karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofre ...@nanthrax.net>
Subject Re: Basic authentication of WAB using Jaas in Karaf - the trick doesn't work any longer w/ Karaf 4.2.9 and Camel 3.4.0
Date Mon, 29 Jun 2020 06:34:01 GMT
Thanks, I will take a look.

Regards
JB

> Le 29 juin 2020 à 08:31, Gerald Kallas <catshout@mailbox.org> a écrit :
> 
> I'm going to create the tickets for the issues. We may extend these so far with additional
information.
> 
> Best
> - Gerald
> 
>> Jean-Baptiste Onofre <jb@nanthrax.net> hat am 29.06.2020 07:40 geschrieben:
>> 
>> 
>> I thought Gerald already explained it on the mailing list. My intention is more to
create the Jira with the details.
>> 
>> Regards
>> JB
>> 
>>> Le 29 juin 2020 à 07:33, Andrea Cosentino <ancosen@gmail.com> a écrit
:
>>> 
>>> I think it's good to have the details shared in public.
>>> 
>>> Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <jb@nanthrax.net <mailto:jb@nanthrax.net>>
ha scritto:
>>> Hi,
>>> 
>>> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>>> 
>>> Can you please send a private message about issues you have with Karaf 4.2.9
and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>>> 
>>> Thanks,
>>> Regards
>>> JB
>>> 
>>>> Le 28 juin 2020 à 22:02, Gerald Kallas <catshout@mailbox.org <mailto:catshout@mailbox.org>>
a écrit :
>>>> 
>>>> I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround
works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
>>>> 
>>>> (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
>>>> 
>>>>> Gerald Kallas <catshout@mailbox.org <mailto:catshout@mailbox.org>>
hat am 28.06.2020 18:12 geschrieben:
>>>>> 
>>>>> 
>>>>> Hi all,
>>>>> 
>>>>> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>>>>> 
>>>>> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries
in my etc/jetty.xml I'm getting an error as attached below.
>>>>> 
>>>>> Neither hawtio nor my servlet are working any longer. Seems that now
both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>>>>> 
>>>>> With both entries, as you found Grzegorz, the authentication doesn't
work.
>>>>> 
>>>>> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
have another workaround for that behaviour?
>>>>> 
>>>>> Best
>>>>> - Gerald
>>>>> 
>>>>> 
>>>>> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted
              | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the servlet
context for context path []
>>>>> java.lang.SecurityException: AuthConfigFactory error: java.lang.ClassNotFoundException:
org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec
[169]
>>>>>       at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
~[?:?]
>>>>>       at org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
~[?:?]
>>>>>       at org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
~[?:?]
>>>>>       at org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
~[?:?]
>>>>>       at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
~[?:?]
>>>>>       at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
~[?:?]
>>>>>       at org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
~[?:?]
>>>>>       at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
~[?:?]
>>>>>       at org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
~[?:?]
>>>>>       at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
~[?:?]
>>>>>       at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
~[?:?]
>>>>>       at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
~[?:?]
>>>>>       at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
~[?:?]
>>>>>       at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
~[?:?]
>>>>>       at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
~[?:?]
>>>>>       at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
~[?:?]
>>>>>       at org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
~[?:?]
>>>>>       at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
[!/:?]
>>>>>       at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
[!/:?]
>>>>>       at org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
[!/:?]
>>>>>       at org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
[!/:?]
>>>>>       at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown
Source) [?:?]
>>>>>       at org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
[!/:3.4.0]
>>>>>       at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method) ~[?:?]
>>>>>       at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:?]
>>>>>       at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:?]
>>>>>       at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
>>>>>       at org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
[!/:1.10.2]
>>>>>       at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
>>>>>       at org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
[!/:1.10.2]
>>>>>       at org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
[!/:1.10.2]
>>>>>       at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
[!/:1.10.2]
>>>>>       at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
[!/:1.10.2]
>>>>>       at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
[!/:1.10.2]
>>>>>       at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
[!/:1.10.2]
>>>>>       at org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
[!/:1.10.2]
>>>>>       at org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
[org.apache.felix.framework-5.6.12.jar:?]
>>>>>       at java.lang.Thread.run(Thread.java:834) [?:?]
>>>>> Caused by: java.lang.ClassNotFoundException: org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl
not found by org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
>>>>>       at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
~[?:?]
>>>>>       at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
~[?:?]
>>>>>       at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
~[?:?]
>>>>>       at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
>>>>>       at java.lang.Class.forName0(Native Method) ~[?:?]
>>>>>       at java.lang.Class.forName(Class.java:398) ~[?:?]
>>>>>       at org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
~[?:?]
>>>>>       at javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
~[?:?]
>>>>>       at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
