Hi Alex, a wab is nothing else then a war which is already contains the required Web-ApplicationContext parameter. That's the only difference, and the sample is actually the same ;)
Needed to look this up from the "Apache Karaf Cookbook" :) (it's been a while I did write this and the code in pax-web) First you need to configure your web-container to use the jaas service of the surrounding Karaf. For Jetty this is something like the following: https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/pax-web-itest/pax-web-itest-karaf/src/test/resources/jetty.xml#L53-L65 <Call name="addBean"> <Arg> <New class="org.eclipse.jetty.jaas.JAASLoginService"> <Set name="name">karaf</Set> <Set name="loginModuleName">karaf</Set> <Set name="roleClassNames"> <Array type="java.lang.String"> <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item> </Array> </Set> </New> </Arg> </Call> Second, you need to configure this realm in your WAB/WAR with its corresponding web.xml: https://github.com/ops4j/org.ops4j.pax.web/blob/90ca0dab311c78bfc2c39655547a7dcfd90d3ad4/samples/war-formauth/src/main/webapp/WEB-INF/web.xml#L98-L119 <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <description>Protect the Example Servlet</description> <url-pattern>/wc/example</url-pattern> </web-resource-collection> <auth-constraint> <description>Authorized Users Group</description> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>Test Role</description> <role-name>admin</role-name> </security-role> best regards, Achim P.S. here is the sample from the Apache Karaf Cookbook: https://github.com/jgoodyear/ApacheKarafCookbook/tree/master/chapter4/chapter4-recipe7 Am Mo., 11. Mai 2020 um 15:17 Uhr schrieb Alex Soto <alex.s...@envieta.com>: > Ok, I am not having good luck with this. Using the realm “karaf” and BASIC > authentication. > Mind that my artifact is a WAB, not a WAR. > > My web.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>Karaf</realm-name> > </login-config> > > <security-role> > <role-name>admin</role-name> > </security-role> > > > Error: > > > 9:13:05.881 ERROR [paxweb-extender-3-thread-2] Error deploying web > application > java.lang.IllegalStateException: No LoginService > for org.eclipse.jetty.security.authentication.BasicAuthenticator@22444ea2 > in ConstraintSecurityHandler@17b84a6e{STARTING} > at > org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) > ~[?:?] > at > org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) > ~[?:?] > at > org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > ~[?:?] > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > ~[?:?] > at > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > ~[?:?] > at > org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > ~[?:?] > at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > ~[?:?] > at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > ~[?:?] > at > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > ~[?:?] > at > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) > ~[?:?] > at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > ~[?:?] > at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) > ~[?:?] > at > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > ~[?:?] > at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > ~[?:?] > at > org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > ~[?:?] > at > org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) > ~[?:?] > at > org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) > ~[?:?] > at > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) > ~[osgi.core-6.0.0.jar:?] > at > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) > ~[osgi.core-6.0.0.jar:?] > at > org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) > ~[osgi.core-6.0.0.jar:?] > at > org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) > ~[osgi.core-6.0.0.jar:?] > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) > ~[osgi.core-6.0.0.jar:?] > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) > ~[osgi.core-6.0.0.jar:?] > at > org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) > ~[?:?] > at > org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) > ~[?:?] > > at > org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) > ~[?:?] > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > [?:1.8.0_171] > at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_171] > > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > [?:1.8.0_171] > > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > [?:1.8.0_171] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > [?:1.8.0_171] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > [?:1.8.0_171] > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] > > > > Best regards, > Alex soto > > > > > On May 11, 2020, at 8:36 AM, Alex Soto <alex.s...@envieta.com> wrote: > > Ok I saw it now, it was hidden: > > <realm-name>Test Realm</realm-name> > > > Best regards, > Alex soto > > > > > On May 11, 2020, at 8:31 AM, Alex Soto <alex.s...@envieta.com> wrote: > > Thanks Achin and JB, > > I looked at that example, but that is is WAR, and I am looking for WAB > example. Still, in the ‘web.xml’ file there is no reference to JAAS > realm. Where do you indicate the realm name? (I have my own realm separate > from the default Karaf one). > > Actually, it is not fun having to guess all this basic stuff, and also a > productivity drain, I am sorry to say. > > > Best regards, > Alex soto > > On May 11, 2020, at 3:12 AM, Jean-Baptiste Onofre <j...@nanthrax.net> wrote: > > No rush, I think it’s easier for our users to find "how to" ;) > > Thanks ! > Regards > JB > > Le 11 mai 2020 à 09:09, Achim Nierbeck <bcanh...@googlemail.com> a écrit : > > Sure .. > maybe I find some time during this week to create this there ;) > > regards, Achim > > p.s. this just reminds me, that those samples are also in the "Apache > Karaf Cookbook" :) > > Am Mo., 11. Mai 2020 um 06:32 Uhr schrieb Jean-Baptiste Onofre < > j...@nanthrax.net>: > >> Maybe worth to add this in the Karaf wab example as well. >> >> I will. >> >> Regards >> JB >> >> Le 10 mai 2020 à 13:45, Achim Nierbeck <bcanh...@googlemail.com> a écrit >> : >> >> Hi, >> >> there is a sample app for Pax-Web, which is also used in the test-suite: >> >> https://github.com/ops4j/org.ops4j.pax.web/tree/master/samples/war-authentication >> And actually you just need to reference the jaas of the surrounding Karaf >> instance in your web.xml file. >> >> regards, Achim >> >> >> >> Am Fr., 8. Mai 2020 um 18:41 Uhr schrieb Alex Soto <alex.s...@envieta.com >> >: >> >>> Hello, >>> >>> Is there a good tutorial or documentation on how to protect a WAB (Web >>> Application Bundle) with JAAS authentication? >>> My Karaf version is 4.2.8. Documentation here >>> https://karaf.apache.org/manual/latest/webcontainer is scarce, only >>> referring to Jetty global config, (even that failed for me). I have >>> multiple WABs and WARs in the same Karaf container, and I don’t want to >>> apply the same JAAS authentication to all of them. From the comment: >>> >>> <!-- =========================================================== --> >>> <!-- Configure Authentication Realms --> >>> <!-- Realms may be configured for the entire server here, or --> >>> <!-- they can be configured for a specific web app in a context --> >>> <!-- configuration (see $(jetty.home)/contexts/test.xml for an --> >>> <!-- example). --> >>> <!-- =========================================================== —> >>> >>> It looks like is a way ($(jetty.home)/contexts/test.xml ). But this is >>> unclear on how to apply, and it is Jetty specific. >>> My preference is for a Jetty agnostic way, for portability reasons. >>> (Maybe Karaf will change to Undertow in the future) >>> >>> >>> Best regards, >>> Alex soto >>> >>> >>> >>> >>> >> >> -- >> >> Apache Member >> Apache Karaf <http://karaf.apache.org/> Committer & PMC >> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer >> & Project Lead >> blog <http://notizblog.nierbeck.de/> >> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> >> >> >> > > -- > > Apache Member > Apache Karaf <http://karaf.apache.org/> Committer & PMC > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & > Project Lead > blog <http://notizblog.nierbeck.de/> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS> > > > > > > -- Apache Member Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead blog <http://notizblog.nierbeck.de/> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
