Hello
Is this expected behaviour? I would have expected to hit
> ServiceAuthenticationHttpContext only when servicing /jolokia...
>
/jolokia/* mapping (actually a one-element array of URL patterns) is a
mapping for org.jolokia.osgi.servlet.JolokiaServlet registered into "/"
(default), ROOT) context. See this in logs:
Adding servlet
> ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6
> ,contexts=[{HS,OCM-4,context:570736934,/}]}
>
toString() method for ServletModel shows the associated (as in Whiteboard
specification) _contexts_. The single associated context is:
{HS,OCM-4,context:570736934,/}
>
HS means "Http Service", OCM-4 is an internal ID of the context and
"context:570736934" is generated name, because Jolokia's provided
"ServiceAuthenticationHttpContext"
is wrapped to match the API consistency internally. This
"ServiceAuthenticationHttpContext" is used by Jolokia to register the
servlet:
service.registerServlet(getServletAlias(),
new
JolokiaServlet(context,restrictor),
getConfiguration(),
getHttpContext());
(see 4th parameter - result of getHttpContext()).
What's more important is that such context replaces default "/" context
from Whiteboard specification:
> 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Changing default OSGi context model for
> o.o.p.w.s.j.i.PaxWebServletContextHandler@14729e2e{/,null,STOPPED}
> > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 |
> OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi -
> 8.0.2 | Unegistering
> OsgiServletContext{model=OsgiContextModel{WB,id=OCM-1,name='default',path='/',bundle=org.ops4j.pax.web.pax-web-extender-whiteboard,context=(supplier)}}
> as OSGi service for "/" context path
> > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 |
> OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi -
> 8.0.2 | Registering
> OsgiServletContext{model=OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1
> [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}}
> as OSGi service for "/" context path
See
{WB,id=OCM-1,name='default',path='/',bundle=org.ops4j.pax.web.pax-web-extender-whiteboard,context=(supplier)}}
was replaced b:
{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1
[166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}}
So the context (in terms of org.osgi.service.http.HttpContext and
org.osgi.service.http.context.ServletContextHelper) was switched from the
one provided (by default) by org.ops4j.pax.web.pax-web-extender-whiteboard
bundle to the one provided by Jolokia.
And now the final part of the explanation - what is used to handle
/restconf/operational/network-topology:network-topology/topology/example-ipv4-topology
URL? Pax Web delegates to the underlying container (Jetty, Tomcat and
Undertow) to handle the mapping - and according to Servlets specification,
first, the context is chosen using the longest possible path.
>From the logs you've provided, I see that in addition to "/" context (now
managed by Jolokia) you have two more contexts:
- /auth - {WB,id=OCM-8,name='/auth.id
',path='/auth',bundle=org.opendaylight.aaa.shiro,ref={org.osgi.service.http.context.ServletContextHelper}={
service.id=464, osgi.http.whiteboard.context.name=/auth.id,
service.bundleid=181, service.scope=singleton,
osgi.http.whiteboard.context.path=/auth}}
- /yanglib - {WB,id=OCM-13,name='/yanglib.id
',path='/yanglib',bundle=org.opendaylight.netconf.yanglib,ref={org.osgi.service.http.context.ServletContextHelper}={
service.id=472, osgi.http.whiteboard.context.name=/yanglib.id,
service.bundleid=370, service.scope=singleton,
osgi.http.whiteboard.context.path=/yanglib}}
There are no contexts with paths like:
- /restconf/operational/network-topology:network-topology
- /restconf/operational
- /restconf
(at least I don't see them). So the context that handles
/restconf/operational/network-topology:network-topology/topology/example-ipv4-topology
is simply "/" with Jolokia's provided security handled by
org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity().
Can you check Karaf's web:context-list command?
regards
Grzegorz Grzybek
wt., 16 sie 2022 o 20:03 Robert Varga <n...@hq.sk> napisaĆ(a):
> Hello,
>
> while integrating karaf-4.4.0 into OpenDaylight I ran across a bit of
> strangeness.
