Basic authentication of WAB using Jaas in Karaf

classic Classic list List threaded Threaded
36 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Basic authentication of WAB using Jaas in Karaf

Alex Soto
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto




Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Achim Nierbeck
Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

jbonofre
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>


Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Achim Nierbeck
Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

jbonofre
No rush, I think it’s easier for our users to find "how to" ;)

Thanks !
Regards
JB

Le 11 mai 2020 à 09:09, Achim Nierbeck <[hidden email]> a écrit :

Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>


Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
Thanks Achin and JB,

I looked at that example, but that is is WAR, and I am looking for WAB example.  Still, in the ‘web.xml’ file there is no reference to JAAS realm.  Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).

Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.


Best regards,
Alex soto

On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

No rush, I think it’s easier for our users to find "how to" ;)

Thanks !
Regards
JB

Le 11 mai 2020 à 09:09, Achim Nierbeck <[hidden email]> a écrit :

Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>



Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
Ok I saw it now, it was hidden:

<realm-name>Test Realm</realm-name>


Best regards,
Alex soto




On May 11, 2020, at 8:31 AM, Alex Soto <[hidden email]> wrote:

Thanks Achin and JB,

I looked at that example, but that is is WAR, and I am looking for WAB example.  Still, in the ‘web.xml’ file there is no reference to JAAS realm.  Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).

Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.


Best regards,
Alex soto

On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

No rush, I think it’s easier for our users to find "how to" ;)

Thanks !
Regards
JB

Le 11 mai 2020 à 09:09, Achim Nierbeck <[hidden email]> a écrit :

Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
Ok, I am not having good luck with this. Using the realm “karaf” and BASIC authentication.  
Mind that my artifact is a WAB, not a WAR.

My web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>


Error:


9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 in ConstraintSecurityHandler@17b84a6e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]



Best regards,
Alex soto




On May 11, 2020, at 8:36 AM, Alex Soto <[hidden email]> wrote:

Ok I saw it now, it was hidden:

<realm-name>Test Realm</realm-name>


Best regards,
Alex soto




On May 11, 2020, at 8:31 AM, Alex Soto <[hidden email]> wrote:

Thanks Achin and JB,

I looked at that example, but that is is WAR, and I am looking for WAB example.  Still, in the ‘web.xml’ file there is no reference to JAAS realm.  Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).

Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.


Best regards,
Alex soto

On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

No rush, I think it’s easier for our users to find "how to" ;)

Thanks !
Regards
JB

Le 11 mai 2020 à 09:09, Achim Nierbeck <[hidden email]> a écrit :

Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>





Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Achim Nierbeck
Hi Alex,

a wab is nothing else then a war which is already contains the required Web-ApplicationContext parameter.
That's the only difference, and the sample is actually the same ;)

Needed to look this up from the "Apache Karaf Cookbook" :) (it's been a while I did write this and the code in pax-web)
First you need to configure your web-container to use the jaas service of the surrounding Karaf.
For Jetty this is something like the following:

https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65

    <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.jaas.JAASLoginService">
                <Set name="name">karaf</Set>
                <Set name="loginModuleName">karaf</Set>
                <Set name="roleClassNames">
                    <Array type="java.lang.String">
                        <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
                    </Array>
                </Set>
            </New>
        </Arg>
    </Call>

Second, you need to configure this realm in your WAB/WAR with its corresponding web.xml:


<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description>Protect the Example Servlet</description>
<url-pattern>/wc/example</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Authorized Users Group</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Test Role</description>
<role-name>admin</role-name>
</security-role>

best regards, Achim


Am Mo., 11. Mai 2020 um 15:17 Uhr schrieb Alex Soto <[hidden email]>:
Ok, I am not having good luck with this. Using the realm “karaf” and BASIC authentication.  
Mind that my artifact is a WAB, not a WAR.

My web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>


Error:


9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 in ConstraintSecurityHandler@17b84a6e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]



Best regards,
Alex soto




On May 11, 2020, at 8:36 AM, Alex Soto <[hidden email]> wrote:

Ok I saw it now, it was hidden:

<realm-name>Test Realm</realm-name>


Best regards,
Alex soto




On May 11, 2020, at 8:31 AM, Alex Soto <[hidden email]> wrote:

Thanks Achin and JB,

I looked at that example, but that is is WAR, and I am looking for WAB example.  Still, in the ‘web.xml’ file there is no reference to JAAS realm.  Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).

Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.


Best regards,
Alex soto

On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

No rush, I think it’s easier for our users to find "how to" ;)

Thanks !
Regards
JB

Le 11 mai 2020 à 09:09, Achim Nierbeck <[hidden email]> a écrit :

Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>







--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
Thanks for the effort to help me, Achim.

I believe the Jetty configuration is being added automatically by PAX-Web, because I see it being created after the container starts, so I think that part is fine.
The web.xml is correctly configured too, except I am using BASIC authentication as opposed to Form-based, but I have the required elements:

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>


However, I am getting the previous class not found error:

2020-05-11T12:34:29,892 | ERROR | paxweb-extender-1-thread-2 | WebAppPublisher                  | 307 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@5acaf57a in ConstraintSecurityHandler@6ee023ca{STARTING}


I suspect I may be missing a feature.  I have deployed:

<feature>war</feature>

Is there anything else I need to deploy?  
Shouldn’t these missing Jetty classes be deployed as part of Pax-Web?


Best regards,
Alex soto




On May 11, 2020, at 12:16 PM, Achim Nierbeck <[hidden email]> wrote:

Hi Alex,

a wab is nothing else then a war which is already contains the required Web-ApplicationContext parameter.
That's the only difference, and the sample is actually the same ;)

Needed to look this up from the "Apache Karaf Cookbook" :) (it's been a while I did write this and the code in pax-web)
First you need to configure your web-container to use the jaas service of the surrounding Karaf.
For Jetty this is something like the following:

https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65

    <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.jaas.JAASLoginService">
                <Set name="name">karaf</Set>
                <Set name="loginModuleName">karaf</Set>
                <Set name="roleClassNames">
                    <Array type="java.lang.String">
                        <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
                    </Array>
                </Set>
            </New>
        </Arg>
    </Call>

Second, you need to configure this realm in your WAB/WAR with its corresponding web.xml:


<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<description>Protect the Example Servlet</description>
<url-pattern>/wc/example</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Authorized Users Group</description>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginError.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Test Role</description>
<role-name>admin</role-name>
</security-role>

best regards, Achim


Am Mo., 11. Mai 2020 um 15:17 Uhr schrieb Alex Soto <[hidden email]>:
Ok, I am not having good luck with this. Using the realm “karaf” and BASIC authentication.  
Mind that my artifact is a WAB, not a WAR.

My web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>

<security-role>
<role-name>admin</role-name>
</security-role>


Error:


9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 in ConstraintSecurityHandler@17b84a6e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]



Best regards,
Alex soto




On May 11, 2020, at 8:36 AM, Alex Soto <[hidden email]> wrote:

Ok I saw it now, it was hidden:

<realm-name>Test Realm</realm-name>


Best regards,
Alex soto




On May 11, 2020, at 8:31 AM, Alex Soto <[hidden email]> wrote:

Thanks Achin and JB,

I looked at that example, but that is is WAR, and I am looking for WAB example.  Still, in the ‘web.xml’ file there is no reference to JAAS realm.  Where do you indicate the realm name? (I have my own realm separate from the default Karaf one).

Actually, it is not fun having to guess all this basic stuff, and also a productivity drain, I am sorry to say.


Best regards,
Alex soto

On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

No rush, I think it’s easier for our users to find "how to" ;)

Thanks !
Regards
JB

Le 11 mai 2020 à 09:09, Achim Nierbeck <[hidden email]> a écrit :

Sure ..
maybe I find some time during this week to create this there ;)

regards, Achim

p.s. this just reminds me, that those samples are also in the "Apache Karaf Cookbook" :)

Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre <[hidden email]>:
Maybe worth to add this in the Karaf wab example as well.

I will.

Regards
JB

Le 10 mai 2020 à 13:45, Achim Nierbeck <[hidden email]> a écrit :

Hi,

there is a sample app for Pax-Web, which is also used in the test-suite:
https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication
And actually you just need to reference the jaas of the surrounding Karaf instance in your web.xml file.

regards, Achim



Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <[hidden email]>:
Hello,

Is there a good tutorial or documentation on how to protect a WAB (Web Application Bundle) with JAAS authentication?
My Karaf version is 4.2.8.  Documentation here https://karaf.apache.org/manual/latest/webcontainer is scarce, only referring to Jetty global config, (even that failed for me).  I have multiple WABs and WARs in the same Karaf container, and I don’t want to apply the same JAAS authentication to all of them.   From the comment:

