Tried this following you sample but the access to curl --location --request GET 'https://localhost:8443/camel/services/hello1'
gives a HTTP 404 (not found) back. <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"; xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" http://www.osgi.org/xmlns/blueprint/v1.0.0 https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd";> <reference id ="httpService" interface ="org.osgi.service.http.HttpService" /> <bean id="camelServlet" class="org.apache.camel.component.servlet.CamelHttpTransportServlet" /> <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer" init-method="register" destroy-method="unregister" > <property name="servletName" value="apiServlet" /> <property name="alias" value="/camel/services" /> <property name="httpService" ref="httpService" /> <property name="servlet" ref="camelServlet" /> </bean > <bean id="httpRegistry" class="org.apache.camel.component.servlet.DefaultHttpRegistry" /> <bean id="servlet" class="org.apache.camel.component.servlet.ServletComponent"> <property name="httpRegistry" ref="httpRegistry" /> </bean> <camelContext xmlns="http://camel.apache.org/schema/blueprint";> <route> <from uri="servlet://hello1?servletName=apiServlet" /> <setBody><constant>Hello 1</constant></setBody> </route> </camelContext> </blueprint> > Alex Soto <alex.s...@envieta.com> hat am 13. Mai 2020 19:24 geschrieben: > > > I tested Pax-Web Context Processing as explained here: > > > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing > > > And it does in fact, work. I was able to add BASIC authentication to my Camel > Routes outside of the bundle itself, and using Servlet Rest DSL with > Blueprint. I did not need to add a web.xml file. So basically, my Camel Rest > DSL is like this: > > <restConfiguration > component="servlet" > bindingMode="json" > enableCORS="false" > skipBindingOnErrorCode="false" > clientRequestValidation="true"> > > <componentProperty key="matchOnUriPrefix" value="true"/> > > <endpointProperty key="servletName" value=“MyServlet"/> > <endpointProperty key="disableStreamCache" value="true"/> > > <dataFormatProperty key="contentTypeHeader" value="false" /> > <dataFormatProperty key="baseUri" value="{{context.path}}{{api.root.path}}" /> > </restConfiguration> > > > > Register the Camel Servlet: > > > <reference id="httpService" interface="org.osgi.service.http.HttpService" /> > > <bean id="camelServlet" > class="org.apache.camel.component.servlet.CamelHttpTransportServlet"/> > > <bean class="org.apache.camel.component.servlet.osgi.OsgiServletRegisterer" > init-method="register" > destroy-method="unregister"> > <property name="servletName" value=“MyServlet"/> > <property name="alias" value="#{context.path}#{api.root.path}" /> > <property name="httpService" ref="httpService" /> > <property name="servlet" ref="camelServlet" /> > </bean> > > > Then, add file > > org.ops4j.pax.web.context-admin.cfg > > to Karaf’s etc directory. Postfix ‘admin’ can be whatever you want. > > > > bundle.symbolicName = <thesymbolic name of bundle with Camel routes> > > login.config.authMethod = BASIC > > login.config.realmName = karaf > > context.id (http://context.id) = default > > > This solution has important advantages: > > 1. Only one Jetty instance for all bundles > 2. Security is external, at the container level, which means it can be > adapted to use a different mechanism without changing the code of the Camel > routes. > 3. Leverages Karaf’s built in JAAS features. > > > Best regards, > Alex soto > > > > > > > On May 13, 2020, at 12:56 PM, Gerald Kallas <catsh...@mailbox.org> wrote: > > As I have only Blueprint DSL routes it would be interesting how to > > configure this either in a Blueprint DSL file or globally in a config. > > > > Best > > - Gerald > > > > > > > Alex Soto <alex.s...@envieta.com> hat am 13. Mai 2020 16:26 geschrieben: > > > > > > > > > This looks promising: > > > > > > https://ops4j1.jira.com/wiki/spaces/paxweb/pages/354025473/HTTP+Context+processing > > > > > > > > > > > > Best regards, > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > On May 13, 2020, at 10:26 AM, Alex Soto <alex.s...@envieta.com> wrote: > > > > Re-sending to group > > > > > > > > > > > > > > > > > > > > > > > > > On May 13, 2020, at 9:38 AM, Alex Soto <alex.s...@envieta.com> wrote: > > > > > Thank you Gerald, I appreciate the link. > > > > > > > > > > I was starting going that route, but it is not optimal, because I > > > > > have more than one bundle that expose HTTP endpoints, and it is > > > > > wasteful for each one to run their own Jetty instance. Same thing > > > > > with authentication, I want to leverage the Karaf built in JAAS > > > > > support, instead of recreating it. To this point, I have been able to > > > > > leverage a single Jetty instance that is managed by PAX-WEB, but > > > > > adding authentication is proving to be impossible. > > > > > > > > > > > > > > > Best regards, > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 5:10 PM, Gerald Kallas <catsh...