karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Achim Nierbeck <achim.nierb...@ptv.de>
Subject Re: Karaf Webconsole and JAAS how does it work?
Date Tue, 13 Jul 2010 15:29:21 GMT

Unfortunately, it still doesn't work. I now use the original
config.properties and use the custom.properties to configure to use equinox
as osgi framework


Achim Nierbeck wrote:
> 
> Ok, somehow i merged the jaas.boot stuff to system.packages.extra and not
> to system.packages :(
> 
> One more thing about the exception, I think a WARN with the Information
> that there has been an Exception could be logged. 
> 
> Now I will try with the "right" configuration. Another PEBKAC :(
> 
> 
> Guillaume Nodet wrote:
>> 
>> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>> wrote:
>>>
>>> OK, got it.
>>>
>>> Got an LoginException which says it can't find the class
>>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>>
>>> but just to mention, I don't think  it is a good style to catch an
>>> exception
>>> and not to do anything with it.
>>> At leas you should log a warning, just for the records :)
>> 
>> Yes, but the problem is that this is a security related exception, so
>> you certainly don't want to expose passwords in the log ...
>> We've had users complaining about such exposure of sensitive data.
>> 
>>>
>>> Now, what can I do about the "missing" Class :-)
>>>
>> 
>> I bet you changed the default config.properties.  The
>> org.apache.karaf.jaas.boot should be boot delegated.
>> 
>>>
>>> Guillaume Nodet wrote:
>>>>
>>>> Yeah, debugging is a good solution in that case.
>>>> You should try to put a breakpoint in
>>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>>> and see what happens.
>>>> If you don't hit that breakpoint, it means the webconsole does not see
>>>> karaf authenticator, else you should see an exception in that method.
>>>>
>>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>>>> wrote:
>>>>>
>>>>> That's what is driving me nuts, I do not have any exceptions.
>>>>> It asks me for the credentials over and over again :(
>>>>>
>>>>> I just started the whole server with DEBUG log level and the sift
>>>>> logger
>>>>> enabled.
>>>>> It looks like I'm not authorized, I'll attach the
>>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>>
>>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>>
>>>>>
>>>>> Guillaume Nodet wrote:
>>>>>>
>>>>>> Any exception in the log ? Also, I'm not sure to understand what
you
>>>>>> see, is the http request denied ?
>>>>>>
>>>>>>
>>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>>> <achim.nierbeck@ptv.de>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> I already did that, and I also configured
>>>>>>> the pax-web Container with the following file:
>>>>>>>
>>>>>>> org.ops4j.pax.web.cfg
>>>>>>>
>>>>>>> and the following properties:
>>>>>>>
>>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>>> org.osgi.service.http.port=8080
>>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>>
>>>>>>> so if I call
>>>>>>>
>>>>>>> http://localhost:8080/system/console
>>>>>>>
>>>>>>> i do get the request for username and passwort, but I'm still
not
>>>>>>> able
>>>>>>> to
>>>>>>> get to the webconsole,
>>>>>>> which is quite strange since I did this also with the Karaf 1.6.0
>>>>>>> release
>>>>>>> where it did work.
>>>>>>>
>>>>>>>
>>>>>>> Guillaume Nodet wrote:
>>>>>>>>
>>>>>>>> I think that' s because the webconsole feature has some additional
>>>>>>>> config:
>>>>>>>>
>>>>>>>>         <config name="org.apache.karaf.webconsole">
>>>>>>>>           realm=karaf
>>>>>>>>         </config>
>>>>>>>>
>>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg in
the etc
>>>>>>>> dir
>>>>>>>> with the above properties, it should work.
>>>>>>>>
>>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some additional
>>>>>>>>> bundles.
>>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>>> spring
>>>>>>>>> spring-dm
>>>>>>>>> http
>>>>>>>>> war
>>>>>>>>> webconsole
>>>>>>>>>
>>>>>>>>> and some additional bundles for all kinds of apache commons
stuff.
>>>>>>>>>
>>>>>>>>> when i call the webconsole I do get the prompt for the
>>>>>>>>> credentials,
>>>>>>>>> but
>>>>>>>>> they
>>>>>>>>> are not accepted.
>>>>>>>>>
>>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those features
later
>>>>>>>>> it
>>>>>>>>> works,
>>>>>>>>> so I don't know right now where the
>>>>>>>>> problem is.
>>>>>>>>>
>>>>>>>>> Thanks in advance :)
>>>>>>>>>
>>>>>>>>> Achim
>>>>>>>>> --
>>>>>>>>> View this message in context:
>>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Cheers,
>>>>>>>> Guillaume Nodet
>>>>>>>> ------------------------
>>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>>> ------------------------
>>>>>>>> Open Source SOA
>>>>>>>> http://fusesource.com
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Cheers,
>>>>>> Guillaume Nodet
>>>>>> ------------------------
>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>> ------------------------
>>>>>> Open Source SOA
>>>>>> http://fusesource.com
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Cheers,
>>>> Guillaume Nodet
>>>> ------------------------
>>>> Blog: http://gnodet.blogspot.com/
