Hi,
Security is configurated using Spring beans (see here after).
<bean id="loginService"
class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<property name="name" value="ldap"/>
<property name="loginModuleName" value="ldap"/>
<property name="roleClassNames">
<list>
<value>org.apache.karaf.jaas.modules.RolePrincipal</value>
</list>
</property>
</bean>
<bean id="constraint" class="org.eclipse.jetty.http.security.Constraint">
<property name="name" value="BASIC"/>
<property name="roles" value="system"/>
<property name="authenticate" value="true"/>
</bean>
<bean id="constraintMapping"
class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="constraint"/>
<property name="pathSpec" value="/*"/>
</bean>
<bean id="securityHandler"
class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
</property>
<property name="constraintMappings">
<list>
<ref bean="constraintMapping"/>
</list>
</property>
<property name="loginService" ref="loginService"/>
<property name="strict" value="false"/>
</bean>
</beans>
I think that camel-jetty is not chained with Jetty in this case because
I see this error too in the log.
karaf@root> org.eclipse.jetty.server.Server@4e2ddb6b STOPPED
+-ConstraintSecurityHandler@48da7565 STOPPED
+-ServletContextHandler@229c61d3@229c61d3/,null STOPPED
+=roles=[system]
+=/*={null={RoleInfo,C[system]}}
Without securityHandler used, I get the message in the log
karaf@root> org.eclipse.jetty.server.Server@6a063430 STOPPED
+-ServletContextHandler@65bc3ae7@65bc3ae7/,null started
+-ServletHandler@75f9140f started
+-[/*]=>org.apache.camel.component.jetty.CamelContinuationServlet-638031455{}
Regards,
Charles
On 07/12/10 12:25, Achim Nierbeck wrote:
> Just something that comes to my mind,
> how is the security for this configured?
> Usually you have this done in your web.xml.
> While working on this I only tested with standard wars and osgi-fied
> wars.
>
>
> 2010/12/7 Charles Moulliard <cmoulliard@gmail.com
> <mailto:cmoulliard@gmail.com>>
>
> Hi Achim,
>
> Thanks for the trick. I can authenticate my user using LDAP realm
> deployed on Karaf. Nevertheless, the following error is still there
>
>
> 09:35:08,655 | DEBUG | 9 - /favicon.ico | log
> | .eclipse.jetty.util.log.Slf4jLog 70 | 61 -
> org.eclipse.jetty.util - 7.1.6.v20100715 | REQUEST /favicon.ico on
> org.eclipse.jetty.server.nio.SelectChannelConnector$2@2ad7532
> 09:35:08,662 | WARN | 9 - /favicon.ico | log
> | .eclipse.jetty.util.log.Slf4jLog 40 | 61 -
> org.eclipse.jetty.util - 7.1.6.v20100715 | /favicon.ico:
> java.lang.NullPointerException
> 09:35:08,662 | DEBUG | 9 - /favicon.ico | log
> | .eclipse.jetty.util.log.Slf4jLog 80 | 61 -
> org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>
> java.lang.NullPointerException
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
> at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>
>
> after the authentication and the camel route does not receive any
> exchange.
>
> When looking to the SecurityHandler class of eclipse jetty, the
> NPE can come from the fact that the IdentityService cannot be
> removed because it has not been created (see error hereunder)
>
> 09:34:42,508 | DEBUG | ExtenderThread-2 | log
> | .eclipse.jetty.util.log.Slf4jLog 80 | 61 -
> org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
> java.lang.IllegalStateException: No IdentityService for
> org.eclipse.jetty.security.authentication.BasicAuthenticator@25d3e3f3
> in ConstraintSecurityHandler@32ecabac
> at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:37)[68:org.eclipse.jetty.security:7.1.6.v20100715]
> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:333)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>
> Regards,
>
> Charles
>
>
> On 06/12/10 19:06, Achim Nierbeck wrote:
>
> Hi, maybe it has something todo the way the JAAS Login of
> jetty works.
> to get the standard Jetty-Jaas configuration to work you have
> to make
> the following
> configuration in the jetty.xml
>
> <Call name="addBean">
> <Arg>
> <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
> <Set name="name">karaf</Set>
> <Set name="loginModuleName">karaf</Set>
> <Set name="roleClassNames">
> <Array type="java.lang.String">
> <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item>
> </Array>
> </Set>
> </New>
> </Arg>
> </Call>
>
> The important part is, that you have to configure the
> roleClass Name, if
> this
> one isn't provided you end up in strange Exceptions, because
> the classes
> are instantiated using reflection.
> When looking for this issue I was able to login also and did
> get an
> exception afterwards.
>
> Greetings, Achim
>
> Hi,
>
> I try to use JAAS authentication within a camel route using
> SecurityHandler of Jetty
>
> <bean id="loginService"
> class="org.eclipse.jetty.plus.jaas.JAASLoginService">
> <property name="name" value="karaf" />
> <property name="loginModuleName" value="karaf" />
> </bean>
>
> <bean id="constraint"
> class="org.eclipse.jetty.http.security.Constraint">
> <property name="name" value="BASIC"/>
> <property name="roles" value="admin"/>
> <property name="authenticate" value="true"/>
> </bean>
>
> <bean id="constraintMapping"
> class="org.eclipse.jetty.security.ConstraintMapping">
> <property name="constraint" ref="constraint"/>
> <property name="pathSpec" value="/*"/>
> </bean>
>
> <bean id="securityHandler"
> class="org.eclipse.jetty.security.ConstraintSecurityHandler">
> <property name="authenticator">
> <bean
> class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
> </property>
> <property name="constraintMappings">
> <list>
> <ref bean="constraintMapping"/>
> </list>
> </property>
> <property name="loginService" ref="loginService" />
> <property name="strict" value="false" />
> </bean>
>
> <camelContext trace="true"
> xmlns="http://camel.apache.org/schema/spring">
> <route>
> <from
> uri="jetty:http://localhost:8080/services?handlers=securityHandler"/>
> <bean ref="responseBean"/>
> <to
> uri="log:org.apache.camel.ldap?level=INFO&showAll=true&multiline=true"/>
> </route>
> </camelContext>
>
> The authentication works fine (I can provide the username
> + passord in
> the prompt) except that after I get a NPE exception and
> camel-jetty
> endpoint is not able to get any exchange
> 11:34:17,243 | WARN | -55 - /services/ |
> log |
> .eclipse.jetty.util.log.Slf4jLog
> 40 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 |
> /services/:
> java.lang.NullPointerException
> 11:34:17,243 | DEBUG | -55 - /services/ |
> log |
> .eclipse.jetty.util.log.Slf4jLog
> 80 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
> java.lang.NullPointerException
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
> at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
> at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
> at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>
> Any idea is welcome ?
>
> Regards,
>
> Charles
>
>
|