Hi Alex, we did make some experience with TLS and basic authentication on HTTP consumers in between (and with the help of this mailing list).
I started a article series on my blog, see https://www.catshout.de/?p=161 for a single HTTP consumer with TLS and basic authentication enabled. It's based on camel-jetty. All examples are written in Blueprint DSL. Hope this helps a bit. Feel free to comment. I'll proceed with a REST API secured in same manner and some discussions about the limitations and options. Best - Gerald > Alex Soto <alex.s...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben: > > > This threads talks about the need to : > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html > > Quote: > > > > you need to use the OSGi HTTP service > > api to properly configure the security bits (by implementing > > org.osgi.service.http.HttpContext interface). > > > > Are there any examples of this? > > Best regards, > Alex soto > > > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <alex.s...@envieta.com> wrote: > > Thanks, JB. > > > > I found the problem was, a typo in the `realm-name` in the web.xml file. It > > appears to be case-sensitive. I had: > > > > <login-config> > > <auth-method>BASIC</auth-method> > > <realm-name>Karaf</realm-name> > > </login-config> > > > > > > But in the jetty.xml: > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > > <Set name="name">karaf</Set> > > > > > > So I think it could not match the `Karaf` in the Web.xml to the `karaf` in > > the Jetty.xml. > > I wish the error message was more explicit. Anyway, now the web app is > > properly initialized, BUT… the security constraint is not being applied to > > my Camel Rest services, only to the ‘/admin’. URL. > > For example: > > > > http://localhost:8181/admin/api/rest/executions > > > > Does not prompt for a password, it successfully returns the data from the > > Camel Rest DSL route. And this url > > > > http://localhost:8181/admin > > > > is protected with basic authentication, so the browser prompts me for the > > user name and password. > > > > What I need is protect everything starting with '/admin’ > > > > Any ideas? > > > > Best regards, > > Alex soto > > > > > > > > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <j...@nanthrax.net> > > > wrote: > > > Hi, > > > > > > It sounds like a class loader issue, so possible. > > > > > > Let me add an example in Karaf showing basic auth. > > > > > > Regards > > > JB > > > > > > > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <alex.s...@envieta.com> a écrit : > > > > I found that I have multiple versions of Jetty deployed in Karaf, that > > > > is: 9.4.20.v20190813, and 9.4.22.v20191022 > > > > Would this be the reason for the following exception: > > > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | > > > > WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - 7.2.14 > > > > | Error deploying web application > > > > java.lang.IllegalStateException: No LoginService for > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 > > > > in ConstraintSecurityHandler@64779d1e{STARTING} > > > > at > > > > org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > > > > ~[?:?] > > > > at > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) > > > > ~[?:?] > > > > at > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) > > > > ~[osgi.core-6.0.0.jar:?] > > > > at > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) > > > > ~[osgi.core-6.0.0.jar:?] > > > > at > > > > org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) > > > > ~[osgi.core-6.0.0.jar:?] > > > > at > > > > org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) > > > > ~[osgi.core-6.0.0.jar:?] > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) > > > > ~[osgi.core-6.0.0.jar:?] > > > > at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) > > > > ~[osgi.core-6.0.0.jar:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) > > > > ~[?:?] > > > > at > > > > org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) > > > > ~[?:?] > > > > at > > > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > > > [?:1.8.0_171] > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > > > [?:1.8.0_171] > > > > at > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > > > > [?:1.8.0_171] > > > > at > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > > > > [?:1.8.0_171] > > > > at > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > > > [?:1.8.0_171] > > > > at > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > > > [?:1.8.0_171] > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] > > > > > > > > > > > > > > > > > > > > Best regards, > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <alex.s...@envieta.com> wrote: > > > > > A little more info. The class appears in many bundles: > > > > > > > > > > > > > > > karaf@root()> bundle:find-class > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > Jetty :: Security (229) > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > Jetty :: Security (230) > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > Jetty :: JASPI Security (231) > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > Jetty :: JASPI Security (232) > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > OPS4J Pax Web - Jetty (309) > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto <alex.s...@envieta.com> > > > > > > wrote: > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > >