Hi Alex, you're absolutely right. We ended up for the moment with one Blueprint DSL file that contains the security handler configuration with multiple constraints (for different paths) and one route as kind of a "heartbeat" listening on the port and get assigned the security handler.
All the other routes in separate Blueprint DSL files have a camel-jetty consumer on the same port as above. The security handler is already assigned. The disadvantage is that a new route with a new path requires a change and re-deployment of the security handler configuration Blueprint DSL file. I'll check the other link you provided, thanks for that. We're also investigating in camel-servlet. I think the use case is quite common (on listener on one port, multiple URIs (paths) with different auth). So far there must exist a valid solution for. Best - Gerald > Alex Soto <alex.s...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben: > > > Re-sending to group > > > > > > On May 13, 2020, at 9:38 AM, Alex Soto <alex.s...@envieta.com> wrote: > > Thank you Gerald, I appreciate the link. > > > > I was starting going that route, but it is not optimal, because I have more > > than one bundle that expose HTTP endpoints, and it is wasteful for each one > > to run their own Jetty instance. Same thing with authentication, I want to > > leverage the Karaf built in JAAS support, instead of recreating it. To this > > point, I have been able to leverage a single Jetty instance that is managed > > by PAX-WEB, but adding authentication is proving to be impossible. > > > > > > Best regards, > > Alex soto > > > > > > > > > > > > > On May 12, 2020, at 5:10 PM, Gerald Kallas <catsh...@mailbox.org> wrote: > > > Hi Alex, > > > > > > we did make some experience with TLS and basic authentication on HTTP > > > consumers in between (and with the help of this mailing list). > > > > > > I started a article series on my blog, see > > > > > > https://www.catshout.de/?p=161 > > > > > > for a single HTTP consumer with TLS and basic authentication enabled. > > > It's based on camel-jetty. All examples are written in Blueprint DSL. > > > Hope this helps a bit. Feel free to comment. > > > > > > I'll proceed with a REST API secured in same manner and some discussions > > > about the limitations and options. > > > > > > Best > > > - Gerald > > > > > > > > > > Alex Soto <alex.s...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben: > > > > > > > > > > > > This threads talks about the need to : > > > > > > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html > > > > > > > > Quote: > > > > > > > > > > > > > > > > > you need to use the OSGi HTTP service > > > > > api to properly configure the security bits (by implementing > > > > > org.osgi.service.http.HttpContext interface). > > > > > > > > > > > > > > > > Are there any examples of this? > > > > > > > > Best regards, > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <alex.s...@envieta.com> wrote: > > > > > Thanks, JB. > > > > > > > > > > I found the problem was, a typo in the `realm-name` in the web.xml > > > > > file. It appears to be case-sensitive. I had: > > > > > > > > > > <login-config> > > > > > <auth-method>BASIC</auth-method> > > > > > <realm-name>Karaf</realm-name> > > > > > </login-config> > > > > > > > > > > > > > > > But in the jetty.xml: > > > > > > > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > > > > > <Set name="name">karaf</Set> > > > > > > > > > > > > > > > So I think it could not match the `Karaf` in the Web.xml to the > > > > > `karaf` in the Jetty.xml. > > > > > I wish the error message was more explicit. Anyway, now the web app > > > > > is properly initialized, BUT… the security constraint is not being > > > > > applied to my Camel Rest services, only to the ‘/admin’. URL. > > > > > For example: > > > > > > > > > > http://localhost:8181/admin/api/rest/executions > > > > > > > > > > Does not prompt for a password, it successfully returns the data from > > > > > the Camel Rest DSL route. And this url > > > > > > > > > > http://localhost:8181/admin > > > > > > > > > > is protected with basic authentication, so the browser prompts me for > > > > > the user name and password. > > > > > > > > > > What I need is protect everything starting with '/admin’ > > > > > > > > > > Any ideas? > > > > > > > > > > Best regards, > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre > > > > > > <j...@nanthrax.net> wrote: > > > > > > Hi, > > > > > > > > > > > > It sounds like a class loader issue, so possible. > > > > > > > > > > > > Let me add an example in Karaf showing basic auth. > > > > > > > > > > > > Regards > > > > > > JB > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <alex.s...@envieta.com> a écrit > > > > > > > : > > > > > > > I found that I have multiple versions of Jetty deployed in Karaf, > > > > > > > that is: 9.4.20.v20190813, and 9.4.22.v20191022 > > > > > > > Would this be the reason for the following exception: > > > > > > > > > > > > > > 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | > > > > > > > WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - > > > > > > > 7.2.14 | Error deploying web application > > > > > > > java.lang.IllegalStateException: No LoginService for > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 > > > > > > > in ConstraintSecurityHandler@64779d1e{STARTING} > > > > > > > at > > > > > > > org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > at > > > > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > at > > > > > > > org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > at > > > > > > > org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > at > > > > > > > org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > at > > > > > > > org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) > > > > > > > ~[?:?] > > > > > > > at > > > > > > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > > > > > > [?:1.8.0_171] > > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > > > > > > [?:1.8.0_171] > > > > > > > at > > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > > > > > > > [?:1.8.0_171] > > > > > > > at > > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > > > > > > > [?:1.8.0_171] > > > > > > > at > > > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > > > > > > [?:1.8.0_171] > > > > > > > at > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > > > > > > [?:1.8.0_171] > > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto <alex.s...@envieta.com> > > > > > > > > wrote: > > > > > > > > A little more info. The class appears in many bundles: > > > > > > > > > > > > > > > > > > > > > > > > karaf@root()> bundle:find-class > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > > > Jetty :: Security (229) > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > Jetty :: Security (230) > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > Jetty :: JASPI Security (231) > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > Jetty :: JASPI Security (232) > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > OPS4J Pax Web - Jetty (309) > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto > > > > > > > > > <alex.s...@envieta.com> wrote: > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
