Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-29 Thread Jean-Baptiste Onofre 
Thanks, I will take a look.

Regards
JB

> Le 29 juin 2020 à 08:31, Gerald Kallas  a écrit :
> 
> I'm going to create the tickets for the issues. We may extend these so far 
> with additional information.
> 
> Best
> - Gerald
> 
>> Jean-Baptiste Onofre  hat am 29.06.2020 07:40 geschrieben:
>> 
>> 
>> I thought Gerald already explained it on the mailing list. My intention is 
>> more to create the Jira with the details.
>> 
>> Regards
>> JB
>> 
>>> Le 29 juin 2020 à 07:33, Andrea Cosentino  a écrit :
>>> 
>>> I think it's good to have the details shared in public.
>>> 
>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre >> > ha scritto:
>>> Hi,
>>> 
>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>> 
>>> Can you please send a private message about issues you have with Karaf 
>>> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>> 
>>> Thanks,
>>> Regards
>>> JB
>>> 
 Le 28 juin 2020 à 22:02, Gerald Kallas >>> > a écrit :
 
 I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the 
 workaround works as expected. Seems that Jetty has been updated in Karaf 
 4.2.9?
 
 (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other 
 issues.)
 
> Gerald Kallas mailto:catsh...@mailbox.org>> hat am 
> 28.06.2020 18:12 geschrieben:
> 
> 
> Hi all,
> 
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> 
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries 
> in my etc/jetty.xml I'm getting an error as attached below.
> 
> Neither hawtio nor my servlet are working any longer. Seems that now both 
> entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> 
> With both entries, as you found Grzegorz, the authentication doesn't work.
> 
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have 
> another workaround for that behaviour?
> 
> Best
> - Gerald
> 
> 
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted   
> | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could 
> not start the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: 
> java.lang.ClassNotFoundException: 
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>   at 
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
>  ~[?:?]
>   at 
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
>  ~[?:?]
>   at 
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
>  ~[?:?]
>   at 
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
>  ~[?:?]
>   at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  ~[?:?]
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  ~[?:?]
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
>  ~[?:?]
>   at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  ~[?:?]
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  ~[?:?]
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
>  ~[?:?]
>   at 
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
>  ~[?:?]
>   at 
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
>  ~[?:?]
>   at 
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
>  ~[?:?]
>   at 
>

Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-29 Thread Gerald Kallas 
I'm going to create the tickets for the issues. We may extend these so far with 
additional information.

Best
- Gerald

> Jean-Baptiste Onofre  hat am 29.06.2020 07:40 geschrieben:
> 
>  
> I thought Gerald already explained it on the mailing list. My intention is 
> more to create the Jira with the details.
> 
> Regards
> JB
> 
> > Le 29 juin 2020 à 07:33, Andrea Cosentino  a écrit :
> > 
> > I think it's good to have the details shared in public.
> > 
> > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre  > > ha scritto:
> > Hi,
> > 
> > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> > 
> > Can you please send a private message about issues you have with Karaf 
> > 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> > 
> > Thanks,
> > Regards
> > JB
> > 
> > > Le 28 juin 2020 à 22:02, Gerald Kallas  > > > a écrit :
> > > 
> > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the 
> > > workaround works as expected. Seems that Jetty has been updated in Karaf 
> > > 4.2.9?
> > > 
> > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other 
> > > issues.)
> > > 
> > >> Gerald Kallas mailto:catsh...@mailbox.org>> hat 
> > >> am 28.06.2020 18:12 geschrieben:
> > >> 
> > >> 
> > >> Hi all,
> > >> 
> > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> > >> 
> > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService 
> > >> entries in my etc/jetty.xml I'm getting an error as attached below.
> > >> 
> > >> Neither hawtio nor my servlet are working any longer. Seems that now 
> > >> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> > >> 
> > >> With both entries, as you found Grzegorz, the authentication doesn't 
> > >> work.
> > >> 
> > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you 
> > >> have another workaround for that behaviour?
> > >> 
> > >> Best
> > >> - Gerald
> > >> 
> > >> 
> > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted  
> > >>  | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could 
> > >> not start the servlet context for context path []
> > >> java.lang.SecurityException: AuthConfigFactory error: 
> > >> java.lang.ClassNotFoundException: 
> > >> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
> > >> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >>at 
> > >> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> > >>  ~[?:?]
> > >>at 
> > >> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> > >>  ~[?:?]
> > >>at 
> > >> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> > >>  ~[?:?]
> > >>at 
> > >>

Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-28 Thread Jean-Baptiste Onofre 
I thought Gerald already explained it on the mailing list. My intention is more 
to create the Jira with the details.

Regards
JB

> Le 29 juin 2020 à 07:33, Andrea Cosentino  a écrit :
> 
> I think it's good to have the details shared in public.
> 
> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre  > ha scritto:
> Hi,
> 
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> 
> Can you please send a private message about issues you have with Karaf 4.2.9 
> and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> 
> Thanks,
> Regards
> JB
> 
> > Le 28 juin 2020 à 22:02, Gerald Kallas  > > a écrit :
> > 
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the 
> > workaround works as expected. Seems that Jetty has been updated in Karaf 
> > 4.2.9?
> > 
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other 
> > issues.)
> > 
> >> Gerald Kallas mailto:catsh...@mailbox.org>> hat am 
> >> 28.06.2020 18:12 geschrieben:
> >> 
> >> 
> >> Hi all,
> >> 
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >> 
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries 
> >> in my etc/jetty.xml I'm getting an error as attached below.
> >> 
> >> Neither hawtio nor my servlet are working any longer. Seems that now both 
> >> entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >> 
> >> With both entries, as you found Grzegorz, the authentication doesn't work.
> >> 
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have 
> >> another workaround for that behaviour?
> >> 
> >> Best
> >> - Gerald
> >> 
> >> 
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted
> >>| 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not 
> >> start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error: 
> >> java.lang.ClassNotFoundException: 
> >> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
> >> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >>at 
> >> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> >>  ~[?:?]
> >>at 
> >> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> >>  ~[?:?]
> >>at 
> >> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> >>  ~[?:?]
> >>at 
> >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> >>  ~[?:?]
> >>at 
> >> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> >>  ~[?:?]
> >>at 
> >>

Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-28 Thread Andrea Cosentino 
I think it's good to have the details shared in public.

Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre  ha scritto:

> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf
> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas  a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the
> workaround works as expected. Seems that Jetty has been updated in Karaf
> 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other
> issues.)
> >
> >> Gerald Kallas  hat am 28.06.2020 18:12
> geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService
> entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now
> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't
> work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
> have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  |
> HttpServiceStarted   | 266 - org.ops4j.pax.web.pax-web-runtime
> - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >>at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> >>at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> >>at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> >>at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> >>at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> >>at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> >>at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> >>at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> >>at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> >>at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >>at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> >>at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> >>at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> >>at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> >>at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> >>at
>

Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-28 Thread Jean-Baptiste Onofre 
Hi,

Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.

Can you please send a private message about issues you have with Karaf 4.2.9 
and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?

Thanks,
Regards
JB

> Le 28 juin 2020 à 22:02, Gerald Kallas  a écrit :
> 
> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the 
> workaround works as expected. Seems that Jetty has been updated in Karaf 
> 4.2.9?
> 
> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other 
> issues.)
> 
>> Gerald Kallas  hat am 28.06.2020 18:12 geschrieben:
>> 
>> 
>> Hi all,
>> 
>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>> 
>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in 
>> my etc/jetty.xml I'm getting an error as attached below.
>> 
>> Neither hawtio nor my servlet are working any longer. Seems that now both 
>> entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>> 
>> With both entries, as you found Grzegorz, the authentication doesn't work.
>> 
>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have 
>> another workaround for that behaviour?
>> 
>> Best
>> - Gerald
>> 
>> 
>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted  
>>  | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not 
>> start the servlet context for context path []
>> java.lang.SecurityException: AuthConfigFactory error: 
>> java.lang.ClassNotFoundException: 
>> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
>> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>at 
>> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) 
>> ~[?:?]
>>at 
>> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
>>  ~[?:?]
>>at 
>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
>>  ~[?:?]
>>at 
>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
>>  ~[?:?]
>>at 
>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>>  ~[?:?]
>>at 
>> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
>>  ~[?:?]
>>at 
>> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
>>  [!/:?]
>>at 
>> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
>>  [!/:?]
>>at 
>> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
>>  [!/:?]
>>at 
>> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
>>  [!/:?]
>>at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown 
>> Source) [?:?]
>>at 
>>

Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-28 Thread Gerald Kallas 
I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround 
works as expected. Seems that Jetty has been updated in Karaf 4.2.9?

