Authentication in a custom web application in karaf

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Authentication in a custom web application in karaf

cooshal
Hi:

I have a sample web application, which I need to be protected by
authentication, just the way it does for Hawtio or other similar
applications.

I have my sample code here
(https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console).
t's an extremely basic web app with an index.html. The endpoint will be
exposed to /management/. I am trying to use it with the maven-bundle-plugin.
I had followed few examples from pax-web project.

I tried with 'war' packaging. The authentication works in that case, but I
was not able to serve my index.html (for example). Could be some config
issues.

It would be great, if anyone could provide me some info on this.

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

fpapon
Hi,

Do you want to use Karaf realm?

regards,

François
[hidden email]

Le 11/06/2019 à 14:07, cooshal a écrit :

> Hi:
>
> I have a sample web application, which I need to be protected by
> authentication, just the way it does for Hawtio or other similar
> applications.
>
> I have my sample code here
> (https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console).
> t's an extremely basic web app with an index.html. The endpoint will be
> exposed to /management/. I am trying to use it with the maven-bundle-plugin.
> I had followed few examples from pax-web project.
>
> I tried with 'war' packaging. The authentication works in that case, but I
> was not able to serve my index.html (for example). Could be some config
> issues.
>
> It would be great, if anyone could provide me some info on this.
>
> Regards,
> Cooshal.
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
François Papon
fpapon@apache.org
Yupiik - https://www.yupiik.com
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
In reply to this post by fpapon
Hi again fpapon,

As I have pointed out in my previous post, I have configured the web.xml
(https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24)
to use the karaf realm. But, I am still not able to get the authentication
functionality working.

Do you have any suggestions on this ? My demo project is available at:
https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

fpapon
Hi,

Let me try with your repo.

regards,

François
[hidden email]

Le 11/06/2019 à 19:16, cooshal a écrit :

> Hi again fpapon,
>
> As I have pointed out in my previous post, I have configured the web.xml
> (https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24)
> to use the karaf realm. But, I am still not able to get the authentication
> functionality working.
>
> Do you have any suggestions on this ? My demo project is available at:
> https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console
>
> Regards,
> Cooshal.
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
François Papon
fpapon@apache.org
Yupiik - https://www.yupiik.com
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

fpapon
Hi,

You have to add the war feature in your bootFeatures.

regards,

François
[hidden email]

Le 11/06/2019 à 22:50, Francois Papon a écrit :

> Hi,
>
> Let me try with your repo.
>
> regards,
>
> François
> [hidden email]
>
> Le 11/06/2019 à 19:16, cooshal a écrit :
>> Hi again fpapon,
>>
>> As I have pointed out in my previous post, I have configured the web.xml
>> (https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/src/main/webapp/WEB-INF/web.xml#L24)
>> to use the karaf realm. But, I am still not able to get the authentication
>> functionality working.
>>
>> Do you have any suggestions on this ? My demo project is available at:
>> https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console
>>
>> Regards,
>> Cooshal.
>>
>>
>>
>> --
>> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
François Papon
fpapon@apache.org
Yupiik - https://www.yupiik.com
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
Hi:

thanks. I will try that out.

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
In reply to this post by fpapon
Hi:

I just tried adding 'war' in the bootFeatures.

I tried deploying the same webconsole bundle in the karaf instance. This
does not seem to trigger the web.xml's configuration options.

Is my pom
(https://github.com/cooshal/karaf-assembly-jms/blob/master/modules/web-console/pom.xml)
correct?

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
In reply to this post by fpapon
Hi again !

I have further updates on this issue.

I tried two different approaches:

1. Tried deploying this project as a war. I used the same web.xml file, but
changed the packaging type ko war. But, the Web-ContextPath in `web:list`
doesn't show management. And I struggled a bit to configure that. Thus, my
application was available at: *:8181/demo-web-console rather than at
*:/management

But important thing here is that the authentication works for the protected
pages.

2. I tried deploying it as an osgi bundle. Although I have specified
<_wab>src/main/webapp</_wab>, it does not seem to pick up the settings of
web.xml. Thus, the authentication rule is never invoked.

In both cases, I have installed war feature.

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

Steinar Bang
In reply to this post by cooshal
>>>>> cooshal <[hidden email]>:

> Hi:
> I have a sample web application, which I need to be protected by
> authentication, just the way it does for Hawtio or other similar
> applications.

> I have my sample code here
> (https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console).
> t's an extremely basic web app with an index.html. The endpoint will be
> exposed to /management/. I am trying to use it with the maven-bundle-plugin.
> I had followed few examples from pax-web project.

I've written this:
 https://github.com/steinarb/authservice

You can try it out by doing the following commands from the karaf
command line:
 feature:repo-add mvn:no.priv.bang.authservice/authservice/LATEST/xml/features
 feature:install user-admin-with-derby

This will add an authservice webapp at http://localhost:8181/authservice
You can log in with e.g. admin/admin or jad/1ad (the "admin" user has
user administration privileges).

The webapp is running from a derby database initialized with dummy data.

To use this as authentication for a different web application you
currently have to access the web application to a reverse proxy that can
rewrite the cookie path for the authentication cookies.  I have setup
for nginx in the README, but I'm sure apache can be used as well.

In the web application you will need to use apache shiro and accept OSGi
service injections for the Realm and SessionDAO interfaces.

Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
Hi:

thank you for your reply.

Thank you for sharing the project. I looked at the project, but I guess this
implementation is too complicated for my current needs. I have an extremely
simply HTML/JS application, for which I want it to be authenticated using
karaf realm, for example.

I was following a sample from pax-web repo for the configuration stuffs,
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/wab-jetty-web.
I could configure the web.xml file and set the authentication stuffs there.
This works perfectly fine, if I package my app as a war, but this does not
work if I package it as a bundle. That is where I got stuck.

