I was trying to create a WAB that has it's resources secured and run it in Karaf to show how easy it is for a work project. Of course, I'm not doing too good with the easy part :)
Anyhow, I setup a custom named jdbc realm using Blueprint and then configured a security constraint in the web.xml which points to that realm. When I deploy the WAB, I get the following error: No LoginService for org.eclipse.jetty.security.authentication in org.eclipse.jetty.security.ConstraintSecurityHandler I saw examples where other people used jetty specific jaas classes, but I don't want to do that. I want to stick with the Karaf jaas classes. I considered using spring security but that feels like overkill to pull spring in for security. I also considered using camel to serve the static content and provide the security but couldn't find a good way to do it. I wanted to find a way that allows me to show off the flexibility that OSGi provides in being able to update the web app by keeping everything modular such as with the blueprint jaas configuration. Things will get more complicated since users should be able to update their password and an admin can administer the users, but I had trouble when experimenting with Syncope and Sling.. a lot of other options just aren't clear how to set them up or are nearly 200 my in size. I never thought I'd have such trouble taking such a small task and finding a way to implement it quickly but in a way that shows off Karaf. Btw, I think some of my concerns about weight are because this is going to be deployed to AWS... Other than the issue above.. Let me know if anyone has any good suggestions on any technology that might help me highlight Karaf and true to get it as the platform for our future projects. Thanks for any help! Ryan
