karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Moulliard <cmoulli...@gmail.com>
Subject Re: camel-jetty + authentication JAAS
Date Tue, 07 Dec 2010 12:16:33 GMT
Hi,

Security is configurated using Spring beans (see here after).

<bean id="loginService" 
class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="ldap"/>
<property name="loginModuleName" value="ldap"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.modules.RolePrincipal</value>
</list>
</property>
</bean>

<bean id="constraint" class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="system"/>
<property name="authenticate" value="true"/>
</bean>

<bean id="constraintMapping" 
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>

<bean id="securityHandler" 
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref bean="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
</bean>

</beans>


I think that camel-jetty is not chained with Jetty in this case because 
I see this error too in the log.

karaf@root> org.eclipse.jetty.server.Server@4e2ddb6b STOPPED
  +-ConstraintSecurityHandler@48da7565 STOPPED
     +-ServletContextHandler@229c61d3@229c61d3/,null STOPPED
     +=roles=[system]
     +=/*={null={RoleInfo,C[system]}}

Without securityHandler used, I get the message in the log

karaf@root> org.eclipse.jetty.server.Server@6a063430 STOPPED
  +-ServletContextHandler@65bc3ae7@65bc3ae7/,null started
     +-ServletHandler@75f9140f started
        
+-[/*]=>org.apache.camel.component.jetty.CamelContinuationServlet-638031455{}


Regards,

Charles

On 07/12/10 12:25, Achim Nierbeck wrote:
> Just something that comes to my mind,
> how is the security for this configured?
> Usually you have this done in your web.xml.
> While working on this I only tested with standard wars and osgi-fied 
> wars.
>
>
> 2010/12/7 Charles Moulliard <cmoulliard@gmail.com 
> <mailto:cmoulliard@gmail.com>>
>
>     Hi Achim,
>
>     Thanks for the trick. I can authenticate my user using LDAP realm
>     deployed on Karaf. Nevertheless, the following error is still there
>
>
>     09:35:08,655 | DEBUG | 9 - /favicon.ico | log                    
>              | .eclipse.jetty.util.log.Slf4jLog   70 | 61 -
>     org.eclipse.jetty.util - 7.1.6.v20100715 | REQUEST /favicon.ico on
>     org.eclipse.jetty.server.nio.SelectChannelConnector$2@2ad7532
>     09:35:08,662 | WARN  | 9 - /favicon.ico | log                    
>              | .eclipse.jetty.util.log.Slf4jLog   40 | 61 -
>     org.eclipse.jetty.util - 7.1.6.v20100715 | /favicon.ico:
>     java.lang.NullPointerException
>     09:35:08,662 | DEBUG | 9 - /favicon.ico | log                    
>              | .eclipse.jetty.util.log.Slf4jLog   80 | 61 -
>     org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>
>     java.lang.NullPointerException
>        at
>     org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
>        at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>
>
>     after the authentication and the camel route does not receive any
>     exchange.
>
>     When looking to the SecurityHandler class of eclipse jetty, the
>     NPE can come from the fact that the IdentityService cannot be
>     removed because it has not been created (see error hereunder)
>
>     09:34:42,508 | DEBUG | ExtenderThread-2 | log                    
>              | .eclipse.jetty.util.log.Slf4jLog   80 | 61 -
>     org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>     java.lang.IllegalStateException: No IdentityService for
>     org.eclipse.jetty.security.authentication.BasicAuthenticator@25d3e3f3
>     in ConstraintSecurityHandler@32ecabac
>        at
>     org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:37)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>        at
>     org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:333)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>
>     Regards,
>
>     Charles
>
>
>     On 06/12/10 19:06, Achim Nierbeck wrote:
>
>         Hi, maybe it has something todo the way the JAAS Login of
>         jetty works.
>         to get the standard Jetty-Jaas configuration to work you have
>         to make
>         the following
>         configuration in the jetty.xml
>
>         <Call name="addBean">
>         <Arg>
>         <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>         <Set name="name">karaf</Set>
>         <Set name="loginModuleName">karaf</Set>
>         <Set name="roleClassNames">
>         <Array type="java.lang.String">
>         <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item>
>         </Array>
>         </Set>
>         </New>
>         </Arg>
>         </Call>
>
>         The important part is, that you have to configure the
>         roleClass Name, if
>         this
>         one isn't provided you end up in strange Exceptions, because
>         the classes
>         are instantiated using reflection.
>         When looking for this issue I was able to login also and did
>         get an
>         exception afterwards.
>
>         Greetings, Achim
>
>             Hi,
>
>             I try to use JAAS authentication within a camel route using
>             SecurityHandler of Jetty
>
>             <bean id="loginService"
>             class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>             <property name="name" value="karaf" />
>             <property name="loginModuleName" value="karaf" />
>             </bean>
>
>             <bean id="constraint"
>             class="org.eclipse.jetty.http.security.Constraint">
>             <property name="name" value="BASIC"/>
>             <property name="roles" value="admin"/>
>             <property name="authenticate" value="true"/>
>             </bean>
>
>             <bean id="constraintMapping"
>             class="org.eclipse.jetty.security.ConstraintMapping">
>             <property name="constraint" ref="constraint"/>
>             <property name="pathSpec" value="/*"/>
>             </bean>
>
>             <bean id="securityHandler"
>             class="org.eclipse.jetty.security.ConstraintSecurityHandler">
>             <property name="authenticator">
>             <bean
>             class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
>             </property>
>             <property name="constraintMappings">
>             <list>
>             <ref bean="constraintMapping"/>
>             </list>
>             </property>
>             <property name="loginService" ref="loginService" />
>             <property name="strict" value="false" />
>             </bean>
>
>             <camelContext trace="true"
>             xmlns="http://camel.apache.org/schema/spring">
>             <route>
>             <from
>             uri="jetty:http://localhost:8080/services?handlers=securityHandler"/>
>             <bean ref="responseBean"/>
>             <to
>             uri="log:org.apache.camel.ldap?level=INFO&amp;showAll=true&amp;multiline=true"/>
>             </route>
>             </camelContext>
>
>             The authentication works fine (I can provide the username
>             + passord in
>             the prompt) except that after I get a NPE exception and
>             camel-jetty
>             endpoint is not able to get any exchange
>             11:34:17,243 | WARN  | -55 - /services/ |
>             log                              |
>             .eclipse.jetty.util.log.Slf4jLog
>             40 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 |
>             /services/:
>             java.lang.NullPointerException
>             11:34:17,243 | DEBUG | -55 - /services/ |
>             log                              |
>             .eclipse.jetty.util.log.Slf4jLog
>             80 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>             java.lang.NullPointerException
>                 at
>             org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
>                 at
>             org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
>                 at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>
>             Any idea is welcome ?
>
>             Regards,
>
>             Charles
>
>

Mime
View raw message