Re: Adding jaas authentication to a cxf endpoint in karaf

Christian Müller Fri, 31 Oct 2014 11:40:34 -0700

The keystore configuration is only needed for HTTPS.
You can use BASIC AUTH without HTTPS.


If you want to leverage on the OSGI HTTP service (it looks so, because you
are using address="/externalWarehouse"), you have to configure BASIC AUTH
in your jetty.xml like:

<Configure class="org.eclipse.jetty.server.Server">
    <!-- =========================================================== -->
    <!-- Set connectors -->
    <!-- =========================================================== -->
    <!-- One of each type! -->
    <!-- =========================================================== -->

    <Call name="addConnector">
        <Arg>
            <New class="org.eclipse.jetty.server.nio.BlockingChannelConnector">
                <Set name="host">
                    <Property name="jetty.host" />
                </Set>
                <Set name="port">
                    <Property name="jetty.port" default="8181" />
                </Set>
                <Set name="maxIdleTime">300000</Set>
                <Set name="Acceptors">1</Set>
                <Set name="statsOn">false</Set>
                <Set name="confidentialPort">8443</Set>
            </New>
        </Arg>
    </Call>

    <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
                <Set name="name">karaf</Set>
                <Set name="loginModuleName">karaf</Set>
                <Set name="roleClassNames">
                    <Array type="java.lang.String">

<Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
                    </Array>
                </Set>
            </New>
        </Arg>
    </Call>

    <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
                <Set name="name">default</Set>
                <Set name="loginModuleName">karaf</Set>
                <Set name="roleClassNames">
                    <Array type="java.lang.String">

<Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
                    </Array>
                </Set>
            </New>
        </Arg>
    </Call>
</Configure>





If you want to start up a new Jetty instance to expose your web service,
your configuration looks good. As Willem already explained, you has to
configure a complete URL like address="
http://127.0.0.1:9000/externalWarehouse";. And you can remove the keystore
configuration if you are using HTTP.

       <httpj:engine-factory bus=*"cxf"*>

              <httpj:engine port=*"9000"*>

            <httpj:threadingParameters minThreads=*"5"* maxThreads=*"20"* />

            <httpj:handlers>

                <!-- BASIC AUTHENTICATION configuration -->

                <ref bean=*"securityHandler"*/>

            </httpj:handlers>

              </httpj:engine>
       </httpj:engine-factory>


    <bean id=*"securityHandler"* class=
*"org.eclipse.jetty.security.ConstraintSecurityHandler"*>

        <property name=*"authenticator"*>

            <bean class=
*"org.eclipse.jetty.security.authentication.BasicAuthenticator"*/>

        </property>

        <property name=*"constraintMappings"*>

            <list>

                <bean class=*"org.eclipse.jetty.security.ConstraintMapping"*
>

                    <property name=*"constraint"*>

                        <bean class=
*"org.eclipse.jetty.http.security.Constraint"*>

                            <property name=*"name"* value=*"BASIC"*/>

                            <property name=*"roles"* value=*"yourRole"*/>

                            <property name=*"authenticate"* value=*"true"*/>

                        </bean>

                    </property>

                    <property name=*"pathSpec"* value=*"/*"*/>

                </bean>

            </list>

        </property>

        <property name=*"loginService"*>

            <bean class=*"org.eclipse.jetty.security.HashLoginService"*>

                <property name=*"name"* value=*"karaf"* />

                <property name=*"config"* value=
*"src/test/resources/jetty-realm.properties"* />

            </bean>

        </property>

        <property name=*"strict"* value=*"false"*/>
    </bean>

Best,
Christian
-----------------

Software Integration Specialist

Apache Member
V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer
Apache Incubator PMC Member

https://www.linkedin.com/pub/christian-mueller/11/551/642

On Fri, Oct 31, 2014 at 9:44 AM, Hilderich <hilde.sch...@yahoo.de> wrote:

> Hello Willem,
>
> Many thanks for that crucial hint. I did as you said but no Basic
> Authentication was requested. What I am not understand so far is the
> keystore stuff in <httpj:tlsServerParameters ...
> As I interpret it correctly this has something to do with SSL/https but I
> have no intentions to switch to https. As a result I have in the meantime
> &lt;httpj ... section in blueprint modified to:
>
> &lt;httpj:engine-factory bus=&quot;cxf&quot;>
>         <httpj:engine port="9000">
>                 <httpj:threadingParameters minThreads="5"
>                         maxThreads="20" />
>                 <httpj:handlers>
>                         <ref component-id="securityHandler" />
>                 </httpj:handlers>
>         </httpj:engine>
> </httpj:engine-factory>
>
>
> Do I have get something wrong? Is Basic Auth inevitably connected with
> SSL/http???
>
> Could you please help me once again to establish BASIC Auth via http and
> how
> jetty has properly configured in blueprint.xml?
>
> Kind regards,
> Hilderich
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Adding-jaas-authentication-to-a-cxf-endpoint-in-karaf-tp5758340p5758360.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>

Re: Adding jaas authentication to a cxf endpoint in karaf

Reply via email to