Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
> fpapon : > Hi, > Thanks for the issue on Shiro, I will take a look. This was quick, thanks! :-)
Realm created via jaas:realm-add go away after karaf restart
Karaf 4.4.5 JVM OpenJDK 64-Bit Server VM version 11.0.2+9 A realm created via jaas:realm-add is not listed after karaf restart. This may be related to KARAF-7602. - Create the realm using the following commands: jaas:realm-add myrealm org.apache.karaf.jaas.modules.properties.PropertiesLoginModule users "etc/bugdataRestUser.properties" jaas:realm-manage --realm myrealm --module org.apache.karaf.jaas.modules.properties.PropertiesLoginModule jaas:update - The command jaas:realm-list will include the realm myrealm karaf@root()> jaas:realm-list Index │ Realm Name │ Login Module Class Name ──┼┼─── 1 │ karaf │ org.apache.karaf.jaas.modules.properties.PropertiesLoginModule 2 │ karaf │ org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule 3 │ karaf │ org.apache.karaf.jaas.modules.audit.FileAuditLoginModule 4 │ karaf │ org.apache.karaf.jaas.modules.audit.LogAuditLoginModule 5 │ karaf │ org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule 6 │ myrealm│ org.apache.karaf.jaas.modules.properties.PropertiesLoginModule - Restart the karaf instance The new realm is not listed by the command jaas:realm-list karaf@root()> jaas:realm-list Index │ Realm Name │ Login Module Class Name ──┼┼─── 1 │ karaf │ org.apache.karaf.jaas.modules.properties.PropertiesLoginModule 2 │ karaf │ org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule 3 │ karaf │ org.apache.karaf.jaas.modules.audit.FileAuditLoginModule 4 │ karaf │ org.apache.karaf.jaas.modules.audit.LogAuditLoginModule 5 │ karaf │ org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule karaf@root()> Is this bug? Paul Spencer
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
Hi, Thanks for the issue on Shiro, I will take a look. regards, François On 30/01/2024 19:27, Steinar Bang wrote: Paul Spencer : Apologies for misspelling your name. No worries! :-) (but since I'm a nit picker I couldn't help myself when I saw it the second time, sorry about that!) I have not opened an issue related to the dependencies. https://github.com/apache/shiro/issues/1300 -- -- François
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
> Paul Spencer : > Apologies for misspelling your name. No worries! :-) (but since I'm a nit picker I couldn't help myself when I saw it the second time, sorry about that!) > I have not opened an issue related to the dependencies. https://github.com/apache/shiro/issues/1300
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
Steinar, Apologies for misspelling your name. I have not opened an issue related to the dependencies. Paul Spencer > On Jan 30, 2024, at 11:19 AM, Steinar Bang wrote: > >> Paul Spencer : > >> Steiner, > > (ps last "e" is an "a", "Steinar", approximate pronounciation > "Stay-nahr" (with the "r" rolling as in Scots or Spanish or Italian)) ;-) > >> I installed the feature shiro-core and had to add had to install the >> following bundles. >> mvn:commons-collections/commons-collections/3.2.2 >> mvn:commons-beanutils/commons-beanutils/1.9.4 >> mvn:org.apache.shiro/shiro-config-core/1.13.0 > > Thanks! > > Looks like I have added two of them to an authservice feature that is > loaded directly or indirectly by all the users of authservice, which > mean they are always present for other users: > https://github.com/steinarb/authservice/blob/master/authservice/authservice.web.security/src/main/feature/feature.xml#L7 > > (Maybe I should make that dependency more explicit in the other > applications, but they won't work unless authservice is present anyway, > so...? ) > > I do not AFAICT load shiro-config-core. > > Have you opened an issue with Shiro about these bundles missing from the > feature? > > If not, I could do so. > > Thanks! > > > - Steinar >
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
> Paul Spencer : > Steiner, (ps last "e" is an "a", "Steinar", approximate pronounciation "Stay-nahr" (with the "r" rolling as in Scots or Spanish or Italian)) ;-) > I installed the feature shiro-core and had to add had to install the > following bundles. >mvn:commons-collections/commons-collections/3.2.2 >mvn:commons-beanutils/commons-beanutils/1.9.4 >mvn:org.apache.shiro/shiro-config-core/1.13.0 Thanks! Looks like I have added two of them to an authservice feature that is loaded directly or indirectly by all the users of authservice, which mean they are always present for other users: https://github.com/steinarb/authservice/blob/master/authservice/authservice.web.security/src/main/feature/feature.xml#L7 (Maybe I should make that dependency more explicit in the other applications, but they won't work unless authservice is present anyway, so...? ) I do not AFAICT load shiro-config-core. Have you opened an issue with Shiro about these bundles missing from the feature? If not, I could do so. Thanks! - Steinar
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
Steiner, I installed the feature shiro-core and had to add had to install the following bundles. mvn:commons-collections/commons-collections/3.2.2 mvn:commons-beanutils/commons-beanutils/1.9.4 mvn:org.apache.shiro/shiro-config-core/1.13.0 Paul Spencer > On Jan 30, 2024, at 8:48 AM, Steinar Bang wrote: > >> Paul Spencer : > >> Steiner, >> Just a followup: > >> - The Shiro 1.13.0 feature is missing required Shiro and Apache commons >> bundles, which may be resolved in 2.0 alpha, as well as the config package >> is split across multiple bundles, described in SHIRO-654 and also resolved >> in 2.0 alpha. So despite your examples, I was not able to get version 1.13.0 >> working. > > Hi, > > Do you have a list of the missing dependencies in the shiro 1.13.0 feature? > > Ie, groupId/artifactId/version for the missing dependencies? > > (I wonder why I haven't run into that? Or if I have: how I've fixed it (and > forgot about it...)?) >
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
FWIW what I do (in all of the examples I listed), is to create a DS @Component providing a ServletContextHelper service, like so: https://github.com/steinarb/oldalbum/blob/master/oldalbum.web.security/src/main/java/no/priv/bang/oldalbum/web/security/OldAlbumServletContextHelper.java#L22 Then I use the ServletContext resulting from that, both for the frontend https://github.com/steinarb/oldalbum/blob/master/oldalbum.web.frontend/src/main/java/no/priv/bang/oldalbum/web/frontend/OldalbumServlet.java#L46 and the REST API https://github.com/steinarb/oldalbum/blob/master/oldalbum.web.api/src/main/java/no/priv/bang/oldalbum/web/api/OldAlbumWebApiServlet.java#L33 and then the shiro authentication automagically works for both. (The JerseyServlet is my own home cooked wrapper that makes injected OSGi services available as HK2 injected services in Jersey)
Re: How do I protect a OSGi JAX-RS whiteboard REST service using Basic Authentication?
> Paul Spencer : > Steiner, > Just a followup: > - The Shiro 1.13.0 feature is missing required Shiro and Apache commons > bundles, which may be resolved in 2.0 alpha, as well as the config package is > split across multiple bundles, described in SHIRO-654 and also resolved in > 2.0 alpha. So despite your examples, I was not able to get version 1.13.0 > working. Hi, Do you have a list of the missing dependencies in the shiro 1.13.0 feature? Ie, groupId/artifactId/version for the missing dependencies? (I wonder why I haven't run into that? Or if I have: how I've fixed it (and forgot about it...)?)