<!-- =========================================================== -->
    <!-- Configure Authentication Realms -->
    <!-- Realms may be configured for the entire server here, or -->
    <!-- they can be configured for a specific web app in a context -->
    <!-- configuration (see $(jetty.home)/contexts/test.xml for an -->
    <!-- example). -->
    <!-- =========================================================== —>

It looks like is a way ($(jetty.home)/contexts/test.xml ).  But this is unclear on how to apply, and it is Jetty specific.
My preference is for a Jetty agnostic way, for portability reasons. (Maybe Karaf will change to Undertow in the future)


Best regards,
Alex soto






--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>




--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>







--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>


Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
A little more info.  The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class




Best regards,
Alex soto




On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:

org.eclipse.jetty.security.authentication.BasicAuthenticator

Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and  9.4.22.v20191022
Would this be the reason for the following exception:

2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher                  | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]




Best regards,
Alex soto




On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:

A little more info.  The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class




Best regards,
Alex soto




On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:

org.eclipse.jetty.security.authentication.BasicAuthenticator


Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

jbonofre
Hi,

It sounds like a class loader issue, so possible.

Let me add an example in Karaf showing basic auth.

Regards
JB

Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :

I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and  9.4.22.v20191022
Would this be the reason for the following exception:

2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher                  | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]




Best regards,
Alex soto




On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:

A little more info.  The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class




Best regards,
Alex soto




On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:

org.eclipse.jetty.security.authentication.BasicAuthenticator



Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
Thanks, JB.

I found the problem was, a typo in the `realm-name`  in the web.xml file.  It appears to be case-sensitive.  I had:

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>


But in the jetty.xml:

 <New class="org.eclipse.jetty.jaas.JAASLoginService">
                <Set name="name">karaf</Set>


So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
I wish the error message was more explicit.  Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.  
For example:


Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route.   And this url


is protected with basic authentication, so the browser prompts me for the user name and password.

What I need is protect everything starting with '/admin’ 

Any ideas?

Best regards,
Alex soto




On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

Hi,

It sounds like a class loader issue, so possible.

Let me add an example in Karaf showing basic auth.

Regards
JB

Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :

I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and  9.4.22.v20191022
Would this be the reason for the following exception:

2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher                  | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]




Best regards,
Alex soto




On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:

A little more info.  The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class




Best regards,
Alex soto




On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:

org.eclipse.jetty.security.authentication.BasicAuthenticator




Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
This threads talks about the need to :

http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html

Quote:

you need to use the OSGi HTTP service
api to properly configure the security bits (by implementing
org.osgi.service.http.HttpContext interface). 


Are there any examples of this? 

Best regards,
Alex soto




On May 12, 2020, at 11:42 AM, Alex Soto <[hidden email]> wrote:

Thanks, JB.

I found the problem was, a typo in the `realm-name`  in the web.xml file.  It appears to be case-sensitive.  I had:

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>


But in the jetty.xml:

 <New class="org.eclipse.jetty.jaas.JAASLoginService">
                <Set name="name">karaf</Set>


So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
I wish the error message was more explicit.  Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.  
For example:


Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route.   And this url


is protected with basic authentication, so the browser prompts me for the user name and password.

What I need is protect everything starting with '/admin’ 

Any ideas?

Best regards,
Alex soto




On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:

Hi,

It sounds like a class loader issue, so possible.

Let me add an example in Karaf showing basic auth.

Regards
JB

Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :

I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and  9.4.22.v20191022
Would this be the reason for the following exception:

2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher                  | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]




Best regards,
Alex soto




On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:

A little more info.  The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class




Best regards,
Alex soto




On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:

org.eclipse.jetty.security.authentication.BasicAuthenticator





Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Gerald Kallas
Hi Alex,

we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).

I started a article series on my blog, see

https://www.catshout.de/?p=161

for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.

I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.

