Overriding Webapp-Context from WAB by deploy

[Graus, Rastislav]

Hallo everybody.

I'm trying to deploy WAB (Web Application Bundle) into Karaf container (series 
4.2.x) with different context root as defined in propert Webapp-Context in 
manifest file of WAB.
More specific I need to deploy hawtio console in Karaf container with more 
specific context root (not /hawtio but /-howtio) to hide it 
behind proxy.
I wrapped the bundle using wrap protocol wit changed property, but without 
success.

Can anybody help me please?

Best regards.
Rastislav Graus

Re: aries-jax-rs-whiteboard

[João Assunção]

Hello Matthias,

Regarding authentication I normally use a ContainerRequestFilter.
Follows an example of a filter where authentication is done using a JWT
token.
It uses JwtService that is responsible for creating and validating tokens.
It uses jose4j.


@Secured
> @Provider
> @Priority(Priorities.AUTHENTICATION)
> @Component(scope = ServiceScope.PROTOTYPE, //
> service = { ContainerRequestFilter.class }, //
> property = {
> JaxrsWhiteboardConstants.JAX_RS_EXTENSION + "=" + true, //
> JaxrsWhiteboardConstants.JAX_RS_NAME + "=" +
> "TokenAuthenticationFilter", //
> Constants.JAX_RS_APPLICATION_SELECT, //
> })
> public class TokenAuthenticationFilter implements ContainerRequestFilter {
>
> private static final Logger LOGGER =
> LoggerFactory.getLogger(TokenAuthenticationFilter.class);
>
> private static final String AUTHENTICATION_SCHEME = "Bearer";
>
> private static final String AUTHENTICATION_SCHEME_PREFIX =
> AUTHENTICATION_SCHEME + " ";
>
> @Reference(cardinality = ReferenceCardinality.MANDATORY)
> JwtService jwtService;
>
> @Context
> private ResourceInfo resourceInfo;
>
> @Override
> public void filter(ContainerRequestContext requestContext) throws
> IOException {
>
> // Get the Authorization header from the request
> String authorizationHeader =
> requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
> LOGGER.debug("authorizationHeader {}", authorizationHeader);
> // Validate the Authorization header
> if (!isTokenBasedAuthentication(authorizationHeader)) {
> LOGGER.info("Missing auth token. Aborting");
> abortWithUnauthorized(requestContext);
> return;
> }
> // Extract the token from the Authorization header
> final String token =
> authorizationHeader.substring(AUTHENTICATION_SCHEME_PREFIX.length());
> try {
> // Validate the token. An exception will be thrown if invalid
> SubjectDetails subjectDetails =
> jwtService.validateToken(token);
> LOGGER.debug("Token for subject {} accepted",
> subjectDetails.getId());
> initSecurityContext(requestContext, subjectDetails);
> Permission requiredPermission =
> getPermissionForResource(resourceInfo);
> if (!subjectDetails.hasPermission(requiredPermission)) {
> LOGGER.debug("subject {} lack permission {}",
> subjectDetails.getId(), requiredPermission);
> abortWithForbidden(requestContext);
> }
> }
> catch (AuthenticationException e) {
> LOGGER.trace("Ignored", e);
> LOGGER.info("Token validation failed. Aborting");
> abortWithUnauthorized(requestContext);
> }
> }
>
> /**
>  * @param requestContext
>  * @param subjectDetails
>  */
> private void initSecurityContext(ContainerRequestContext
> requestContext, SubjectDetails subjectDetails) {
>
> final SecurityContext currentSecurityContext =
> requestContext.getSecurityContext();
> boolean secure = currentSecurityContext.isSecure();
> requestContext.setSecurityContext(new
> InternalSecurityContext(subjectDetails, secure));
>
> }
>
> private boolean isTokenBasedAuthentication(String authorizationHeader)
> {
>
> // Check if the Authorization header is valid
> // It must not be null and must be prefixed with "Bearer" plus a
> // whitespace
> // The authentication scheme comparison must be case-insensitive
> return StringUtils.startsWithIgnoreCase(authorizationHeader,
> AUTHENTICATION_SCHEME_PREFIX);
> }
>
> private void abortWithUnauthorized(ContainerRequestContext
> requestContext) {
>
> // Abort the filter chain with a 401 status code response
> // The WWW-Authenticate header is sent along with the response
> requestContext.abortWith(
> Response.status(Response.Status.UNAUTHORIZED)
> .header(HttpHeaders.WWW_AUTHENTICATE,
> AUTHENTICATION_SCHEME + " realm=\"" +
> Constants.APP_NAME + "\"")
> .build());
> }
>
> private void abortWithForbidden(ContainerRequestContext
> requestContext) {
>
>
> requestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
> }
>
> static Permission getPermissionForResource(ResourceInfo resourceInfo) {
>
> Permission permission =
> extractPermission(resourceInfo.getResourceMethod());
> if (permission != null) {
> return permission;
> }
> permission = extractPermission(resourceInfo.getResourceClass());
> return permission;
>
> }
>
> // Extract Permission from the annotated element
> static Permission extractPermission(AnnotatedElement annotatedElement)
> {
>
> if (annotatedElem

Re: aries-jax-rs-whiteboard

[Jean-Baptiste Onofré]

Hi Matthias,

Which Karaf version are you using ?

Aries JAX RS is tested in Karaf itests but due to some changes in
Aries JAX-RS whiteboard, we didn't update yet.
You can take a look on the example:
https://github.com/apache/karaf/tree/main/examples/karaf-rest-example

I created https://issues.apache.org/jira/browse/KARAF-7455 to upgrade
Aries JAX-RS whiteboard.

Regards
JB

On Wed, Jun 22, 2022 at 9:53 PM Matthias Leinweber
 wrote:
>
> Hello Karaf user,
>
> i try to get aries-jax-rs-whiteboard in a version > 1.0.6 running without 
> success. 2.0.1 with installed cxf is working fine. But in 1.0.7-1.0.10. 
> http:list does not show a servlet and my jaxrs whiteboard resources are not 
> working.
>
> Any hints which component needs to be installed? Reading BNDrun + Components 
> DSL is pretty confusing.
>
> Btw, does anyone have a good example for authentication? Shiro seems to be a 
> bit overkill.
>
> br,
> Matthias