@mailbox.org> > > > > > > wrote: > > > > > > Hi Alex, > > > > > > > > > > > > we did make some experience with TLS and basic authentication on > > > > > > HTTP consumers in between (and with the help of this mailing list). > > > > > > > > > > > > I started a article series on my blog, see > > > > > > > > > > > > https://www.catshout.de/?p=161 > > > > > > > > > > > > for a single HTTP consumer with TLS and basic authentication > > > > > > enabled. It's based on camel-jetty. All examples are written in > > > > > > Blueprint DSL. Hope this helps a bit. Feel free to comment. > > > > > > > > > > > > I'll proceed with a REST API secured in same manner and some > > > > > > discussions about the limitations and options. > > > > > > > > > > > > Best > > > > > > - Gerald > > > > > > > > > > > > > > > > > > > > > > > > > Alex Soto <alex.s...@envieta.com> hat am 12. Mai 2020 19:55 > > > > > > > geschrieben: > > > > > > > > > > > > > > > > > > > > > This threads talks about the need to : > > > > > > > > > > > > > > http://karaf.922171.n3.nabble.com/Jetty-security-camel-servlet-td2120289.html > > > > > > > > > > > > > > Quote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > you need to use the OSGi HTTP service > > > > > > > > api to properly configure the security bits (by implementing > > > > > > > > org.osgi.service.http.HttpContext interface). > > > > > > > > > > > > > > > > > > > > > > > > > > > > Are there any examples of this? > > > > > > > > > > > > > > Best regards, > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 11:42 AM, Alex Soto <alex.s...@envieta.com> > > > > > > > > wrote: > > > > > > > > Thanks, JB. > > > > > > > > > > > > > > > > I found the problem was, a typo in the `realm-name` in the > > > > > > > > web.xml file. It appears to be case-sensitive. I had: > > > > > > > > > > > > > > > > <login-config> > > > > > > > > <auth-method>BASIC</auth-method> > > > > > > > > <realm-name>Karaf</realm-name> > > > > > > > > </login-config> > > > > > > > > > > > > > > > > > > > > > > > > But in the jetty.xml: > > > > > > > > > > > > > > > > <New class="org.eclipse.jetty.jaas.JAASLoginService"> > > > > > > > > <Set name="name">karaf</Set> > > > > > > > > > > > > > > > > > > > > > > > > So I think it could not match the `Karaf` in the Web.xml to the > > > > > > > > `karaf` in the Jetty.xml. > > > > > > > > I wish the error message was more explicit. Anyway, now the web > > > > > > > > app is properly initialized, BUT… the security constraint is > > > > > > > > not being applied to my Camel Rest services, only to the > > > > > > > > ‘/admin’. URL. > > > > > > > > For example: > > > > > > > > > > > > > > > > http://localhost:8181/admin/api/rest/executions > > > > > > > > > > > > > > > > Does not prompt for a password, it successfully returns the > > > > > > > > data from the Camel Rest DSL route. And this url > > > > > > > > > > > > > > > > http://localhost:8181/admin > > > > > > > > > > > > > > > > is protected with basic authentication, so the browser prompts > > > > > > > > me for the user name and password. > > > > > > > > > > > > > > > > What I need is protect everything starting with '/admin’ > > > > > > > > > > > > > > > > Any ideas? > > > > > > > > > > > > > > > > Best regards, > > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 12, 2020, at 11:24 AM, Jean-Baptiste Onofre > > > > > > > > > <j...@nanthrax.net> wrote: > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > It sounds like a class loader issue, so possible. > > > > > > > > > > > > > > > > > > Let me add an example in Karaf showing basic auth. > > > > > > > > > > > > > > > > > > Regards > > > > > > > > > JB > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Le 12 mai 2020 à 15:39, Alex Soto <alex.s...