Best
- Gerald

> Alex Soto <[hidden email]> hat am 12. Mai 2020 19:55 geschrieben:
>
>
> This threads talks about the need to :
>
> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
>
> Quote:
>
>
> > you need to use the OSGi HTTP service
> > api to properly configure the security bits (by implementing
> > org.osgi.service.http.HttpContext interface).
>
>
>
> Are there any examples of this?
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 12, 2020, at 11:42 AM, Alex Soto <[hidden email]> wrote:
> > Thanks, JB.
> >
> > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Karaf</realm-name>
> > </login-config>
> >
> >
> > But in the jetty.xml:
> >
> > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > <Set name="name">karaf</Set>
> >
> >
> > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > For example:
> >
> > http://localhost:8181/admin/api/rest/executions
> >
> > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> >
> > http://localhost:8181/admin
> >
> > is protected with basic authentication, so the browser prompts me for the user name and password.
> >
> > What I need is protect everything starting with '/admin’
> >
> > Any ideas?
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> >
> > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:
> > > Hi,
> > >
> > > It sounds like a class loader issue, so possible.
> > >
> > > Let me add an example in Karaf showing basic auth.
> > >
> > > Regards
> > > JB
> > >
> > >
> > >
> > > > Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :
> > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > Would this be the reason for the following exception:
> > > >
> > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > >
> > > >
> > > >
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:
> > > > > A little more info. The class appears in many bundles:
> > > > >
> > > > >
> > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > >
> > > > > Jetty :: Security (229)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: Security (230)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: JASPI Security (231)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: JASPI Security (232)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > OPS4J Pax Web - Jetty (309)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:
> > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > >
> > > >
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Achim Nierbeck
Yes, the configuration is case sensitive.
regarding sample for Karaf, I can do that, but there had been a reason for consuming 10 Pages in the "Apache Karaf Cookbook" :)


regards, Achim


Am Di., 12. Mai 2020 um 23:10 Uhr schrieb Gerald Kallas <[hidden email]>:
Hi Alex,

we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).

I started a article series on my blog, see

https://www.catshout.de/?p=161

for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.

I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.

Best
- Gerald

> Alex Soto <[hidden email]> hat am 12. Mai 2020 19:55 geschrieben:
>
>
> This threads talks about the need to :
>
> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
>
> Quote:
>
>
> > you need to use the OSGi HTTP service
> > api to properly configure the security bits (by implementing
> > org.osgi.service.http.HttpContext interface).
>
>
>
> Are there any examples of this?
>
> Best regards,
> Alex soto
>
>
>
>
>
> > On May 12, 2020, at 11:42 AM, Alex Soto <[hidden email]> wrote:
> > Thanks, JB.
> >
> > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> >
> > <login-config>
> > <auth-method>BASIC</auth-method>
> > <realm-name>Karaf</realm-name>
> > </login-config>
> >
> >
> > But in the jetty.xml:
> >
> > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > <Set name="name">karaf</Set>
> >
> >
> > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > For example:
> >
> > http://localhost:8181/admin/api/rest/executions
> >
> > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> >
> > http://localhost:8181/admin
> >
> > is protected with basic authentication, so the browser prompts me for the user name and password.
> >
> > What I need is protect everything starting with '/admin’
> >
> > Any ideas?
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> >
> > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:
> > > Hi,
> > >
> > > It sounds like a class loader issue, so possible.
> > >
> > > Let me add an example in Karaf showing basic auth.
> > >
> > > Regards
> > > JB
> > >
> > >
> > >
> > > > Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :
> > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > Would this be the reason for the following exception:
> > > >
> > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > >
> > > >
> > > >
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:
> > > > > A little more info. The class appears in many bundles:
> > > > >
> > > > >
> > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > >
> > > > > Jetty :: Security (229)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: Security (230)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: JASPI Security (231)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > Jetty :: JASPI Security (232)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > > OPS4J Pax Web - Jetty (309)
> > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:
> > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > >
> > > >
> > >
> >
>


--

Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>

Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
In reply to this post by Gerald Kallas
Re-sending to group


On May 13, 2020, at 9:38 AM, Alex Soto <[hidden email]> wrote:

Thank you Gerald,  I appreciate the link.

I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance.  Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it.   To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible. 

Best regards,
Alex soto




On May 12, 2020, at 5:10 PM, Gerald Kallas <[hidden email]> wrote:

Hi Alex,

we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).

I started a article series on my blog, see

https://www.catshout.de/?p=161

for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.

I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.

Best
- Gerald

Alex Soto <[hidden email]> hat am 12. Mai 2020 19:55 geschrieben:


This threads talks about the need to :

http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html

Quote:


you need to use the OSGi HTTP service
api to properly configure the security bits (by implementing
org.osgi.service.http.HttpContext interface).



