camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Moulliard <cmoulli...@gmail.com>
Subject Re: Camel-Jetty JAAS Ldap
Date Tue, 14 Jun 2011 04:53:54 GMT
Hi,

LoginModuleName must be equal to --> ldap ans as you are deploying
your project on Karaf, the ldap realm must be defined as a blueprint
file that you can deploy in 'deploy' directory

1) Blueprint file

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
           xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

    <jaas:config name="ldap">
        <!-- -->
        <jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
            initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
            connection.url=ldap://[127.0.0.1]:389
            connection.username=cn=admin,dc=fusesource,dc=com
            connection.password=secret
        	authentication=simple
            user.base.dn=ou=user,ou=applications,dc=fusesource,dc=com
            user.filter=(cn=%u)
        	user.search.subtree=true
            role.base.dn=ou=group,ou=applications,dc=fusesource,dc=com
            role.name.attribute=cn
            role.filter=(member:=uid=%u)
            role.search.subtree=true
        </jaas:module>
    </jaas:config>

</blueprint>

2) Camel secure endpoint

    <bean id="loginService"
class="org.eclipse.jetty.plus.jaas.JAASLoginService">
        <property name="name" value="ldap"/>
        <property name="loginModuleName" value="ldap"/>
        <property name="roleClassNames">
            <list>
                <value>org.apache.karaf.jaas.modules.RolePrincipal</value>
            </list>
        </property>
    </bean>

    <bean id="identityService"
class="org.eclipse.jetty.security.DefaultIdentityService"/>

    <bean id="constraint" class="org.eclipse.jetty.http.security.Constraint">
        <property name="name" value="BASIC"/>
        <property name="roles" value="admin"/>
        <property name="authenticate" value="true"/>
    </bean>

    <bean id="constraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
        <property name="constraint" ref="constraint"/>
        <property name="pathSpec" value="/*"/>
    </bean>

    <bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
        <property name="authenticator">
            <bean
class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
        </property>
        <property name="constraintMappings">
            <list>
                <ref bean="constraintMapping"/>
            </list>
        </property>
        <property name="loginService" ref="loginService"/>
        <property name="strict" value="false"/>
        <property name="identityService" ref="identityService"/>
    </bean>

    <camelContext trace="true" xmlns="http://camel.apache.org/schema/spring">

        <route>
            <from
uri="jetty:http://0.0.0.0:8282/services?handlers=securityHandler&amp;matchOnUriPrefix=true"/>

Regards,

Charles Moulliard

Apache Committer

Blog : http://cmoulliard.blogspot.com
Twitter : http://twitter.com/cmoulliard
Linkedin : http://www.linkedin.com/in/charlesmoulliard
Skype: cmoulliard



On Tue, Jun 14, 2011 at 5:21 AM, Willem Jiang <willem.jiang@gmail.com> wrote:
> Hi,
>
> It looks like the camel application have trouble to load the configure file.
> Can you double check the configure file?
>
> Willem
>
> On 6/14/11 12:04 AM, punisher wrote:
>>
>> Hi,
>>
>> I'm using camel-jetty to run a server using a camel route
>> I need to add an ldap authentication (ApacheDS) to access to the service
>>
>> I've something like this:
>>        <from
>> uri="jetty:http://0.0.0.0:7080/myservice?handlers=securityHandler"/>
>>
>>
>> in my spring application context I have:
>>
>>
>>        <bean id="loginService"
>> class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>         <property name="name" value="ldap"/>
>>         <property name="loginModuleName" value="ldaploginmodule"/>
>>         <property name="roleClassNames">
>>             <list>
>>                 <value>org.apache.karaf.jaas.modules.RolePrincipal</value>
>>             </list>
>>         </property>
>>         <property name="identityService" ref="identityService" />
>>     </bean>
>>
>>
>>        <bean id="identityService"
>> class="org.eclipse.jetty.security.DefaultIdentityService" />
>>
>>     <bean id="constraint"
>> class="org.eclipse.jetty.http.security.Constraint">
>>         <property name="name" value="BASIC"/>
>>         <property name="roles" value="system"/>
>>         <property name="authenticate" value="true"/>
>>     </bean>
>>
>>     <bean id="constraintMapping"
>> class="org.eclipse.jetty.security.ConstraintMapping">
>>         <property name="constraint" ref="constraint"/>
>>         <property name="pathSpec" value="/*"/>
>>     </bean>
>>
>>     <bean id="securityHandler"
>> class="org.eclipse.jetty.security.ConstraintSecurityHandler">
>>         <property name="authenticator">
>>             <bean
>> class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
>>         </property>
>>         <property name="constraintMappings">
>>             <list>
>>                 <ref bean="constraintMapping"/>
>>             </list>
>>         </property>
>>         <property name="loginService" ref="loginService"/>
>>         <property name="strict" value="false"/>
>>     </bean>
>>
>>
>>
>>
>> I used this vm argument (the absolute path is for a test... to be sure
>> that
>> the path is correct):
>> -Djava.security.auth.login.config="C:/config/ldap-loginModule.conf"
>>
>> and the .conf file contains:
>>
>> ldaploginmodule {
>>     org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required
>>     debug="true"
>>     useLdaps="false"
>>     contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
>>     hostname="localhost"
>>     port="10389"
>>     bindDn="cn=Directory Manager"
>>     bindPassword="directory"
>>     authenticationMethod="simple"
>>     forceBindingLogin="false"
>>     userBaseDn="ou=xxx,dc=xxx,dc=xxx"
>>     userRdnAttribute="uid"
>>     userIdAttribute="uid"
>>     userPasswordAttribute="userPassword"
>>     userObjectClass="inetOrgPerson"
>>     roleBaseDn="ou=xxx,dc=xxx,dc=xxx"
>>     roleNameAttribute="cn"
>>     roleMemberAttribute="uniqueMember"
>>     roleObjectClass="groupOfUniqueNames";
>>     };
>>
>>
>> When I try to open the page "myservice" I show the login form but when I
>> click on the Ok button my console shows this message:
>>
>>
>>         WARN | EXCEPTION
>> javax.security.auth.login.LoginException: No LoginModule configured for
>> ldaploginmodule
>>        at
>> javax.security.auth.login.LoginContext.init(LoginContext.java:256)
>>        at
>> javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
>>        at
>> javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
>>        at
>>
>> org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:201)
>>        at
>>
>> org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:75)
>>        at
>>
>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:416)
>>        at
>>
>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
>>        at org.eclipse.jetty.server.Server.handle(Server.java:351)
>>        at
>>
>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)
>>        at
>>
>> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)
>>        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)
>>        at
>> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)
>>        at
>> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)
>>        at
>>
>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)
>>        at
>>
>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
>>        at java.lang.Thread.run(Thread.java:619)
>>
>>
>>
>> could you help me to solve the problem?
>>
>> Thanks in advance,
>>
>>
>>
>> --
>> View this message in context:
>> http://camel.465427.n5.nabble.com/Camel-Jetty-JAAS-Ldap-tp4484886p4484886.html
>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>
>
>
> --
> Willem
> ----------------------------------
> FuseSource
> Web: http://www.fusesource.com
> Blog:    http://willemjiang.blogspot.com (English)
>         http://jnn.javaeye.com (Chinese)
> Twitter: willemjiang
> Weibo: willemjiang
>

Mime
View raw message