karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Achim Nierbeck <bcanh...@googlemail.com>
Subject Re: camel-jetty + authentication JAAS
Date Tue, 07 Dec 2010 11:25:27 GMT
Just something that comes to my mind,
how is the security for this configured?
Usually you have this done in your web.xml.
While working on this I only tested with standard wars and osgi-fied wars.


2010/12/7 Charles Moulliard <cmoulliard@gmail.com>

> Hi Achim,
>
> Thanks for the trick. I can authenticate my user using LDAP realm deployed
> on Karaf. Nevertheless, the following error is still there
>
>
> 09:35:08,655 | DEBUG | 9 - /favicon.ico | log
>  | .eclipse.jetty.util.log.Slf4jLog   70 | 61 - org.eclipse.jetty.util -
> 7.1.6.v20100715 | REQUEST /favicon.ico on
> org.eclipse.jetty.server.nio.SelectChannelConnector$2@2ad7532
> 09:35:08,662 | WARN  | 9 - /favicon.ico | log
>  | .eclipse.jetty.util.log.Slf4jLog   40 | 61 - org.eclipse.jetty.util -
> 7.1.6.v20100715 | /favicon.ico: java.lang.NullPointerException
> 09:35:08,662 | DEBUG | 9 - /favicon.ico | log
>  | .eclipse.jetty.util.log.Slf4jLog   80 | 61 - org.eclipse.jetty.util -
> 7.1.6.v20100715 | EXCEPTION
>
> java.lang.NullPointerException
>    at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>    at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>    at
> org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>    at
> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>    at
> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>    at
> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>    at
> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>    at
> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>    at
> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7
> .1.6.v20100715]
>    at
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
>    at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>
>
> after the authentication and the camel route does not receive any exchange.
>
> When looking to the SecurityHandler class of eclipse jetty, the NPE can
> come from the fact that the IdentityService cannot be removed because it has
> not been created (see error hereunder)
>
> 09:34:42,508 | DEBUG | ExtenderThread-2 | log
>  | .eclipse.jetty.util.log.Slf4jLog   80 | 61 - org.eclipse.jetty.util -
> 7.1.6.v20100715 | EXCEPTION
> java.lang.IllegalStateException: No IdentityService for
> org.eclipse.jetty.security.authentication.BasicAuthenticator@25d3e3f3 in
> ConstraintSecurityHandler@32ecabac
>    at
> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:37)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>    at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:333)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>
> Regards,
>
> Charles
>
>
> On 06/12/10 19:06, Achim Nierbeck wrote:
>
>> Hi, maybe it has something todo the way the JAAS Login of jetty works.
>> to get the standard Jetty-Jaas configuration to work you have to make
>> the following
>> configuration in the jetty.xml
>>
>> <Call name="addBean">
>>       <Arg>
>>         <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>           <Set name="name">karaf</Set>
>>           <Set name="loginModuleName">karaf</Set>
>>           <Set name="roleClassNames">
>>             <Array type="java.lang.String">
>>               <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item>
>>             </Array>
>>           </Set>
>>         </New>
>>       </Arg>
>>     </Call>
>>
>> The important part is, that you have to configure the roleClass Name, if
>> this
>> one isn't provided you end up in strange Exceptions, because the classes
>> are instantiated using reflection.
>> When looking for this issue I was able to login also and did get an
>> exception afterwards.
>>
>> Greetings, Achim
>>
>>  Hi,
>>>
>>> I try to use JAAS authentication within a camel route using
>>> SecurityHandler of Jetty
>>>
>>> <bean id="loginService"
>>> class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>> <property name="name" value="karaf" />
>>> <property name="loginModuleName" value="karaf" />
>>> </bean>
>>>
>>> <bean id="constraint" class="org.eclipse.jetty.http.security.Constraint">
>>> <property name="name" value="BASIC"/>
>>> <property name="roles" value="admin"/>
>>> <property name="authenticate" value="true"/>
>>> </bean>
>>>
>>> <bean id="constraintMapping"
>>> class="org.eclipse.jetty.security.ConstraintMapping">
>>> <property name="constraint" ref="constraint"/>
>>> <property name="pathSpec" value="/*"/>
>>> </bean>
>>>
>>> <bean id="securityHandler"
>>> class="org.eclipse.jetty.security.ConstraintSecurityHandler">
>>> <property name="authenticator">
>>> <bean
>>> class="org.eclipse.jetty.security.authentication.BasicAuthenticator"/>
>>> </property>
>>> <property name="constraintMappings">
>>> <list>
>>> <ref bean="constraintMapping"/>
>>> </list>
>>> </property>
>>> <property name="loginService" ref="loginService" />
>>> <property name="strict" value="false" />
>>> </bean>
>>>
>>> <camelContext trace="true" xmlns="http://camel.apache.org/schema/spring
>>> ">
>>> <route>
>>> <from
>>> uri="jetty:http://localhost:8080/services?handlers=securityHandler"/>
>>> <bean ref="responseBean"/>
>>> <to
>>>
>>> uri="log:org.apache.camel.ldap?level=INFO&amp;showAll=true&amp;multiline=true"/>
>>> </route>
>>> </camelContext>
>>>
>>> The authentication works fine (I can provide the username + passord in
>>> the prompt) except that after I get a NPE exception and camel-jetty
>>> endpoint is not able to get any exchange
>>> 11:34:17,243 | WARN  | -55 - /services/ |
>>> log                              | .eclipse.jetty.util.log.Slf4jLog
>>> 40 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 | /services/:
>>> java.lang.NullPointerException
>>> 11:34:17,243 | DEBUG | -55 - /services/ |
>>> log                              | .eclipse.jetty.util.log.Slf4jLog
>>> 80 | 61 - org.eclipse.jetty.util - 7.1.6.v20100715 | EXCEPTION
>>> java.lang.NullPointerException
>>>     at
>>>
>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:489)[68:org.eclipse.jetty.security:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7
>>> .1.6.v20100715]
>>>     at
>>>
>>> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
>>>     at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
>>>
>>> Any idea is welcome ?
>>>
>>> Regards,
>>>
>>> Charles
>>>
>>

Mime
View raw message