62:org.ops4j.pax.web.pax-web-runtime:1.0.4]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:480)[53:org.eclipse.jetty.security:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.Server.handle(Server.java:342)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)[48:org.eclipse.jetty.http:7.4.2.v20110526]
> at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)[48:org.eclipse.jetty.http:7.4.2.v20110526]
> at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[52:org.eclipse.jetty.server:7.4.2.v20110526]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[47:org.eclipse.jetty.io:7.4.2.v20110526]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[47:org.eclipse.jetty.io:7.4.2.v20110526]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[46:org.eclipse.jetty.util:7.4.2.v20110526]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_26]
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
