pax web, configure custom Jetty Authenticator
331 views
Skip to first unread message
Oli
Sep 12, 2013, 8:12:00 AM9/12/13
to op...@googlegroups.com
Hi guys
I'm testing pax web 1.1.12 in karaf and wanted to deploy a secured web application. As I wanted to add a different (custom) login services, identity service and authenticator, I used the example "jetty-auth-config-fragment" to add more beans. Even this bundle is ACTIVE, and Fragment-Host is set to "org.ops4j.pax.web.pax-web-jetty" the beans are not added. Here a snippet of the jetty.xml embedded in this bundle:
....
   <Call name="addBean">
     <Arg>
       <New class="org.apache.cxf.fediz.jetty.FederationLoginService">
         <Set name="name">WSFED</Set>
       </New>
     </Arg>
   </Call>
  Â
   <Call name="addBean">
     <Arg>
       <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
         <Set name="configFile"><SystemProperty name="jetty.home" default="."/>/etc/fediz_config.xml</Set>
       </New>
     </Arg>
   </Call>
...
And the MANIFEST:
Manifest-Version: 1.0
Built-By: root
Tool: Bnd-1.15.0
Bundle-Name: Apache Fediz Karaf Plugin - Jetty authentication config f
 ragment
Created-By: Apache Maven Bundle Plugin
Bundle-Vendor: The Apache Software Foundation
Fragment-Host: org.ops4j.pax.web.pax-web-jetty
Build-Jdk: 1.7.0_21
Bundle-Version: 1.1.0.SNAPSHOT
Bnd-LastModified: 1378985961720
Bundle-ManifestVersion: 2
Bundle-Description: The Apache Software Foundation provides support fo
 r the Apache community of open-source software projects.   The Apach
 e projects are characterized by a collaborative, consensus based deve
 lopment process, an open and   pragmatic software license, and a des
 ire to create high quality software that leads the way in its field.Â
   We consider ourselves not simply a group of projects sharing a ser
 ver, but rather a community of developers   and users.
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Bundle-SymbolicName: org.apache.cxf.fediz.karaf.config
Bundle-DocURL: http://www.apache.org/
I figured this out by remote debugging karaf. Within the jetty class SecurityHandler, the method findLoginService checks for beans of type LoginService:
List<LoginService> list = getServer().getBeans(LoginService.class);
But only the LoginServices are listed which are configured in <karaf.home>/etc/jetty.xml.
The second problem is that I haven't figured out a way to set a different authenticator on the SecurityHandler. The JettyServerWrapper configures the SecurityHandler in the method configureSecurity():
...
      Authenticator authenticator = null;
      if (Constraint.__FORM_AUTH.equals(authMethod)) {
         authenticator = new FormAuthenticator();
         securityHandler.setInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE,formLoginPage);
         securityHandler.setInitParameter(FormAuthenticator.__FORM_ERROR_PAGE,formErrorPage);
      } else if (Constraint.__BASIC_AUTH.equals(authMethod))
         authenticator = new BasicAuthenticator();
      else if (Constraint.__DIGEST_AUTH.equals(authMethod))
         authenticator = new DigestAuthenticator();
      else if (Constraint.__CERT_AUTH.equals(authMethod))
         authenticator = new ClientCertAuthenticator();
      else if (Constraint.__CERT_AUTH2.equals(authMethod))
         authenticator = new ClientCertAuthenticator();
      else if (Constraint.__SPNEGO_AUTH.equals(authMethod))
                   authenticator = new SpnegoAuthenticator();
      else
         LOG.warn("UNKNOWN AUTH METHOD: " + authMethod);
      securityHandler.setAuthenticator(authenticator);
...
In my case, the authMethod is different to the standard one and I want to configure a different authenticator. Is there a way to configure another authenticator?
Thanks
Oli
I'm testing pax web 1.1.12 in karaf and wanted to deploy a secured web application. As I wanted to add a different (custom) login services, identity service and authenticator, I used the example "jetty-auth-config-fragment" to add more beans. Even this bundle is ACTIVE, and Fragment-Host is set to "org.ops4j.pax.web.pax-web-jetty" the beans are not added. Here a snippet of the jetty.xml embedded in this bundle:
....
   <Call name="addBean">
     <Arg>
       <New class="org.apache.cxf.fediz.jetty.FederationLoginService">
         <Set name="name">WSFED</Set>
       </New>
     </Arg>
   </Call>
  Â
   <Call name="addBean">
     <Arg>
       <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
         <Set name="configFile"><SystemProperty name="jetty.home" default="."/>/etc/fediz_config.xml</Set>
       </New>
     </Arg>
   </Call>
...