Regards,
Cooshal.




--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

Steinar Bang
>>>>> cooshal <[hidden email]>:

> Hi:
> thank you for your reply.

> Thank you for sharing the project. I looked at the project, but I guess this
> implementation is too complicated for my current needs. I have an extremely
> simply HTML/JS application, for which I want it to be authenticated using
> karaf realm, for example.

Well... simple HTML/JS applications is what I use it for.  :-)

It's actually pretty simple:
 1. You need to create a bundle defining the web context (ie. the local
    path of your web application eg. "/myapp").  That's mostly
    boilerplate and you can look at my sample projects:
     https://github.com/steinarb/authservice/tree/master/authservice.web.security
     https://github.com/steinarb/ukelonn/tree/master/ukelonn.web.security
     https://github.com/steinarb/handlereg/tree/master/handlereg.web.security
 2. The bundle needs to create a web context helper.  Some examples of
    DS components creating a web context helper
     https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceServletContextHelper.java#L22
     https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/java/no/priv/bang/ukelonn/web/security/UkelonnServletContextHelper.java#L7
     https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/java/no/priv/bang/handlereg/web/security/HandleregServletContextHelper.java#L22
    (no actual code, just a DS component with some magical annotations)
 3. The bundle needs to create a shiro filter and attach it to the web
    context.  The shiro filter needs to receive Realm and SessionDAO as
    OSGi service injections (authservice provides these):
     https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/java/no/priv/bang/authservice/web/security/AuthserviceShiroFilter.java#L44
     https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/java/no/priv/bang/ukelonn/web/security/UkelonnShiroFilter.java#L41
     https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/java/no/priv/bang/handlereg/web/security/HandleregShiroFilter.java#L38
    (have to do the configuration in code instead of using shiro.ini,
    because the shiro.ini code can't find the shiro classes in an OSGi
    context.  However the dependency injections of Realm and SessionDAO
    makes things simpler)
 4. If you want to have fine control of the paths in your webapp, use a
    shiro.ini file, some examples:
     https://github.com/steinarb/authservice/blob/master/authservice.web.security/src/main/resources/shiro.ini
     https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/resources/shiro.ini
     https://github.com/steinarb/handlereg/blob/master/handlereg.web.security/src/main/resources/shiro.ini

Once you have this in place I think you can basically use whatever way
you want to define your web application, you just need to use the
webcontext defined by the web context helper.

And you need to use a reverse proxy to fix the paths of the shiro
authentication cookies.  That bit is a bit of a hack, but I don't see it
much myself, since I was using a reverse proxy anyway.

> I was following a sample from pax-web repo for the configuration stuffs,
> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/wab-jetty-web.
> I could configure the web.xml file and set the authentication stuffs there.
> This works perfectly fine, if I package my app as a war, but this does not
> work if I package it as a bundle. That is where I got stuck.

FWIW my way should work fine with web whiteboard OSGi bundles, and
possibly also with WAR bundles. :-)

(I haven't tried WAR bundles with this approach myself.  After I got web
whiteboard working I haven't looked back...)

This may be also of interest
 1. A simple react frontend example as an OSGi bundle, using web
    whiteboard
     https://github.com/steinarb/frontend-karaf-demo
    a. Use maven to compile a frontend into a bundle.js file that is
       added as a resource in the OSGi bundle
        https://github.com/steinarb/frontend-karaf-demo/blob/master/pom.xml#L105
        https://github.com/steinarb/frontend-karaf-demo/tree/master/src/main/frontend
    b. Create a web whiteboard servlet that serves the bundle.js on all
       paths leading to your webapp
        https://github.com/steinarb/frontend-karaf-demo/blob/master/src/main/java/no/priv/bang/demos/frontendkarafdemo/ReactServlet.java#L24
 2. A serving a jersey REST service as an OSGi bundle, using web
    whiteboard
     https://github.com/steinarb/jersey-karaf-feature

Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
Hi:

thank you !

I will look at it and will get back to you.

When I started this project, I used a very simple approach, which did not
require any involvement of web.xml configuration. Later, I realized that I
chose the wrong architecture.

I will try and test with your approach.

Thanks again.

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

jbonofre
I'm on the way to merge the example.

Regards
JB

On 18/06/2019 13:01, cooshal wrote:

> Hi:
>
> thank you !
>
> I will look at it and will get back to you.
>
> When I started this project, I used a very simple approach, which did not
> require any involvement of web.xml configuration. Later, I realized that I
> chose the wrong architecture.
>
> I will try and test with your approach.
>
> Thanks again.
>
> Regards,
> Cooshal.
>
>
>
> --
> Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
>

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

Steinar Bang
In reply to this post by cooshal
>>>>> cooshal <[hidden email]>:

> Hi:
> thank you !

> I will look at it and will get back to you.

> When I started this project, I used a very simple approach, which did not
> require any involvement of web.xml configuration. Later, I realized that I
> chose the wrong architecture.

> I will try and test with your approach.

I have create a sample/boilerplate project that perhaps will make it
easier:
 https://github.com/steinarb/authservice-sampleclient

You can test it out and verify that it works:
 https://github.com/steinarb/authservice-sampleclient#try-this-code

You can copy it and modify it and fit it into your own multimodule maven
project:
 https://github.com/steinarb/authservice-sampleclient#adapt-this-project-to-your-project

Reply | Threaded
Open this post in threaded view
|

Re: Authentication in a custom web application in karaf

cooshal
Hi:

I had other issues. Thus, I could not try this out. I will try this today,
and get back.

Thank you for your time :)

Regards,
Cooshal.



--
Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html