I think it's good to have the details shared in public.
Il lun 29 giu 2020, 07:30 Jean-Baptiste Onofre <j...@nanthrax.net> ha scritto:
> Hi,
>
> Yes Karaf 4.2.9 upgraded to Pax Web 7.2.15 and Jetty 9.4.28.v20200408.
>
> Can you please send a private message about issues you have with Karaf
> 4.2.9 and Camel 3.4.0 (as I’m working on camel karaf for 3.5.0) ?
>
> Thanks,
> Regards
> JB
>
> > Le 28 juin 2020 à 22:02, Gerald Kallas <catsh...@mailbox.org> a écrit :
> >
> > I tested the combination Karaf 4.2.8 and Camel 3.3.0, with this the
> workaround works as expected. Seems that Jetty has been updated in Karaf
> 4.2.9?
> >
> > (The combination Karaf 4.2.8 and Camel 3.4.0 doesn't work due to other
> issues.)
> >
> >> Gerald Kallas <catsh...@mailbox.org> hat am 28.06.2020 18:12
> geschrieben:
> >>
> >>
> >> Hi all,
> >>
> >> I was updating the runtime to Karaf 4.2.9 and Camel 3.4.0.
> >>
> >> after removing one of the org.eclipse.jetty.jaas.JAASLoginService
> entries in my etc/jetty.xml I'm getting an error as attached below.
> >>
> >> Neither hawtio nor my servlet are working any longer. Seems that now
> both entries of org.eclipse.jetty.jaas.JAASLoginService are mandatory.
> >>
> >> With both entries, as you found Grzegorz, the authentication doesn't
> work.
> >>
> >> Should I create a JIRA ticket and if yes, within Karaf? Or maybe you
> have another workaround for that behaviour?
> >>
> >> Best
> >> - Gerald
> >>
> >>
> >> 2020-06-28T16:06:47,673 | ERROR | FelixStartLevel |
> HttpServiceStarted | 266 - org.ops4j.pax.web.pax-web-runtime
> - 7.2.16 | Could not start the servlet context for context path []
> >> java.lang.SecurityException: AuthConfigFactory error:
> java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:77)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory.getAuthenticator(JaspiAuthenticatorFactory.java:90)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.SecurityHandler.doStart(SecurityHandler.java:394)
> ~[?:?]
> >> at
> org.eclipse.jetty.security.ConstraintSecurityHandler.doStart(ConstraintSecurityHandler.java:419)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.session.SessionHandler.doStart(SessionHandler.java:504)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ScopedHandler.doStart(ScopedHandler.java:120)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:898)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:356)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.startContext(HttpServiceContext.java:396)
> ~[?:?]
> >> at
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:838)
> ~[?:?]
> >> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:275)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doStart(HttpServiceContext.java:272)
> ~[?:?]
> >> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:72)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.jetty.internal.JettyServerImpl$1.start(JettyServerImpl.java:329)
> ~[?:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:255)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:226)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceStarted.registerServlet(HttpServiceStarted.java:210)
> [!/:?]
> >> at
> org.ops4j.pax.web.service.internal.HttpServiceProxy.registerServlet(HttpServiceProxy.java:69)
> [!/:?]
> >> at
> Proxy92a1a95e_1f66_41cb_8fcd_ed63d983d611.registerServlet(Unknown Source)
> [?:?]
> >> at
> org.apache.camel.component.osgi.OsgiServletRegisterer.register(OsgiServletRegisterer.java:98)
> [!/:3.4.0]
> >> at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[?:?]
> >> at
> jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:?]
> >> at
> jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:?]