And the MANIFEST:
Manifest-Version: 1.0
Built-By: root
Tool: Bnd-1.15.0
Bundle-Name: Apache Fediz Karaf Plugin - Jetty authentication config f
 ragment
Created-By: Apache Maven Bundle Plugin
Bundle-Vendor: The Apache Software Foundation
Fragment-Host: org.ops4j.pax.web.pax-web-jetty
Build-Jdk: 1.7.0_21
Bundle-Version: 1.1.0.SNAPSHOT
Bnd-LastModified: 1378985961720
Bundle-ManifestVersion: 2
Bundle-Description: The Apache Software Foundation provides support fo
 r the Apache community of open-source software projects.   The Apach
 e projects are characterized by a collaborative, consensus based deve
 lopment process, an open and   pragmatic software license, and a des
 ire to create high quality software that leads the way in its field.Â
   We consider ourselves not simply a group of projects sharing a ser
 ver, but rather a community of developers   and users.
Bundle-License: http://www.apache.org/licenses/LICENSE-2.0.txt
Bundle-SymbolicName: org.apache.cxf.fediz.karaf.config
Bundle-DocURL: http://www.apache.org/
I figured this out by remote debugging karaf. Within the jetty class SecurityHandler, the method findLoginService checks for beans of type LoginService:
List<LoginService> list = getServer().getBeans(LoginService.class);
But only the LoginServices are listed which are configured in <karaf.home>/etc/jetty.xml.
The second problem is that I haven't figured out a way to set a different authenticator on the SecurityHandler. The JettyServerWrapper configures the SecurityHandler in the method configureSecurity():
...
      Authenticator authenticator = null;
      if (Constraint.__FORM_AUTH.equals(authMethod)) {
         authenticator = new FormAuthenticator();
         securityHandler.setInitParameter(FormAuthenticator.__FORM_LOGIN_PAGE,formLoginPage);
         securityHandler.setInitParameter(FormAuthenticator.__FORM_ERROR_PAGE,formErrorPage);
      } else if (Constraint.__BASIC_AUTH.equals(authMethod))
         authenticator = new BasicAuthenticator();
      else if (Constraint.__DIGEST_AUTH.equals(authMethod))
         authenticator = new DigestAuthenticator();
      else if (Constraint.__CERT_AUTH.equals(authMethod))
         authenticator = new ClientCertAuthenticator();
      else if (Constraint.__CERT_AUTH2.equals(authMethod))
         authenticator = new ClientCertAuthenticator();
      else if (Constraint.__SPNEGO_AUTH.equals(authMethod))
                   authenticator = new SpnegoAuthenticator();
      else
         LOG.warn("UNKNOWN AUTH METHOD: " + authMethod);
      securityHandler.setAuthenticator(authenticator);
...
In my case, the authMethod is different to the standard one and I want to configure a different authenticator. Is there a way to configure another authenticator?
Thanks
Oli
Oli
Sep 13, 2013, 4:26:17 AM9/13/13
to op...@googlegroups.com
Hi there
I've found that pax web 2.x supports embedding jetty-web.xml within WEB-INF which was addressed in JIRA:
https://ops4j1.jira.com/browse/PAXWEB-283
Is it possible to backport that to pax web 1.1.x? Unfortunately, only the most recent version of karaf 2.4.0 support pax web 2.1.x.
If there is another way to configure a custom webapp context let me know.
Thanks
Oli
I've found that pax web 2.x supports embedding jetty-web.xml within WEB-INF which was addressed in JIRA:
https://ops4j1.jira.com/browse/PAXWEB-283
Is it possible to backport that to pax web 1.1.x? Unfortunately, only the most recent version of karaf 2.4.0 support pax web 2.1.x.
If there is another way to configure a custom webapp context let me know.
Thanks
Oli
Achim Nierbeck
Sep 16, 2013, 7:33:37 AM9/16/13
to op...@googlegroups.com
Hi Oli,Â
there's a reason for this only being available in 2.x, it's a behavioral (API-Breaking) changing change which is the reason it's not being back-ported to the 1.1.x line.Â
You might also try the Karaf 3.0 line (containing Pax-Web 3.0.x)
regards, AchimÂ
--
--
------------------
OPS4J - http://www.ops4j.org - op...@googlegroups.com
Â
---
You received this message because you are subscribed to the Google Groups "OPS4J" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ops4j+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead
OPS4J Pax for Vaadin <http://team.ops4j.org/wiki/display/PAXVAADIN/Home> Commiter & Project Lead
blog <http://notizblog.nierbeck.de/>
Reply all
Reply to author
Forward
0 new messages