Re-sending to group
> On May 13, 2020, at 9:38 AM, Alex Soto <[email protected]> wrote: > > Thank you Gerald, I appreciate the link. > > I was starting going that route, but it is not optimal, because I have more > than one bundle that expose HTTP endpoints, and it is wasteful for each one > to run their own Jetty instance. Same thing with authentication, I want to > leverage the Karaf built in JAAS support, instead of recreating it. To this > point, I have been able to leverage a single Jetty instance that is managed > by PAX-WEB, but adding authentication is proving to be impossible. > > Best regards, > Alex soto > > > > >> On May 12, 2020, at 5:10 PM, Gerald Kallas <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Alex, >> >> we did make some experience with TLS and basic authentication on HTTP >> consumers in between (and with the help of this mailing list). >> >> I started a article series on my blog, see >> >> https://www.catshout.de/?p=161 <https://www.catshout.de/?p=161> >> >> for a single HTTP consumer with TLS and basic authentication enabled. It's >> based on camel-jetty. All examples are written in Blueprint DSL. Hope this >> helps a bit. Feel free to comment. >> >> I'll proceed with a REST API secured in same manner and some discussions >> about the limitations and options. >> >> Best >> - Gerald >> >>> Alex Soto <[email protected]> hat am 12. Mai 2020 19:55 geschrieben: >>> >>> >>> This threads talks about the need to : >>> >>> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html >>> >>> Quote: >>> >>> >>>> you need to use the OSGi HTTP service >>>> api to properly configure the security bits (by implementing >>>> org.osgi.service.http.HttpContext interface). >>> >>> >>> >>> Are there any examples of this? >>> >>> Best regards, >>> Alex soto >>> >>> >>> >>> >>> >>>> On May 12, 2020, at 11:42 AM, Alex Soto <[email protected]> wrote: >>>> Thanks, JB. >>>> >>>> I found the problem was, a typo in the `realm-name` in the web.xml file. >>>> It appears to be case-sensitive. I had: >>>> >>>> <login-config> >>>> <auth-method>BASIC</auth-method> >>>> <realm-name>Karaf</realm-name> >>>> </login-config> >>>> >>>> >>>> But in the jetty.xml: >>>> >>>> <New class="org.eclipse.jetty.jaas.JAASLoginService"> >>>> <Set name="name">karaf</Set> >>>> >>>> >>>> So I think it could not match the `Karaf` in the Web.xml to the `karaf` in >>>> the Jetty.xml. >>>> I wish the error message was more explicit. Anyway, now the web app is >>>> properly initialized, BUT… the security constraint is not being applied to >>>> my Camel Rest services, only to the ‘/admin’. URL. >>>> For example: >>>> >>>> http://localhost:8181/admin/api/rest/executions >>>> >>>> Does not prompt for a password, it successfully returns the data from the >>>> Camel Rest DSL route. And this url >>>> >>>> http://localhost:8181/admin >>>> >>>> is protected with basic authentication, so the browser prompts me for the >>>> user name and password. >>>> >>>> What I need is protect everything starting with '/admin’ >>>> >>>> Any ideas? >>>> >>>> Best regards, >>>> Alex soto >>>> >>>> >>>> >>>> >>>> >>>>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[email protected]> >>>>> wrote: >>>>> Hi, >>>>> >>>>> It sounds like a class loader issue, so possible. >>>>> >>>>> Let me add an example in Karaf showing basic auth. >>>>> >>>>> Regards >>>>> JB >>>>> >>>>> >>>>> >>>>>> Le 12 mai 2020 à 15:39, Alex Soto <[email protected]> a écrit : >>>>>> I found that I have multiple versions of Jetty deployed in Karaf, that >>>>>> is: 9.4.20.v20190813, and 9.4.22.v20191022 >>>>>> Would this be the reason for the following exception: >>>>>> >>>>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | >>>>>> WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 >>>>>> | Error deploying web application >>>>>> java.lang.IllegalStateException: No LoginService for >>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in >>>>>> ConstraintSecurityHandler@64779d1e{STARTING} >>>>>> at >>>>>> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) >>>>>> ~[?:?] >>>>>> at >>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) >>>>>> ~[?:?] >>>>>> at >>>>>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) >>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>> at >>>>>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) >>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>> at >>>>>> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) >>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>> at >>>>>> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) >>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) >>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) >>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) >>>>>> ~[?:?] >>>>>> at >>>>>> org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) >>>>>> ~[?:?] >>>>>> at >>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >>>>>> [?:1.8.0_171] >>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171] >>>>>> at >>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) >>>>>> [?:1.8.0_171] >>>>>> at >>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) >>>>>> [?:1.8.0_171] >>>>>> at >>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>>>>> [?:1.8.0_171] >>>>>> at >>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>>>>> [?:1.8.0_171] >>>>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Best regards, >>>>>> Alex soto >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> On May 11, 2020, at 12:50 PM, Alex Soto <[email protected]> wrote: >>>>>>> A little more info. The class appears in many bundles: >>>>>>> >>>>>>> >>>>>>> karaf@root()> bundle:find-class >>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>>>>> >>>>>>> Jetty :: Security (229) >>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>> >>>>>>> Jetty :: Security (230) >>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>> >>>>>>> Jetty :: JASPI Security (231) >>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>> >>>>>>> Jetty :: JASPI Security (232) >>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>> >>>>>>> OPS4J Pax Web - Jetty (309) >>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Best regards, >>>>>>> Alex soto >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <[email protected]> wrote: >>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>>>>> >>>>>> >>>>> >>>> >>> >
