I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the workaround
works as expected. Seems that Jetty has been updated in Karaf 4.2.9?
(The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other issues.)
> Gerald Kallas <catsh...@mailbox.org> hat am 28.06.2020 18:12 geschrieben:
>
>
> Hi all,
>
> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
>
> after removing one of the org.eclipse.jetty.jaas.JAASLoginService entries in
> my etc/jetty.xml I'm getting an error as attached below.
>
> Neither hawtio nor my servlet are working any longer. Seems that now both
> entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
>
> With both entries, as you found Grzegorz, the authentication doesn't work.
>
> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you have
> another workaround for that behaviour?
>
> Best
> - Gerald
>
>
> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted
> | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could not start
> the servlet context for context path []
> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> at Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown
> Source) [?:?]
> at
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
> [!/:3.4.0]
> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> at
> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
> [!/:1.10.2]
> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> at
> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
> [!/:1.10.2]
> at
> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
> [!/:1.10.2]
> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
> [!/:1.10.2]
> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
> [!/:1.10.2]
> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
> [!/:1.10.2]
> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
> [!/:1.10.2]
> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
> [!/:1.10.2]
> at
> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
> [org.apache.felix.framework-5.6.12.jar:?]
> at
> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
> [org.apache.felix.framework-5.6.12.jar:?]
> at
> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
> [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
> [org.apache.felix.framework-5.6.12.jar:?]
> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
> [org.apache.felix.framework-5.6.12.jar:?]
> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
> [org.apache.felix.framework-5.6.12.jar:?]
> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> [org.apache.felix.framework-5.6.12.jar:?]
> at java.lang.Thread.run(Thread.java:834) [?:?]
> Caused by: java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
> ~[?:?]
> at
> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
> ~[?:?]
> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
> ~[?:?]
> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> at java.lang.Class.forName0(Native Method) ~[?:?]
> at java.lang.Class.forName(Class.java:398) ~[?:?]
> at
> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
> ~[?:?]
> at
> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
> ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
> ~[?:?]
> ... 62 more
>
> > Grzegorz Grzybek <gr.grzy...@gmail.com> hat am 18.05.2020 15:24 geschrieben:
> >
> >
> > Hello
> >
> > I have some answer. First, the "http context processing" feature was mainly
> > tested to "inject" Keycloak authenticator and I mostly tested it with
> > pax-web-undertow.
> >
> > But I checked how it works with pax-web-jetty in the debugger.
> >
> > The key problem is that when Jetty's SecurityHandler is starting, it tries
> > to find/discover org.eclipse.jetty.security.LoginService instance.
> > With default etc/jetty.xml, there are TWO beans with
> > org.eclipse.jetty.jaas.JAASLoginService class and
> > org.eclipse.jetty.security.SecurityHandler#findLoginService() method does
> > this:
> >
> > else if (list.size() == 1)
> > service = list.iterator().next();
> >
> > So I simply made it working by ensuring there's only one
> > org.eclipse.jetty.jaas.JAASLoginService:
> >
> > list = {java.util.ArrayList@9544} size = 1
> > 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> > "JAASLoginService@7ba67d0b{STARTED}"
> > LOG: org.eclipse.jetty.util.log.Logger =
> > {org.eclipse.jetty.util.log.Slf4jLog@9549}
> > "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> > DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> > "org.eclipse.jetty.jaas.JAASRole"
> > DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> > {java.lang.String[1]@9551}
> > _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> > _callbackHandlerClass: java.lang.String = null
> > _realmName: java.lang.String = "karaf"
> > _loginModuleName: java.lang.String = "karaf"
> >
> > Now, with your Camel route, I got:
> >
> > $ curl -v http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 404 Not Found
> > < Cache-Control: must-revalidate,no-cache,no-store
> > < Content-Type: text/html;charset=iso-8859-1
> > < Content-Length: 456
> > < Server: Jetty(9.4.22.v20191022)
> > <
> >
> > $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> > * Trying ::1:8181...
> > * Connected to localhost (::1) port 8181 (#0)
> > * Server auth using Basic with user 'karaf'
> > > GET /camel/api/say/hello HTTP/1.1
> > > Host: localhost:8181
> > > Authorization: Basic a2FyYWY6a2FyYWY=
> > > User-Agent: curl/7.69.1
> > > Accept: */*
> > >
> > * Mark bundle as not supporting multiuse
> > < HTTP/1.1 200 OK
> > < Content-Type: application/json
> > < Accept: */*
> > < Authorization: Basic a2FyYWY6a2FyYWY=
> > < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> > < User-Agent: curl/7.69.1
> > < Transfer-Encoding: chunked
> > < Server: Jetty(9.4.22.v20191022)
> > <
> > * Connection #0 to host localhost left intact
> > "Hello World"
> >
> > In theory it should be possible to grab (in etc/jetty.xml, using
> > <Configure> element) instance of SecurityHandler and simply set there the
> > "realmName" property to "Karaf", so even with two different beans with
> > org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> > right one. But in Pax Web security handler is part of every
> > org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> > only in Pax Web 8 I'd be able to fix this in more clean way.
> >
> > So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> > etc/jetty.xml
> >
> > regards
> > Grzegorz Grzybek
> >
> > pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanh...@googlemail.com.invalid>
> > napisał(a):
> >
> > > Hi,
> > >
> > > I already also answered Gerald in another mail.
> > > I'm not quite sure but what might be an issue, is that the default
> > > http-context used in his application isn't bound to the underlying
> > > security
> > > realm.
> > > Therefore it's quite a possibility that there needs to be a configuration
> > > done in his own application, using his own http-Context.
> > >
> > > Can be found here:
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> > >
> > > https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> > > and here:
> > >
> > > https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> > >
> > > regards, Achim
> > >
> > >
> > > Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <alex.s...@envieta.com
> > > >:
> > >
> > > > I’m sorry, I don’t know why it's not working; it looks correct to me.
> > > > Maybe somebody from the Pax-Web team can help you.
> > > > The only suspicious thing is the warning:
> > > >
> > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > > > Which suggest something is misconfigured.
> > > >
> > > > Best regards,
> > > > Alex soto
> > > >
> > > >
> > > >
> > > >
> > > > > On May 15, 2020, at 2:23 PM, Gerald Kallas <catsh...@mailbox.org>
> > > wrote:
> > > > >
> > > > > 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> > > > | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> > > > authenticator for: {RoleInfo,C[admin],None}
> > > >
> > > >
> > >
> > > --
> > >
> > > Apache Member
> > > Apache Karaf <http://karaf.apache.org/> Committer & PMC
> > > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
> > > Project Lead
> > > blog <http://notizblog.nierbeck.de/>
> > > Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> > >