(The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)

> Gerald Kallas  hat am 28.06.2020 18:12 geschrieben:
> 
>  
> Hi all,
> 
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> 
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in 
> my etc/jetty.xml I'm getting an error as attached below.
> 
> Neither hawtio nor my servlet are working any longer. Seems that now both 
> entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> 
> With both entries, as you found Grzegorz, the authentication doesn't work.
> 
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have 
> another workaround for that behaviour?
> 
> Best
> - Gerald
> 
> 
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted   
> | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start 
> the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error: 
> java.lang.ClassNotFoundException: 
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at 
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
>  ~[?:?]
> at 
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
>  ~[?:?]
> at 
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) 
> ~[?:?]
> at 
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
>  ~[?:?]
> at 
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
>  ~[?:?]
> at 
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
>  ~[?:?]
> at 
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
>  ~[?:?]
> at 
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
>  ~[?:?]
> at 
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
>  ~[?:?]
> at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
>  ~[?:?]
> at 
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
>  ~[?:?]
> at 
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
>  [!/:?]
> at 
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
>  [!/:?]
> at 
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
>  [!/:?]
> at 
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
>  [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown 
> Source) [?:?]
> at 
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
>  [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method) ~[?:?]
> at 
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>  ~[?:?]
> at 
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[?:?]
> at

Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0

2020-06-28 Thread Gerald Kallas 
Hi all,

I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.

after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my 
etc/jetty.xml I'm getting an error as attached below.

Neither hawtio nor my servlet are working any longer. Seems that now both 
entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.

With both entries, as you found Grzegorz, the authentication doesn't work.

Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have 
another workaround for that behaviour?

Best
- Gerald


2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted 
  | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the 
servlet context for context path []
java.lang.SecurityException: AuthConfigFactory error: 
java.lang.ClassNotFoundException: 
org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
at 
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
 ~[?:?]
at 
org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
 ~[?:?]
at 
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) 
~[?:?]
at 
org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
 ~[?:?]
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
 ~[?:?]
at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
 ~[?:?]
at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
 ~[?:?]
at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
 ~[?:?]
at 
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) 
~[?:?]
at 
org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
 ~[?:?]
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
 ~[?:?]
at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
 ~[?:?]
at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
 ~[?:?]
at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
 ~[?:?]
at 
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) 
~[?:?]
at 
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
 ~[?:?]
at 
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
 ~[?:?]
at 
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
 ~[?:?]
at 
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
 ~[?:?]
at 
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
 ~[?:?]
at 
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
 ~[?:?]
at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
 ~[?:?]
at 
org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
 ~[?:?]
at 
org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
 [!/:?]
at 
org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
 [!/:?]
at 
org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
 [!/:?]
at 
org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
 [!/:?]
at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown 
Source) [?:?]
at 
org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
 [!/:3.4.0]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 ~[?:?]
at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at 
org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
 [!/:1.10.2]
at 
org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) 
[!/:1.10.2]
at 
org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
 [!/:1.10.2]
at 
org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
 [!/:1.10.2]
at

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-19 Thread Grzegorz Grzybek 
Hello

wt., 19 maj 2020 o 16:25 Gerald Kallas  napisał(a):

> Thanks, that helps also a lot.
>
> So, what's with the other question, is it possible to define roles, users
> and passwords in multiple files and assign to a HTTP context?
>

I think it's not the role of this "http context processing" to act as
credential repository. The "connection" is via JAAS realm and you can also
point the context to e.g., LDAP realm and have roles/users defined there.

regards
Grzegorz Grzybek


>
> Best
> - Gerald
>
> > Jean-Baptiste Onofre  hat am 19. Mai 2020 07:02
> geschrieben:
> >
> >
> > Hi,
> >
> > Sorry I was busy with Karaf 4.2.9 preparation and ActiveMQ releases.
> >
> > About several port, yes, it’s possible:
> >
> > http://blog.nanthrax.net/?p=352
> >
> > Then you have to assign servlet to port using VirtualHosts (no other way
> for now). I already created couple of Jira to deal with that easily:
> >
> > https://issues.apache.org/jira/browse/KARAF-6632
> >
> > I will focus on web improvements for 4.2.10 and 4.3.0.RC2.
> >
> > Regards
> > JB
> >
> >
> >
> > > Le 18 mai 2020 à 23:39, Gerald Kallas  a écrit :
> > > Hi Grzegorz,
> > >
> > > perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it
> works!
> > >
> > > Thanks a lot for digging into the details! I really appreciate this.
> > >
> > > Is there a reason that in the default jetty.xml exist 2
> org.eclipse.jetty.jaas.JAASLoginService definitions?
> > >
> > > One further question .. would it be possible to extend Jetty to use an
> other port additionally and bind the servlets to this additional port only
> (it's for security reasons because I don't want to expose the web console
> externally, only the functional servlets).
> > >
> > > I tried some other approach too, described here
> https://www.catshout.de/?p=161. This one is tricky as a Jetty security
> handler can be bind only once to a port.
> > >
> > > You mentioned Undertow. It's also contained in Camel. So I wonder what
> might be finally the best and straightforward approach for the following
> requirements
> > >
> > > 1. Define multiple URIs on on single port
> > > 2. Secure the communication with TLS
> > > 3. Define independently an authentication for each URI on this single
> port
> > >
> > > Jetty?
> > > Servlet inside Jetty?
> > > Undertow?
> > >
> > > I'll test now multiple servlets inside Jetty for independent
> co-existence.
> > >
> > > Best
> > > - Gerald
> > >
> > >
> > > > Grzegorz Grzybek  hat am 18. Mai 2020 15:24
> geschrieben:
> > > >
> > > >
> > > > Hello
> > > >
> > > > I have some answer. First, the "http context processing" feature was
> mainly tested to "inject" Keycloak authenticator and I mostly tested it
> with pax-web-undertow.
> > > >
> > > > But I checked how it works with pax-web-jetty in the debugger.
> > > >
> > > > The key problem is that when Jetty's SecurityHandler is starting, it
> tries to find/discover org.eclipse.jetty.security.LoginService instance.
> > > >
> > > > With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
> > > >
> > > > else if (list.size() == 1)
> > > > service = list.iterator().next();
> > > >
> > > > So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
> > > >
> > > > list = {java.util.ArrayList@9544} size = 1
> > > >  0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
> > > > LOG: org.eclipse.jetty.util.log.Logger =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > > > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> "org.eclipse.jetty.jaas.JAASRole"
> > > > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> {java.lang.String[1]@9551}
> > > > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > > > _callbackHandlerClass: java.lang.String = null
> > > > _realmName: java.lang.String = "karaf"
> > > > _loginModuleName: java.lang.String = "karaf"
> > > >
> > > > Now, with your Camel route, I got:
> > > >
> > > > $ curl -v http://localhost:8181/camel/api/say/hello
> > > > * Trying ::1:8181...
> > > > * Connected to localhost (::1) port 8181 (#0)
> > > >
> > > > > GET /camel/api/say/hello HTTP/1.1
> > > > > Host: localhost:8181
> > > > > User-Agent: curl/7.69.1
> > > > > Accept: */*
> > > > >
> > > > * Mark bundle as not supporting multiuse
> > > > < HTTP/1.1 404 Not Found
> > > > < Cache-Control: must-revalidate,no-cache,no-store
> > > > < Content-Type: text/html;charset=iso-8859-1
> > > > < Content-Length: 456
> > > > < Server: Jetty(9.4.22.v20191022)
> > > > <
> > > >
> > > > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > > > * Trying ::1:8181...
> > > > * Connected to localhost (::1) port 8181 (#0)
> > > > * Server auth using Basic with user 'karaf'
> > > >
> > > > > GET /camel/api/say/hello HTTP/1.1
> > > > > Host: localhost:8181

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-19 Thread Gerald Kallas 
Thanks, that helps also a lot.

