karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gerald Kallas <catsh...@mailbox.org>
Subject Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Date Mon, 29 Jun 2020 06:31:59 GMT
I'm going to create the tickets for the issues. We may extend these so far with additional
information.

Best
- Gerald

> Jean-Baptiste Onofre <jb@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
> 
>  
> I thought Gerald already explained it on the mailing list. My intention is more to create
the Jira with the details.
> 
> Regards
> JB
> 
> > Le 29 juin 2020 à 07:33, Andrea Cosentino <ancosen@gmail.com> a écrit :
> > 
> > I think it's good to have the details shared in public.
> > 
> > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <mailto:jb@nanthrax.net>>
ha scritto:
> > Hi,
> > 
> > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
> > 
> > Can you please send a private message about issues you have with Karaf 4.2.9 and
Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
> > 
> > Thanks,
> > Regards
> > JB
> > 
> > > Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <mailto:catshout@mailbox.org>>
a écrit :
> > > 
> > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround
works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
> > > 
> > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> > > 
> > >> Gerald Kallas <catshout@mailbox.org <mailto:catshout@mailbox.org>>
hat am 28.06.2020 18:12 geschrieben:
> > >> 
> > >> 
> > >> Hi all,
> > >> 
> > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> > >> 
> > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries
in my etc/jetty.xml I'm getting an error as attached below.
> > >> 
> > >> Neither hawtio nor my servlet are working any longer. Seems that now both
entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> > >> 
> > >> With both entries, as you found Grzegorz, the authentication doesn't work.
> > >> 
> > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have
another workaround for that behaviour?
> > >> 
> > >> Best
> > >> - Gerald
> > >> 
> > >> 
> > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted
              | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet
context for context path []
> > >> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException:
org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec
[169]
> > >>        at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
~[?:?]
> > >>        at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
~[?:?]
> > >>        at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
~[?:?]
> > >>        at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
~[?:?]
> > >>        at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
~[?:?]
> > >>        at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
~[?:?]
> > >>        at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
~[?:?]
> > >>        at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
~[?:?]
> > >>        at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
~[?:?]
> > >>        at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
~[?:?]
> > >>        at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
~[?:?]
> > >>        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
~[?:?]
> > >>        at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
~[?:?]
> > >>        at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
~[?:?]
> > >>        at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
~[?:?]
> > >>        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
~[?:?]
> > >>        at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
~[?:?]
> > >>        at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
[!/:?]
> > >>        at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
[!/:?]
> > >>        at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
[!/:?]
> > >>        at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
[!/:?]
> > >>        at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown
Source) [?:?]
> > >>        at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
[!/:3.4.0]
> > >>        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method) ~[?:?]
> > >>        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:?]
> > >>        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
> > >>        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> > >>        at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
[!/:1.10.2]
> > >>        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> > >>        at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
[!/:1.10.2]
> > >>        at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
[!/:1.10.2]
> > >>        at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
[!/:1.10.2]
> > >>        at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
[!/:1.10.2]
> > >>        at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
[!/:1.10.2]
> > >>        at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
[!/:1.10.2]
> > >>        at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
[!/:1.10.2]
> > >>        at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
[org.apache.felix.framework-5.6.12.jar:?]
> > >>        at java.lang.Thread.run(Thread.java:834) [?:?]
> > >> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl
not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> > >>        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
~[?:?]
> > >>        at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
~[?:?]
> > >>        at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
~[?:?]
> > >>        at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> > >>        at java.lang.Class.forName0(Native Method) ~[?:?]
> > >>        at java.lang.Class.forName(Class.java:398) ~[?:?]
> > >>        at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
~[?:?]
> > >>        at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
~[?:?]
> > >>        at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> > >>        at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
~[?:?]
