karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Achim Nierbeck <bcanh...@googlemail.com>
Subject Re: camel-jetty + authentication JAAS
Date Tue, 07 Dec 2010 20:15:29 GMT
Hm, not sure whats wrong here.
Did you try to use the jetty which is provided?
Maybe this is something in the way camel does handle the security.
I'm pretty much out of ideas right now, sorry :(

> Hi,
>
> Security is configurated using Spring beans (see here after).
>
>     <bean id="loginService"
> class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>         <property name="name" value="ldap"/>
>         <property name="loginModuleName" value="ldap"/>
>         <property name="roleClassNames">
>             <list>
>                 <value>org.apache.karaf.jaas.modules.RolePrincipal</value>
>             </list>
>         </property>
>     </bean>
>
>     <bean id="constraint"
> class="org.eclipse.jetty.http.security.Constraint">
>         <property name="name" value="BASIC"/>
>         <property name="roles" value="system"/>
>         <property name="authenticate" value="true"/>
>     </bean>
>
>     <bean id="constraintMapping"
> class="org.eclipse.jetty.security.ConstraintMapping">
>         <property name="constraint" ref="constraint"/>
>         <property name="pathSpec" value="/*"/>
>     </bean>
>
>     <bean id="securityHandler"
> class="org.eclipse.jetty.security.ConstraintSecurityHandler">
>         <property name="authenticator">
>             <bean
> class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
>         </property>
>         <property name="constraintMappings">
>             <list>
>                 <ref bean="constraintMapping"/>
>             </list>
>         </property>
>         <property name="loginService" ref="loginService"/>
>         <property name="strict" value="false"/>
>     </bean>
>
> </beans>
>
>
> I think that camel-jetty is not chained with Jetty in this case
> because I see this error too in the log.
>
> karaf@root> org.eclipse.jetty.server.Server@4e2ddb6b STOPPED
>  +-ConstraintSecurityHandler@48da7565 STOPPED
>     +-ServletContextHandler@229c61d3@229c61d3/,null STOPPED
>     +=roles=[system]
>     +=/*={null={RoleInfo,C[system]}}
>
> Without securityHandler used, I get the message in the log
>
> karaf@root> org.eclipse.jetty.server.Server@6a063430 STOPPED
>  +-ServletContextHandler@65bc3ae7@65bc3ae7/,null started
>     +-ServletHandler@75f9140f started
>       
> +-[/*]=>org.apache.camel.component.jetty.CamelContinuationServlet-638031455{}
>
>
> Regards,
>
> Charles
>
> On 07/12/10 12:25, Achim Nierbeck wrote:
>> Just something that comes to my mind, 
>> how is the security for this configured?
>> Usually you have this done in your web.xml. 
>> While working on this I only tested with standard wars and osgi-fied
>> wars. 
>>
>>
>> 2010/12/7 Charles Moulliard <cmoulliard@gmail.com
>> <mailto:cmoulliard@gmail.com>>
>>
>>     Hi Achim,
>>
>>     Thanks for the trick. I can authenticate my user using LDAP realm
>>     deployed on Karaf. Nevertheless, the following error is still there
>>
>>
>>     09:35:08,655 | DEBUG | 9 - /favicon.ico | log                    
>>              | .eclipse.jetty.util.log.Slf4jLog   70 | 61 -
>>     org.eclipse.jetty.util - 7.1.6.v20100715 | REQUEST /favicon.ico
>>     on org.eclipse.jetty.server.nio.SelectChannelConnector$2@2ad7532
>>     09:35:08,662 | WARN  | 9 - /favicon.ico | log                    
>>              | .eclipse.jetty.util.log.Slf4jLog   40 | 61 -
>>     org.eclipse.jetty.util - 7.1.6.v20100715 | /favicon.ico:
>>     java.lang.NullPointerException
>>     09:35:08,662 | DEBUG | 9 - /favicon.ico | log                    
>>              | .eclipse.jetty.util.log.Slf4jLog   80 | 61 -
>>     org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>>
>>     java.lang.NullPointerException
>>        at
>>     org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
>>        at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>>
>>
>>     after the authentication and the camel route does not receive any
>>     exchange.