So, what's with the other question, is it possible to define roles, users and 
passwords in multiple files and assign to a HTTP context?

Best
- Gerald

> Jean-Baptiste Onofre  hat am 19. Mai 2020 07:02 
> geschrieben:
> 
> 
> Hi,
> 
> Sorry I was busy with Karaf 4.2.9 preparation and ActiveMQ releases.
> 
> About several port, yes, it’s possible:
> 
> http://blog.nanthrax.net/?p=352
> 
> Then you have to assign servlet to port using VirtualHosts (no other way for 
> now). I already created couple of Jira to deal with that easily:
> 
> https://issues.apache.org/jira/browse/KARAF-6632
> 
> I will focus on web improvements for 4.2.10 and 4.3.0.RC2.
> 
> Regards
> JB
> 
> 
> 
> > Le 18 mai 2020 à 23:39, Gerald Kallas  a écrit :
> > Hi Grzegorz,
> > 
> > perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!
> > 
> > Thanks a lot for digging into the details! I really appreciate this.
> > 
> > Is there a reason that in the default jetty.xml exist 2 
> > org.eclipse.jetty.jaas.JAASLoginService definitions?
> > 
> > One further question .. would it be possible to extend Jetty to use an 
> > other port additionally and bind the servlets to this additional port only 
> > (it's for security reasons because I don't want to expose the web console 
> > externally, only the functional servlets).
> > 
> > I tried some other approach too, described here 
> > https://www.catshout.de/?p=161. This one is tricky as a Jetty security 
> > handler can be bind only once to a port.
> > 
> > You mentioned Undertow. It's also contained in Camel. So I wonder what 
> > might be finally the best and straightforward approach for the following 
> > requirements
> > 
> > 1. Define multiple URIs on on single port
> > 2. Secure the communication with TLS
> > 3. Define independently an authentication for each URI on this single port
> > 
> > Jetty?
> > Servlet inside Jetty?
> > Undertow?
> > 
> > I'll test now multiple servlets inside Jetty for independent co-existence.
> > 
> > Best
> > - Gerald
> > 
> > 
> > > Grzegorz Grzybek  hat am 18. Mai 2020 15:24 
> > > geschrieben:
> > > 
> > > 
> > > Hello
> > > 
> > > I have some answer. First, the "http context processing" feature was 
> > > mainly tested to "inject" Keycloak authenticator and I mostly tested it 
> > > with pax-web-undertow.
> > > 
> > > But I checked how it works with pax-web-jetty in the debugger.
> > > 
> > > The key problem is that when Jetty's SecurityHandler is starting, it 
> > > tries to find/discover org.eclipse.jetty.security.LoginService instance.
> > > 
> > > With default etc/jetty.xml, there are TWO beans with 
> > > org.eclipse.jetty.jaas.JAASLoginService class and 
> > > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does 
> > > this:
> > > 
> > > else if (list.size() == 1)
> > > service = list.iterator().next();
> > > 
> > > So I simply made it working by ensuring there's only one 
> > > org.eclipse.jetty.jaas.JAASLoginService:
> > > 
> > > list = {java.util.ArrayList@9544} size = 1
> > >  0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} 
> > > "JAASLoginService@7ba67d0b{STARTED}"
> > > LOG: org.eclipse.jetty.util.log.Logger = 
> > > {org.eclipse.jetty.util.log.Slf4jLog@9549} 
> > > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > > DEFAULT_ROLE_CLASS_NAME: java.lang.String = 
> > > "org.eclipse.jetty.jaas.JAASRole"
> > > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551} 
> > > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552} 
> > > _callbackHandlerClass: java.lang.String = null
> > > _realmName: java.lang.String = "karaf"
> > > _loginModuleName: java.lang.String = "karaf"
> > > 
> > > Now, with your Camel route, I got:
> > > 
> > > $ curl -v http://localhost:8181/camel/api/say/hello
> > > * Trying ::1:8181...
> > > * Connected to localhost (::1) port 8181 (#0)
> > > 
> > > > GET /camel/api/say/hello HTTP/1.1
> > > > Host: localhost:8181
> > > > User-Agent: curl/7.69.1
> > > > Accept: */*
> > > > 
> > > * Mark bundle as not supporting multiuse
> > > < HTTP/1.1 404 Not Found
> > > < Cache-Control: must-revalidate,no-cache,no-store
> > > < Content-Type: text/html;charset=iso-8859-1
> > > < Content-Length: 456
> > > < Server: Jetty(9.4.22.v20191022)
> > > < 
> > > 
> > > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > > * Trying ::1:8181...
> > > * Connected to localhost (::1) port 8181 (#0)
> > > * Server auth using Basic with user 'karaf'
> > > 
> > > > GET /camel/api/say/hello HTTP/1.1
> > > > Host: localhost:8181
> > > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > > User-Agent: curl/7.69.1
> > > > Accept: */*
> > > > 
> > > * Mark bundle as not supporting multiuse
> > > < HTTP/1.1 200 OK
> > > < Content-Type: application/json
> > > < Accept: */*
> > > < Authorization: Basic a2FyYWY6a2FyYWY=
> > > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > > < User-Agent: curl/7.69.1
> > > < Transfer-Encoding: chunked
>

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Jean-Baptiste Onofre 
Hi,

Sorry I was busy with Karaf 4.2.9 preparation and ActiveMQ releases.

About several port, yes, it’s possible:

http://blog.nanthrax.net/?p=352 

Then you have to assign servlet to port using VirtualHosts (no other way for 
now). I already created couple of Jira to deal with that easily:

https://issues.apache.org/jira/browse/KARAF-6632 


I will focus on web improvements for 4.2.10 and 4.3.0.RC2.