>>>>>       at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
~[?:?]
>>>>>       ... 62 more
>>>>> 
>>>>>> Grzegorz Grzybek <gr.grzybek@gmail.com <mailto:gr.grzybek@gmail.com>>
hat am 18.05.2020 15:24 geschrieben:
>>>>>> 
>>>>>> 
>>>>>> Hello
>>>>>> 
>>>>>> I have some answer. First, the "http context processing" feature
was mainly
>>>>>> tested to "inject" Keycloak authenticator and I mostly tested it
with
>>>>>> pax-web-undertow.
>>>>>> 
>>>>>> But I checked how it works with pax-web-jetty in the debugger.
>>>>>> 
>>>>>> The key problem is that when Jetty's SecurityHandler is starting,
it tries
>>>>>> to find/discover org.eclipse.jetty.security.LoginService instance.
>>>>>> With default etc/jetty.xml, there are TWO beans with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class and
>>>>>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
does
>>>>>> this:
>>>>>> 
>>>>>> else if (list.size() == 1)
>>>>>>   service = list.iterator().next();
>>>>>> 
>>>>>> So I simply made it working by ensuring there's only one
>>>>>> org.eclipse.jetty.jaas.JAASLoginService:
>>>>>> 
>>>>>> list = {java.util.ArrayList@9544}  size = 1
>>>>>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
>>>>>> "JAASLoginService@7ba67d0b{STARTED}"
>>>>>> LOG: org.eclipse.jetty.util.log.Logger  =
>>>>>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
>>>>>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>>>>>> DEFAULT_ROLE_CLASS_NAME: java.lang.String  =
>>>>>> "org.eclipse.jetty.jaas.JAASRole"
>>>>>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[]  =
>>>>>> {java.lang.String[1]@9551}
>>>>>> _roleClassNames: java.lang.String[]  = {java.lang.String[2]@9552}
>>>>>> _callbackHandlerClass: java.lang.String  = null
>>>>>> _realmName: java.lang.String  = "karaf"
>>>>>> _loginModuleName: java.lang.String  = "karaf"
>>>>>> 
>>>>>> Now, with your Camel route, I got:
>>>>>> 
>>>>>> $ curl -v http://localhost:8181/camel/api/say/hello <http://localhost:8181/camel/api/say/hello>
>>>>>> *   Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>> 
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 404 Not Found
>>>>>> < Cache-Control: must-revalidate,no-cache,no-store
>>>>>> < Content-Type: text/html;charset=iso-8859-1
>>>>>> < Content-Length: 456
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>> 
>>>>>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
<http://localhost:8181/camel/api/say/hello>
>>>>>> *   Trying ::1:8181...
>>>>>> * Connected to localhost (::1) port 8181 (#0)
>>>>>> * Server auth using Basic with user 'karaf'
>>>>>>> GET /camel/api/say/hello HTTP/1.1
>>>>>>> Host: localhost:8181
>>>>>>> Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>>> User-Agent: curl/7.69.1
>>>>>>> Accept: */*
>>>>>>> 
>>>>>> * Mark bundle as not supporting multiuse
>>>>>> < HTTP/1.1 200 OK
>>>>>> < Content-Type: application/json
>>>>>> < Accept: */*
>>>>>> < Authorization: Basic a2FyYWY6a2FyYWY=
>>>>>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
>>>>>> < User-Agent: curl/7.69.1
>>>>>> < Transfer-Encoding: chunked
>>>>>> < Server: Jetty(9.4.22.v20191022)
>>>>>> <
>>>>>> * Connection #0 to host localhost left intact
>>>>>> "Hello World"
>>>>>> 
>>>>>> In theory it should be possible to grab (in etc/jetty.xml, using
>>>>>> <Configure> element) instance of SecurityHandler and simply
set there the
>>>>>> "realmName" property to "Karaf", so even with two different beans
with
>>>>>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up
the
>>>>>> right one. But in Pax Web security handler is part of every
>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created
and
>>>>>> only in Pax Web 8 I'd be able to fix this in more clean way.
>>>>>> 
>>>>>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in
your
>>>>>> etc/jetty.xml
>>>>>> 
>>>>>> regards
>>>>>> Grzegorz Grzybek
>>>>>> 
>>>>>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanhome@googlemail.com
<mailto:bcanhome@googlemail.com>.invalid>
>>>>>> napisał(a):
>>>>>> 
>>>>>>> Hi,
>>>>>>> 
>>>>>>> I already also answered Gerald in another mail.
>>>>>>> I'm not quite sure but what might be an issue, is that the default
>>>>>>> http-context used in his application isn't bound to the underlying
security
>>>>>>> realm.
>>>>>>> Therefore it's quite a possibility that there needs to be a configuration
>>>>>>> done in his own application, using his own http-Context.
>>>>>>> 
>>>>>>> Can be found here:
>>>>>>> 
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
<https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java>
>>>>>>> 
>>>>>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
<https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java>
>>>>>>> and here:
>>>>>>> 
>>>>>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
<https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java>
>>>>>>> 
>>>>>>> regards, Achim
>>>>>>> 
>>>>>>> 
>>>>>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.soto@envieta.com
<mailto:alex.soto@envieta.com>
>>>>>>>> :
>>>>>>> 
>>>>>>>> I’m sorry, I don’t know why it's not working; it looks
correct to me.
>>>>>>>> Maybe somebody from the Pax-Web team can help you.
>>>>>>>> The only suspicious thing is the warning:
>>>>>>>> 
>>>>>>>> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
>>>>>>>>           | 229 - org.eclipse.jetty.util - 9.4.22.v20191022
| No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Which suggest something is misconfigured.
>>>>>>>> 
>>>>>>>> Best regards,
>>>>>>>> Alex soto
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catshout@mailbox.org
<mailto:catshout@mailbox.org>>
>>>>>>> wrote:
>>>>>>>>> 
>>>>>>>>> 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 |
SecurityHandler
>>>>>>>>             | 229 - org.eclipse.jetty.util - 9.4.22.v20191022
| No
>>>>>>>> authenticator for: {RoleInfo,C[admin],None}
>>>>>>>> 
>>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> 
>>>>>>> Apache Member
>>>>>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>>
Committer & PMC
>>>>>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/
<http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer &
>>>>>>> Project Lead
>>>>>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>>
>>>>>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS
<http://bit.ly/1ps9rkS>>
>>>>>>> 
>>> 


Mime
View raw message