Are there any examples of this?

Best regards,
Alex soto





On May 12, 2020, at 11:42 AM, Alex Soto <[hidden email]> wrote:
Thanks, JB.

I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>


But in the jetty.xml:

<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">karaf</Set>


So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
For example:

http://localhost:8181/admin/api/rest/executions

Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url

http://localhost:8181/admin

is protected with basic authentication, so the browser prompts me for the user name and password.

What I need is protect everything starting with '/admin’

Any ideas?

Best regards,
Alex soto





On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:
Hi,

It sounds like a class loader issue, so possible.

Let me add an example in Karaf showing basic auth.

Regards
JB



Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :
I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
Would this be the reason for the following exception:

2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]




Best regards,
Alex soto





On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:
A little more info. The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class





Best regards,
Alex soto





On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:
org.eclipse.jetty.security.authentication.BasicAuthenticator







Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Alex Soto
This looks promising:

https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing


Best regards,
Alex soto




On May 13, 2020, at 10:26 AM, Alex Soto <[hidden email]> wrote:

Re-sending to group


On May 13, 2020, at 9:38 AM, Alex Soto <[hidden email]> wrote:

Thank you Gerald,  I appreciate the link.

I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance.  Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it.   To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible. 

Best regards,
Alex soto




On May 12, 2020, at 5:10 PM, Gerald Kallas <[hidden email]> wrote:

Hi Alex,

we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).

I started a article series on my blog, see

https://www.catshout.de/?p=161

for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.

I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.

Best
- Gerald

Alex Soto <[hidden email]> hat am 12. Mai 2020 19:55 geschrieben:


This threads talks about the need to :

http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html

Quote:


you need to use the OSGi HTTP service
api to properly configure the security bits (by implementing
org.osgi.service.http.HttpContext interface).



Are there any examples of this?

Best regards,
Alex soto





On May 12, 2020, at 11:42 AM, Alex Soto <[hidden email]> wrote:
Thanks, JB.

I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Karaf</realm-name>
</login-config>


But in the jetty.xml:

<New class="org.eclipse.jetty.jaas.JAASLoginService">
<Set name="name">karaf</Set>


So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
For example:

http://localhost:8181/admin/api/rest/executions

Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url

http://localhost:8181/admin

is protected with basic authentication, so the browser prompts me for the user name and password.

What I need is protect everything starting with '/admin’

Any ideas?

Best regards,
Alex soto





On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:
Hi,

It sounds like a class loader issue, so possible.

Let me add an example in Karaf showing basic auth.

Regards
JB



Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :
I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
Would this be the reason for the following exception:

2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]




Best regards,
Alex soto





On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:
A little more info. The class appears in many bundles:


karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator

Jetty :: Security (229)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: Security (230)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (231)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

Jetty :: JASPI Security (232)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class

OPS4J Pax Web - Jetty (309)
org/eclipse/jetty/security/authentication/BasicAuthenticator.class





Best regards,
Alex soto





On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:
org.eclipse.jetty.security.authentication.BasicAuthenticator








Reply | Threaded
Open this post in threaded view
|

Re: Basic authentication of WAB using Jaas in Karaf

Gerald Kallas
In reply to this post by Alex Soto
Hi Alex,

you're absolutely right. We ended up for the moment with one Blueprint DSL file that contains the security handler configuration with multiple constraints (for different paths) and one route as kind of a "heartbeat" listening on the port and get assigned the security handler.

All the other routes in separate Blueprint DSL files have a camel-jetty consumer on the same port as above. The security handler is already assigned. The disadvantage is that a new route with a new path requires a change and re-deployment of the security handler configuration Blueprint DSL file.

I'll check the other link you provided, thanks for that. We're also investigating in camel-servlet.

I think the use case is quite common (on listener on one port, multiple URIs (paths) with different auth). So far there must exist a valid solution for.

