As I have only Blueprint DSL routes it would be interesting how to configure this either in a Blueprint DSL file or globally in a config.
Best - Gerald > Alex Soto <[email protected]> hat am 13. Mai 2020 16:26 geschrieben: > > > This looks promising: > > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing > > > > Best regards, > Alex soto > > > > > > > On May 13, 2020, at 10:26 AM, Alex Soto <[email protected]> wrote: > > Re-sending to group > > > > > > > > > > > On May 13, 2020, at 9:38 AM, Alex Soto <[email protected]> wrote: > > > Thank you Gerald, I appreciate the link. > > > > > > I was starting going that route, but it is not optimal, because I have > > > more than one bundle that expose HTTP endpoints, and it is wasteful for > > > each one to run their own Jetty instance. Same thing with authentication, > > > I want to leverage the Karaf built in JAAS support, instead of recreating > > > it. To this point, I have been able to leverage a single Jetty instance > > > that is managed by PAX-WEB, but adding authentication is proving to be > > > impossible. > > > > > > > > > Best regards, > > > Alex soto > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 5:10 PM, Gerald Kallas <[email protected]> wrote: > > > > Hi Alex, > > > > > > > > we did make some experience with TLS and basic authentication on HTTP > > > > consumers in between (and with the help of this mailing list). > > > > > > > > I started a article series on my blog, see > > > > > > > > https://www.catshout.de/?p=161 > > > > > > > > for a single HTTP consumer with TLS and basic authentication enabled. > > > > It's based on camel-jetty. All examples are written in Blueprint DSL. > > > > Hope this helps a bit. Feel free to comment. > > > > > > > > I'll proceed with a REST API secured in same manner and some > > > > discussions about the limitations and options. > > > > > > > > Best > > > > - Gerald > > > > > > > > > > > > > Alex Soto <[email protected]> hat am 12. Mai 2020 19:55 > > > > > geschrieben: > > > > > > > > > > > > > > > This threads talks about the need to : > > > > > > > > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html > > > > > > > > > > Quote: > > > > > > > > > > > > > > > > > > > > > you need to use the OSGi HTTP service > > > > > > api to properly configure the security bits (by implementing > > > > > > org.osgi.service.http.HttpContext interface). > > > > > > > > > > > > > > > > > > > > Are there any examples of this? > > > > > > > > > > Best regards, > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <[email protected]> > > > > > > wrote: > > > > > > Thanks, JB. > > > > > > > > > > > > I found the problem was, a typo in the `realm-name` in the web.xml > > > > > > file. It appears to be case-sensitive. I had: > > > > > > > > > > > > <login-config> > > > > > > <auth-method>BASIC</auth-method> > > > > > > <realm-name>Karaf</realm-name> > > > > > > </login-config> > > > > > > > > > > > > > > > > > > But in the jetty.xml: > > > > > > > > > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > > > > > > <Set name="name">karaf</Set> > > > > > > > > > > > > > > > > > > So I think it could not match the `Karaf` in the Web.xml to the > > > > > > `karaf` in the Jetty.xml. > > > > > > I wish the error message was more explicit. Anyway, now the web app > > > > > > is properly initialized, BUT… the security constraint is not being > > > > > > applied to my Camel Rest services, only to the ‘/admin’. URL. > > > > > > For example: > > > > > > > > > > > > http://localhost:8181/admin/api/rest/executions > > > > > > > > > > > > Does not prompt for a password, it successfully returns the data > > > > > > from the Camel Rest DSL route. And this url > > > > > > > > > > > > http://localhost:8181/admin > > > > > > > > > > > > is protected with basic authentication, so the browser prompts me > > > > > > for the user name and password. > > > > > > > > > > > > What I need is protect everything starting with '/admin’ > > > > > > > > > > > > Any ideas? > > > > > > > > > > > > Best regards, > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre > > > > > > > <[email protected]> wrote: > > > > > > > Hi, > > > > > > > > > > > > > > It sounds like a class loader issue, so possible. > > > > > > > > > > > > > > Let me add an example in Karaf showing basic auth. > > > > > > > > > > > > > > Regards > > > > > > > JB > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <[email protected]> a > > > > > > > > écrit : > > > > > > > > I found that I have multiple versions of Jetty deployed in > > > > > > > > Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022 > > > > > > > > Would this be the reason for the following exception: > > > > > > > > > > > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | > > > > > > > > WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war > > > > > > > > - 7.2.14 | Error deploying web application > > > > > > > > java.lang.IllegalStateException: No LoginService for > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 > > > > > > > > in ConstraintSecurityHandler@64779d1e{STARTING} > > > > > > > > at > > > > > > > > org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > at > > > > > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > at > > > > > > > > org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > at > > > > > > > > org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > at > > > > > > > > org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > at > > > > > > > > org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) > > > > > > > > ~[?:?] > > > > > > > > at > > > > > > > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > > > > > > > [?:1.8.0_171] > > > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > > > > > > > [?:1.8.0_171] > > > > > > > > at > > > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > > > > > > > > [?:1.8.0_171] > > > > > > > > at > > > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > > > > > > > > [?:1.8.0_171] > > > > > > > > at > > > > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > > > > > > > [?:1.8.0_171] > > > > > > > > at > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > > > > > > > [?:1.8.0_171] > > > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto > > > > > > > > > <[email protected]> wrote: > > > > > > > > > A little more info. The class appears in many bundles: > > > > > > > > > > > > > > > > > > > > > > > > > > > karaf@root()> bundle:find-class > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > > > > > Jetty :: Security (229) > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > Jetty :: Security (230) > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > Jetty :: JASPI Security (231) > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > Jetty :: JASPI Security (232) > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > OPS4J Pax Web - Jetty (309) > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto > > > > > > > > > > <[email protected]> wrote: > > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
