Hi Gerald, AFAIR we have a Jira about HTTP authorization issue, right ?
Regards JB > Le 15 août 2020 à 10:55, Gerald Kallas - mailbox.org <[email protected]> a > écrit : > > I‘d go with jetty as well but the HTTP authorization problem with Karaf >= > 4.2.9 isn’t solved yet. > > Sent by my mobile device > - Gerald Kallas > >> Am 15.08.2020 um 10:03 schrieb Jean-Baptiste Onofre <[email protected]>: >> >> Hi, >> >> Webconsole should bind to https by default (at least, it’s what happen with >> Jetty). >> >> Even if I’m not a big undertow fan, let me try to reproduce and fix ;) >> >> Regards >> JB >> >>> Le 14 août 2020 à 19:20, Gerald Kallas <[email protected]> a écrit : >>> >>> Dear all, >>> >>> I did setup a vanilla Karaf 4.3.0RC1 and executed the following commands >>> >>> feature:install pax-http-undertow >>> feature:install webconsole >>> >>> How can I bind the webconsole (and later camel servlets) to the HTTPS port? >>> >>> Many thanks in advance. >>> >>> My undertow.xml looks like >>> >>> <?xml version="1.0" encoding="UTF-8"?> >>> <!-- >>> Licensed under the Apache License, Version 2.0 (the "License"); >>> you may not use this file except in compliance with the License. >>> You may obtain a copy of the License at >>> >>> http://www.apache.org/licenses/LICENSE-2.0 >>> >>> Unless required by applicable law or agreed to in writing, software >>> distributed under the License is distributed on an "AS IS" BASIS, >>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or >>> implied. >>> >>> See the License for the specific language governing permissions and >>> limitations under the License. >>> --> >>> <undertow xmlns="urn:org.ops4j.pax.web:undertow:1.0" >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >>> xmlns:w="urn:jboss:domain:5.0" >>> xmlns:io="urn:jboss:domain:io:3.0" >>> xsi:schemaLocation=" >>> urn:jboss:domain:io:3.0 >>> http://www.jboss.org/schema/jbossas/wildfly-io_3_0.xsd >>> urn:jboss:domain:undertow:4.0 >>> http://www.jboss.org/schema/jbossas/wildfly-undertow_4_0.xsd >>> urn:jboss:domain:5.0 >>> http://www.jboss.org/schema/jbossas/wildfly-config_5_0.xsd";> >>> >>> <!-- >>> Only "default" worker and buffer-pool are supported and can be used to >>> override the default values >>> used by all listeners >>> >>> buffer-pool: >>> - buffer-size defaults to: >>> - when < 64MB of Xmx: 512 >>> - when < 128MB of Xmx: 1024 >>> - when >= 128MB of Xmx: 16K - 20 >>> - direct-buffers defaults to: >>> - when < 64MB of Xmx: false >>> - when >= 64MB of Xmx: true >>> >>> worker: >>> - io-threads defaults to >>> Math.max(Runtime.getRuntime().availableProcessors(), 2); >>> - task-core-threads and task-max-threads default to io-threads * 8 >>> --> >>> <!-- >>> <subsystem xmlns="urn:jboss:domain:io:3.0"> >>> <buffer-pool name="default" buffer-size="16364" direct-buffers="true" >>> /> >>> <worker name="default" io-threads="8" task-core-threads="64" >>> task-max-threads="64" /> >>> </subsystem> >>> --> >>> >>> <!-- >>> https://docs.jboss.org/author/display/WFLY/Undertow+subsystem+configuration >>> --> >>> <subsystem xmlns="urn:jboss:domain:undertow:4.0"> >>> <!-- org.wildfly.extension.undertow.BufferCacheDefinition --> >>> <buffer-cache name="default" buffer-size="1024" >>> buffers-per-region="1024" max-regions="10" /> >>> <server name="default-server"> >>> <!-- HTTP(S) Listener references Socket Binding (and indirectly - >>> Interfaces) --> >>> <http-listener name="http" socket-binding="http" /> >>> <!-- verify-client: org.xnio.SslClientAuthMode.NOT_REQUESTED, >>> org.xnio.SslClientAuthMode.REQUESTED, org.xnio.SslClientAuthMode.REQUIRED >>> --> >>> <https-listener name="https" socket-binding="https" >>> security-realm="default" verify-client="NOT_REQUESTED" /> >>> <host name="default-host" alias="localhost"> >>> <!--<location name="/" handler="welcome-content" />--> >>> <!--<location name="/docs" handler="docs-content" />--> >>> <access-log directory="${karaf.data}/log" pattern="common" >>> prefix="access_log." suffix="log" rotate="true" /> >>> <filter-ref name="server-header" /> >>> <filter-ref name="x-powered-by-header" /> >>> </host> >>> </server> >>> <servlet-container name="default"> >>> <jsp-config /> >>> <websockets /> >>> <welcome-files> >>> <welcome-file name="index.html" /> >>> <welcome-file name="index.txt" /> >>> </welcome-files> >>> </servlet-container> >>> <handlers> >>> <file name="welcome-content" path="${karaf.home}/welcome" /> >>> <!--<file name="docs-content" path="${karaf.home}/docs" />--> >>> </handlers> >>> <filters> >>> <!-- filters for reference from /host/filter-ref and >>> /host/location/filter-ref --> >>> <response-header name="server-header" header-name="Server" >>> header-value="Pax-HTTP-Undertow" /> >>> <response-header name="x-powered-by-header" >>> header-name="X-Powered-By" header-value="Pax-HTTP-Undertow/7.2.16" /> >>> </filters> >>> </subsystem> >>> >>> <!