Best
- Gerald

> Alex Soto <[hidden email]> hat am 13. Mai 2020 16:26 geschrieben:
>
>
> Re-sending to group
>
>
>
>
> > On May 13, 2020, at 9:38 AM, Alex Soto <[hidden email]> wrote:
> > Thank you Gerald, I appreciate the link.
> >
> > I was starting going that route, but it is not optimal, because I have more than one bundle that expose HTTP endpoints, and it is wasteful for each one to run their own Jetty instance. Same thing with authentication, I want to leverage the Karaf built in JAAS support, instead of recreating it. To this point, I have been able to leverage a single Jetty instance that is managed by PAX-WEB, but adding authentication is proving to be impossible.
> >
> >
> > Best regards,
> > Alex soto
> >
> >
> >
> >
> >
> > > On May 12, 2020, at 5:10 PM, Gerald Kallas <[hidden email]> wrote:
> > > Hi Alex,
> > >
> > > we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
> > >
> > > I started a article series on my blog, see
> > >
> > > https://www.catshout.de/?p=161
> > >
> > > for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment.
> > >
> > > I'll proceed with a REST API secured in same manner and some discussions about the limitations and options.
> > >
> > > Best
> > > - Gerald
> > >
> > >
> > > > Alex Soto <[hidden email]> hat am 12. Mai 2020 19:55 geschrieben:
> > > >
> > > >
> > > > This threads talks about the need to :
> > > >
> > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html
> > > >
> > > > Quote:
> > > >
> > > >
> > > >
> > > > > you need to use the OSGi HTTP service
> > > > > api to properly configure the security bits (by implementing
> > > > > org.osgi.service.http.HttpContext interface).
> > > >
> > > >
> > > >
> > > > Are there any examples of this?
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > > On May 12, 2020, at 11:42 AM, Alex Soto <[hidden email]> wrote:
> > > > > Thanks, JB.
> > > > >
> > > > > I found the problem was, a typo in the `realm-name` in the web.xml file. It appears to be case-sensitive. I had:
> > > > >
> > > > > <login-config>
> > > > > <auth-method>BASIC</auth-method>
> > > > > <realm-name>Karaf</realm-name>
> > > > > </login-config>
> > > > >
> > > > >
> > > > > But in the jetty.xml:
> > > > >
> > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService">
> > > > > <Set name="name">karaf</Set>
> > > > >
> > > > >
> > > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in the Jetty.xml.
> > > > > I wish the error message was more explicit. Anyway, now the web app is properly initialized, BUT… the security constraint is not being applied to my Camel Rest services, only to the ‘/admin’. URL.
> > > > > For example:
> > > > >
> > > > > http://localhost:8181/admin/api/rest/executions
> > > > >
> > > > > Does not prompt for a password, it successfully returns the data from the Camel Rest DSL route. And this url
> > > > >
> > > > > http://localhost:8181/admin
> > > > >
> > > > > is protected with basic authentication, so the browser prompts me for the user name and password.
> > > > >
> > > > > What I need is protect everything starting with '/admin’
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Best regards,
> > > > > Alex soto
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <[hidden email]> wrote:
> > > > > > Hi,
> > > > > >
> > > > > > It sounds like a class loader issue, so possible.
> > > > > >
> > > > > > Let me add an example in Karaf showing basic auth.
> > > > > >
> > > > > > Regards
> > > > > > JB
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <[hidden email]> a écrit :
> > > > > > > I found that I have multiple versions of Jetty deployed in Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022
> > > > > > > Would this be the reason for the following exception:
> > > > > > >
> > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error deploying web application
> > > > > > > java.lang.IllegalStateException: No LoginService for org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 in ConstraintSecurityHandler@64779d1e{STARTING}
> > > > > > > at org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) ~[?:?]
> > > > > > > at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) ~[?:?]
> > > > > > > at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) ~[?:?]
> > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) ~[?:?]
> > > > > > > at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) ~[?:?]
> > > > > > > at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) ~[?:?]
> > > > > > > at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) ~[?:?]
> > > > > > > at org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) ~[?:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) ~[osgi.core-6.0.0.jar:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) ~[?:?]
> > > > > > > at org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) ~[?:?]
> > > > > > > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_171]
> > > > > > > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_171]
> > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171]
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Best regards,
> > > > > > > Alex soto
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <[hidden email]> wrote:
> > > > > > > > A little more info. The class appears in many bundles:
> > > > > > > >
> > > > > > > >
> > > > > > > > karaf@root()> bundle:find-class org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > >
> > > > > > > > Jetty :: Security (229)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > Jetty :: Security (230)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > Jetty :: JASPI Security (231)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > Jetty :: JASPI Security (232)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > > OPS4J Pax Web - Jetty (309)
> > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Best regards,
> > > > > > > > Alex soto
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <[hidden email]> wrote:
> > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator
> > > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> >
>
12