This looks promising: https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing <https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing>
Best regards, Alex soto > On May 13, 2020, at 10:26 AM, Alex Soto <[email protected]> wrote: > > Re-sending to group > > >> On May 13, 2020, at 9:38 AM, Alex Soto <[email protected] >> <mailto:[email protected]>> wrote: >> >> Thank you Gerald, I appreciate the link. >> >> I was starting going that route, but it is not optimal, because I have more >> than one bundle that expose HTTP endpoints, and it is wasteful for each one >> to run their own Jetty instance. Same thing with authentication, I want to >> leverage the Karaf built in JAAS support, instead of recreating it. To >> this point, I have been able to leverage a single Jetty instance that is >> managed by PAX-WEB, but adding authentication is proving to be impossible. >> >> Best regards, >> Alex soto >> >> >> >> >>> On May 12, 2020, at 5:10 PM, Gerald Kallas <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Alex, >>> >>> we did make some experience with TLS and basic authentication on HTTP >>> consumers in between (and with the help of this mailing list). >>> >>> I started a article series on my blog, see >>> >>> https://www.catshout.de/?p=161 <https://www.catshout.de/?p=161> >>> >>> for a single HTTP consumer with TLS and basic authentication enabled. It's >>> based on camel-jetty. All examples are written in Blueprint DSL. Hope this >>> helps a bit. Feel free to comment. >>> >>> I'll proceed with a REST API secured in same manner and some discussions >>> about the limitations and options. >>> >>> Best >>> - Gerald >>> >>>> Alex Soto <[email protected] <mailto:[email protected]>> hat am >>>> 12. Mai 2020 19:55 geschrieben: >>>> >>>> >>>> This threads talks about the need to : >>>> >>>> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html >>>> >>>> <http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html> >>>> >>>> Quote: >>>> >>>> >>>>> you need to use the OSGi HTTP service >>>>> api to properly configure the security bits (by implementing >>>>> org.osgi.service.http.HttpContext interface). >>>> >>>> >>>> >>>> Are there any examples of this? >>>> >>>> Best regards, >>>> Alex soto >>>> >>>> >>>> >>>> >>>> >>>>> On May 12, 2020, at 11:42 AM, Alex Soto <[email protected]> wrote: >>>>> Thanks, JB. >>>>> >>>>> I found the problem was, a typo in the `realm-name` in the web.xml file. >>>>> It appears to be case-sensitive. I had: >>>>> >>>>> <login-config> >>>>> <auth-method>BASIC</auth-method> >>>>> <realm-name>Karaf</realm-name> >>>>> </login-config> >>>>> >>>>> >>>>> But in the jetty.xml: >>>>> >>>>> <New class="org.eclipse.jetty.jaas.JAASLoginService"> >>>>> <Set name="name">karaf</Set> >>>>> >>>>> >>>>> So I think it could not match the `Karaf` in the Web.xml to the `karaf` >>>>> in the Jetty.xml. >>>>> I wish the error message was more explicit. Anyway, now the web app is >>>>> properly initialized, BUT… the security constraint is not being applied >>>>> to my Camel Rest services, only to the ‘/admin’. URL. >>>>> For example: >>>>> >>>>> http://localhost:8181/admin/api/rest/executions >>>>> >>>>> Does not prompt for a password, it successfully returns the data from the >>>>> Camel Rest DSL route. And this url >>>>> >>>>> http://localhost:8181/admin >>>>> >>>>> is protected with basic authentication, so the browser prompts me for the >>>>> user name and password. >>>>> >>>>> What I need is protect everything starting with '/admin’ >>>>> >>>>> Any ideas? >>>>> >>>>> Best regards, >>>>> Alex soto >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[email protected]> >>>>>> wrote: >>>>>> Hi, >>>>>> >>>>>> It sounds like a class loader issue, so possible. >>>>>> >>>>>> Let me add an example in Karaf showing basic auth. >>>>>> >>>>>> Regards >>>>>> JB >>>>>> >>>>>> >>>>>> >>>>>>> Le 12 mai 2020 à 15:39, Alex Soto <[email protected]> a écrit : >>>>>>> I found that I have multiple versions of Jetty deployed in Karaf, that >>>>>>> is: 9.4.20.v20190813, and 9.4.22.v20191022 >>>>>>> Would this be the reason for the following exception: >>>>>>> >>>>>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | >>>>>>> WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 >>>>>>> | Error deploying web application >>>>>>> java.lang.IllegalStateException: No LoginService for >>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 >>>>>>> in ConstraintSecurityHandler@64779d1e{STARTING} >>>>>>> at >>>>>>> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) >>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>> at >>>>>>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) >>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>> at >>>>>>> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) >>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>> at >>>>>>> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) >>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) >>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) >>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) >>>>>>> ~[?:?] >>>>>>> at >>>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >>>>>>> [?:1.8.0_171] >>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >>>>>>> [?:1.8.0_171] >>>>>>> at >>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) >>>>>>> [?:1.8.0_171] >>>>>>> at >>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) >>>>>>> [?:1.8.0_171] >>>>>>> at >>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>>>>>> [?:1.8.0_171] >>>>>>> at >>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>>>>>> [?:1.8.0_171] >>>>>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Best regards, >>>>>>> Alex soto >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On May 11, 2020, at 12:50 PM, Alex Soto <[email protected]> wrote: >>>>>>>> A little more info. The class appears in many bundles: >>>>>>>> >>>>>>>> >>>>>>>> karaf@root()> bundle:find-class >>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>>>>>> >>>>>>>> Jetty :: Security (229) >>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>> >>>>>>>> Jetty :: Security (230) >>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>> >>>>>>>> Jetty :: JASPI Security (231) >>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>> >>>>>>>> Jetty :: JASPI Security (232) >>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>> >>>>>>>> OPS4J Pax Web - Jetty (309) >>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Best regards, >>>>>>>> Alex soto >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <[email protected]> wrote: >>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >> >