Regards
JB

> Le 18 mai 2020 à 23:39, Gerald Kallas  a écrit :
> 
> Hi Grzegorz,
> 
> perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!
> 
> Thanks a lot for digging into the details! I really appreciate this.
> 
> Is there a reason that in the default jetty.xml exist 2 
> org.eclipse.jetty.jaas.JAASLoginService definitions?
> 
> One further question .. would it be possible to extend Jetty to use an other 
> port additionally and bind the servlets to this additional port only (it's 
> for security reasons because I don't want to expose the web console 
> externally, only the functional servlets).
> 
> I tried some other approach too, described here 
> https://www.catshout.de/?p=161. This one is tricky as a Jetty security 
> handler can be bind only once to a port.
> 
> You mentioned Undertow. It's also contained in Camel. So I wonder what might 
> be finally the best and straightforward approach for the following 
> requirements
> 
> 1. Define multiple URIs on on single port
> 2. Secure the communication with TLS
> 3. Define independently an authentication for each URI on this single port
> 
> Jetty?
> Servlet inside Jetty?
> Undertow?
> 
> I'll test now multiple servlets inside Jetty for independent co-existence.
> 
> Best
> - Gerald
> 
>> Grzegorz Grzybek  hat am 18. Mai 2020 15:24 
>> geschrieben:
>> 
>> 
>> Hello
>> 
>> I have some answer. First, the "http context processing" feature was mainly 
>> tested to "inject" Keycloak authenticator and I mostly tested it with 
>> pax-web-undertow.
>> 
>> But I checked how it works with pax-web-jetty in the debugger.
>> 
>> The key problem is that when Jetty's SecurityHandler is starting, it tries 
>> to find/discover org.eclipse.jetty.security.LoginService instance.
>> 
>> With default etc/jetty.xml, there are TWO beans with 
>> org.eclipse.jetty.jaas.JAASLoginService class and 
>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does 
>> this:
>> 
>> else if (list.size() == 1)
>> service = list.iterator().next();
>> 
>> So I simply made it working by ensuring there's only one 
>> org.eclipse.jetty.jaas.JAASLoginService:
>> 
>> list = {java.util.ArrayList@9544} size = 1
>>  0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} 
>> "JAASLoginService@7ba67d0b{STARTED}"
>> LOG: org.eclipse.jetty.util.log.Logger = 
>> {org.eclipse.jetty.util.log.Slf4jLog@9549} 
>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>> DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551} 
>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552} 
>> _callbackHandlerClass: java.lang.String = null
>> _realmName: java.lang.String = "karaf"
>> _loginModuleName: java.lang.String = "karaf"
>> 
>> Now, with your Camel route, I got:
>> 
>> $ curl -v http://localhost:8181/camel/api/say/hello
>> * Trying ::1:8181...
>> * Connected to localhost (::1) port 8181 (#0)
>>> GET /camel/api/say/hello HTTP/1.1
>>> Host: localhost:8181
>>> User-Agent: curl/7.69.1
>>> Accept: */*
>>> 
>> * Mark bundle as not supporting multiuse
>> < HTTP/1.1 404 Not Found
>> < Cache-Control: must-revalidate,no-cache,no-store
>> < Content-Type: text/html;charset=iso-8859-1
>> < Content-Length: 456
>> < Server: Jetty(9.4.22.v20191022)
>> < 
>> 
>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
>> * Trying ::1:8181...
>> * Connected to localhost (::1) port 8181 (#0)
>> * Server auth using Basic with user 'karaf'
>>> GET /camel/api/say/hello HTTP/1.1
>>> Host: localhost:8181
>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>> User-Agent: curl/7.69.1
>>> Accept: */*
>>> 
>> * Mark bundle as not supporting multiuse
>> < HTTP/1.1 200 OK
>> < Content-Type: application/json
>> < Accept: */*
>> < Authorization: Basic a2FyYWY6a2FyYWY=
>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>> < User-Agent: curl/7.69.1
>> < Transfer-Encoding: chunked
>> < Server: Jetty(9.4.22.v20191022)
>> < 
>> * Connection #0 to host localhost left intact
>> "Hello World"
>> 
>> In theory it should be possible to grab (in etc/jetty.xml, using  
>> element) instance of SecurityHandler and simply set there the "realmName" 
>> property to "Karaf", so even with two different beans with 
>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right 
>> one. But in Pax Web security handler is part of every 
>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and only 
>>

Fwd: Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Gerald Kallas 
And .. is there a way in the servlet approach with Jetty to have multiple 
properties files for users and roles (eg 1 per servlet)?

-- Ursprüngliche Nachricht --
Von: Gerald Kallas 
An: Grzegorz Grzybek , users@camel.apache.org
Datum: 18. Mai 2020 23:39
Betreff: Re: Basic authentication of WAB using Jaas in Karaf

 
Hi Grzegorz,

perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!

Thanks a lot for digging into the details! I really appreciate this.

Is there a reason that in the default jetty.xml exist 2 
org.eclipse.jetty.jaas.JAASLoginService definitions?

One further question .. would it be possible to extend Jetty to use an other 
port additionally and bind the servlets to this additional port only (it's for 
security reasons because I don't want to expose the web console externally, 
only the functional servlets).

I tried some other approach too, described here https://www.catshout.de/?p=161. 
This one is tricky as a Jetty security handler can be bind only once to a port.

You mentioned Undertow. It's also contained in Camel. So I wonder what might be 
finally the best and straightforward approach for the following requirements

1. Define multiple URIs on on single port
2. Secure the communication with TLS
3. Define independently an authentication for each URI on this single port

Jetty?
Servlet inside Jetty?
Undertow?

I'll test now multiple servlets inside Jetty for independent co-existence.

Best
- Gerald

> Grzegorz Grzybek  hat am 18. Mai 2020 15:24 geschrieben:
> 
> 
> Hello
> 
> I have some answer. First, the "http context processing" feature was mainly 
> tested to "inject" Keycloak authenticator and I mostly tested it with 
> pax-web-undertow.
> 
> But I checked how it works with pax-web-jetty in the debugger.
> 
> The key problem is that when Jetty's SecurityHandler is starting, it tries to 
> find/discover org.eclipse.jetty.security.LoginService instance.
> 
> With default etc/jetty.xml, there are TWO beans with 
> org.eclipse.jetty.jaas.JAASLoginService class and 
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does 
> this:
> 
> else if (list.size() == 1)
>  service = list.iterator().next();
> 
> So I simply made it working by ensuring there's only one 
> org.eclipse.jetty.jaas.JAASLoginService:
> 
> list = {java.util.ArrayList@9544} size = 1
>  0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} 
> "JAASLoginService@7ba67d0b{STARTED}"
>  LOG: org.eclipse.jetty.util.log.Logger = 
> {org.eclipse.jetty.util.log.Slf4jLog@9549} 
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>  DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
>  DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551} 
>  _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552} 
>  _callbackHandlerClass: java.lang.String = null
>  _realmName: java.lang.String = "karaf"
>  _loginModuleName: java.lang.String = "karaf"
> 
> Now, with your Camel route, I got:
> 
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> > 
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> < 
> 
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> > 
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> < 
> * Connection #0 to host localhost left intact
> "Hello World"
> 
> In theory it should be possible to grab (in etc/jetty.xml, using  
> element) instance of SecurityHandler and simply set there the "realmName" 
> property to "Karaf", so even with two different beans with 
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right 
> one. But in Pax Web security handler is part of every 
> org.ops4

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Gerald Kallas 
Hi Grzegorz,

perfect, removing one org.eclipse.jetty.jaas.JAASLoginService and it works!

Thanks a lot for digging into the details! I really appreciate this.

Is there a reason that in the default jetty.xml exist 2 
org.eclipse.jetty.jaas.JAASLoginService definitions?

One further question .. would it be possible to extend Jetty to use an other 
port additionally and bind the servlets to this additional port only (it's for 
security reasons because I don't want to expose the web console externally, 
only the functional servlets).

I tried some other approach too, described here https://www.catshout.de/?p=161. 
This one is tricky as a Jetty security handler can be bind only once to a port.

You mentioned Undertow. It's also contained in Camel. So I wonder what might be 
finally the best and straightforward approach for the following requirements

1. Define multiple URIs on on single port
2. Secure the communication with TLS
3. Define independently an authentication for each URI on this single port

Jetty?
Servlet inside Jetty?
Undertow?

I'll test now multiple servlets inside Jetty for independent co-existence.

Best
- Gerald

> Grzegorz Grzybek  hat am 18. Mai 2020 15:24 geschrieben:
> 
> 
> Hello
> 
> I have some answer. First, the "http context processing" feature was mainly 
> tested to "inject" Keycloak authenticator and I mostly tested it with 
> pax-web-undertow.
> 
> But I checked how it works with pax-web-jetty in the debugger.
> 
> The key problem is that when Jetty's SecurityHandler is starting, it tries to 
> find/discover org.eclipse.jetty.security.LoginService instance.
> 
> With default etc/jetty.xml, there are TWO beans with 
> org.eclipse.jetty.jaas.JAASLoginService class and 
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does 
> this:
> 
> else if (list.size() == 1)
>  service = list.iterator().next();
> 
> So I simply made it working by ensuring there's only one 
> org.eclipse.jetty.jaas.JAASLoginService:
> 
> list = {java.util.ArrayList@9544} size = 1
>  0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} 
> "JAASLoginService@7ba67d0b{STARTED}"
>  LOG: org.eclipse.jetty.util.log.Logger = 
> {org.eclipse.jetty.util.log.Slf4jLog@9549} 
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>  DEFAULT_ROLE_CLASS_NAME: java.lang.String = "org.eclipse.jetty.jaas.JAASRole"
>  DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = {java.lang.String[1]@9551} 
>  _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552} 
>  _callbackHandlerClass: java.lang.String = null
>  _realmName: java.lang.String = "karaf"
>  _loginModuleName: java.lang.String = "karaf"
> 
> Now, with your Camel route, I got:
> 
> $ curl -v http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> > 
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> < 
> 
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> * Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> > 
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> < 
> * Connection #0 to host localhost left intact
> "Hello World"
> 
> In theory it should be possible to grab (in etc/jetty.xml, using  
> element) instance of SecurityHandler and simply set there the "realmName" 
> property to "Karaf", so even with two different beans with 
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the right 
> one. But in Pax Web security handler is part of every 
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and only 
> in Pax Web 8 I'd be able to fix this in more clean way.
> 
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your 
> etc/jetty.xml
> 
> regards
> Grzegorz Grzybek
> 
> 
> pon., 18 maj 2020 o 10:25 Achim Nierbeck  
> napisał(a):
> > Hi,
> > 
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> > 
> > Can be found here:
> >

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Grzegorz Grzybek 
Hello

I'm glad you like it.

