Hello Is this expected behaviour? I would have expected to hit > ServiceAuthenticationHttpContext only when servicing /jolokia... >
/jolokia/* mapping (actually a one-element array of URL patterns) is a mapping for org.jolokia.osgi.servlet.JolokiaServlet registered into "/" (default), ROOT) context. See this in logs: Adding servlet > ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6 > ,contexts=[{HS,OCM-4,context:570736934,/}]} > toString() method for ServletModel shows the associated (as in Whiteboard specification) _contexts_. The single associated context is: {HS,OCM-4,context:570736934,/} > HS means "Http Service", OCM-4 is an internal ID of the context and "context:570736934" is generated name, because Jolokia's provided "ServiceAuthenticationHttpContext" is wrapped to match the API consistency internally. This "ServiceAuthenticationHttpContext" is used by Jolokia to register the servlet: service.registerServlet(getServletAlias(), new JolokiaServlet(context,restrictor), getConfiguration(), getHttpContext()); (see 4th parameter - result of getHttpContext()). What's more important is that such context replaces default "/" context from Whiteboard specification: > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Changing default OSGi context model for > o.o.p.w.s.j.i.PaxWebServletContextHandler@14729e2e{/,null,STOPPED} > > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 | > OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi - > 8.0.2 | Unegistering > OsgiServletContext{model=OsgiContextModel{WB,id=OCM-1,name='default',path='/',bundle=org.ops4j.pax.web.pax-web-extender-whiteboard,context=(supplier)}} > as OSGi service for "/" context path > > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 | > OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi - > 8.0.2 | Registering > OsgiServletContext{model=OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1 > [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}} > as OSGi service for "/" context path See {WB,id=OCM-1,name='default',path='/',bundle=org.ops4j.pax.web.pax-web-extender-whiteboard,context=(supplier)}} was replaced b: {HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1 [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}} So the context (in terms of org.osgi.service.http.HttpContext and org.osgi.service.http.context.ServletContextHelper) was switched from the one provided (by default) by org.ops4j.pax.web.pax-web-extender-whiteboard bundle to the one provided by Jolokia. And now the final part of the explanation - what is used to handle /restconf/operational/network-topology:network-topology/topology/example-ipv4-topology URL? Pax Web delegates to the underlying container (Jetty, Tomcat and Undertow) to handle the mapping - and according to Servlets specification, first, the context is chosen using the longest possible path. >From the logs you've provided, I see that in addition to "/" context (now managed by Jolokia) you have two more contexts: - /auth - {WB,id=OCM-8,name='/auth.id ',path='/auth',bundle=org.opendaylight.aaa.shiro,ref={org.osgi.service.http.context.ServletContextHelper}={ service.id=464, osgi.http.whiteboard.context.name=/auth.id, service.bundleid=181, service.scope=singleton, osgi.http.whiteboard.context.path=/auth}} - /yanglib - {WB,id=OCM-13,name='/yanglib.id ',path='/yanglib',bundle=org.opendaylight.netconf.yanglib,ref={org.osgi.service.http.context.ServletContextHelper}={ service.id=472, osgi.http.whiteboard.context.name=/yanglib.id, service.bundleid=370, service.scope=singleton, osgi.http.whiteboard.context.path=/yanglib}} There are no contexts with paths like: - /restconf/operational/network-topology:network-topology - /restconf/operational - /restconf (at least I don't see them). So the context that handles /restconf/operational/network-topology:network-topology/topology/example-ipv4-topology is simply "/" with Jolokia's provided security handled by org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity(). Can you check Karaf's web:context-list command? regards Grzegorz Grzybek wt., 16 sie 2022 o 20:03 Robert Varga <n...