I assume I need to use a "Web Application" and cannot rely on servlets etc. https://osgi.org/specification/osgi.cmpn/7.0.0/service.war.html
Any change to get this mixed with Declarative Service? Am Do., 16. Mai 2019 um 20:32 Uhr schrieb Markus Rathgeb <maggu2...@gmail.com>: > > If this already known (WRT to the following comment)? > https://nierbeck.de/2013/01/bind-certain-web-applications-to-specific-httpconnectors/#comment-62 > > Am Do., 16. Mai 2019 um 20:26 Uhr schrieb Markus Rathgeb > <maggu2...@gmail.com>: > > > > Hi Łukasz, hi JB, > > > > thank you for that information. > > > > I did not found an official documentation for that feature. > > > > I found this one (WRT the information given to me from you): > > * https://ops4j1.jira.com/browse/PAXWEB-396 > > * > > https://nierbeck.de/2013/01/bind-certain-web-applications-to-specific-httpconnectors/ > > * http://blog.nanthrax.net/?p=352 > > * Source code of Pax Web > > > > I gave it a try using two additional connectors in jetty.xml. > > I used the example that has been present in the current jetty.xml as > > "SelectChannelConnector" did not work ("Caused by: > > java.lang.ClassNotFoundException: > > org.eclipse.jetty.server.nio.SelectChannelConnector not found by > > org.eclipse.jetty.server [62]"). > > === > > <Call name="addConnector"> > > <Arg> > > <New class="org.eclipse.jetty.server.ServerConnector"> > > <Arg name="server"><Ref refid="Server" /></Arg> > > <Arg name="factories"> > > <Array > > type="org.eclipse.jetty.server.ConnectionFactory"> > > <Item> > > <New > > class="org.eclipse.jetty.server.HttpConnectionFactory"> > > <Arg name="config"><Ref > > refid="httpConfig" /></Arg> > > </New> > > </Item> > > </Array> > > </Arg> > > <Set name="host"><Property name="jetty.host" > > default="localhost" /></Set> > > <Set name="port"><Property name="jetty.port" > > default="8201" /></Set> > > <Set name="idleTimeout"><Property name="http.timeout" > > default="30000" /></Set> > > <Set name="name">conn1</Set> > > </New> > > </Arg> > > </Call> > > <Call name="addConnector"> > > <Arg> > > <New class="org.eclipse.jetty.server.ServerConnector"> > > <Arg name="server"><Ref refid="Server" /></Arg> > > <Arg name="factories"> > > <Array > > type="org.eclipse.jetty.server.ConnectionFactory"> > > <Item> > > <New > > class="org.eclipse.jetty.server.HttpConnectionFactory"> > > <Arg name="config"><Ref > > refid="httpConfig" /></Arg> > > </New> > > </Item> > > </Array> > > </Arg> > > <Set name="host"><Property name="jetty.host" > > default="localhost" /></Set> > > <Set name="port"><Property name="jetty.port" > > default="8202" /></Set> > > <Set name="idleTimeout"><Property name="http.timeout" > > default="30000" /></Set> > > <Set name="name">conn2</Set> > > </New> > > </Arg> > > </Call> > > === > > > > So, additional to 8181 there should be two connetors. conn1 on 8201 > > and conn2 on 8202. > > > > I created two bundles. Each bundle registers one servlet and use one > > Web-Connector settings: > > > > Bundle 1 - Component: > > === > > @Component(immediate = true) > > @Header(name = "Web-Connectors", value = "conn1") > > @Header(name = "Web-VirtualHosts", value = "localhost") > > public class ComponentImpl { > > > > private static final String ALIAS = "/1"; > > > > private final HttpService httpService; > > > > @Activate > > public ComponentImpl(final @Reference HttpService httpService) > > throws ServletException, NamespaceException { > > this.httpService = httpService; > > httpService.registerServlet(ALIAS, new HttpServlet() { > > > > @Override > > protected void doGet(final HttpServletRequest req, final > > HttpServletResponse resp) > > throws ServletException, IOException { > > final PrintWriter writer = resp.getWriter(); > > writer.println("This is the servlet: " + ALIAS); > > } > > > > }, null, null); > > } > > > > @Deactivate > > public void close() { > > httpService.unregister(ALIAS); > > } > > > > } > > === > > > > The "Bundle 2 - Component" is identicial to the "1" but uses the alias > > "/2" and the "Web-Connectors" "conn2". > > > > But this does not seem to work as expected. > > "/1" and "/2" can be open on port 8181, 8201 and 8202. > > > > So, all of them are available on all connectors. > > > > Can you point me to my misconfiguration? > > Or can you provide me two working demo bundles each of them using > > another connector? > > > > Best regards, > > Markus > > > > Am Do., 16. Mai 2019 um 16:18 Uhr schrieb Jean-Baptiste Onofré > > <j...