Unfortunately it's OSGi specific solution. But the fact that OSGi allows
that may still mean that flat-classpath approach is not the only one left
out there ;)

regards
Grzegorz Grzybek

pon., 18 maj 2020 o 17:01 Alex Soto  napisał(a):

> Thank you, Grzegorz, this is excellent news!
> I'm looking forward for this to be improved in version 8, as it is very
> useful, and not only for Keycloak.
> In particular, for securing Camel Rest services, and perhaps there are
> many other use cases as well.
>
> Best regards,
> Alex soto
>
>
>
>
> > On May 18, 2020, at 9:24 AM, Grzegorz Grzybek 
> wrote:
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was
> mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> >service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544}  size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> >  LOG: org.eclipse.jetty.util.log.Logger  =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >  DEFAULT_ROLE_CLASS_NAME: java.lang.String  =
> > "org.eclipse.jetty.jaas.JAASRole"
> >  DEFAULT_ROLE_CLASS_NAMES: java.lang.String[]  =
> > {java.lang.String[1]@9551}
> >  _roleClassNames: java.lang.String[]  = {java.lang.String[2]@9552}
> >  _callbackHandlerClass: java.lang.String  = null
> >  _realmName: java.lang.String  = "karaf"
> >  _loginModuleName: java.lang.String  = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > *   Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> >> GET /camel/api/say/hello HTTP/1.1
> >> Host: localhost:8181
> >> User-Agent: curl/7.69.1
> >> Accept: */*
> >>
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > *   Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> >> GET /camel/api/say/hello HTTP/1.1
> >> Host: localhost:8181
> >> Authorization: Basic a2FyYWY6a2FyYWY=
> >> User-Agent: curl/7.69.1
> >> Accept: */*
> >>
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> >  element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck  .invalid>
> > napisał(a):
> >
> >> Hi,
> >>
> >> I already also answered Gerald in another mail.
> >> I'm not quite sure but what might be an issue, is that the default
> >> http-context used in his application isn't bound to the underlying
> security
> >> realm.
> >> Therefore it's quite a possibility that there needs to be a
> configuration
> >> done in his own application, using his own http-Context.
> >>
> >> Can be found here:
> >>
> >>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>
> >>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >> and here:
> >>
> >>
>

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Alex Soto 
Thank you, Grzegorz, this is excellent news! 
I'm looking forward for this to be improved in version 8, as it is very useful, 
and not only for Keycloak.
In particular, for securing Camel Rest services, and perhaps there are many 
other use cases as well.

Best regards,
Alex soto




> On May 18, 2020, at 9:24 AM, Grzegorz Grzybek  wrote:
> 
> Hello
> 
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
> 
> But I checked how it works with pax-web-jetty in the debugger.
> 
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
> 
> else if (list.size() == 1)
>service = list.iterator().next();
> 
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
> 
> list = {java.util.ArrayList@9544}  size = 1
> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
>  LOG: org.eclipse.jetty.util.log.Logger  =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>  DEFAULT_ROLE_CLASS_NAME: java.lang.String  =
> "org.eclipse.jetty.jaas.JAASRole"
>  DEFAULT_ROLE_CLASS_NAMES: java.lang.String[]  =
> {java.lang.String[1]@9551}
>  _roleClassNames: java.lang.String[]  = {java.lang.String[2]@9552}
>  _callbackHandlerClass: java.lang.String  = null
>  _realmName: java.lang.String  = "karaf"
>  _loginModuleName: java.lang.String  = "karaf"
> 
> Now, with your Camel route, I got:
> 
> $ curl -v http://localhost:8181/camel/api/say/hello
> *   Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
>> GET /camel/api/say/hello HTTP/1.1
>> Host: localhost:8181
>> User-Agent: curl/7.69.1
>> Accept: */*
>> 
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
> 
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> *   Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
>> GET /camel/api/say/hello HTTP/1.1
>> Host: localhost:8181
>> Authorization: Basic a2FyYWY6a2FyYWY=
>> User-Agent: curl/7.69.1
>> Accept: */*
>> 
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
> 
> In theory it should be possible to grab (in etc/jetty.xml, using
>  element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
> 
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
> 
> regards
> Grzegorz Grzybek
> 
> pon., 18 maj 2020 o 10:25 Achim Nierbeck 
> napisał(a):
> 
>> Hi,
>> 
>> I already also answered Gerald in another mail.
>> I'm not quite sure but what might be an issue, is that the default
>> http-context used in his application isn't bound to the underlying security
>> realm.
>> Therefore it's quite a possibility that there needs to be a configuration
>> done in his own application, using his own http-Context.
>> 
>> Can be found here:
>> 
>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>> 
>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
>> and here:
>> 
>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>> 
>> regards, Achim
>> 
>> 
>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto >> :
>> 
>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
>>> Maybe somebody from the Pax-Web team can help you.
>>> The only suspicious thing is the warning:
>>> 
>>> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
>>>| 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
>>> authenticator for:

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Grzegorz Grzybek 
Hello

I have some answer. First, the "http context processing" feature was mainly
tested to "inject" Keycloak authenticator and I mostly tested it with
pax-web-undertow.

But I checked how it works with pax-web-jetty in the debugger.

The key problem is that when Jetty's SecurityHandler is starting, it tries
to find/discover org.eclipse.jetty.security.LoginService instance.
With default etc/jetty.xml, there are TWO beans with
org.eclipse.jetty.jaas.JAASLoginService class and
org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
this:

else if (list.size() == 1)
service = list.iterator().next();

So I simply made it working by ensuring there's only one
org.eclipse.jetty.jaas.JAASLoginService:

list = {java.util.ArrayList@9544}  size = 1
 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
"JAASLoginService@7ba67d0b{STARTED}"
  LOG: org.eclipse.jetty.util.log.Logger  =
{org.eclipse.jetty.util.log.Slf4jLog@9549}
"org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
  DEFAULT_ROLE_CLASS_NAME: java.lang.String  =
"org.eclipse.jetty.jaas.JAASRole"
  DEFAULT_ROLE_CLASS_NAMES: java.lang.String[]  =
{java.lang.String[1]@9551}
  _roleClassNames: java.lang.String[]  = {java.lang.String[2]@9552}
  _callbackHandlerClass: java.lang.String  = null
  _realmName: java.lang.String  = "karaf"
  _loginModuleName: java.lang.String  = "karaf"

Now, with your Camel route, I got:

$ curl -v http://localhost:8181/camel/api/say/hello
*   Trying ::1:8181...
* Connected to localhost (::1) port 8181 (#0)
> GET /camel/api/say/hello HTTP/1.1
> Host: localhost:8181
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 456
< Server: Jetty(9.4.22.v20191022)
<

$ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
*   Trying ::1:8181...
* Connected to localhost (::1) port 8181 (#0)
* Server auth using Basic with user 'karaf'
> GET /camel/api/say/hello HTTP/1.1
> Host: localhost:8181
> Authorization: Basic a2FyYWY6a2FyYWY=
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json
< Accept: */*
< Authorization: Basic a2FyYWY6a2FyYWY=
< breadcrumbId: ID-everfree-forest-1589807499756-0-1
< User-Agent: curl/7.69.1
< Transfer-Encoding: chunked
< Server: Jetty(9.4.22.v20191022)
<
* Connection #0 to host localhost left intact
"Hello World"

In theory it should be possible to grab (in etc/jetty.xml, using
 element) instance of SecurityHandler and simply set there the
"realmName" property to "Karaf", so even with two different beans with
org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
right one. But in Pax Web security handler is part of every
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
only in Pax Web 8 I'd be able to fix this in more clean way.

