[ https://issues.apache.org/jira/browse/KARAF-6772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gerald Kallas updated KARAF-6772: --------------------------------- Attachment: undertow.xml > Removing JAASLoginService entry in jetty.xml causes an error (workaround for > camel-servlet basic auth) in Karaf 4.2.9 > --------------------------------------------------------------------------------------------------------------------- > > Key: KARAF-6772 > URL: https://issues.apache.org/jira/browse/KARAF-6772 > Project: Karaf > Issue Type: Bug > Components: karaf > Affects Versions: 4.2.9 > Reporter: Gerald Kallas > Priority: Major > Attachments: hello1.xml, jetty.xml, > org.ops4j.pax.web.context-admin.hello1.cfg, > org.ops4j.pax.web.context-admin.hello1.cfg, undertow.xml, users.properties > > > I've following route (hello1.xml) > {code:java} > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 > https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd"> > <reference id="httpService" interface="org.osgi.service.http.HttpService" > /> > <bean id="camelServlet" > class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/> > <bean class="org.apache.camel.component.osgi.OsgiServletRegisterer" > init-method="register" > destroy-method="unregister"> > <property name="servletName" value="httpServlet" /> > <property name="alias" value="/camel/services" /> > <property name="httpService" ref="httpService" /> > <property name="servlet" ref="camelServlet" /> > </bean> > <bean id="servlet" > class="org.apache.camel.component.servlet.ServletComponent" /> > <camelContext xmlns="http://camel.apache.org/schema/blueprint"> > <route> > <from uri="servlet://hello1?servletName=httpServlet" /> > <setBody> > <constant>Hello 1</constant> > </setBody> > </route> > </camelContext> > </blueprint> > {code} > and following cfg file (org.ops4j.pax.web.context-admin.hello1.cfg) > {code:java} > bundle.symbolicName=hello1.xml > login.config.authMethod=BASIC > login.config.realmName=default > context.id=default > security.constraint.1.url = /camel/services/* > security.constraint.1.method = * > security.constraint.1.roles = admin > {code} > For proper working of the http basic auth with this configuration [~ggrzybek] > was providing a workaround as following > {code:java} > Hello > I have some answer. First, the "http context processing" feature was mainly > tested to "inject" Keycloak authenticator and I mostly tested it with > pax-web-undertow. > But I checked how it works with pax-web-jetty in the debugger. > The key problem is that when Jetty's SecurityHandler is starting, it tries > to find/discover org.eclipse.jetty.security.LoginService instance. > With default etc/jetty.xml, there are TWO beans with > org.eclipse.jetty.jaas.JAASLoginService class and > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does > this: > else if (list.size() == 1) > service = list.iterator().next(); > So I simply made it working by ensuring there's only one > org.eclipse.jetty.jaas.JAASLoginService: > list = {java.util.ArrayList@9544} size = 1 > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} > "JAASLoginService@7ba67d0b{STARTED}" > LOG: org.eclipse.jetty.util.log.Logger = > {org.eclipse.jetty.util.log.Slf4jLog@9549} > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7" > DEFAULT_ROLE_CLASS_NAME: java.lang.String = > "org.eclipse.jetty.jaas.JAASRole" > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = > {java.lang.String[1]@9551} > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552} > _callbackHandlerClass: java.lang.String = null > _realmName: java.lang.String = "karaf" > _loginModuleName: java.lang.String = "karaf" > Now, with your Camel route, I got: > $ curl -v http://localhost:8181/camel/api/say/hello > * Trying ::1:8181... > * Connected to localhost (::1) port 8181 (#0) > GET /camel/api/say/hello HTTP/1.1 > Host: localhost:8181 > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse > < HTTP/1.1 404 Not Found > < Cache-Control: must-revalidate,no-cache,no-store > < Content-Type: text/html;charset=iso-8859-1 > < Content-Length: 456 > < Server: Jetty(9.4.22.v20191022) > < > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello > * Trying ::1:8181... > * Connected to localhost (::1) port 8181 (#0) > * Server auth using Basic with user 'karaf' > GET /camel/api/say/hello HTTP/1.1 > Host: localhost:8181 > Authorization: Basic a2FyYWY6a2FyYWY= > User-Agent: curl/7.69.1 > Accept: */* > * Mark bundle as not supporting multiuse > < HTTP/1.1 200 OK > < Content-Type: application/json > < Accept: */* > < Authorization: Basic a2FyYWY6a2FyYWY= > < breadcrumbId: ID-everfree-forest-1589807499756-0-1 > < User-Agent: curl/7.69.1 > < Transfer-Encoding: chunked > < Server: Jetty(9.4.22.v20191022) > < > * Connection #0 to host localhost left intact > "Hello World" > In theory it should be possible to grab (in etc/jetty.xml, using > <Configure> element) instance of SecurityHandler and simply set there the > "realmName" property to "Karaf", so even with two different beans with > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the > right one. But in Pax Web security handler is part of every > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and > only in Pax Web 8 I'd be able to fix this in more clean way. > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your > etc/jetty.xml > regards > Grzegorz Grzybek{code} > > This worked fine in the combination of Karaf 4.2.8 and Camel 3.3.0. The > jetty.xml does only have one entry for JAASLoginService. It looks like > {code:java} > <?xml version="1.0"?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one > or more contributor license agreements. See the NOTICE file > distributed with this work for additional information > regarding copyright ownership. The ASF licenses this file > to you under the Apache License, Version 2.0 (the > "License"); you may not use this file except in compliance > with the License. You may obtain a copy of the License at > http://www.apache.org/licenses/LICENSE-2.0 > Unless required by applicable law or agreed to in writing, > software distributed under the License is distributed on an > "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > KIND, either express or implied. See the License for the > specific language governing permissions and limitations > under the License. > --> > <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" > "http://www.eclipse.org/jetty/configure_9_0.dtd"> > <Configure id="Server" class="org.eclipse.jetty.server.Server"> > <!-- =========================================================== --> > <!-- Set connectors --> > <!-- =========================================================== --> > <!-- One of each type! --> > <!-- =========================================================== --> > <!