>
> We are using Jetty as the implementation and register things through
> both HTTP Service and also via HTTP Whiteboard, with Shiro in the mix
> for good measure (via a an indirection, but let's not go into that for
> sanity's sake).
>
> Due to the way system works together, we end up with Jolokia registering
> via HttpService, which prompts the creation of a default Jetty context:
>
> > 2022-08-16T08:09:51,791 | INFO | features-3-thread-1 |
> FeaturesServiceImpl | 16 - org.apache.karaf.features.core -
> 4.4.0 | org.jolokia.osgi/1.7.1
> > 2022-08-16T08:09:51,793 | INFO | features-3-thread-1 |
> StoppableHttpServiceFactory | 476 - org.ops4j.pax.web.pax-web-runtime
> - 8.0.2 | Binding HTTP Service for bundle: [org.jolokia.osgi_1.7.1 [166]]
> > 2022-08-16T08:09:51,802 | INFO | paxweb-config-1-thread-1 |
> HttpServiceEnabled | 476 - org.ops4j.pax.web.pax-web-runtime
> - 8.0.2 | Registering
> ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6
> ,contexts=[{HS,OCM-4,context:570736934,/}]}
> > 2022-08-16T08:09:51,803 | INFO | paxweb-config-1-thread-1 |
> JettyServerController | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Receiving Batch{"Registration of
> ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6,contexts=null}",
> size=3}
> > 2022-08-16T08:09:51,803 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Adding
> OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1
> [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}
> to o.o.p.w.s.j.i.PaxWebServletContextHandler@14729e2e{/,null,STOPPED}
> > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Changing default OSGi context model for
> o.o.p.w.s.j.i.PaxWebServletContextHandler@14729e2e{/,null,STOPPED}
> > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 |
> OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi -
> 8.0.2 | Unegistering
> OsgiServletContext{model=OsgiContextModel{WB,id=OCM-1,name='default',path='/',bundle=org.ops4j.pax.web.pax-web-extender-whiteboard,context=(supplier)}}
> as OSGi service for "/" context path
> > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 |
> OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi -
> 8.0.2 | Registering
> OsgiServletContext{model=OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1
> [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}}
> as OSGi service for "/" context path
> > 2022-08-16T08:09:51,805 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Adding servlet
> ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6
> ,contexts=[{HS,OCM-4,context:570736934,/}]}
> > 2022-08-16T08:09:51,808 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Starting Jetty context "/" with default Osgi Context
> OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1
> [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126
> }}
>
> This is driven by this bit of code:
>
> https://github.com/rhuss/jolokia/blob/33ee8be04aedacf9af2d1ca917dd6c89b119c628/agent/osgi/src/main/java/org/jolokia/osgi/JolokiaActivator.java#L322-L325
>
> We then proceed to start a ton of other services, like:
>
> > 2022-08-16T08:09:57,729 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Starting Jetty context "/auth" with default Osgi Context
> OsgiContextModel{WB,id=OCM-8,name='/auth.id
> ',path='/auth',bundle=org.opendaylight.aaa.shiro,ref={org.osgi.service.http.context.ServletContextHelper}={
> service.id=464, osgi.http.whiteboard.context.name=/auth.id,
> service.bundleid=181, service.scope=singleton,
> osgi.http.whiteboard.context.path=/auth}}
> > 2022-08-16T08:09:57,738 | INFO | paxweb-config-1-thread-1 |
> JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty -
> 8.0.2 | Starting Jetty context "/yanglib" with default Osgi Context
> OsgiContextModel{WB,id=OCM-13,name='/yanglib.id
> ',path='/yanglib',bundle=org.opendaylight.netconf.yanglib,ref={org.osgi.service.http.context.ServletContextHelper}={
> service.id=472, osgi.http.whiteboard.context.name=/yanglib.id,
> service.bundleid=370, service.scope=singleton,
> osgi.http.whiteboard.context.path=/yanglib}}
> > 2022-08-16T08:09:57,800 | INFO | paxweb-config-1-thread-1 |
> HttpServiceEnabled | 476 - org.ops4j.pax.web.pax-web-runtime
> - 8.0.2 | Registering
> ServletModel{id=ServletModel-29,name='org.glassfish.jersey.servlet.ServletContainer',urlPatterns=[/rests/*],contexts=[{WB,OCM-26,/.id,/}]}
>
> Now, due to a screw up on my part ServiceAuthenticationHttpContext ends
> up not working, so this error is very much expected:
>
> > 2022-08-16T08:10:04,226 | WARN | qtp874199530-623 | HttpChannel
> | 146 - org.eclipse.jetty.util - 9.4.46.v20220331 |
> /jolokia/read/org.opendaylight.controller:Category=Shards,name=member-1-shard-default-config,type=DistributedConfigDatastore
> > org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
> accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is
> an invalid application configuration.