> > >>        ... 62 more
> > >> 
> > >>> Grzegorz Grzybek <gr.grzybek@gmail.com <mailto:gr.grzybek@gmail.com>>
hat am 18.05.2020 15:24 geschrieben:
> > >>> 
> > >>> 
> > >>> Hello
> > >>> 
> > >>> I have some answer. First, the "http context processing" feature was
mainly
> > >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> > >>> pax-web-undertow.
> > >>> 
> > >>> But I checked how it works with pax-web-jetty in the debugger.
> > >>> 
> > >>> The key problem is that when Jetty's SecurityHandler is starting, it
tries
> > >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> > >>> With default etc/jetty.xml, there are TWO beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class and
> > >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
does
> > >>> this:
> > >>> 
> > >>> else if (list.size() == 1)
> > >>>    service = list.iterator().next();
> > >>> 
> > >>> So I simply made it working by ensuring there's only one
> > >>> org.eclipse.jetty.jaas.JAASLoginService:
> > >>> 
> > >>> list = {java.util.ArrayList@9544}  size = 1
> > >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > >>> "JAASLoginService@7ba67d0b{STARTED}"
> > >>>  LOG: org.eclipse.jetty.util.log.Logger  =
> > >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > >>>  DEFAULT_ROLE_CLASS_NAME: java.lang.String  =
> > >>> "org.eclipse.jetty.jaas.JAASRole"
> > >>>  DEFAULT_ROLE_CLASS_NAMES: java.lang.String[]  =
> > >>> {java.lang.String[1]@9551}
> > >>>  _roleClassNames: java.lang.String[]  = {java.lang.String[2]@9552}
> > >>>  _callbackHandlerClass: java.lang.String  = null
> > >>>  _realmName: java.lang.String  = "karaf"
> > >>>  _loginModuleName: java.lang.String  = "karaf"
> > >>> 
> > >>> Now, with your Camel route, I got:
> > >>> 
> > >>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
> > >>> *   Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>> 
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 404 Not Found
> > >>> < Cache-Control: must-revalidate,no-cache,no-store
> > >>> < Content-Type: text/html;charset=iso-8859-1
> > >>> < Content-Length: 456
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>> 
> > >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
<http://localhost:8181/camel/api/say/hello>
> > >>> *   Trying ::1:8181...
> > >>> * Connected to localhost (::1) port 8181 (#0)
> > >>> * Server auth using Basic with user 'karaf'
> > >>>> GET /camel/api/say/hello HTTP/1.1
> > >>>> Host: localhost:8181
> > >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> > >>>> User-Agent: curl/7.69.1
> > >>>> Accept: */*
> > >>>> 
> > >>> * Mark bundle as not supporting multiuse
> > >>> < HTTP/1.1 200 OK
> > >>> < Content-Type: application/json
> > >>> < Accept: */*
> > >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> > >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > >>> < User-Agent: curl/7.69.1
> > >>> < Transfer-Encoding: chunked
> > >>> < Server: Jetty(9.4.22.v20191022)
> > >>> <
> > >>> * Connection #0 to host localhost left intact
> > >>> "Hello World"
> > >>> 
> > >>> In theory it should be possible to grab (in etc/jetty.xml, using
> > >>> <Configure> element) instance of SecurityHandler and simply set
there the
> > >>> "realmName" property to "Karaf", so even with two different beans with
> > >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up
the
> > >>> right one. But in Pax Web security handler is part of every
> > >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created
and
> > >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> > >>> 
> > >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in
your
> > >>> etc/jetty.xml
> > >>> 
> > >>> regards
> > >>> Grzegorz Grzybek
> > >>> 
> > >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
<mailto:bcanhome@googlemail.com>.invalid>
> > >>> napisał(a):
> > >>> 
> > >>>> Hi,
> > >>>> 
> > >>>> I already also answered Gerald in another mail.
> > >>>> I'm not quite sure but what might be an issue, is that the default
> > >>>> http-context used in his application isn't bound to the underlying
security
> > >>>> realm.
> > >>>> Therefore it's quite a possibility that there needs to be a configuration
> > >>>> done in his own application, using his own http-Context.
> > >>>> 
> > >>>> Can be found here:
> > >>>> 
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
<https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
> > >>>> 
> > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
<https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
> > >>>> and here:
> > >>>> 
> > >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
<https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
> > >>>> 
> > >>>> regards, Achim
> > >>>> 
> > >>>> 
> > >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
<mailto:alex.soto@envieta.com>
> > >>>>> :
> > >>>> 
> > >>>>> I’m sorry, I don’t know why it's not working; it looks
correct to me.
> > >>>>> Maybe somebody from the Pax-Web team can help you.
> > >>>>> The only suspicious thing is the warning:
> > >>>>> 
> > >>>>> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> > >>>>>            | 229 - org.eclipse.jetty.util - 9.4.22.v20191022
| No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>> 
> > >>>>> 
> > >>>>> Which suggest something is misconfigured.
> > >>>>> 
> > >>>>> Best regards,
> > >>>>> Alex soto
> > >>>>> 
> > >>>>> 
> > >>>>> 
> > >>>>> 
> > >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org
<mailto:catshout@mailbox.org>>
> > >>>> wrote:
> > >>>>>> 
> > >>>>>> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> > >>>>>              | 229 - org.eclipse.jetty.util - 9.4.22.v20191022
| No
> > >>>>> authenticator for: {RoleInfo,C[admin],None}
> > >>>>> 
> > >>>>> 
> > >>>> 
> > >>>> --
> > >>>> 
> > >>>> Apache Member
> > >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>>
Committer & PMC
> > >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
<http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
> > >>>> Project Lead
> > >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
> > >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS <http://bit.ly/1ps9rkS>>
> > >>>> 
> >

Mime
View raw message