Hi all,

I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.

after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in my 
etc/jetty.xml I'm getting an error as attached below.

Neither hawtio nor my servlet are working any longer. Seems that now both 
entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.

With both entries, as you found Grzegorz, the authentication doesn't work.

Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have 
another workaround for that behaviour?

Best
- Gerald


2020-06-28T16:06:47,673 | ERROR | FelixStartLevel  | HttpServiceStarted         
      | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start the 
servlet context for context path []
java.lang.SecurityException: AuthConfigFactory error: 
java.lang.ClassNotFoundException: 
org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
        at 
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
 ~[?:?]
        at 
org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
 ~[?:?]
        at 
org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) 
~[?:?]
        at 
org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
 ~[?:?]
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
 ~[?:?]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) 
~[?:?]
        at 
org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
 ~[?:?]
        at 
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
 ~[?:?]
        at 
org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) 
~[?:?]
        at 
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
 ~[?:?]
        at 
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
 ~[?:?]
        at 
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
 ~[?:?]
        at 
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
 ~[?:?]
        at 
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
 ~[?:?]
        at 
org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
 ~[?:?]
        at 
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
 ~[?:?]
        at 
org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
 ~[?:?]
        at 
org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
 [!/:?]
        at 
org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
 [!/:?]
        at 
org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
 [!/:?]
        at 
org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
 [!/:?]
        at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown 
Source) [?:?]
        at 
org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
 [!/:3.4.0]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
~[?:?]
        at 
jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 ~[?:?]
        at 
jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at 
org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) 
[!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) 
[!/:1.10.2]
        at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
        at 
org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) 
[!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
 [!/:1.10.2]
        at 
org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
 [!/:1.10.2]
        at 
org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
 [!/:1.10.2]
        at 
org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
 [!/:1.10.2]
        at 
org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
 [!/:1.10.2]
        at 
org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
 [!/:1.10.2]
        at 
org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
 [!/:1.10.2]
        at 
org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
 [org.apache.felix.framework-5.6.12.jar:?]
        at 
org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
 [org.apache.felix.framework-5.6.12.jar:?]
        at 
org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
 [org.apache.felix.framework-5.6.12.jar:?]
        at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) 
[org.apache.felix.framework-5.6.12.jar:?]
        at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) 
[org.apache.felix.framework-5.6.12.jar:?]
        at 
org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) 
[org.apache.felix.framework-5.6.12.jar:?]
        at 
org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
 [org.apache.felix.framework-5.6.12.jar:?]
        at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: java.lang.ClassNotFoundException: 
org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by 
org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
        at 
org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
 ~[?:?]
        at 
org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
 ~[?:?]
        at 
org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
 ~[?:?]
        at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
        at java.lang.Class.forName0(Native Method) ~[?:?]
        at java.lang.Class.forName(Class.java:398) ~[?:?]
        at 
org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
 ~[?:?]
        at 
javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
 ~[?:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
        at 
javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
 ~[?:?]
        ... 62 more

> Grzegorz Grzybek <gr.grzy...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
> 
>  
> Hello
> 
> I have some answer. First, the "http context processing" feature was mainly
> tested to "inject" Keycloak authenticator and I mostly tested it with
> pax-web-undertow.
> 
> But I checked how it works with pax-web-jetty in the debugger.
> 
> The key problem is that when Jetty's SecurityHandler is starting, it tries
> to find/discover org.eclipse.jetty.security.LoginService instance.
> With default etc/jetty.xml, there are TWO beans with
> org.eclipse.jetty.jaas.JAASLoginService class and
> org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> this:
> 
> else if (list.size() == 1)
>     service = list.iterator().next();
> 
> So I simply made it working by ensuring there's only one
> org.eclipse.jetty.jaas.JAASLoginService:
> 
> list = {java.util.ArrayList@9544}  size = 1
>  0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> "JAASLoginService@7ba67d0b{STARTED}"
>   LOG: org.eclipse.jetty.util.log.Logger  =
> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
>   DEFAULT_ROLE_CLASS_NAME: java.lang.String  =
> "org.eclipse.jetty.jaas.JAASRole"
>   DEFAULT_ROLE_CLASS_NAMES: java.lang.String[]  =
> {java.lang.String[1]@9551}
>   _roleClassNames: java.lang.String[]  = {java.lang.String[2]@9552}
>   _callbackHandlerClass: java.lang.String  = null
>   _realmName: java.lang.String  = "karaf"
>   _loginModuleName: java.lang.String  = "karaf"
> 
> Now, with your Camel route, I got:
> 
> $ curl -v http://localhost:8181/camel/api/say/hello
> *   Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 404 Not Found
> < Cache-Control: must-revalidate,no-cache,no-store
> < Content-Type: text/html;charset=iso-8859-1
> < Content-Length: 456
> < Server: Jetty(9.4.22.v20191022)
> <
> 
> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> *   Trying ::1:8181...
> * Connected to localhost (::1) port 8181 (#0)
> * Server auth using Basic with user 'karaf'
> > GET /camel/api/say/hello HTTP/1.1
> > Host: localhost:8181
> > Authorization: Basic a2FyYWY6a2FyYWY=
> > User-Agent: curl/7.69.1
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Content-Type: application/json
> < Accept: */*
> < Authorization: Basic a2FyYWY6a2FyYWY=
> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> < User-Agent: curl/7.69.1
> < Transfer-Encoding: chunked
> < Server: Jetty(9.4.22.v20191022)
> <
> * Connection #0 to host localhost left intact
> "Hello World"
> 
> In theory it should be possible to grab (in etc/jetty.xml, using
> <Configure> element) instance of SecurityHandler and simply set there the
> "realmName" property to "Karaf", so even with two different beans with
> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> right one. But in Pax Web security handler is part of every
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> only in Pax Web 8 I'd be able to fix this in more clean way.
> 
> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> etc/jetty.xml
> 
> regards
> Grzegorz Grzybek
> 
> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanh...@googlemail.com.invalid>
> napisał(a):
> 
> > Hi,
> >
> > I already also answered Gerald in another mail.
> > I'm not quite sure but what might be an issue, is that the default
> > http-context used in his application isn't bound to the underlying security
> > realm.
> > Therefore it's quite a possibility that there needs to be a configuration
> > done in his own application, using his own http-Context.
> >
> > Can be found here:
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >
> > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > and here:
> >
> > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >
> > regards, Achim
> >
> >
> > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.s...@envieta.com
> > >:
> >
> > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > Maybe somebody from the Pax-Web team can help you.
> > > The only suspicious thing is the warning:
> > >
> > > 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> > >             | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> > > Which suggest something is misconfigured.
> > >
> > > Best regards,
> > > Alex soto
> > >
> > >
> > >
> > >
> > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <catsh...@mailbox.org>
> > wrote:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN  | qtp1611313605-201 | SecurityHandler
> > >               | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > authenticator for: {RoleInfo,C[admin],None}
> > >
> > >
> >
> > --
> >
> > Apache Member
> > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > Project Lead
> > blog <http://notizblog.nierbeck.de/>
> > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >

Reply via email to