> > at
> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
> ~[?:?]
> > at
> org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[?:?]
> > at
> org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[?:?]
> > at
> org.opendaylight.aaa.authenticator.ODLAuthenticator.login(ODLAuthenticator.java:87)
> ~[?:?]
> > at
> org.opendaylight.aaa.authenticator.ODLAuthenticator.authenticate(ODLAuthenticator.java:59)
> ~[?:?]
> > at
> org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity(ServiceAuthenticationHttpContext.java:72)
> ~[?:?]
> > at
> org.ops4j.pax.web.service.spi.context.WebContainerContextWrapper.handleSecurity(WebContainerContextWrapper.java:85)
> ~[?:?]
> > at
> org.ops4j.pax.web.service.spi.servlet.OsgiFilterChain.doFilter(OsgiFilterChain.java:98)
> ~[?:?]
> > at
> org.ops4j.pax.web.service.jetty.internal.PaxWebServletHandler.doHandle(PaxWebServletHandler.java:310)
> ~[?:?]
> > at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> ~[bundleFile:9.4.46.v20220331]
>
> What is weird, though, is that ServiceAuthenticationHttpContext is also
> consulted for resources which do not exist, i.e. if it worked, this
> request would have resulted in a 404:
>
> > 2022-08-16T08:10:06,851 | WARN | qtp874199530-146 | HttpChannel
> | 146 - org.eclipse.jetty.util - 9.4.46.v20220331 |
> /restconf/operational/network-topology:network-topology/topology/example-ipv4-topology
> > org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager
> accessible to the calling code, either bound to the
> org.apache.shiro.util.ThreadContext or as a vm static singleton. This is
> an invalid application configuration.
> > at
> org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123)
> ~[?:?]
> > at
> org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[?:?]
> > at
> org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[?:?]
> > at
> org.opendaylight.aaa.authenticator.ODLAuthenticator.login(ODLAuthenticator.java:87)
> ~[?:?]
> > at
> org.opendaylight.aaa.authenticator.ODLAuthenticator.authenticate(ODLAuthenticator.java:59)
> ~[?:?]
> > at
> org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity(ServiceAuthenticationHttpContext.java:72)
> ~[?:?]
> > at
> org.ops4j.pax.web.service.spi.context.WebContainerContextWrapper.handleSecurity(WebContainerContextWrapper.java:85)
> ~[?:?]
> > at
> org.ops4j.pax.web.service.spi.servlet.OsgiFilterChain.doFilter(OsgiFilterChain.java:98)
> ~[?:?]
> > at
> org.ops4j.pax.web.service.jetty.internal.PaxWebServletHandler.doHandle(PaxWebServletHandler.java:310)
> ~[?:?]
> > at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> ~[?:?]
>
> Is this expected behaviour? I would have expected to hit
> ServiceAuthenticationHttpContext only when servicing /jolokia...
>
> Thanks,
> Robert
>