@nanthrax.net>: > > > > > > Hi, > > > > > > I'm not sure it's what you are looking for, but you can configure > > > several connectors via jetty.xml (in addition of the default one created > > > by Pax Web), then, you can use "VirtualHost" to deploy a servlet on a > > > specific connector. > > > > > > I blogged about this while ago (http://blog.nanthrax.net/?p=352). > > > > > > Regards > > > JB > > > > > > On 16/05/2019 08:12, Markus Rathgeb wrote: > > > > Hi, > > > > > > > > I assume there are different parties involved, so if this question > > > > should be raised on another mailing list, please can you point me to? > > > > > > > > I am using Karaf + Pax Web + Jetty. > > > > > > > > Currently I build a custom distribution that Pax Web configuration > > > > (org.ops4j.pax.web.cfg) contains also this lines: > > > > > > > > === > > > > org.ops4j.pax.web.ssl.clientauthwanted = true > > > > org.ops4j.pax.web.ssl.clientauthneeded = true > > > > > > > > org.ops4j.pax.web.ssl.truststore=${karaf.etc}/truststore.jks > > > > org.ops4j.pax.web.ssl.truststore.password=that-is-not-the-real-one > > > > === > > > > > > > > This distribution contains a bundle that registers a servlet > > > > "MyServlet". > > > > > > > > Now, just FYI, I assume not all is relevant: > > > > > > > > === > > > > "MyServlet" extends the "WebSocketServlet" > > > > (org.eclipse.jetty.websocket.servlet.WebSocketServlet). > > > > Type hierarchy: MyServlet -> WebSocketServlet -> HttpServlet -> > > > > GenericServlet [Servlet, ServletConfig, Serializable]. > > > > > > > > The WebSocketServlet requires the implementation of the abstract > > > > method "public abstract void configure(WebSocketServletFactory > > > > factory);" > > > > > > > > In the "configure" implementation is set a "creator". > > > > > > > > factory.setCreator(new MyCreator(...)); > > > > > > > > MyCreator implements the following method (required by the > > > > WebSocketCreator interface): > > > > > > > > public @Nullable Object createWebSocket(final ServletUpgradeRequest > > > > req, final ServletUpgradeResponse resp); > > > > > > > > In that method I do a simple certificate check. > > > > > > > > I call "final X509Certificate[] certs = req.getCertificates();" and > > > > use the returned chain for the check. > > > > > > > > Now back to the relevant part. > > > > === > > > > > > > > The current implementation of the client certificate chain check > > > > relies that Jetty already required the client authentication > > > > (clientauthneeded) and that the certificate is already checked against > > > > the configured truststore (that contains only a special CA). > > > > > > > > As we could rely on a "valid" certifcate I just need to extract the > > > > information I need from the client certifcate and "all is fine". > > > > > > > > > > > > Now, I need to add another servlet to that custom distribution that > > > > should work without a client certifcate. > > > > > > > > I assume I will need to remove the truststore and clientauth settings > > > > from the configuration (keep wanted and drop needed?) and check the > > > > certifcate in the code for "MyServlet" itself. > > > > I further assume it should work by a filter or in the servlet itself. > > > > > > > > Are there better ways to handle two servlet > > > > * Servlet1 needs client authentication > > > > * Servlet2 do not use client authentication > > > > > > > > How can I trigger the check of the client certificate correctly in the > > > > servlet / filter to check against a specific truststore? > > > > > > > > I am interested in your inputs. > > > > > > > > Best regards, > > > > Markus > > > > > > > > > > -- > > > Jean-Baptiste Onofré > > > jbono...@apache.org > > > http://blog.nanthrax.net > > > Talend - http://www.talend.com
