I tested Pax-Web Context Processing as explained here: https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing <https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing>
And it does in fact, work. I was able to add BASIC authentication to my Camel Routes outside of the bundle itself, and using Servlet Rest DSL with Blueprint. I did not need to add a web.xml file. So basically, my Camel Rest DSL is like this: <restConfiguration component="servlet" bindingMode="json" enableCORS="false" skipBindingOnErrorCode="false" clientRequestValidation="true"> <componentProperty key="matchOnUriPrefix" value="true"/> <endpointProperty key="servletName" value=“MyServlet"/> <endpointProperty key="disableStreamCache" value="true"/> <dataFormatProperty key="contentTypeHeader" value="false" /> <dataFormatProperty key="baseUri" value="{{context.path}}{{api.root.path}}" /> </restConfiguration> Register the Camel Servlet: <reference id="httpService" interface="org.osgi.service.http.HttpService" /> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer" init-method="register" destroy-method="unregister"> <property name="servletName" value=“MyServlet"/> <property name="alias" value="#{context.path}#{api.root.path}" /> <property name="httpService" ref="httpService" /> <property name="servlet" ref="camelServlet" /> </bean> Then, add file org.ops4j.pax.web.context-admin.cfg to Karaf’s etc directory. Postfix ‘admin’ can be whatever you want. bundle.symbolicName = <the symbolic name of bundle with Camel routes> login.config.authMethod = BASIC login.config.realmName = karaf context.id = default This solution has important advantages: Only one Jetty instance for all bundles Security is external, at the container level, which means it can be adapted to use a different mechanism without changing the code of the Camel routes. Leverages Karaf’s built in JAAS features. Best regards, Alex soto > On May 13, 2020, at 12:56 PM, Gerald Kallas <catsh...@mailbox.org> wrote: > > As I have only Blueprint DSL routes it would be interesting how to configure > this either in a Blueprint DSL file or globally in a config. > > Best > - Gerald > >> Alex Soto <alex.s...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben: >> >> >> This looks promising: >> >> https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing >> >> >> >> Best regards, >> Alex soto >> >> >> >> >> >>> On May 13, 2020, at 10:26 AM, Alex Soto <alex.s...@envieta.com> wrote: >>> Re-sending to group >>> >>> >>> >>> >>>> On May 13, 2020, at 9:38 AM, Alex Soto <alex.s...@envieta.com> wrote: >>>> Thank you Gerald, I appreciate the link. >>>> >>>> I was starting going that route, but it is not optimal, because I have >>>> more than one bundle that expose HTTP endpoints, and it is wasteful for >>>> each one to run their own Jetty instance. Same thing with authentication, >>>> I want to leverage the Karaf built in JAAS support, instead of recreating >>>> it. To this point, I have been able to leverage a single Jetty instance >>>> that is managed by PAX-WEB, but adding authentication is proving to be >>>> impossible. >>>> >>>> >>>> Best regards, >>>> Alex soto >>>> >>>> >>>> >>>> >>>> >>>>> On May 12, 2020, at 5:10 PM, Gerald Kallas <catsh...@mailbox.org> wrote: >>>>> Hi Alex, >>>>> >>>>> we did make some experience with TLS and basic authentication on HTTP >>>>> consumers in between (and with the help of this mailing list). >>>>> >>>>> I started a article series on my blog, see >>>>> >>>>> https://www.catshout.de/?p=161 >>>>> >>>>> for a single HTTP consumer with TLS and basic authentication enabled. >>>>> It's based on camel-jetty. All examples are written in Blueprint DSL. >>>>> Hope this helps a bit. Feel free to comment. >>>>> >>>>> I'll proceed with a REST API secured in same manner and some discussions >>>>> about the limitations and options. >>>>> >>>>> Best >>>>> - Gerald >>>>> >>>>> >>>>>> Alex Soto <alex.s...@envieta.com> hat am 12. Mai 2020 19:55 geschrieben: >>>>>> >>>>>> >>>>>> This threads talks about the need to : >>>>>> >>>>>> http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html >>>>>> >>>>>> Quote: >>>>>> >>>>>> >>>>>> >>>>>>> you need to use the OSGi HTTP service >>>>>>> api to properly configure the security bits (by implementing >>>>>>> org.osgi.service.http.HttpContext interface). >>>>>> >>>>>> >>>>>> >>>>>> Are there any examples of this? >>>>>> >>>>>> Best regards, >>>>>> Alex soto >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> On May 12, 2020, at 11:42 AM, Alex Soto <alex.s...