I'm going to create the tickets for the issues. We may extend these so far with additional information.
Best - Gerald > Jean-Baptiste Onofre <j...@nanthrax.net> hat am 29.06.2020 07:40 geschrieben: > > > I thought Gerald already explained it on the mailing list. My intention is > more to create the Jira with the details. > > Regards > JB > > > Le 29 juin 2020 à 07:33, Andrea Cosentino <anco...@gmail.com> a écrit : > > > > I think it's good to have the details shared in public. > > > > Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <j...@nanthrax.net > > <mailto:j...@nanthrax.net>> ha scritto: > > Hi, > > > > Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408. > > > > Can you please send a private message about issues you have with Karaf > > 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ? > > > > Thanks, > > Regards > > JB > > > > > Le 28 juin 2020 à 22:02, Gerald Kallas <catsh...@mailbox.org > > > <mailto:catsh...@mailbox.org>> a écrit : > > > > > > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the > > > workaround works as expected. Seems that Jetty has been updated in Karaf > > > 4.2.9? > > > > > > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other > > > issues.) > > > > > >> Gerald Kallas <catsh...@mailbox.org <mailto:catsh...@mailbox.org>> hat > > >> am 28.06.2020 18:12 geschrieben: > > >> > > >> > > >> Hi all, > > >> > > >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0. > > >> > > >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService > > >> entries in my etc/jetty.xml I'm getting an error as attached below. > > >> > > >> Neither hawtio nor my servlet are working any longer. Seems that now > > >> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory. > > >> > > >> With both entries, as you found Grzegorz, the authentication doesn't > > >> work. > > >> > > >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you > > >> have another workaround for that behaviour? > > >> > > >> Best > > >> - Gerald > > >> > > >> > > >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel | HttpServiceStarted > > >> | 266 - org.ops4j.pax.web.pax-web-runtime - 7.2.16 | Could > > >> not start the servlet context for context path [] > > >> java.lang.SecurityException: AuthConfigFactory error: > > >> java.lang.ClassNotFoundException: > > >> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by > > >> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169] > > >> at > > >> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356) > > >> ~[?:?] > > >> at > > >> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275) > > >> ~[?:?] > > >> at > > >> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272) > > >> ~[?:?] > > >> at > > >> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72) > > >> ~[?:?] > > >> at > > >> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329) > > >> ~[?:?] > > >> at > > >> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255) > > >> [!/:?] > > >> at > > >> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226) > > >> [!/:?] > > >> at > > >> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210) > > >> [!/:?] > > >> at > > >> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69) > > >> [!/:?] > > >> at > > >> Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown > > >> Source) [?:?] > > >> at > > >> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98) > > >> [!/:3.4.0] > > >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > > >> Method) ~[?:?] > > >> at > > >> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > >> ~[?:?] > > >> at > > >> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > >> ~[?:?] > > >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?] > > >> at > > >> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81) > > >> [!/:1.10.2] > > >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?] > > >> at > > >> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463) > > >> [!/:1.10.2] > > >> at > > >> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422) > > >> [!/:1.10.2] > > >> at > > >> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at > > >> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at > > >> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at > > >> org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at > > >> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at > > >> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308) > > >> [org.apache.felix.framework-5.6.12.jar:?] > > >> at java.lang.Thread.run(Thread.java:834) [?:?] > > >> Caused by: java.lang.ClassNotFoundException: > > >> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by > > >> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169] > > >> at > > >> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639) > > >> ~[?:?] > > >> at > > >> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80) > > >> ~[?:?] > > >> at > > >> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053) > > >> ~[?:?] > > >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?] > > >> at java.lang.Class.forName0(Native Method) ~[?:?] > > >> at java.lang.Class.forName(Class.java:398) ~[?:?] > > >> at > > >> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195) > > >> ~[?:?] > > >> at > > >> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68) > > >> ~[?:?] > > >> at java.security.AccessController.doPrivileged(Native Method) > > >> ~[?:?] > > >> at > > >> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64) > > >> ~[?:?] > > >> ... 62 more > > >> > > >>> Grzegorz Grzybek <gr.grzy...@gmail.com <mailto:gr.grzy...