Thanks for the effort to help me, Achim.
I believe the Jetty configuration is being added automatically by PAX-Web,
because I see it being created after the container starts, so I think that part
is fine.
The web.xml is correctly configured too, except I am using BASIC authentication
as opposed to Form-based, but I have the required elements:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
However, I am getting the previous class not found error:
2020-05-11T12:34:29,892 | ERROR | paxweb-extender-1-thread-2 | WebAppPublisher
| 307 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error
deploying web application
java.lang.IllegalStateException: No LoginService for
org.eclipse.jetty.security.authentication.BasicAuthenticator@5acaf57a in
ConstraintSecurityHandler@6ee023ca{STARTING}
I suspect I may be missing a feature. I have deployed:
<feature>war</feature>
Is there anything else I need to deploy?
Shouldn’t these missing Jetty classes be deployed as part of Pax-Web?
Best regards,
Alex soto
> On May 11, 2020, at 12:16 PM, Achim Nierbeck <[email protected]> wrote:
>
> Hi Alex,
>
> a wab is nothing else then a war which is already contains the required
> Web-ApplicationContext parameter.
> That's the only difference, and the sample is actually the same ;)
>
> Needed to look this up from the "Apache Karaf Cookbook" :) (it's been a while
> I did write this and the code in pax-web)
> First you need to configure your web-container to use the jaas service of the
> surrounding Karaf.
> For Jetty this is something like the following:
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65
>
> <https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65>
>
> <Call name="addBean">
> <Arg>
> <New class="org.eclipse.jetty.jaas.JAASLoginService">
> <Set name="name">karaf</Set>
> <Set name="loginModuleName">karaf</Set>
> <Set name="roleClassNames">
> <Array type="java.lang.String">
>
> <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
> </Array>
> </Set>
> </New>
> </Arg>
> </Call>
>
> Second, you need to configure this realm in your WAB/WAR with its
> corresponding web.xml:
>
> https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/samples/war-formauth/src/main/webapp/WEB-INF/web.xml#L98-L119
>
> <https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/samples/war-formauth/src/main/webapp/WEB-INF/web.xml#L98-L119>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <description>Protect the Example Servlet</description>
> <url-pattern>/wc/example</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <description>Authorized Users Group</description>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/loginError.jsp</form-error-page>
> </form-login-config>
> </login-config>
> <security-role>
> <description>Test Role</description>
> <role-name>admin</role-name>
> </security-role>
>
> best regards, Achim
>
> P.S. here is the sample from the Apache Karaf Cookbook:
> https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter4/chapter4-recipe7
>
> <https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter4/chapter4-recipe7>
> Am Mo., 11. Mai 2020 um 15:17 Uhr schrieb Alex Soto <[email protected]
> <mailto:[email protected]>>:
> Ok, I am not having good luck with this. Using the realm “karaf” and BASIC
> authentication.
> Mind that my artifact is a WAB, not a WAR.
>
> My web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Karaf</realm-name>
> </login-config>
>
> <security-role>
> <role-name>admin</role-name>
> </security-role>
>
>
> Error:
>
>
> 9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web application
> java.lang.IllegalStateException: No LoginService for
> org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 in
> ConstraintSecurityHandler@17b84a6e{STARTING}
> at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92)
> ~[?:?]
> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344)
> ~[?:?]
> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879)
> ~[?:?]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821)
> ~[?:?]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129)
> ~[?:?]
> at
> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183)
> ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318)
> ~[osgi.core-6.0.0.jar:?]
> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261)
> ~[osgi.core-6.0.0.jar:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59)
> ~[?:?]
> at
> org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277)
> ~[?:?]