> >> at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
> >> at
> org.apache.aries.blueprint.utils.ReflectionUtils.invoke(ReflectionUtils.java:337)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.invoke(BeanRecipe.java:835)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.runBeanProcInit(BeanRecipe.java:591)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate2(BeanRecipe.java:703)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BeanRecipe.internalCreate(BeanRecipe.java:666)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe$1.call(AbstractRecipe.java:81)
> [!/:1.10.2]
> >> at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
> >> at
> org.apache.aries.blueprint.di.AbstractRecipe.create(AbstractRecipe.java:90)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createInstances(BlueprintRepository.java:360)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintRepository.createAll(BlueprintRepository.java:190)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.instantiateEagerComponents(BlueprintContainerImpl.java:737)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.doRun(BlueprintContainerImpl.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintContainerImpl.run(BlueprintContainerImpl.java:298)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:311)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:280)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.createContainer(BlueprintExtender.java:276)
> [!/:1.10.2]
> >> at
> org.apache.aries.blueprint.container.BlueprintExtender.modifiedBundle(BlueprintExtender.java:266)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:500)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.customizerModified(BundleHookBundleTracker.java:433)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$AbstractTracked.track(BundleHookBundleTracker.java:725)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$Tracked.bundleChanged(BundleHookBundleTracker.java:463)
> [!/:1.10.2]
> >> at
> org.apache.aries.util.tracker.hook.BundleHookBundleTracker$BundleEventHook.event(BundleHookBundleTracker.java:422)
> [!/:1.10.2]
> >> at
> org.apache.felix.framework.util.SecureAction.invokeBundleEventHook(SecureAction.java:1179)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.createWhitelistFromHooks(EventDispatcher.java:730)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.EventDispatcher.fireBundleEvent(EventDispatcher.java:485)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4579)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at org.apache.felix.framework.Felix.startBundle(Felix.java:2174)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at
> org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
> [org.apache.felix.framework-5.6.12.jar:?]
> >> at java.lang.Thread.run(Thread.java:834) [?:?]
> >> Caused by: java.lang.ClassNotFoundException:
> org.apache.geronimo.components.jaspi.AuthConfigFactoryImpl not found by
> org.apache.geronimo.specs.geronimo-jaspic_1.0_spec [169]
> >> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1639)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:80)
> ~[?:?]
> >> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:2053)
> ~[?:?]
> >> at java.lang.ClassLoader.loadClass(ClassLoader.java:521) ~[?:?]
> >> at java.lang.Class.forName0(Native Method) ~[?:?]
> >> at java.lang.Class.forName(Class.java:398) ~[?:?]
> >> at
> org.apache.geronimo.osgi.locator.ProviderLocator.loadClass(ProviderLocator.java:195)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory$3.run(AuthConfigFactory.java:68)
> ~[?:?]
> >> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:?]
> >> at
> javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:64)
> ~[?:?]
> >> ... 62 more
> >>
> >>> Grzegorz Grzybek <gr.grzy...@gmail.com> hat am 18.05.2020 15:24
> geschrieben:
> >>>
> >>>
> >>> Hello
> >>>
> >>> I have some answer. First, the "http context processing" feature was
> mainly
> >>> tested to "inject" Keycloak authenticator and I mostly tested it with
> >>> pax-web-undertow.
> >>>
> >>> But I checked how it works with pax-web-jetty in the debugger.
> >>>
> >>> The key problem is that when Jetty's SecurityHandler is starting, it
> tries
> >>> to find/discover org.eclipse.jetty.security.LoginService instance.
> >>> With default etc/jetty.xml, there are TWO beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class and
> >>> org.eclipse.jetty.security.SecurityHandler#findLoginService() method
> does
> >>> this:
> >>>
> >>> else if (list.size() == 1)
> >>> service = list.iterator().next();
> >>>
> >>> So I simply made it working by ensuring there's only one
> >>> org.eclipse.jetty.jaas.JAASLoginService:
> >>>
> >>> list = {java.util.ArrayList@9544} size = 1
> >>> 0 = {org.eclipse.jetty.jaas.JAASLoginService@9547}
> >>> "JAASLoginService@7ba67d0b{STARTED}"
> >>> LOG: org.eclipse.jetty.util.log.Logger =
> >>> {org.eclipse.jetty.util.log.Slf4jLog@9549}
> >>> "org.ops4j.pax.logging.slf4j.Slf4jLogger@43ea82d7"
> >>> DEFAULT_ROLE_CLASS_NAME: java.lang.String =
> >>> "org.eclipse.jetty.jaas.JAASRole"
> >>> DEFAULT_ROLE_CLASS_NAMES: java.lang.String[] =
> >>> {java.lang.String[1]@9551}
> >>> _roleClassNames: java.lang.String[] = {java.lang.String[2]@9552}
> >>> _callbackHandlerClass: java.lang.String = null
> >>> _realmName: java.lang.String = "karaf"
> >>> _loginModuleName: java.lang.String = "karaf"
> >>>
> >>> Now, with your Camel route, I got:
> >>>
> >>> $ curl -v http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 404 Not Found
> >>> < Cache-Control: must-revalidate,no-cache,no-store
> >>> < Content-Type: text/html;charset=iso-8859-1
> >>> < Content-Length: 456
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>>
> >>> $ curl -v -u karaf:karaf http://localhost:8181/camel/api/say/hello
> >>> * Trying ::1:8181...
