Hi: I have similar concerns. I wanted to protect a particular endpoint. Here's what I have done, so far:
// pom file <build> <plugins> <plugin> <groupId>org.apache.felix</groupId> <artifactId>maven-bundle-plugin</artifactId> <version>3.3.0</version> <inherited>true</inherited> <extensions>true</extensions> <configuration> <instructions> <Web-ContextPath>/management</Web-ContextPath> <Private-Package>*</Private-Package> <Include-Resource>src</Include-Resource> <_wab>src/main/webapp</_wab> </instructions> </configuration> </plugin> </plugins> </build> and, as per the suggestion from JB in previous post on this thread, I added following in src/main/webapp/WEB-INF/web.xml. I am trying to protect http://localhost:8181/management/ endpoint. <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <display-name>PRS-EAI Monitoring Console</display-name> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <security-constraint> <display-name>authenticated</display-name> <web-resource-collection> <web-resource-name>management</web-resource-name> <description/> <url-pattern>/management/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>karaf</realm-name> </login-config> <security-role> <description/> <role-name>user</role-name> </security-role> </web-app> I checked few examples from pax-web as well. Did I do something wrong? Regards, Cooshal. -- Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html