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> [?:1.8.0_171]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> [?:1.8.0_171]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
> [?:1.8.0_171]
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> [?:1.8.0_171]
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> [?:1.8.0_171]
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> [?:1.8.0_171]
> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
>
>
>
> Best regards,
> Alex soto
>
>
>
>
>> On May 11, 2020, at 8:36 AM, Alex Soto <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Ok I saw it now, it was hidden:
>>
>> <realm-name>Test Realm</realm-name>
>>
>>
>> Best regards,
>> Alex soto
>>
>>
>>
>>
>>> On May 11, 2020, at 8:31 AM, Alex Soto <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> Thanks Achin and JB,
>>>
>>> I looked at that example, but that is is WAR, and I am looking for WAB
>>> example. Still, in the ‘web.xml’ file there is no reference to JAAS realm.
>>> Where do you indicate the realm name? (I have my own realm separate from
>>> the default Karaf one).
>>>
>>> Actually, it is not fun having to guess all this basic stuff, and also a
>>> productivity drain, I am sorry to say.
>>>
>>>
>>> Best regards,
>>> Alex soto
>>>
>>>> On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> No rush, I think it’s easier for our users to find "how to" ;)
>>>>
>>>> Thanks !
>>>> Regards
>>>> JB
>>>>
>>>>> Le 11 mai 2020 à 09:09, Achim Nierbeck <[email protected]
>>>>> <mailto:[email protected]>> a écrit :
>>>>>
>>>>> Sure ..
>>>>> maybe I find some time during this week to create this there ;)
>>>>>
>>>>> regards, Achim
>>>>>
>>>>> p.s. this just reminds me, that those samples are also in the "Apache
>>>>> Karaf Cookbook" :)
>>>>>
>>>>> Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre
>>>>> <[email protected] <mailto:[email protected]>>:
>>>>> Maybe worth to add this in the Karaf wab example as well.
>>>>>
>>>>> I will.
>>>>>
>>>>> Regards
>>>>> JB
>>>>>
>>>>>> Le 10 mai 2020 à 13:45, Achim Nierbeck <[email protected]
>>>>>> <mailto:[email protected]>> a écrit :
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> there is a sample app for Pax-Web, which is also used in the test-suite:
>>>>>> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
>>>>>>
>>>>>> <https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication>
>>>>>> And actually you just need to reference the jaas of the surrounding
>>>>>> Karaf instance in your web.xml file.
>>>>>>
>>>>>> regards, Achim
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto
>>>>>> <[email protected] <mailto:[email protected]>>:
>>>>>> Hello,
>>>>>>
>>>>>> Is there a good tutorial or documentation on how to protect a WAB (Web
>>>>>> Application Bundle) with JAAS authentication?
>>>>>> My Karaf version is 4.2.8. Documentation here
>>>>>> https://karaf.apache.org/manual/latest/webcontainer
>>>>>> <https://karaf.apache.org/manual/latest/webcontainer> is scarce, only
>>>>>> referring to Jetty global config, (even that failed for me). I have
>>>>>> multiple WABs and WARs in the same Karaf container, and I don’t want to
>>>>>> apply the same JAAS authentication to all of them. From the comment:
>>>>>>
>>>>>> <!-- =========================================================== -->
>>>>>> <!-- Configure Authentication Realms -->
>>>>>> <!-- Realms may be configured for the entire server here, or -->
>>>>>> <!-- they can be configured for a specific web app in a context -->
>>>>>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
>>>>>> <!-- example). -->
>>>>>> <!-- =========================================================== —>
>>>>>>
>>>>>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is
>>>>>> unclear on how to apply, and it is Jetty specific.
>>>>>> My preference is for a Jetty agnostic way, for portability reasons.
>>>>>> (Maybe Karaf will change to Undertow in the future)
>>>>>>
>>>>>>
>>>>>> Best regards,
>>>>>> Alex soto
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Apache Member
>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>>
>>>>>> Committer & PMC
>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
>>>>>> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS
>>>>>> <http://bit.ly/1ps9rkS>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> Apache Member
>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>>
>>>>> Committer & PMC
>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
>>>>> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS
>>>>> <http://bit.ly/1ps9rkS>>
>>>>>
>>>>
>>>
>>
>
>
>
> --
>
> Apache Member
> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> Committer
> & PMC
> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & Project Lead
> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS
> <http://bit.ly/1ps9rkS>>
>
