Hi,
Security is configurated using Spring beans (see here after).
<bean id="loginService"
class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="ldap"/>
<property name="loginModuleName" value="ldap"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.modules.RolePrincipal</value>
</list>
</property>
</bean>
<bean id="constraint" class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="system"/>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref bean="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
</bean>
</beans>
I think that camel-jetty is not chained with Jetty in this case because
I see this error too in the log.
ka...@root> org.eclipse.jetty.server.ser...@4e2ddb6b STOPPED
+-constraintsecurityhand...@48da7565 STOPPED
+-servletcontexthand...@229c61d3@229c61d3/,null STOPPED
+=roles=[system]
+=/*={null={RoleInfo,C[system]}}
Without securityHandler used, I get the message in the log
ka...@root> org.eclipse.jetty.server.ser...@6a063430 STOPPED
+-servletcontexthand...@65bc3ae7@65bc3ae7/,null started
+-servlethand...@75f9140f started
+-[/*]=>org.apache.camel.component.jetty.CamelContinuationServlet-638031455{}
Regards,
Charles
On 07/12/10 12:25, Achim Nierbeck wrote:
Just something that comes to my mind,
how is the security for this configured?
Usually you have this done in your web.xml.
While working on this I only tested with standard wars and osgi-fied
wars.
2010/12/7 Charles Moulliard <[email protected]
<mailto:[email protected]>>
Hi Achim,
Thanks for the trick. I can authenticate my user using LDAP realm
deployed on Karaf. Nevertheless, the following error is still there
09:35:08,655 | DEBUG | 9 - /favicon.ico | log
| .eclipse.jetty.util.log.Slf4jLog 70 | 61 -
org.eclipse.jetty.util - 7.1.6.v20100715 | REQUEST /favicon.ico on
org.eclipse.jetty.server.nio.selectchannelconnecto...@2ad7532
09:35:08,662 | WARN | 9 - /favicon.ico | log
| .eclipse.jetty.util.log.Slf4jLog 40 | 61 -
org.eclipse.jetty.util - 7.1.6.v20100715 | /favicon.ico:
java.lang.NullPointerException
09:35:08,662 | DEBUG | 9 - /favicon.ico | log
| .eclipse.jetty.util.log.Slf4jLog 80 | 61 -
org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
java.lang.NullPointerException
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
at
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
after the authentication and the camel route does not receive any
exchange.
When looking to the SecurityHandler class of eclipse jetty, the
NPE can come from the fact that the IdentityService cannot be
removed because it has not been created (see error hereunder)
09:34:42,508 | DEBUG | ExtenderThread-2 | log
| .eclipse.jetty.util.log.Slf4jLog 80 | 61 -
org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
java.lang.IllegalStateException: No IdentityService for
org.eclipse.jetty.security.authentication.basicauthentica...@25d3e3f3
in constraintsecurityhand...@32ecabac
at
org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:37)[68:org.eclipse.jetty.security:7.1.6.v20100715]
at
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:333)[68:org.eclipse.jetty.security:7.1.6.v20100715]
Regards,
Charles
On 06/12/10 19:06, Achim Nierbeck wrote:
Hi, maybe it has something todo the way the JAAS Login of
jetty works.
to get the standard Jetty-Jaas configuration to work you have
to make
the following
configuration in the jetty.xml
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<Set name="name">karaf</Set>
<Set name="loginModuleName">karaf</Set>
<Set name="roleClassNames">
<Array type="java.lang.String">
<Item>org.apache.karaf.jaas.modules.RolePrincipal</Item>
</Array>
</Set>
</New>
</Arg>
</Call>
The important part is, that you have to configure the
roleClass Name, if
this
one isn't provided you end up in strange Exceptions, because
the classes
are instantiated using reflection.
When looking for this issue I was able to login also and did
get an
exception afterwards.
Greetings, Achim
Hi,
I try to use JAAS authentication within a camel route using
SecurityHandler of Jetty
<bean id="loginService"
class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="karaf" />
<property name="loginModuleName" value="karaf" />
</bean>
<bean id="constraint"
class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="admin"/>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref bean="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService" />
<property name="strict" value="false" />
</bean>
<camelContext trace="true"
xmlns="http://camel.apache.org/schema/spring";>
<route>
<from
uri="jetty:http://localhost:8080/services?handlers=securityHandler"/>
<bean ref="responseBean"/>
<to
uri="log:org.apache.camel.ldap?level=INFO&showAll=true&multiline=true"/>
</route>
</camelContext>
The authentication works fine (I can provide the username
+ passord in
the prompt) except that after I get a NPE exception and
camel-jetty
endpoint is not able to get any exchange
11:34:17,243 | WARN | -55 - /services/ |
log |
.eclipse.jetty.util.log.Slf4jLog
40 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 |
/services/:
java.lang.NullPointerException
11:34:17,243 | DEBUG | -55 - /services/ |
log |
.eclipse.jetty.util.log.Slf4jLog
80 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
java.lang.NullPointerException
at
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
at
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
at
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
at
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
Any idea is welcome ?
Regards,
Charles