So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
etc/jetty.xml

regards
Grzegorz Grzybek

pon., 18 maj 2020 o 10:25 Achim Nierbeck 
napisał(a):

> Hi,
>
> I already also answered Gerald in another mail.
> I'm not quite sure but what might be an issue, is that the default
> http-context used in his application isn't bound to the underlying security
> realm.
> Therefore it's quite a possibility that there needs to be a configuration
> done in his own application, using his own http-Context.
>
> Can be found here:
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> and here:
>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
>
> regards, Achim
>
>
> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto  >:
>
> > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > Maybe somebody from the Pax-Web team can help you.
> > The only suspicious thing is the warning:
> >
> > 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > authenticator for: {RoleInfo,C[admin],None}
> >
> >
> > Which suggest something is misconfigured.
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> > > On May 15, 2020, at 2:23 PM, Gerald Kallas 
> wrote:
> > >
> > > 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> >   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > authenticator for: {RoleInfo,C[admin],None}
> >
> >
>
> --
>
> Apache Member
> Apache Karaf  Committer & PMC
> OPS4J Pax Web

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-18 Thread Achim Nierbeck 
Hi,

I already also answered Gerald in another mail.
I'm not quite sure but what might be an issue, is that the default
http-context used in his application isn't bound to the underlying security
realm.
Therefore it's quite a possibility that there needs to be a configuration
done in his own application, using his own http-Context.

Can be found here:
https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
and here:
https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java

regards, Achim


Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto :

> I’m sorry, I don’t know why it's not working; it looks correct to me.
> Maybe somebody from the Pax-Web team can help you.
> The only suspicious thing is the warning:
>
> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> authenticator for: {RoleInfo,C[admin],None}
>
>
> Which suggest something is misconfigured.
>
> Best regards,
> Alex soto
>
>
>
>
> > On May 15, 2020, at 2:23 PM, Gerald Kallas  wrote:
> >
> > 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
>   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> authenticator for: {RoleInfo,C[admin],None}
>
>

-- 

Apache Member
Apache Karaf  Committer & PMC
OPS4J Pax Web  Committer &
Project Lead
blog 
Co-Author of Apache Karaf Cookbook

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-15 Thread Alex Soto 
I’m sorry, I don’t know why it's not working; it looks correct to me.  Maybe 
somebody from the Pax-Web team can help you.
The only suspicious thing is the warning:

2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler   
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator 
for: {RoleInfo,C[admin],None}


Which suggest something is misconfigured.

Best regards,
Alex soto




> On May 15, 2020, at 2:23 PM, Gerald Kallas  wrote:
> 
> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler 
>  | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator 
> for: {RoleInfo,C[admin],None}

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-15 Thread Gerald Kallas 
With "BASIC" the same.

2020-05-15T18:20:39,881 | INFO  | CM Configuration Updater (Update: 
pid=org.ops4j.pax.web.context.f4d0bd8c-6751-447f-8067-2da2e2b7c45a) | 
HttpContextProcessing| 264 - org.ops4j.pax.web.pax-web-runtime - 
7.2.14 | Updated configuration for 
pid=org.ops4j.pax.web.context.f4d0bd8c-6751-447f-8067-2da2e2b7c45a
2020-05-15T18:20:39,883 | INFO  | paxweb-context-4-thread-5 | 
HttpContextProcessing| 264 - org.ops4j.pax.web.pax-web-runtime - 
7.2.14 | Found bundle "api.xml", scheduling customization of its WebContainer
2020-05-15T18:20:39,884 | INFO  | paxweb-context-4-thread-5 | 
HttpContextProcessing| 264 - org.ops4j.pax.web.pax-web-runtime - 
7.2.14 | HTTP Context Processor {bundle=api.xml [290]}: Restoring WebContainer 
for bundle api.xml/0.0.0
2020-05-15T18:20:39,885 | INFO  | paxweb-context-4-thread-5 | 
CamelHttpTransportServlet| 132 - org.apache.camel.camel-servlet - 3.2.0 
| Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-15T18:20:39,885 | INFO  | paxweb-context-4-thread-5 | ContextHandler
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Stopped 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], 
contextID=default]}
2020-05-15T18:20:39,886 | INFO  | paxweb-context-4-thread-5 | 
HttpServiceContext   | 262 - org.ops4j.pax.web.pax-web-jetty - 
7.2.14 | registering JasperInitializer
2020-05-15T18:20:40,117 | INFO  | paxweb-context-4-thread-5 | 
CamelHttpTransportServlet| 132 - org.apache.camel.camel-servlet - 3.2.0 
| Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-15T18:20:40,117 | INFO  | paxweb-context-4-thread-5 | ContextHandler
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Started 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], 
contextID=default]}
2020-05-15T18:20:40,118 | INFO  | paxweb-context-4-thread-5 | 
HttpContextProcessing| 264 - org.ops4j.pax.web.pax-web-runtime - 
7.2.14 | Customizing WebContainer for bundle api.xml/0.0.0
2020-05-15T18:20:40,130 | INFO  | paxweb-context-4-thread-5 | 
HttpContextProcessing| 264 - org.ops4j.pax.web.pax-web-runtime - 
7.2.14 | Registering login configuration in WebContainer for bundle "api.xml": 
method=BASIC, realm=karaf
2020-05-15T18:20:40,130 | INFO  | paxweb-context-4-thread-5 | 
CamelHttpTransportServlet| 132 - org.apache.camel.camel-servlet - 3.2.0 
| Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-15T18:20:40,131 | INFO  | paxweb-context-4-thread-5 | ContextHandler
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Stopped 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], 
contextID=default]}
2020-05-15T18:20:40,131 | INFO  | paxweb-context-4-thread-5 | 
HttpContextProcessing| 264 - org.ops4j.pax.web.pax-web-runtime - 
7.2.14 | Registering security mappings in WebContainer for bundle "api.xml": 
SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', 
roles=[admin]}
2020-05-15T18:20:40,132 | INFO  | paxweb-context-4-thread-5 | 
HttpServiceContext   | 262 - org.ops4j.pax.web.pax-web-jetty - 
7.2.14 | registering JasperInitializer
2020-05-15T18:20:40,290 | INFO  | paxweb-context-4-thread-5 | 
CamelHttpTransportServlet| 132 - org.apache.camel.camel-servlet - 3.2.0 
| Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-15T18:20:40,290 | INFO  | paxweb-context-4-thread-5 | ContextHandler
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | Started 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [290], 
contextID=default]}
2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler   
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator 
for: {RoleInfo,C[admin],None}

etc/jetty.xml looks like



http://www.eclipse.org/jetty/configure_9_0.dtd;>











https



32768
8192
8192
true
false
512





karaf
karaf


org.apache.karaf.jaas.boot.principal.RolePrincipal









default
karaf


org.apache.karaf.jaas.boot.principal.RolePrincipal









etc/org.ops4j.pax.web.cfg looks like


org.osgi.service.http.enabled=true
org.osgi.service.http.port=8181
 
org.ops4j.pax.web.session.cookie.httpOnly=true

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-15 Thread Alex Soto 
I’m not sure what is happening, but I noticed, you have ‘basic’ as lowercase, 
maybe it is case sensitive.  Try uppercase:


login.config.authMethod = BASIC


Also, what is in your 'etc/jetty.xml’ and ‘etc/org.ops4j.pax.web.cfg’ files ?

