Steinar, This helps! Paul Spencer
On 2024/01/24 12:38:27 Steinar Bang wrote: > >>>>> Paul Spencer <[email protected]>: > > > Karaf 4.4.5 > > How do I protect a OSGi JAX-RS whiteboard REST service using Basic > > Authentication? > > Apache Shiro can do basic auth (among other things). > https://shiro.apache.org > > This project is a shiro realm with a simple JDBC database and a react.js > frontend to to user management: > https://github.com/steinarb/authservice > > You can install it directly in karaf by installing it's karaf feature > (the feature and all bundles are released to maven central, and is > released under APLv2). > > Some web whiteboard projects using authservice for users and roles and > stuff: > > https://github.com/steinarb/oldalbum/blob/master/oldalbum.web.security/src/main/resources/shiro.ini > > https://github.com/steinarb/ukelonn/blob/master/ukelonn.web.security/src/main/resources/shiro.ini > > https://github.com/steinarb/handlelapp/blob/master/handlelapp.web.security/src/main/resources/shiro.ini > > https://github.com/steinarb/sampleapp/blob/master/sampleapp.web.security/src/main/resources/shiro.ini > > None of them use basic auth, but that should basically (pun not > intended) just be to replace "authc" with "authcBasic". > > Later specific definitions in the [url] sections, will override earlier > more generic definitions. So you can block the API requiring a loging > of a user with a certain role, and then open up for e.g. login or login > state check endpoints. > > (The reason for anon access of many rest endpoints is to avoid 302 > redirects on REST API calls I need to do before logging in, because web > browsers don't handle 302 redirects on REST API calls real well) > >
