>>>>> cooshal <kushal.gau...@gmail.com>: > Hi: > I have a sample web application, which I need to be protected by > authentication, just the way it does for Hawtio or other similar > applications.
> I have my sample code here > (https://github.com/cooshal/karaf-assembly-jms/tree/master/modules/web-console). > t's an extremely basic web app with an index.html. The endpoint will be > exposed to /management/. I am trying to use it with the maven-bundle-plugin. > I had followed few examples from pax-web project. I've written this: https://github.com/steinarb/authservice You can try it out by doing the following commands from the karaf command line: feature:repo-add mvn:no.priv.bang.authservice/authservice/LATEST/xml/features feature:install user-admin-with-derby This will add an authservice webapp at http://localhost:8181/authservice You can log in with e.g. admin/admin or jad/1ad (the "admin" user has user administration privileges). The webapp is running from a derby database initialized with dummy data. To use this as authentication for a different web application you currently have to access the web application to a reverse proxy that can rewrite the cookie path for the authentication cookies. I have setup for nginx in the README, but I'm sure apache can be used as well. In the web application you will need to use apache shiro and accept OSGi service injections for the Realm and SessionDAO interfaces.