Best regards,
Alex soto




> On May 15, 2020, at 11:22 AM, Gerald Kallas  wrote:
> 
> Hi Alex,
> 
> yes, I'm passing the HTTP "Authorization" header for basic authentication.
> 
> My users.properties looks like
> 
> karaf = xxx,_g_:admingroup
> _g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
> 
> username1 = password1,admin
> 
> I'm testing with the username1 password1 combination, the request looks like
> 
> curl --insecure --location --request GET 
> 'https://localhost:8443/camel/api/say/hello' \
> --header 'Authorization: Basic dXNlcm5hbWUxOnBhc3N3b3JkMQ=='
> 
> With or without the Authorization header I'm always getting a HTTP 403 
> response.
> 
> While trying to access I'm getting a log entry
> 
> 2020-05-15T15:20:34,031 | WARN  | qtp1611313605-186 | SecurityHandler 
>  | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator 
> for: {RoleInfo,C[admin],None}
> 
> Again my org.ops4j.pax.web.context-admin.cfg, it looks like
> 
> bundle.symbolicName=api.xml
> login.config.authMethod=Basic
> login.config.realmName=karaf
> context.id=default
> 
> security.constraint.1.url = /camel/api/*
> security.constraint.1.method = *
> security.constraint.1.roles = admin
> 
> And my route (Blueprint DSL "api.xml") again as well
> 
> http://www.osgi.org/xmlns/blueprint/v1.0.0;
>   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
>   xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
>   https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd;>
> 
>interface="org.osgi.service.http.HttpService" />
> 
>class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/>
> 
>init-method="register"
> destroy-method="unregister">
>   
>   
>   
>   
>   
> 
>class="org.apache.camel.component.servlet.ServletComponent" />
> 
>   http://camel.apache.org/schema/blueprint;>
>  component="servlet"
>   bindingMode="json"
>   enableCORS="false"
>   skipBindingOnErrorCode="false"
>   clientRequestValidation="true">
> 
>/>
> 
>   
>/>
> 
>value="false" />
>   
>   
> 
>   
>   
>   
>   
>   
> 
>   
>   
>   
>   Hello World
>   
>   
> 
>   
> 
> 
> 
> Best
> - Gerald
> 
>> Alex Soto  hat am 15. Mai 2020 14:35 geschrieben:
>> 
>> 
>> Are passing the BASIC Authentication header with user name and password?
>> 
>> The user names and roles are defined in the 'etc/users.properties’  file, 
>> check Karaf documentation 
>> https://karaf.apache.org/manual/latest/#_security_2 
>> 
>> 
>> 
>> The 'security.constraint.1.* entries' in your file 
>> 'org.ops4j.pax.web.context-admin.cfg’  define the permissions for each 
>> route, just need to add new ones replacing 1 with 2, and so on,   the url 
>> matching the Camel route.
>> 
>> 
>> 
>>> On May 14, 2020, at 5:17 PM, Gerald Kallas  wrote:
>>> 
>>> Thanks Alex,
>>> 
>>> the API now is working after removing the "httpRegistry" part.
>>> 
>>> Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
>>> 
>>> bundle.symbolicName=api.xml
>>> login.config.authMethod=BASIC
>>> login.config.realmName=karaf
>>> context.id=default
>>> 
>>> security.constraint.1.url = /camel/api/*
>>> security.constraint.1.method = *
>>> security.constraint.1.roles = admin
>>> 
>>> Saving this creates the log file entries as below.
>>> 
>>> The return code with this file is now always a HTTP 403 (forbidden). What 
>>> might be wrong now?
>>> 
>>> And .. where can I define the roles, users and passwords for each of the 
>>> routes with a servlet consumer?
>>> 
>>> Best
>>> - Gerald
>>> 
>>> 2020-05-14T21:15:18,817 | INFO  | fileinstall-/opt/apache-karaf-4.2.7/etc | 
>>> fileinstall  | 10 - org.apache.felix.fileinstall - 
>>> 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
>>> 2020-05-14T21:15:18,819 | INFO  | CM Configuration Updater (Update: 
>>> pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | 
>>> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime 
>>> - 7.2.11 | Updated configuration for 
>>> pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
>>> 2020-05-14T21:15:18,821 |

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-15 Thread Gerald Kallas 
Hi Alex,

yes, I'm passing the HTTP "Authorization" header for basic authentication.

My users.properties looks like

karaf = xxx,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh

username1 = password1,admin

I'm testing with the username1 password1 combination, the request looks like

curl --insecure --location --request GET 
'https://localhost:8443/camel/api/say/hello' \
--header 'Authorization: Basic dXNlcm5hbWUxOnBhc3N3b3JkMQ=='

With or without the Authorization header I'm always getting a HTTP 403 response.

While trying to access I'm getting a log entry

2020-05-15T15:20:34,031 | WARN  | qtp1611313605-186 | SecurityHandler   
   | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No authenticator 
for: {RoleInfo,C[admin],None}

Again my org.ops4j.pax.web.context-admin.cfg, it looks like

bundle.symbolicName=api.xml
login.config.authMethod=Basic
login.config.realmName=karaf
context.id=default

security.constraint.1.url = /camel/api/*
security.constraint.1.method = *
security.constraint.1.roles = admin

And my route (Blueprint DSL "api.xml") again as well

http://www.osgi.org/xmlns/blueprint/v1.0.0;
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
   xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
   https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd;>














http://camel.apache.org/schema/blueprint;>




















Hello World







Best
- Gerald

> Alex Soto  hat am 15. Mai 2020 14:35 geschrieben:
> 
>  
> Are passing the BASIC Authentication header with user name and password?
> 
> The user names and roles are defined in the 'etc/users.properties’  file, 
> check Karaf documentation https://karaf.apache.org/manual/latest/#_security_2 
> 
> 
> 
> The 'security.constraint.1.* entries' in your file 
> 'org.ops4j.pax.web.context-admin.cfg’  define the permissions for each route, 
> just need to add new ones replacing 1 with 2, and so on,   the url matching 
> the Camel route.
> 
> 
> 
> > On May 14, 2020, at 5:17 PM, Gerald Kallas  wrote:
> > 
> > Thanks Alex,
> > 
> > the API now is working after removing the "httpRegistry" part.
> > 
> > Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
> > 
> > bundle.symbolicName=api.xml
> > login.config.authMethod=BASIC
> > login.config.realmName=karaf
> > context.id=default
> > 
> > security.constraint.1.url = /camel/api/*
> > security.constraint.1.method = *
> > security.constraint.1.roles = admin
> > 
> > Saving this creates the log file entries as below.
> > 
> > The return code with this file is now always a HTTP 403 (forbidden). What 
> > might be wrong now?
> > 
> > And .. where can I define the roles, users and passwords for each of the 
> > routes with a servlet consumer?
> > 
> > Best
> > - Gerald
> > 
> > 2020-05-14T21:15:18,817 | INFO  | fileinstall-/opt/apache-karaf-4.2.7/etc | 
> > fileinstall  | 10 - org.apache.felix.fileinstall - 
> > 3.6.4 | Updating configuration from org.ops4j.pax.web.context-admin.cfg
> > 2020-05-14T21:15:18,819 | INFO  | CM Configuration Updater (Update: 
> > pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | 
> > HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime 
> > - 7.2.11 | Updated configuration for 
> > pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
> > 2020-05-14T21:15:18,821 | INFO  | paxweb-context-4-thread-22 | 
> > HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime 
> > - 7.2.11 | Found bundle "api.xml", scheduling customization of its 
> > WebContainer
> > 2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
> > HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime 
> > - 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring 
> > WebContainer for bundle api.xml/0.0.0
> > 2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
> > CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 
> > 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> > 2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
> > ContextHandler   | 223 - org.eclipse.jetty.util - 
> > 9.4.20.v20190813 | Stopped 
> > HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
> > contextID=default]}
> > 2020-05-14T21:15:18,823 | INFO

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-15 Thread Alex Soto 
Are passing the BASIC Authentication header with user name and password?

The user names and roles are defined in the 'etc/users.properties’  file, check 
Karaf documentation https://karaf.apache.org/manual/latest/#_security_2 



The 'security.constraint.1.* entries' in your file 
'org.ops4j.pax.web.context-admin.cfg’  define the permissions for each route, 
just need to add new ones replacing 1 with 2, and so on,   the url matching the 
Camel route.