>>
>>     When looking to the SecurityHandler class of eclipse jetty, the
>>     NPE can come from the fact that the IdentityService cannot be
>>     removed because it has not been created (see error hereunder)
>>
>>     09:34:42,508 | DEBUG | ExtenderThread-2 | log                    
>>              | .eclipse.jetty.util.log.Slf4jLog   80 | 61 -
>>     org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>>     java.lang.IllegalStateException: No IdentityService for
>>     org.eclipse.jetty.security.authentication.BasicAuthenticator@25d3e3f3
>>     in ConstraintSecurityHandler@32ecabac
>>        at
>>     org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:37)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>>        at
>>     org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:333)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>>
>>     Regards,
>>
>>     Charles
>>
>>
>>     On 06/12/10 19:06, Achim Nierbeck wrote:
>>
>>         Hi, maybe it has something todo the way the JAAS Login of
>>         jetty works.
>>         to get the standard Jetty-Jaas configuration to work you have
>>         to make
>>         the following
>>         configuration in the jetty.xml
>>
>>         <Call name="addBean">
>>               <Arg>
>>                 <New
>>         class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>                   <Set name="name">karaf</Set>
>>                   <Set name="loginModuleName">karaf</Set>
>>                   <Set name="roleClassNames">
>>                     <Array type="java.lang.String">
>>                      
>>         <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item>
>>                     </Array>
>>                   </Set>
>>                 </New>
>>               </Arg>
>>             </Call>
>>
>>         The important part is, that you have to configure the
>>         roleClass Name, if
>>         this
>>         one isn't provided you end up in strange Exceptions, because
>>         the classes
>>         are instantiated using reflection.
>>         When looking for this issue I was able to login also and did
>>         get an
>>         exception afterwards.
>>
>>         Greetings, Achim
>>
>>             Hi,
>>
>>             I try to use JAAS authentication within a camel route using
>>             SecurityHandler of Jetty
>>
>>             <bean id="loginService"
>>             class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>             <property name="name" value="karaf" />
>>             <property name="loginModuleName" value="karaf" />
>>             </bean>
>>
>>             <bean id="constraint"
>>             class="org.eclipse.jetty.http.security.Constraint">
>>             <property name="name" value="BASIC"/>
>>             <property name="roles" value="admin"/>
>>             <property name="authenticate" value="true"/>
>>             </bean>
>>
>>             <bean id="constraintMapping"
>>             class="org.eclipse.jetty.security.ConstraintMapping">
>>             <property name="constraint" ref="constraint"/>
>>             <property name="pathSpec" value="/*"/>
>>             </bean>
>>
>>             <bean id="securityHandler"
>>             class="org.eclipse.jetty.security.ConstraintSecurityHandler">
>>             <property name="authenticator">
>>             <bean
>>             class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
>>             </property>
>>             <property name="constraintMappings">
>>             <list>
>>             <ref bean="constraintMapping"/>
>>             </list>
>>             </property>
>>             <property name="loginService" ref="loginService" />
>>             <property name="strict" value="false" />
>>             </bean>
>>
>>             <camelContext trace="true"
>>             xmlns="http://camel.apache.org/schema/spring">
>>             <route>
>>             <from
>>             uri="jetty:http://localhost:8080/services?handlers=securityHandler"/>
>>             <bean ref="responseBean"/>
>>             <to
>>             uri="log:org.apache.camel.ldap?level=INFO&amp;showAll=true&amp;multiline=true"/>
>>             </route>
>>             </camelContext>
>>
>>             The authentication works fine (I can provide the username
>>             + passord in
>>             the prompt) except that after I get a NPE exception and
>>             camel-jetty
>>             endpoint is not able to get any exchange
>>             11:34:17,243 | WARN  | -55 - /services/ |
>>             log                              |
>>             .eclipse.jetty.util.log.Slf4jLog
>>             40 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 |
>>             /services/:
>>             java.lang.NullPointerException
>>             11:34:17,243 | DEBUG | -55 - /services/ |
>>             log                              |
>>             .eclipse.jetty.util.log.Slf4jLog
>>             80 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 |
>>             EXCEPTION
>>             java.lang.NullPointerException
>>                 at
>>             org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
>>                 at
>>             org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
>>                 at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>>
>>             Any idea is welcome ?
>>
>>             Regards,
>>
>>             Charles
>>
>>


Mime
View raw message