Hi all! Yes! I've followed the both advices and it works! I've been able to turn basic authentication on simply and quickly by dropping a web.xml into the jar of my wab.
I'm trying to find a satisfying project setup to deploy a Polymer web application in Karaf, if I get good results I'll then share some hints. Thank you again, Cristiano Il giorno sab 29 apr 2017 alle 09:39 Achim Nierbeck <bcanh...@googlemail.com> ha scritto: > Hi Christiano, > > you could try with a servlet filter, though since you already have a > Web-ContextPath you are actually already using the WAB approach. > With Pax-Web the file-extension actually doesn't matter. So if you just > add a web.xml to it you should be safe to use the default jaas mechanism > provided by karaf and pax-web/jetty at that point. > > regards, Achim > > > 2017-04-29 9:17 GMT+02:00 Cristiano Costantini < > cristiano.costant...@gmail.com>: > >> Hello Jean-Baptiste an thank you for the reply! >> >> your approach would be great as I just need the quickest way to protect >> the access with a username and password. >> >> The problem is that the application is not a WAR, it is just a bundle >> with the <Web-ContextPath> that publish HTML/Javascript/CSS resources >> plus a Servlet registered via spring.xml with <osgi:service >> interface="javax.servlet.http.HttpServlet" ref="myServlet"> so I don't have >> a web.xml >> >> For the moment I will try to enable http basic auth for the urls by >> changing the main karaf's jetty.xml file, this is ok to satisfy my short >> term needs. >> >> If you have in mind any idea to enable security-constraint from within >> the bundle (without touching the karaf's jetty.xml) when you don't have a >> web.xml, I'll be glad to know it as I would prefer not to touch the >> configuration of karaf. >> >> Thank you >> Cristiano >> >> >> Il giorno sab 29 apr 2017 alle ore 06:54 Jean-Baptiste Onofré < >> j...@nanthrax.net> ha scritto: >> >>> Hi Cristiano, >>> >>> It depends if you want to use leverage the authentication/authorization >>> to >>> access to a pattern/url or if you want to use JAAS internally to your >>> application with a subject. >>> >>> Basically, imagine you have your servlet where you defined the pattern >>> to /foo >>> (via the service properties if you use the http-whiteboard for instance). >>> >>> Then, you can define the security constraint in jetty.xml or in your >>> configuration. >>> >>> If you package as a war, you can use a web.xml similar to: >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" >>> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee >>> http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> >>> <display-name>cristiano_application</display-name> >>> <welcome-file-list> >>> <welcome-file>index.jsp</welcome-file> >>> </welcome-file-list> >>> <security-constraint> >>> <display-name>authenticated</display-name> >>> <web-resource-collection> >>> <web-resource-name>All files</web-resource-name> >>> <description/> >>> <url-pattern>/*</url-pattern> >>> </web-resource-collection> >>> <auth-constraint> >>> <description/> >>> <role-name>user</role-name> >>> </auth-constraint> >>> </security-constraint> >>> <login-config> >>> <auth-method>BASIC</auth-method> >>> <realm-name>karaf</realm-name> >>> </login-config> >>> <security-role> >>> <description/> >>> <role-name>user</role-name> >>> </security-role> >>> </web-app> >>> >>> Then, the access to any servlet (/*) in your application will be secure >>> using >>> the karaf JAAS realm. >>> >>> Regards >>> JB >>> >>> On 04/28/2017 12:58 PM, Cristiano Costantini wrote: >>> > Hello All, >>> > >>> > How can I implement a Basic HTTP Authentication similar to the one use >>> by Karaf >>> > WebConsole (which I understand uses Jaas) to protect access to HTTP >>> resources in >>> > Karaf? >>> > >>> > thanks >>> > Cristiano >>> >>> -- >>> Jean-Baptiste Onofré >>> jbono...@apache.org >>> http://blog.nanthrax.net >>> Talend - http://www.talend.com >>> >> > > > -- > > Apache Member > Apache Karaf <http://karaf.apache.org/> Committer & PMC > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & > Project Lead > blog <http://notizblog.nierbeck.de/> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> > > Software Architect / Project Manager / Scrum Master > >