> On May 14, 2020, at 5:17 PM, Gerald Kallas  wrote:
> 
> Thanks Alex,
> 
> the API now is working after removing the "httpRegistry" part.
> 
> Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like
> 
> bundle.symbolicName=api.xml
> login.config.authMethod=BASIC
> login.config.realmName=karaf
> context.id=default
> 
> security.constraint.1.url = /camel/api/*
> security.constraint.1.method = *
> security.constraint.1.roles = admin
> 
> Saving this creates the log file entries as below.
> 
> The return code with this file is now always a HTTP 403 (forbidden). What 
> might be wrong now?
> 
> And .. where can I define the roles, users and passwords for each of the 
> routes with a servlet consumer?
> 
> Best
> - Gerald
> 
> 2020-05-14T21:15:18,817 | INFO  | fileinstall-/opt/apache-karaf-4.2.7/etc | 
> fileinstall  | 10 - org.apache.felix.fileinstall - 3.6.4 
> | Updating configuration from org.ops4j.pax.web.context-admin.cfg
> 2020-05-14T21:15:18,819 | INFO  | CM Configuration Updater (Update: 
> pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | 
> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
> 7.2.11 | Updated configuration for 
> pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
> 2020-05-14T21:15:18,821 | INFO  | paxweb-context-4-thread-22 | 
> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
> 7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
> 2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
> 7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring 
> WebContainer for bundle api.xml/0.0.0
> 2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
> CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 
> 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> 2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | ContextHandler 
>   | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped 
> HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
> contextID=default]}
> 2020-05-14T21:15:18,823 | INFO  | paxweb-context-4-thread-22 | 
> HttpServiceContext   | 256 - org.ops4j.pax.web.pax-web-jetty - 
> 7.2.11 | registering JasperInitializer
> 2020-05-14T21:15:18,902 | INFO  | paxweb-context-4-thread-22 | 
> CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 
> 3.0.0 | Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
> 2020-05-14T21:15:18,905 | INFO  | paxweb-context-4-thread-22 | ContextHandler 
>   | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started 
> HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
> contextID=default]}
> 2020-05-14T21:15:18,905 | INFO  | paxweb-context-4-thread-22 | 
> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
> 7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
> 2020-05-14T21:15:18,906 | INFO  | paxweb-context-4-thread-22 | 
> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
> 7.2.11 | Registering login configuration in WebContainer for bundle 
> "api.xml": method=BASIC, realm=karaf
> 2020-05-14T21:15:18,908 | INFO  | paxweb-context-4-thread-22 | 
> CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 
> 3.0.0 | Destroyed CamelHttpTransportServlet[MyServlet]
> 2020-05-14T21:15:18,908 | INFO  | paxweb-context-4-thread-22 | ContextHandler 
>   | 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped 
> HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
> contextID=default]}
> 2020-05-14T21:15:18,909 | INFO  | paxweb-context-4-thread-22 | 
> HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
> 7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": 
> SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', 
> roles=[admin]}
> 2020-05-14T21:15:18,909 | INFO  | paxweb-context-4-thread-22 | 
> HttpServiceContext   | 256 - org.ops4j.pax.web.pax-web-jetty - 
> 7.2.11 | registering JasperInitializer
> 2020-05-14T21:15:19,003 | INFO  | paxweb-context-4-thread-22 | 
> CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 
>

Re: Basic authentication of WAB using Jaas in Karaf

2020-05-14 Thread Gerald Kallas 
Thanks Alex,

the API now is working after removing the "httpRegistry" part.

Now I've the next issue. My org.ops4j.pax.web.context-admin.cfg looks like

bundle.symbolicName=api.xml
login.config.authMethod=BASIC
login.config.realmName=karaf
context.id=default

security.constraint.1.url = /camel/api/*
security.constraint.1.method = *
security.constraint.1.roles = admin

Saving this creates the log file entries as below.

The return code with this file is now always a HTTP 403 (forbidden). What might 
be wrong now?

And .. where can I define the roles, users and passwords for each of the routes 
with a servlet consumer?

Best
- Gerald

2020-05-14T21:15:18,817 | INFO  | fileinstall-/opt/apache-karaf-4.2.7/etc | 
fileinstall  | 10 - org.apache.felix.fileinstall - 3.6.4 | 
Updating configuration from org.ops4j.pax.web.context-admin.cfg
2020-05-14T21:15:18,819 | INFO  | CM Configuration Updater (Update: 
pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f) | 
HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
7.2.11 | Updated configuration for 
pid=org.ops4j.pax.web.context.1448dbe9-6e82-4f5f-8176-f306ab16640f
2020-05-14T21:15:18,821 | INFO  | paxweb-context-4-thread-22 | 
HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
7.2.11 | Found bundle "api.xml", scheduling customization of its WebContainer
2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
7.2.11 | HTTP Context Processor {bundle=api.xml [326]}: Restoring WebContainer 
for bundle api.xml/0.0.0
2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | 
CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 3.0.0 
| Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-14T21:15:18,822 | INFO  | paxweb-context-4-thread-22 | ContextHandler   
| 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
contextID=default]}
2020-05-14T21:15:18,823 | INFO  | paxweb-context-4-thread-22 | 
HttpServiceContext   | 256 - org.ops4j.pax.web.pax-web-jetty - 
7.2.11 | registering JasperInitializer
2020-05-14T21:15:18,902 | INFO  | paxweb-context-4-thread-22 | 
CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 3.0.0 
| Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-14T21:15:18,905 | INFO  | paxweb-context-4-thread-22 | ContextHandler   
| 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
contextID=default]}
2020-05-14T21:15:18,905 | INFO  | paxweb-context-4-thread-22 | 
HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
7.2.11 | Customizing WebContainer for bundle api.xml/0.0.0
2020-05-14T21:15:18,906 | INFO  | paxweb-context-4-thread-22 | 
HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
7.2.11 | Registering login configuration in WebContainer for bundle "api.xml": 
method=BASIC, realm=karaf
2020-05-14T21:15:18,908 | INFO  | paxweb-context-4-thread-22 | 
CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 3.0.0 
| Destroyed CamelHttpTransportServlet[MyServlet]
2020-05-14T21:15:18,908 | INFO  | paxweb-context-4-thread-22 | ContextHandler   
| 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Stopped 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
contextID=default]}
2020-05-14T21:15:18,909 | INFO  | paxweb-context-4-thread-22 | 
HttpContextProcessing| 258 - org.ops4j.pax.web.pax-web-runtime - 
7.2.11 | Registering security mappings in WebContainer for bundle "api.xml": 
SecurityConstraintsMapping{name='constraint.1', url='/camel/api/*', 
roles=[admin]}
2020-05-14T21:15:18,909 | INFO  | paxweb-context-4-thread-22 | 
HttpServiceContext   | 256 - org.ops4j.pax.web.pax-web-jetty - 
7.2.11 | registering JasperInitializer
2020-05-14T21:15:19,003 | INFO  | paxweb-context-4-thread-22 | 
CamelHttpTransportServlet| 288 - org.apache.camel.camel-servlet - 3.0.0 
| Initialized CamelHttpTransportServlet[name=MyServlet, contextPath=]
2020-05-14T21:15:19,003 | INFO  | paxweb-context-4-thread-22 | ContextHandler   
| 223 - org.eclipse.jetty.util - 9.4.20.v20190813 | Started 
HttpServiceContext{httpContext=DefaultHttpContext [bundle=api.xml [326], 
contextID=default]}

> Alex Soto  hat am 14. Mai 2020 18:42 geschrieben:
> 
> 
> Looks good to me: '/camel/api/say/hello' should be correct.
> 
> The only difference I see is that in my case I am not using the 
> ‘httpRegistry'; try removing that part.
> 
> 
> Best regards,
> Alex soto
> 
> 
> 
> 
> 
> > On May 14, 2020, at 12:21 PM, Gerald Kallas  wrote:
> > Thanks Alex.
> > 
> > I'm still struggling upfront. I was copying