camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Willem Jiang <willem.ji...@gmail.com>
Subject Re: Rest DSL - how to configure SSL/Basic Auth for jetty component?
Date Wed, 12 Nov 2014 04:33:34 GMT
It’s a bug of camel-jetty which introduce the security handler to the server more than once.
I just create a JIRA[1] for it and will commit a quick fix for it shortly.

[1]https://issues.apache.org/jira/browse/CAMEL-8036

--  
Willem Jiang

Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang  
Weibo: 姜宁willem



On November 12, 2014 at 1:42:05 AM, Roman Vottner (rovo@gmx.at) wrote:
> Thank you Claus for your input so far. I’ve updated the branch according to your suggestions
 
> (https://github.com/RovoMe/CamelMultipleJettyComponents/tree/rest-dsl) and  
> solved the SSL issue therefore. However, on trying to include basic auth using the custom
 
> basic auth security handler I run into a StackOverflowException again (similar to the
 
> problem reported on 5. november, „StackOverflowError on configuring JettyHttpComponents
 
> with handlers for the same port“).
>  
> The configuration of the basic auth handler is not that different from your unit-test
 
> (https://svn.apache.org/repos/asf/camel/trunk/components/camel-jetty/src/test/java/org/apache/camel/component/jetty/HttpBasicAuthTest.java).
 
> Instead of registering the handler via a JNDI registry, Spring takes care of it. The
service  
> is also able to find the handler but fails after the handler finished his work. I had
furthermore  
> no success in finding a proper method in JettyHttpComponent to specify the handlers 

> itself to avoid specifications of multiple handlers (although they all should be the
 
> same) for endpoints listening on the same port.
>  
> If I comment out the
> .endpointProperty("handlers", "jettyAuthHandler“)
> statement inside the restConfiguration() segment of Route4 and use a further route  
> (route1 in the sample scenario), which defines a jetty server using the following URL:
 
> rest.ssl.service1.path=jetty:https://localhost:8383/api/v1/service1?sslContextParameters=#sslContextParameters&handlers=#jettyAuthHandler&matchOnUriPrefix=true
 
> both services are able to use SSL and basic authentication. This issue seems to be very
 
> similar to the issue reported here (https://github.com/fabric8io/fabric8/issues/2094).
 
>  
> I haven’t written proper unit-tests yet, but executing ServicesApp should start up
 
> the whole application and pointing your browser to https://localhost:8383/api/v1/service4
 
> and using „admin“ as user as well as „secret“ as password should reproduce the
following  
> error:
>  
> 2014-11-11 17:47:45 - [DEBUG] - received login request for user: 'admin' with credentials:
 
> 'secret'! [ ] [a.r.c.t.a.JettyBasicAuthAuthorizationHandler] [qtp139076452-36]  
> 2014-11-11 17:47:45 - [DEBUG] - UserKey secret of User admin was successfully authenticated
 
> [ ] [a.r.c.t.a.JettyBasicAuthAuthorizationHandler] [qtp139076452-36]
> 2014-11-11 17:47:45 - [WARN ] - /api/v1/service4 [ ] [o.e.j.s.AbstractHttpConnection]
 
> [qtp139076452-36]
> java.lang.StackOverflowError: null
> at java.util.HashMap$KeyIterator.(HashMap.java:954) ~[na:1.7.0_60]
> at java.util.HashMap.newKeyIterator(HashMap.java:968) ~[na:1.7.0_60]
> at java.util.HashMap$KeySet.iterator(HashMap.java:1002) ~[na:1.7.0_60]
> at java.util.HashSet.iterator(HashSet.java:170) ~[na:1.7.0_60]
> at java.util.Collections$UnmodifiableCollection$1.(Collections.java:1064)  
> ~[na:1.7.0_60]
> at java.util.Collections$UnmodifiableCollection.iterator(Collections.java:1063)  
> ~[na:1.7.0_60]
> at org.eclipse.jetty.security.ConstraintSecurityHandler.prepareConstraintInfo(ConstraintSecurityHandler.java:656)
 
