Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
Steinar, This helps! Paul Spencer On 2024/01/24 12:38:27 Steinar Bang wrote: > > Paul Spencer : > > > Karaf 4.4.5 > > How do I protect a OSGi JAX-RS whiteboard REST service using Basic > > Authentication? > > Apache Shiro can do basic auth (among other things). > https://shiro.apache.org > > This project is a shiro realm with a simple JDBC database and a react.js > frontend to to user management: > https://github.com/steinarb/authservice > > You can install it directly in karaf by installing it's karaf feature > (the feature and all bundles are released to maven central, and is > released under APLv2). > > Some web whiteboard projects using authservice for users and roles and > stuff: > > https://github.com/steinarb/oldalbum/blob/master/oldalbum.web.security/src/main/resources/shiro.ini > > https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/resources/shiro.ini > > https://github.com/steinarb/handlelapp/blob/master/handlelapp.web.security/src/main/resources/shiro.ini > > https://github.com/steinarb/sampleapp/blob/master/sampleapp.web.security/src/main/resources/shiro.ini > > None of them use basic auth, but that should basically (pun not > intended) just be to replace "authc" with "authcBasic". > > Later specific definitions in the [url] sections, will override earlier > more generic definitions. So you can block the API requiring a loging > of a user with a certain role, and then open up for e.g. login or login > state check endpoints. > > (The reason for anon access of many rest endpoints is to avoid 302 > redirects on REST API calls I need to do before logging in, because web > browsers don't handle 302 redirects on REST API calls real well) > >
Change in SSH server session close when going from 4.3.10 to 4.4.5
Hi all, I noticed a change in SSH server session close behavior, as I upgraded from 4.3.10 to 4.4.5. Doing calls such as ssh -p 8101 karaf@localhost feature:list still works fine. However with 4.4.5, the ssh client now sporadically reports Connection to localhost closed by remote host. The difference seems in the session shutdown. In the "good" case it is: debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: chan_shutdown_write (i0 o1 sock -1 wfd 5 efd 6 [write]) debug2: channel 0: output drain -> closed debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug2: channel 0: rcvd close debug2: channel 0: chan_shutdown_read (i0 o3 sock -1 wfd 4 efd 6 [write]) debug2: channel 0: input open -> closed debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2064, received 28800 bytes, in 0.1 seconds Bytes per second: sent 23511.4, received 328065.6 debug1: Exit status 0 In the "bad" case it is: debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: chan_shutdown_write (i0 o1 sock -1 wfd 5 efd 6 [write]) debug2: channel 0: output drain -> closed debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 Connection to localhost closed by remote host. Transferred: sent 2048, received 28768 bytes, in 0.0 seconds Bytes per second: sent 41302.3, received 580168.6 debug1: Exit status 0 Seems a timing issue, interacting with the new SSHD code? - Martin
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
> Paul Spencer : > Karaf 4.4.5 > How do I protect a OSGi JAX-RS whiteboard REST service using Basic > Authentication? Apache Shiro can do basic auth (among other things). https://shiro.apache.org This project is a shiro realm with a simple JDBC database and a react.js frontend to to user management: https://github.com/steinarb/authservice You can install it directly in karaf by installing it's karaf feature (the feature and all bundles are released to maven central, and is released under APLv2). Some web whiteboard projects using authservice for users and roles and stuff: https://github.com/steinarb/oldalbum/blob/master/oldalbum.web.security/src/main/resources/shiro.ini https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/resources/shiro.ini https://github.com/steinarb/handlelapp/blob/master/handlelapp.web.security/src/main/resources/shiro.ini https://github.com/steinarb/sampleapp/blob/master/sampleapp.web.security/src/main/resources/shiro.ini None of them use basic auth, but that should basically (pun not intended) just be to replace "authc" with "authcBasic". Later specific definitions in the [url] sections, will override earlier more generic definitions. So you can block the API requiring a loging of a user with a certain role, and then open up for e.g. login or login state check endpoints. (The reason for anon access of many rest endpoints is to avoid 302 redirects on REST API calls I need to do before logging in, because web browsers don't handle 302 redirects on REST API calls real well)