@envieta.com> a > > > > > > > > > > écrit : > > > > > > > > > > I found that I have multiple versions of Jetty deployed in > > > > > > > > > > Karaf, that is: 9.4.20.v20190813, and 9.4.22.v20191022 > > > > > > > > > > Would this be the reason for the following exception: > > > > > > > > > > > > > > > > > > > > 2020-05-12T09:10:19,122 | ERROR | > > > > > > > > > > paxweb-extender-2-thread-1 | WebAppPublisher | 302 - > > > > > > > > > > org.ops4j.pax.web.pax-web-extender-war - 7.2.14 | Error > > > > > > > > > > deploying web application > > > > > > > > > > java.lang.IllegalStateException: No LoginService for > > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator@1d7311a1 > > > > > > > > > > in ConstraintSecurityHandler@64779d1e{STARTING} > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.security.authentication.LoginAuthenticator.setConfiguration(LoginAuthenticator.java:92) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:344) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:106) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:879) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:357) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:821) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:276) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.service.internal.HttpServiceStarted.end(HttpServiceStarted.java:1264) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.service.internal.HttpServiceProxy.end(HttpServiceProxy.java:456) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.RegisterWebAppVisitorWC.end(RegisterWebAppVisitorWC.java:405) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.model.WebApp.accept(WebApp.java:658) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.register(WebAppPublisher.java:228) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:173) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher$WebAppDependencyListener.addingService(WebAppPublisher.java:129) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941) > > > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > > > at > > > > > > > > > > org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870) > > > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > > > at > > > > > > > > > > org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256) > > > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > > > at > > > > > > > > > > org.osgi.util.tracker.AbstractTracked.trackInitial(AbstractTracked.java:183) > > > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > > > at > > > > > > > > > > org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:318) > > > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > > > at > > > > > > > > > > org.osgi.util.tracker.ServiceTracker.open(ServiceTracker.java:261) > > > > > > > > > > ~[osgi.core-6.0.0.jar:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebAppPublisher.publish(WebAppPublisher.java:98) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebObserver.deploy(WebObserver.java:217) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.WebObserver$1.doStart(WebObserver.java:172) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.extender.SimpleExtension.start(SimpleExtension.java:59) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > org.ops4j.pax.web.extender.war.internal.extender.AbstractExtender.lambda$createExtension$0(AbstractExtender.java:277) > > > > > > > > > > ~[?:?] > > > > > > > > > > at > > > > > > > > > > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > > > > > > > > > > [?:1.8.0_171] > > > > > > > > > > at java.util.concurrent.FutureTask.run(FutureTask.java:266) > > > > > > > > > > [?:1.8.0_171] > > > > > > > > > > at > > > > > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) > > > > > > > > > > [?:1.8.0_171] > > > > > > > > > > at > > > > > > > > > > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) > > > > > > > > > > [?:1.8.0_171] > > > > > > > > > > at > > > > > > > > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > > > > > > > > > [?:1.8.0_171] > > > > > > > > > > at > > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > > > > > > > > > [?:1.8.0_171] > > > > > > > > > > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_171] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:50 PM, Alex Soto > > > > > > > > > > > <alex.s...@envieta.com> wrote: > > > > > > > > > > > A little more info. The class appears in many bundles: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > karaf@root()> bundle:find-class > > > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > > > > > > > > > Jetty :: Security (229) > > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > Jetty :: Security (230) > > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > Jetty :: JASPI Security (231) > > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > Jetty :: JASPI Security (232) > > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > OPS4J Pax Web - Jetty (309) > > > > > > > > > > > org/eclipse/jetty/security/authentication/BasicAuthenticator.class > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > > > Alex soto > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On May 11, 2020, at 12:44 PM, Alex Soto > > > > > > > > > > > > <alex.s...@envieta.com> wrote: > > > > > > > > > > > > org.eclipse.jetty.security.authentication.BasicAuthenticator > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