> >>> * Connected to localhost (::1) port 8181 (#0)
> >>> * Server auth using Basic with user 'karaf'
> >>>> GET /camel/api/say/hello HTTP/1.1
> >>>> Host: localhost:8181
> >>>> Authorization: Basic a2FyYWY6a2FyYWY=
> >>>> User-Agent: curl/7.69.1
> >>>> Accept: */*
> >>>>
> >>> * Mark bundle as not supporting multiuse
> >>> < HTTP/1.1 200 OK
> >>> < Content-Type: application/json
> >>> < Accept: */*
> >>> < Authorization: Basic a2FyYWY6a2FyYWY=
> >>> < breadcrumbId: ID-everfree-forest-1589807499756-0-1
> >>> < User-Agent: curl/7.69.1
> >>> < Transfer-Encoding: chunked
> >>> < Server: Jetty(9.4.22.v20191022)
> >>> <
> >>> * Connection #0 to host localhost left intact
> >>> "Hello World"
> >>>
> >>> In theory it should be possible to grab (in etc/jetty.xml, using
> >>> <Configure> element) instance of SecurityHandler and simply set there
> the
> >>> "realmName" property to "Karaf", so even with two different beans with
> >>> org.eclipse.jetty.jaas.JAASLoginService class, Jetty would pick up the
> >>> right one. But in Pax Web security handler is part of every
> >>> org.ops4j.pax.web.service.jetty.internal.HttpServiceContext created and
> >>> only in Pax Web 8 I'd be able to fix this in more clean way.
> >>>
> >>> So, please use only one org.eclipse.jetty.jaas.JAASLoginService in your
> >>> etc/jetty.xml
> >>>
> >>> regards
> >>> Grzegorz Grzybek
> >>>
> >>> pon., 18 maj 2020 o 10:25 Achim Nierbeck <bcanh...@googlemail.com
> .invalid>
> >>> napisał(a):
> >>>
> >>>> Hi,
> >>>>
> >>>> I already also answered Gerald in another mail.
> >>>> I'm not quite sure but what might be an issue, is that the default
> >>>> http-context used in his application isn't bound to the underlying
> security
> >>>> realm.
> >>>> Therefore it's quite a possibility that there needs to be a
> configuration
> >>>> done in his own application, using his own http-Context.
> >>>>
> >>>> Can be found here:
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/internal/Activator.java
> >>>>
> >>>>
> https://github.com/ops4j/org.ops4j.pax.web/blob/master/samples/authentication/src/main/java/org/ops4j/pax/web/samples/authentication/AuthHttpContext.java
> >>>> and here:
> >>>>
> >>>>
> https://github.com/jgoodyear/ApacheKarafCookbook/blob/master/chapter4/chapter4-recipe4/chapter4-recipe4-whiteboard/src/main/java/com/packt/internal/Activator.java
> >>>>
> >>>> regards, Achim
> >>>>
> >>>>
> >>>> Am Fr., 15. Mai 2020 um 21:06 Uhr schrieb Alex Soto <
> alex.s...@envieta.com
> >>>>> :
> >>>>
> >>>>> I’m sorry, I don’t know why it's not working; it looks correct to me.
> >>>>> Maybe somebody from the Pax-Web team can help you.
> >>>>> The only suspicious thing is the warning:
> >>>>>
> >>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 | SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>> Which suggest something is misconfigured.
> >>>>>
> >>>>> Best regards,
> >>>>> Alex soto
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>> On May 15, 2020, at 2:23 PM, Gerald Kallas <catsh...@mailbox.org>
> >>>> wrote:
> >>>>>>
> >>>>>> 2020-05-15T18:20:50,256 | WARN | qtp1611313605-201 |
> SecurityHandler
> >>>>> | 229 - org.eclipse.jetty.util - 9.4.22.v20191022 | No
> >>>>> authenticator for: {RoleInfo,C[admin],None}
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>>
> >>>> Apache Member
> >>>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >>>> OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/>
> Committer &
> >>>> Project Lead
> >>>> blog <http://notizblog.nierbeck.de/>
> >>>> Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
> >>>>
>
>