-- Use this connector for many frequently idle connections and for > threadless continuations. --> > <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> > <Set name="secureScheme">https</Set> > <Set name="securePort"> > <Property name="jetty.secure.port" default="8443" /> > </Set> > <Set name="outputBufferSize">32768</Set> > <Set name="requestHeaderSize">8192</Set> > <Set name="responseHeaderSize">8192</Set> > <Set name="sendServerVersion">true</Set> > <Set name="sendDateHeader">false</Set> > <Set name="headerCacheSize">512</Set> > </New> > <!-- =========================================================== --> > <!-- Special server connectors --> > <!-- =========================================================== --> > <!-- This is a sample for alternative connectors, enable if needed --> > <!-- =========================================================== --> > <!-- > <Call name="addConnector"> > <Arg> > <New class="org.eclipse.jetty.server.ServerConnector"> > <Arg name="server"> > <Ref refid="Server" /> > </Arg> > <Arg name="factories"> > <Array type="org.eclipse.jetty.server.ConnectionFactory"> > <Item> > <New > class="org.eclipse.jetty.server.HttpConnectionFactory"> > <Arg name="config"> > <Ref refid="httpConfig" /> > </Arg> > </New> > </Item> > </Array> > </Arg> > <Set name="host"> > <Property name="jetty.host" default="localhost" /> > </Set> > <Set name="port"> > <Property name="jetty.port" default="8282" /> > </Set> > <Set name="idleTimeout"> > <Property name="http.timeout" default="30000" /> > </Set> > <Set name="name">jettyConn1</Set> > </New> > </Arg> > </Call> > --> > <!-- =========================================================== --> > <!-- Configure Authentication Realms --> > <!-- Realms may be configured for the entire server here, or --> > <!-- they can be configured for a specific web app in a context --> > <!-- configuration (see $(jetty.home)/contexts/test.xml for an --> > <!-- example). --> > <!-- =========================================================== --> > <Call name="addBean"> > <Arg> > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > <Set name="name">default</Set> > <Set name="loginModuleName">karaf</Set> > <Set name="roleClassNames"> > <Array type="java.lang.String"> > > <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal > </Item> > </Array> > </Set> > </New> > </Arg> > </Call> > </Configure> > {code} > With Karaf 4.2.9 and Camel 3.4.0 I'm getting an error when removing one of > the Tags "<Call name="addBean"> ..". See the log file below > {code:java} > 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted > | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could > not start the servlet context for context path [] > java.lang.SecurityException: AuthConfigFactory error: > java.lang.ClassNotFoundException: > org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by > org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169] > at > javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) > ~[?:?] > at > org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) > ~[?:?] > at > org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) > ~[?:?] > at > org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > ~[?:?] > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) > ~[?:?] > at > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > ~[?:?] > at > org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > ~[?:?] > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) > ~[?:?] > at > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > ~[?:?] > at > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) > ~[?:?] > at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > ~[?:?] > at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) > ~[?:?] > at > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > ~[?:?] > at > org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) > [!/:?] > at > org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) > [!/:?] > at > org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) > [!/:?] > at > org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) > [!/:?] > at > Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source) > [?:?] > at > org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) > [!/:3.4.0] > at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[?:?] > at > jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > ~[?:?] > at > jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[?:?] > at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > at > org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) > [!/:1.10.2] > at > org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) > [!/:1.10.2] > at java.util.concurrent.FutureTask.run(FutureTask.java:264) > [?:?] > at > org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) > [!/:1.10.2] > at > org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) > [!/:1.10.2] > at > org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) > [!/:1.10.2] > at > org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) > [!/:1.10.2] > at > org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) > [!/:1.10.2] > at > org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) > [!/:1.10.2] > at > org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) > [!/:1.10.2] > at > org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) > [org.apache.felix.framework-5.6.12.jar:?] > at > org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) > [org.apache.felix.framework-5.6.12.jar:?] > at > org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) > [org.apache.felix.framework-5.6.12.jar:?] > at > org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) > [org.apache.felix.framework-5.6.12.jar:?] > at > org.apache.felix.framework.Felix.startBundle(Felix.java:2174) > [org.apache.felix.framework-5.6.12.jar:?] > at > org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) > [org.apache.felix.framework-5.6.12.jar:?] > at > org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) > [org.apache.felix.framework-5.6.12.jar:?] > at java.lang.Thread.run(Thread.java:834) [?:?] > Caused by: java.lang.ClassNotFoundException: > org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by > org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169] > at > org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) > ~[?:?] > at > org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) > ~[?:?] > at > org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) > ~[?:?] > at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?] > at java.lang.Class.forName0(Native Method) ~[?:?] > at java.lang.Class.forName(Class.java:398) ~[?:?] > at > org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) > ~[?:?] > at > javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) > ~[?:?] > at java.security.AccessController.doPrivileged(Native Method) > ~[?:?] > at > javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) > ~[?:?] > ... 62 more > {code} > Seems that relates to a pax-web issue in combination with the Jetty server > (that has been updated in Karaf 4.2.9). > If needed I can provide a ready to run docker image based on Karaf 4.2.9 and > Camel 3.4.0 for testing. > Best > Gerald > -- This message was sent by Atlassian Jira (v8.3.4#803005)