> ~[jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:458)  
> ~[jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:522)  
> ~[jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:522)  
> ~[jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:522)  
> ~[jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:522)  
> ~[jetty-security-8.1.16.v20140903.jar:8.1.16.v20140903]
> ...
>  
> Kind regards,
>  
> Roman
>  
> Am 05.11.2014 um 11:37 schrieb Claus Ibsen :
>  
> > Hi
> >
> > You can configure the jetty component regularly without the rest dsl,
> > and just refer to jetty as the component. Then the Rest DSL uses the
> > jetty with the security settings you have configured on it.
> >
> > And I think we have fixed the double ? in the uri in the upcoming
> > 2.14.1 release.
> >
> > On Wed, Nov 5, 2014 at 10:53 AM, Roman Vottner wrote:
> >> This is a repost of the nabble forum entry as my account was obviously not correctly
 
> verified at the time when I posted this issue (post has NOT been accepted …).
> >>
> >> In order to test the new REST feature in 2.14.0 I created a simple route class:
> >>
> >> public class RestTestRoute extends RouteBuilder {
> >>
> >> @Override
> >> public void configure() throws Exception {
> >>
> >> restConfiguration()
> >> .component("jetty")
> >> .port(8383)
> >> .scheme("https")
> >> .contextPath("/api/v1")
> >> .endpointProperty("sslKeystore", "/security/serverKey.jks")
> >> .endpointProperty("sslPassword", "keystorePW")
> >> .endpointProperty("sslKeyPassword", "jettyPW")
> >> // .componentProperty("sslContextParameters", "#sslContextParameters")
> >> .componentProperty("handlers", "#jettyAuthHandler");
> >>
> >> rest("/service4")
> >> .get().route().log("Service4 GET request received").endRest()
> >> .post().route().log("Service4 POST request received").endRest()
> >> .delete().route().log("Service4 DELETE request received").endRest();
> >> }
> >> }
> >>
> >> However, special-characters like "/" or ":" get replaced by "%2F" and "%3A"
which  
> cause a UnknownFormatConversionException: Conversion = 'F' in the primer case and  
> a MissingFormatArgumentException: Format specifier '3A' in the latter case. As endpoint-
 
> or componentProperty only allows for string value declarations, I also tried to set 

> Spring beans as used with a leading # before but without any success.
> >>
> >> If I leave out the sslKeystore stuff the example fails with a FileNotFoundException
 
> as it can't locate the keystore in my home-directory - which I have none. Though, I'd
like  
> to use the JKS located in the security-subfolder of my project. The documentation lacks
 
> a full example which showcases a bit more complex scenario.
> >>
> >> From debugging, I also figured out that the contextPath is not added on top
of the "jetty:..."  
> generated URL - is this only valid in servlet scenarios? Moreover, I'm a bit confused
 
> about the generated URL in JettyHttpComponent as it contains two '?' symbols:
> >>
> >> jetty:%s://%s:%s/%s?httpMethodRestrict=%s?sslPassword=keystorePW&sslKeyPassword=jettyPW&sslKeystore=%2Fsecurity%2FserverKey.jks
 
> >>
> >> A simple test-project setup can be gathered in rest-dsl branch on github: https://github.com/RovoMe/CamelMultipleJettyComponents/tree/rest-dsl
 
> >>
> >> Kind regards,
> >>
> >> Roman
> >
> >
> >
> > --
> > Claus Ibsen
> > -----------------
> > Red Hat, Inc.
> > Email: cibsen@redhat.com
> > Twitter: davsclaus
> > Blog: http://davsclaus.com
> > Author of Camel in Action: http://www.manning.com/ibsen
> > hawtio: http://hawt.io/
> > fabric8: http://fabric8.io/
>  
>  


Mime
View raw message