>>>> ------------------------
>>>> Open Source SOA
>>>> http://fusesource.com
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>
>> 
>> 
>> 
>> -- 
>> Cheers,
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> Open Source SOA
>> http://fusesource.com
>> 
>> 
> 
> Guillaume Nodet wrote:
>> 
>> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>> wrote:
>>>
>>> OK, got it.
>>>
>>> Got an LoginException which says it can't find the class
>>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>>
>>> but just to mention, I don't think  it is a good style to catch an
>>> exception
>>> and not to do anything with it.
>>> At leas you should log a warning, just for the records :)
>> 
>> Yes, but the problem is that this is a security related exception, so
>> you certainly don't want to expose passwords in the log ...
>> We've had users complaining about such exposure of sensitive data.
>> 
>>>
>>> Now, what can I do about the "missing" Class :-)
>>>
>> 
>> I bet you changed the default config.properties.  The
>> org.apache.karaf.jaas.boot should be boot delegated.
>> 
>>>
>>> Guillaume Nodet wrote:
>>>>
>>>> Yeah, debugging is a good solution in that case.
>>>> You should try to put a breakpoint in
>>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>>> and see what happens.
>>>> If you don't hit that breakpoint, it means the webconsole does not see
>>>> karaf authenticator, else you should see an exception in that method.
>>>>
>>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>>>> wrote:
>>>>>
>>>>> That's what is driving me nuts, I do not have any exceptions.
>>>>> It asks me for the credentials over and over again :(
>>>>>
>>>>> I just started the whole server with DEBUG log level and the sift
>>>>> logger
>>>>> enabled.
>>>>> It looks like I'm not authorized, I'll attach the
>>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>>
>>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>>
>>>>>
>>>>> Guillaume Nodet wrote:
>>>>>>
>>>>>> Any exception in the log ? Also, I'm not sure to understand what
you
>>>>>> see, is the http request denied ?
>>>>>>
>>>>>>
>>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>>> <achim.nierbeck@ptv.de>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> I already did that, and I also configured
>>>>>>> the pax-web Container with the following file:
>>>>>>>
>>>>>>> org.ops4j.pax.web.cfg
>>>>>>>
>>>>>>> and the following properties:
>>>>>>>
>>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>>> org.osgi.service.http.port=8080
>>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>>
>>>>>>> so if I call
>>>>>>>
>>>>>>> http://localhost:8080/system/console
>>>>>>>
>>>>>>> i do get the request for username and passwort, but I'm still
not
>>>>>>> able
>>>>>>> to
>>>>>>> get to the webconsole,
>>>>>>> which is quite strange since I did this also with the Karaf 1.6.0
>>>>>>> release
>>>>>>> where it did work.
>>>>>>>
>>>>>>>
>>>>>>> Guillaume Nodet wrote:
>>>>>>>>
>>>>>>>> I think that' s because the webconsole feature has some additional
>>>>>>>> config:
>>>>>>>>
>>>>>>>>         <config name="org.apache.karaf.webconsole">
>>>>>>>>           realm=karaf
>>>>>>>>         </config>
>>>>>>>>
>>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg in
the etc
>>>>>>>> dir
>>>>>>>> with the above properties, it should work.
>>>>>>>>
>>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some additional
>>>>>>>>> bundles.
>>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>>> spring
>>>>>>>>> spring-dm
>>>>>>>>> http
>>>>>>>>> war
>>>>>>>>> webconsole
>>>>>>>>>
>>>>>>>>> and some additional bundles for all kinds of apache commons
stuff.
>>>>>>>>>
>>>>>>>>> when i call the webconsole I do get the prompt for the
>>>>>>>>> credentials,
>>>>>>>>> but
>>>>>>>>> they
>>>>>>>>> are not accepted.
>>>>>>>>>
>>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those features
later
>>>>>>>>> it
>>>>>>>>> works,
>>>>>>>>> so I don't know right now where the
>>>>>>>>> problem is.
>>>>>>>>>
>>>>>>>>> Thanks in advance :)
>>>>>>>>>
>>>>>>>>> Achim
>>>>>>>>> --
>>>>>>>>> View this message in context:
>>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Cheers,
>>>>>>>> Guillaume Nodet
>>>>>>>> ------------------------
>>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>>> ------------------------
>>>>>>>> Open Source SOA
>>>>>>>> http://fusesource.com
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Cheers,
>>>>>> Guillaume Nodet
>>>>>> ------------------------
>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>> ------------------------
>>>>>> Open Source SOA
>>>>>> http://fusesource.com
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Cheers,
>>>> Guillaume Nodet
>>>> ------------------------
>>>> Blog: http://gnodet.blogspot.com/
>>>> ------------------------
>>>> Open Source SOA
>>>> http://fusesource.com
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>
>> 
>> 
>> 
>> -- 
>> Cheers,
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> Open Source SOA
>> http://fusesource.com
>> 
>> 
> 
> 

-- 
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963787.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.

Mime
View raw message