@envieta.com> wrote: >>>>>>> Thanks, JB. >>>>>>> >>>>>>> I found the problem was, a typo in the `realm-name` in the web.xml >>>>>>> file. It appears to be case-sensitive. I had: >>>>>>> >>>>>>> <login-config> >>>>>>> <auth-method>BASIC</auth-method> >>>>>>> <realm-name>Karaf</realm-name> >>>>>>> </login-config> >>>>>>> >>>>>>> >>>>>>> But in the jetty.xml: >>>>>>> >>>>>>> <New class="org.eclipse.jetty.jaas.JAASLoginService"> >>>>>>> <Set name="name">karaf</Set> >>>>>>> >>>>>>> >>>>>>> So I think it could not match the `Karaf` in the Web.xml to the `karaf` >>>>>>> in the Jetty.xml. >>>>>>> I wish the error message was more explicit. Anyway, now the web app is >>>>>>> properly initialized, BUT… the security constraint is not being applied >>>>>>> to my Camel Rest services, only to the ‘/admin’. URL. >>>>>>> For example: >>>>>>> >>>>>>> http://localhost:8181/admin/api/rest/executions >>>>>>> >>>>>>> Does not prompt for a password, it successfully returns the data from >>>>>>> the Camel Rest DSL route. And this url >>>>>>> >>>>>>> http://localhost:8181/admin >>>>>>> >>>>>>> is protected with basic authentication, so the browser prompts me for >>>>>>> the user name and password. >>>>>>> >>>>>>> What I need is protect everything starting with '/admin’ >>>>>>> >>>>>>> Any ideas? >>>>>>> >>>>>>> Best regards, >>>>>>> Alex soto >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre <j...@nanthrax.net> >>>>>>>> wrote: >>>>>>>> Hi, >>>>>>>> >>>>>>>> It sounds like a class loader issue, so possible. >>>>>>>> >>>>>>>> Let me add an example in Karaf showing basic auth. >>>>>>>> >>>>>>>> Regards >>>>>>>> JB >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Le 12 mai 2020 à 15:39, Alex Soto <alex.s...@envieta.com> a écrit : >>>>>>>>> I found that I have multiple versions of Jetty deployed in Karaf, >>>>>>>>> that is: 9.4.20.v20190813, and 9.4.22.v20191022 >>>>>>>>> Would this be the reason for the following exception: >>>>>>>>> >>>>>>>>> 2020-05-12T09:10:19,122 | ERROR | paxweb-extender-2-thread-1 | >>>>>>>>> WebAppPublisher | 302 - org.ops4j.pax.web.pax-web-extender-war - >>>>>>>>> 7.2.14 | Error deploying web application >>>>>>>>> java.lang.IllegalStateException: No LoginService for >>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 >>>>>>>>> in ConstraintSecurityHandler@64779d1e{STARTING} >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) >>>>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>>>> at >>>>>>>>> org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) >>>>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>>>> at >>>>>>>>> org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) >>>>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>>>> at >>>>>>>>> org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) >>>>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) >>>>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>>>> at org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) >>>>>>>>> ~[osgi.core-6.0.0.jar:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) >>>>>>>>> ~[?:?] >>>>>>>>> at >>>>>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) >>>>>>>>> [?:1.8.0_171] >>>>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:266) >>>>>>>>> [?:1.8.0_171] >>>>>>>>> at >>>>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) >>>>>>>>> [?:1.8.0_171] >>>>>>>>> at >>>>>>>>> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) >>>>>>>>> [?:1.8.0_171] >>>>>>>>> at >>>>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) >>>>>>>>> [?:1.8.0_171] >>>>>>>>> at >>>>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) >>>>>>>>> [?:1.8.0_171] >>>>>>>>> at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> Alex soto >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> On May 11, 2020, at 12:50 PM, Alex Soto <alex.s...@envieta.com> >>>>>>>>>> wrote: >>>>>>>>>> A little more info. The class appears in many bundles: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> karaf@root()> bundle:find-class >>>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>>>>>>>> >>>>>>>>>> Jetty :: Security (229) >>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>>>> >>>>>>>>>> Jetty :: Security (230) >>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>>>> >>>>>>>>>> Jetty :: JASPI Security (231) >>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>>>> >>>>>>>>>> Jetty :: JASPI Security (232) >>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>>>> >>>>>>>>>> OPS4J Pax Web - Jetty (309) >>>>>>>>>> org/eclipse/jetty/security/authentication/BasicAuthenticator.class >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> Alex soto >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> On May 11, 2020, at 12:44 PM, Alex Soto <alex.s...@envieta.com> >>>>>>>>>>> wrote: >>>>>>>>>>> org.eclipse.jetty.security.authentication.BasicAuthenticator >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>> >>> >>