@gmail.com>> > > >>> hat am 18.05.2020 15:24 geschrieben: > > >>> > > >>> > > >>> Hello > > >>> > > >>> I have some answer. First, the "http context processing" feature was > > >>> mainly > > >>> tested to "inject" Keycloak authenticator and I mostly tested it with > > >>> pax-web-undertow. > > >>> > > >>> But I checked how it works with pax-web-jetty in the debugger. > > >>> > > >>> The key problem is that when Jetty's SecurityHandler is starting, it > > >>> tries > > >>> to find/discover org.eclipse.jetty.security.LoginService instance. > > >>> With default etc/jetty.xml, there are TWO beans with > > >>> org.eclipse.jetty.jaas.JAASLoginService class and > > >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method > > >>> does > > >>> this: > > >>> > > >>> else if (list.size() == 1) > > >>> service = list.iterator().next(); > > >>> > > >>> So I simply made it working by ensuring there's only one > > >>> org.eclipse.jetty.jaas.JAASLoginService: > > >>> > > >>> list = {java.util.ArrayList@9544} size = 1 > > >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547} > > >>> "JAASLoginService@7ba67d0b{STARTED}" > > >>> LOG: org.eclipse.jetty.util.log.Logger = > > >>> {org.eclipse.jetty.util.log.Slf4jLog@9549} > > >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7" > > >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String = > > >>> "org.eclipse.jetty.jaas.JAASRole" > > >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] = > > >>> {java.lang.String[1]@9551} > > >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552} > > >>> _callbackHandlerClass: java.lang.String = null > > >>> _realmName: java.lang.String = "karaf" > > >>> _loginModuleName: java.lang.String = "karaf" > > >>> > > >>> Now, with your Camel route, I got: > > >>> > > >>> $ curl -v http://localhost:8181/camel/api/say/hello > > >>> <http://localhost:8181/camel/api/say/hello> > > >>> * Trying ::1:8181... > > >>> * Connected to localhost (::1) port 8181 (#0) > > >>>> GET /camel/api/say/hello HTTP/1.1 > > >>>> Host: localhost:8181 > > >>>> User-Agent: curl/7.69.1 > > >>>> Accept: */* > > >>>> > > >>> * Mark bundle as not supporting multiuse > > >>> < HTTP/1.1 404 Not Found > > >>> < Cache-Control: must-revalidate,no-cache,no-store > > >>> < Content-Type: text/html;charset=iso-8859-1 > > >>> < Content-Length: 456 > > >>> < Server: Jetty(9.4.22.v20191022) > > >>> < > > >>> > > >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello > > >>> <http://localhost:8181/camel/api/say/hello> > > >>> * Trying ::1:8181... > > >>> * Connected to localhost (::1) port 8181 (#0) > > >>> * Server auth using Basic with user 'karaf' > > >>>> GET /camel/api/say/hello HTTP/1.1 > > >>>> Host: localhost:8181 > > >>>> Authorization: Basic a2FyYWY6a2FyYWY= > > >>>> User-Agent: curl/7.69.1 > > >>>> Accept: */* > > >>>> > > >>> * Mark bundle as not supporting multiuse > > >>> < HTTP/1.1 200 OK > > >>> < Content-Type: application/json > > >>> < Accept: */* > > >>> < Authorization: Basic a2FyYWY6a2FyYWY= > > >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1 > > >>> < User-Agent: curl/7.69.1 > > >>> < Transfer-Encoding: chunked > > >>> < Server: Jetty(9.4.22.v20191022) > > >>> < > > >>> * Connection #0 to host localhost left intact > > >>> "Hello World" > > >>> > > >>> In theory it should be possible to grab (in etc/jetty.xml, using > > >>> <Configure> element) instance of SecurityHandler and simply set there > > >>> the > > >>> "realmName" property to "Karaf", so even with two different beans with > > >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the > > >>> right one. But in Pax Web security handler is part of every > > >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and > > >>> only in Pax Web 8 I'd be able to fix this in more clean way. > > >>> > > >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your > > >>> etc/jetty.xml > > >>> > > >>> regards > > >>> Grzegorz Grzybek > > >>> > > >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanh...@googlemail.com > > >>> <mailto:bcanh...@googlemail.com>.invalid> > > >>> napisał(a): > > >>> > > >>>> Hi, > > >>>> > > >>>> I already also answered Gerald in another mail. > > >>>> I'm not quite sure but what might be an issue, is that the default > > >>>> http-context used in his application isn't bound to the underlying > > >>>> security > > >>>> realm. > > >>>> Therefore it's quite a possibility that there needs to be a > > >>>> configuration > > >>>> done in his own application, using his own http-Context. > > >>>> > > >>>> Can be found here: > > >>>> > > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java > > >>>> > > >>>> <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java> > > >>>> > > >>>> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java > > >>>> > > >>>> <https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java> > > >>>> and here: > > >>>> > > >>>> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java > > >>>> > > >>>> <https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java> > > >>>> > > >>>> regards, Achim > > >>>> > > >>>> > > >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto > > >>>> <alex.s...@envieta.com <mailto:alex.s...@envieta.com> > > >>>>> : > > >>>> > > >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me. > > >>>>> Maybe somebody from the Pax-Web team can help you. > > >>>>> The only suspicious thing is the warning: > > >>>>> > > >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler > > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No > > >>>>> authenticator for: {RoleInfo,C[admin],None} > > >>>>> > > >>>>> > > >>>>> Which suggest something is misconfigured. > > >>>>> > > >>>>> Best regards, > > >>>>> Alex soto > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catsh...@mailbox.org > > >>>>>> <mailto:catsh...@mailbox.org>> > > >>>> wrote: > > >>>>>> > > >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler > > >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No > > >>>>> authenticator for: {RoleInfo,C[admin],None} > > >>>>> > > >>>>> > > >>>> > > >>>> -- > > >>>> > > >>>> Apache Member > > >>>> Apache Karaf <http://karaf.apache.org/ <http://karaf.apache.org/>> > > >>>> Committer & PMC > > >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/ > > >>>> <http://wiki.ops4j.org/display/paxweb/Pax+Web/>> Committer & > > >>>> Project Lead > > >>>> blog <http://notizblog.nierbeck.de/ <http://notizblog.nierbeck.de/>> > > >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS > > >>>> <http://bit.ly/1ps9rkS>> > > >>>> > >