-- https://docs.jboss.org/author/display/WFLY/Security+Realms --> >>> <!-- >>> we'll use "default" security realm by default to configure >>> jaas/properties authentication >>> (io.undertow.security.idm.IdentityManager): >>> - w:jaas - >>> org.ops4j.pax.web.service.undertow.internal.security.JaasIdentityManager >>> - w:properties - >>> org.ops4j.pax.web.service.undertow.internal.security.PropertiesIdentityManager >>> --> >>> <security-realm name="default"> >>> <w:server-identities> >>> <w:ssl> >>> <!-- sun.security.ssl.ProtocolVersion --> >>> <!-- sun.security.ssl.CipherSuite --> >>> <!-- openssl ciphers 'ALL:eNULL' | sed -e 's/:/\n/g' | sort --> >>> <w:engine >>> >>> enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 >>> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" >>> enabled-protocols="TLSv1 TLSv1.1 TLSv1.2" /> >>> <w:keystore path="${karaf.etc}/keystore.p12" provider="PKCS12" >>> alias="server" >>> keystore-password="password" key-password="password" >>> generate-self-signed-certificate-host="localhost" /> >>> </w:ssl> >>> </w:server-identities> >>> <w:authentication> >>> <!-- JaasIdentityManager for given realm --> >>> <w:jaas name="karaf" /> >>> <!-- OR PropertiesIdentityManager (mutually exclusive with >>> <w:jaas>) --> >>> <!--<w:properties path="users.properties" />--> >>> <w:truststore path="${karaf.etc}/truststore.jks" provider="JKS" >>> keystore-password="password" /> >>> </w:authentication> >>> >>> <user-principal-class-name>org.apache.karaf.jaas.boot.principal.UserPrincipal</user-principal-class-name> >>> >>> <role-principal-class-name>org.apache.karaf.jaas.boot.principal.RolePrincipal</role-principal-class-name> >>> <!--<role-principal-class-name>...</role-principal-class-name>--> >>> </security-realm> >>> >>> <!-- Interface lists IP addresses to bind to --> >>> <interface name="default"> >>> <w:inet-address value="0.0.0.0" /> >>> <!--<w:inet-address value="127.0.0.1" />--> >>> </interface> >>> >>> <!-- Socket Binding adds port for each IP from referenced Interface --> >>> <socket-binding name="http" interface="default" >>> port="${org.osgi.service.http.port}" /> >>> <socket-binding name="https" interface="default" >>> port="${org.osgi.service.http.port.secure}" /> >>> >>> </undertow> >>> >>> The log shows >>> >>> 2020-08-14T19:12:59,801 | INFO | paxweb-config-1-thread-1 | >>> ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow >>> - 7.2.14 | Using >>> "file:/E:/apache-karaf/apache-karaf-4.3.0.RC1/etc/undertow.xml" to >>> configure Undertow >>> 2020-08-14T19:13:00,018 | INFO | activator-1-thread-2 | >>> BouncyCastleSecurityProviderRegistrar | 39 - org.apache.sshd.core - 1.7.0 | >>> getOrCreateProvider(BC) created instance of >>> org.bouncycastle.jce.provider.BouncyCastleProvider >>> 2020-08-14T19:13:00,050 | INFO | paxweb-config-1-thread-1 | >>> ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow >>> - 7.2.14 | Starting undertow http listener on 0.0.0.0:8181 >>> 2020-08-14T19:13:00,052 | INFO | paxweb-config-1-thread-1 | >>> ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow >>> - 7.2.14 | Starting undertow https listener on 0.0.0.0:8443 >>> 2020-08-14T19:13:00,093 | INFO | activator-1-thread-2 | CommandExtension >>> | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering >>> commands for bundle org.apache.karaf.features.command/4.3.0.RC1 >>> 2020-08-14T19:13:00,244 | INFO | activator-1-thread-2 | Activator >>> | 20 - org.apache.karaf.deployer.features - 4.3.0.RC1 | >>> Deployment finished. Registering FeatureDeploymentListener >>> 2020-08-14T19:13:00,310 | INFO | activator-1-thread-3 | CommandExtension >>> | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering >>> commands for bundle org.apache.karaf.kar.core/4.3.0.RC1 >>> 2020-08-14T19:13:00,320 | INFO | activator-1-thread-2 | FeaturesPlugin >>> | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | >>> Features plugin deactivated >>> 2020-08-14T19:13:00,333 | INFO | activator-1-thread-2 | FeaturesPlugin >>> | 73 - org.apache.karaf.webconsole.features - 4.3.0.RC1 | >>> Features plugin activated >>> 2020-08-14T19:13:00,813 | INFO | activator-1-thread-2 | CommandExtension >>> | 36 - org.apache.karaf.shell.core - 4.3.0.RC1 | Registering >>> commands for bundle org.apache.karaf.shell.ssh/4.3.0.RC1 >>> 2020-08-14T19:13:01,295 | INFO | paxweb-config-1-thread-1 | >>> ServerControllerImpl | 64 - org.ops4j.pax.web.pax-web-undertow >>> - 7.2.14 | Using in-memory session persistence >>> 2020-08-14T19:13:01,344 | INFO | paxweb-config-1-thread-1 | >>> HttpServiceFactoryImpl | 62 - org.ops4j.pax.web.pax-web-runtime - >>> 7.2.14 | Binding bundle: [org.apache.karaf.webconsole.console [72]] to http >>> service >> >