@hq.sk> napisaĆ(a): > Hello, > > while integrating karaf-4.4.0 into OpenDaylight I ran across a bit of > strangeness. > > We are using Jetty as the implementation and register things through > both HTTP Service and also via HTTP Whiteboard, with Shiro in the mix > for good measure (via a an indirection, but let's not go into that for > sanity's sake). > > Due to the way system works together, we end up with Jolokia registering > via HttpService, which prompts the creation of a default Jetty context: > > > 2022-08-16T08:09:51,791 | INFO | features-3-thread-1 | > FeaturesServiceImpl | 16 - org.apache.karaf.features.core - > 4.4.0 | org.jolokia.osgi/1.7.1 > > 2022-08-16T08:09:51,793 | INFO | features-3-thread-1 | > StoppableHttpServiceFactory | 476 - org.ops4j.pax.web.pax-web-runtime > - 8.0.2 | Binding HTTP Service for bundle: [org.jolokia.osgi_1.7.1 [166]] > > 2022-08-16T08:09:51,802 | INFO | paxweb-config-1-thread-1 | > HttpServiceEnabled | 476 - org.ops4j.pax.web.pax-web-runtime > - 8.0.2 | Registering > ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6 > ,contexts=[{HS,OCM-4,context:570736934,/}]} > > 2022-08-16T08:09:51,803 | INFO | paxweb-config-1-thread-1 | > JettyServerController | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Receiving Batch{"Registration of > ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6,contexts=null}", > size=3} > > 2022-08-16T08:09:51,803 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Adding > OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1 > [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}} > to o.o.p.w.s.j.i.PaxWebServletContextHandler@14729e2e{/,null,STOPPED} > > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Changing default OSGi context model for > o.o.p.w.s.j.i.PaxWebServletContextHandler@14729e2e{/,null,STOPPED} > > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 | > OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi - > 8.0.2 | Unegistering > OsgiServletContext{model=OsgiContextModel{WB,id=OCM-1,name='default',path='/',bundle=org.ops4j.pax.web.pax-web-extender-whiteboard,context=(supplier)}} > as OSGi service for "/" context path > > 2022-08-16T08:09:51,804 | INFO | paxweb-config-1-thread-1 | > OsgiServletContext | 477 - org.ops4j.pax.web.pax-web-spi - > 8.0.2 | Registering > OsgiServletContext{model=OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1 > [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126}}} > as OSGi service for "/" context path > > 2022-08-16T08:09:51,805 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Adding servlet > ServletModel{id=ServletModel-3,name='org.jolokia.osgi.servlet.JolokiaServlet',alias='/jolokia',urlPatterns=[/jolokia/*],servlet=org.jolokia.osgi.servlet.JolokiaServlet@2d7892f6 > ,contexts=[{HS,OCM-4,context:570736934,/}]} > > 2022-08-16T08:09:51,808 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Starting Jetty context "/" with default Osgi Context > OsgiContextModel{HS,id=OCM-4,name='context:570736934',path='/',bundle=org.jolokia.osgi,context=WebContainerContextWrapper{bundle=org.jolokia.osgi_1.7.1 > [166],contextId='context:570736934',delegate=org.jolokia.osgi.security.ServiceAuthenticationHttpContext@2204c126 > }} > > This is driven by this bit of code: > > https://github.com/rhuss/jolokia/blob/33ee8be04aedacf9af2d1ca917dd6c89b119c628/agent/osgi/src/main/java/org/jolokia/osgi/JolokiaActivator.java#L322-L325 > > We then proceed to start a ton of other services, like: > > > 2022-08-16T08:09:57,729 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Starting Jetty context "/auth" with default Osgi Context > OsgiContextModel{WB,id=OCM-8,name='/auth.id > ',path='/auth',bundle=org.opendaylight.aaa.shiro,ref={org.osgi.service.http.context.ServletContextHelper}={ > service.id=464, osgi.http.whiteboard.context.name=/auth.id, > service.bundleid=181, service.scope=singleton, > osgi.http.whiteboard.context.path=/auth}} > > 2022-08-16T08:09:57,738 | INFO | paxweb-config-1-thread-1 | > JettyServerWrapper | 474 - org.ops4j.pax.web.pax-web-jetty - > 8.0.2 | Starting Jetty