This threads talks about the need to : http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html <http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html>
Quote: > you need to use the OSGi HTTP service > api to properly configure the security bits (by implementing > org.osgi.service.http.HttpContext interface). Are there any examples of this? Best regards, Alex soto > On May 12, 2020, at 11:42 AM, Alex Soto <[email protected]> wrote: > > Thanks, JB. > > I found the problem was, a typo in the `realm-name` in the web.xml file. It > appears to be case-sensitive. I had: > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Karaf</realm-name> > </login-config> > > > But in the jetty.xml: > > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > <Set name="name">karaf</Set> > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in > the Jetty.xml. > I wish the error message was more explicit. Anyway, now the web app is > properly initialized, BUT… the security constraint is not being applied to my > Camel Rest services, only to the ‘/admin’. URL. > For example: > > http://localhost:8181/admin/api/rest/executions > <http://localhost:8181/admin/api/rest/executions> > > Does not prompt for a password, it successfully returns the data from the > Camel Rest DSL route. And this url > > http://localhost:8181/admin <http://localhost:8181/admin> > > is protected with basic authentication, so the browser prompts me for the > user name and password. > > What I need is protect everything starting with '/admin’ > > Any ideas? > > Best regards, > Alex soto > > > > >> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> >> It sounds like a class loader issue, so possible. >> >> Let me add an example in Karaf showing basic auth. >> >> Regards >> JB >> >>> Le 12 mai 2020 à 15:39, Alex Soto <[email protected] >>> <mailto:[email protected]>> a écrit : >>> >>> I found that I have multiple versions of Jetty deployed in Karaf, that is: >>> 9.4.20.v20190813, and 9.4.22.v20191022 >>> Would this be the reason for the following exception: >>> >>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | >>> WebAppPublisher | 302 - >>> org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web >>> application >>> java.lang.IllegalStateException: No LoginService for >>> org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in >>> ConstraintSecurityHandler@64779d1e{STARTING} >>> at >>> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) >>> ~[?:?] >>> at >>> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) >>> ~[?:?] >>> at >>> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) >>> ~[?:?] >>> at >>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) >>> ~[?:?] >>> at >>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) >>> ~[?:?] >>> at >>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) >>> ~[?:?] >>> at >>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) >>> ~[?:?] >>> at >>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) >>> ~[osgi.core-6.0.0.jar:?] >>> at >>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) >>> ~[osgi.core-6.0.0.jar:?] >>> at >>> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) >>> ~[osgi.core-6.0.0.jar:?] >>> at >>> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) >>> ~[osgi.core-6.0.0.jar:?] >>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) >>> ~[osgi.core-6.0.0.jar:?] >>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) >>> ~[osgi.core-6.0.0.jar:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) >>> ~[?:?] >>> at >>> org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) >>> ~[?:?] >>> at >>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >>> [?:1.8.0_171] >>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >>> [?:1.8.0_171] >>> at >>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) >>> [?:1.8.0_171] >>> at >>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) >>> [?:1.8.0_171] >>> at >>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>> [?:1.8.0_171] >>> at >>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>> [?:1.8.0_171] >>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] >>> >>> >>> >>> >>> Best regards, >>> Alex soto >>> >>> >>> >>> >>>> On May 11, 2020, at 12:50 PM, Alex Soto <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> A little more info. The class appears in many bundles: >>>> >>>> >>>> karaf@root()> bundle:find-class >>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>> >>>> Jetty :: Security (229) >>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>> >>>> Jetty :: Security (230) >>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>> >>>> Jetty :: JASPI Security (231) >>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>> >>>> Jetty :: JASPI Security (232) >>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>> >>>> OPS4J Pax Web - Jetty (309) >>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>> >>>> >>>> >>>> >>>> Best regards, >>>> Alex soto >>>> >>>> >>>> >>>> >>>>> On May 11, 2020, at 12:44 PM, Alex Soto <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>> >>> >> >