context "/yanglib" with default Osgi Context > OsgiContextModel{WB,id=OCM-13,name='/yanglib.id > ',path='/yanglib',bundle=org.opendaylight.netconf.yanglib,ref={org.osgi.service.http.context.ServletContextHelper}={ > service.id=472, osgi.http.whiteboard.context.name=/yanglib.id, > service.bundleid=370, service.scope=singleton, > osgi.http.whiteboard.context.path=/yanglib}} > > 2022-08-16T08:09:57,800 | INFO | paxweb-config-1-thread-1 | > HttpServiceEnabled | 476 - org.ops4j.pax.web.pax-web-runtime > - 8.0.2 | Registering > ServletModel{id=ServletModel-29,name='org.glassfish.jersey.servlet.ServletContainer',urlPatterns=[/rests/*],contexts=[{WB,OCM-26,/.id,/}]} > > Now, due to a screw up on my part ServiceAuthenticationHttpContext ends > up not working, so this error is very much expected: > > > 2022-08-16T08:10:04,226 | WARN | qtp874199530-623 | HttpChannel > | 146 - org.eclipse.jetty.util - 9.4.46.v20220331 | > /jolokia/read/org.opendaylight.controller:Category=Shards,name=member-1-shard-default-config,type=DistributedConfigDatastore > > org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager > accessible to the calling code, either bound to the > org.apache.shiro.util.ThreadContext or as a vm static singleton. This is > an invalid application configuration. > > at > org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) > ~[?:?] > > at > org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[?:?] > > at > org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[?:?] > > at > org.opendaylight.aaa.authenticator.ODLAuthenticator.login(ODLAuthenticator.java:87) > ~[?:?] > > at > org.opendaylight.aaa.authenticator.ODLAuthenticator.authenticate(ODLAuthenticator.java:59) > ~[?:?] > > at > org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity(ServiceAuthenticationHttpContext.java:72) > ~[?:?] > > at > org.ops4j.pax.web.service.spi.context.WebContainerContextWrapper.handleSecurity(WebContainerContextWrapper.java:85) > ~[?:?] > > at > org.ops4j.pax.web.service.spi.servlet.OsgiFilterChain.doFilter(OsgiFilterChain.java:98) > ~[?:?] > > at > org.ops4j.pax.web.service.jetty.internal.PaxWebServletHandler.doHandle(PaxWebServletHandler.java:310) > ~[?:?] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > ~[bundleFile:9.4.46.v20220331] > > What is weird, though, is that ServiceAuthenticationHttpContext is also > consulted for resources which do not exist, i.e. if it worked, this > request would have resulted in a 404: > > > 2022-08-16T08:10:06,851 | WARN | qtp874199530-146 | HttpChannel > | 146 - org.eclipse.jetty.util - 9.4.46.v20220331 | > /restconf/operational/network-topology:network-topology/topology/example-ipv4-topology > > org.apache.shiro.UnavailableSecurityManagerException: No SecurityManager > accessible to the calling code, either bound to the > org.apache.shiro.util.ThreadContext or as a vm static singleton. This is > an invalid application configuration. > > at > org.apache.shiro.SecurityUtils.getSecurityManager(SecurityUtils.java:123) > ~[?:?] > > at > org.apache.shiro.subject.Subject$Builder.<init>(Subject.java:626) ~[?:?] > > at > org.apache.shiro.SecurityUtils.getSubject(SecurityUtils.java:56) ~[?:?] > > at > org.opendaylight.aaa.authenticator.ODLAuthenticator.login(ODLAuthenticator.java:87) > ~[?:?] > > at > org.opendaylight.aaa.authenticator.ODLAuthenticator.authenticate(ODLAuthenticator.java:59) > ~[?:?] > > at > org.jolokia.osgi.security.ServiceAuthenticationHttpContext.handleSecurity(ServiceAuthenticationHttpContext.java:72) > ~[?:?] > > at > org.ops4j.pax.web.service.spi.context.WebContainerContextWrapper.handleSecurity(WebContainerContextWrapper.java:85) > ~[?:?] > > at > org.ops4j.pax.web.service.spi.servlet.OsgiFilterChain.doFilter(OsgiFilterChain.java:98) > ~[?:?] > > at > org.ops4j.pax.web.service.jetty.internal.PaxWebServletHandler.doHandle(PaxWebServletHandler.java:310) > ~[?:?] > > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > ~[?:?] > > Is this expected behaviour? I would have expected to hit > ServiceAuthenticationHttpContext only when servicing /jolokia... > > Thanks, > Robert >