karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Achim Nierbeck <achim.nierb...@ptv.de>
Subject Re: Karaf Webconsole and JAAS how does it work?
Date Tue, 13 Jul 2010 14:43:17 GMT

Ok, somehow i merged the jaas.boot stuff to system.packages.extra and not to
system.packages :(

One more thing about the exception, I think a WARN with the Information that
there has been an Exception could be logged. 

Now I will try with the "right" configuration. Another PEBKAC :(


Guillaume Nodet wrote:
> 
> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
> wrote:
>>
>> OK, got it.
>>
>> Got an LoginException which says it can't find the class
>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>
>> but just to mention, I don't think  it is a good style to catch an
>> exception
>> and not to do anything with it.
>> At leas you should log a warning, just for the records :)
> 
> Yes, but the problem is that this is a security related exception, so
> you certainly don't want to expose passwords in the log ...
> We've had users complaining about such exposure of sensitive data.
> 
>>
>> Now, what can I do about the "missing" Class :-)
>>
> 
> I bet you changed the default config.properties.  The
> org.apache.karaf.jaas.boot should be boot delegated.
> 
>>
>> Guillaume Nodet wrote:
>>>
>>> Yeah, debugging is a good solution in that case.
>>> You should try to put a breakpoint in
>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>> and see what happens.
>>> If you don't hit that breakpoint, it means the webconsole does not see
>>> karaf authenticator, else you should see an exception in that method.
>>>
>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>>> wrote:
>>>>
>>>> That's what is driving me nuts, I do not have any exceptions.
>>>> It asks me for the credentials over and over again :(
>>>>
>>>> I just started the whole server with DEBUG log level and the sift
>>>> logger
>>>> enabled.
>>>> It looks like I'm not authorized, I'll attach the
>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>
>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>
>>>>
>>>> Guillaume Nodet wrote:
>>>>>
>>>>> Any exception in the log ? Also, I'm not sure to understand what you
>>>>> see, is the http request denied ?
>>>>>
>>>>>
>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>> <achim.nierbeck@ptv.de>
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> I already did that, and I also configured
>>>>>> the pax-web Container with the following file:
>>>>>>
>>>>>> org.ops4j.pax.web.cfg
>>>>>>
>>>>>> and the following properties:
>>>>>>
>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>> org.osgi.service.http.port=8080
>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>
>>>>>> so if I call
>>>>>>
>>>>>> http://localhost:8080/system/console
>>>>>>
>>>>>> i do get the request for username and passwort, but I'm still not
>>>>>> able
>>>>>> to
>>>>>> get to the webconsole,
>>>>>> which is quite strange since I did this also with the Karaf 1.6.0
>>>>>> release
>>>>>> where it did work.
>>>>>>
>>>>>>
>>>>>> Guillaume Nodet wrote:
>>>>>>>
>>>>>>> I think that' s because the webconsole feature has some additional
>>>>>>> config:
>>>>>>>
>>>>>>>         <config name="org.apache.karaf.webconsole">
>>>>>>>           realm=karaf
>>>>>>>         </config>
>>>>>>>
>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg in the
etc
>>>>>>> dir
>>>>>>> with the above properties, it should work.
>>>>>>>
>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some additional
>>>>>>>> bundles.
>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>> spring
>>>>>>>> spring-dm
>>>>>>>> http
>>>>>>>> war
>>>>>>>> webconsole
>>>>>>>>
>>>>>>>> and some additional bundles for all kinds of apache commons
stuff.
>>>>>>>>
>>>>>>>> when i call the webconsole I do get the prompt for the credentials,
>>>>>>>> but
>>>>>>>> they
>>>>>>>> are not accepted.
>>>>>>>>
>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those features
later
>>>>>>>> it
>>>>>>>> works,
>>>>>>>> so I don't know right now where the
>>>>>>>> problem is.
>>>>>>>>
>>>>>>>> Thanks in advance :)
>>>>>>>>
>>>>>>>> Achim
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Guillaume Nodet
>>>>>>> ------------------------
>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>> ------------------------
>>>>>>> Open Source SOA
>>>>>>> http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Guillaume Nodet
>>>>> ------------------------
>>>>> Blog: http://gnodet.blogspot.com/
>>>>> ------------------------
>>>>> Open Source SOA
>>>>> http://fusesource.com
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>>
>>>
>>
>> --
>> View this message in context:
>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>
> 
> 
> 
> -- 
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
> 
> 

Guillaume Nodet wrote:
> 
> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
> wrote:
>>
>> OK, got it.
>>
>> Got an LoginException which says it can't find the class
>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>
>> but just to mention, I don't think  it is a good style to catch an
>> exception
>> and not to do anything with it.
>> At leas you should log a warning, just for the records :)
> 
> Yes, but the problem is that this is a security related exception, so
> you certainly don't want to expose passwords in the log ...
> We've had users complaining about such exposure of sensitive data.
> 
>>
>> Now, what can I do about the "missing" Class :-)
>>
> 
> I bet you changed the default config.properties.  The
> org.apache.karaf.jaas.boot should be boot delegated.
> 
>>
>> Guillaume Nodet wrote:
>>>
>>> Yeah, debugging is a good solution in that case.
>>> You should try to put a breakpoint in
>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>> and see what happens.
>>> If you don't hit that breakpoint, it means the webconsole does not see
>>> karaf authenticator, else you should see an exception in that method.
>>>
>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>>> wrote:
>>>>
>>>> That's what is driving me nuts, I do not have any exceptions.
>>>> It asks me for the credentials over and over again :(
>>>>
>>>> I just started the whole server with DEBUG log level and the sift
>>>> logger
>>>> enabled.
>>>> It looks like I'm not authorized, I'll attach the
>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>
>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>
>>>>
>>>> Guillaume Nodet wrote:
>>>>>
>>>>> Any exception in the log ? Also, I'm not sure to understand what you
>>>>> see, is the http request denied ?
>>>>>
>>>>>
>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>> <achim.nierbeck@ptv.de>
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> I already did that, and I also configured
>>>>>> the pax-web Container with the following file:
>>>>>>
>>>>>> org.ops4j.pax.web.cfg
>>>>>>
>>>>>> and the following properties:
>>>>>>
>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>> org.osgi.service.http.port=8080
>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>
>>>>>> so if I call
>>>>>>
>>>>>> http://localhost:8080/system/console
>>>>>>
>>>>>> i do get the request for username and passwort, but I'm still not
>>>>>> able
>>>>>> to
>>>>>> get to the webconsole,
>>>>>> which is quite strange since I did this also with the Karaf 1.6.0
>>>>>> release
>>>>>> where it did work.
>>>>>>
>>>>>>
>>>>>> Guillaume Nodet wrote:
>>>>>>>
>>>>>>> I think that' s because the webconsole feature has some additional
>>>>>>> config:
>>>>>>>
>>>>>>>         <config name="org.apache.karaf.webconsole">
>>>>>>>           realm=karaf
>>>>>>>         </config>
>>>>>>>
>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg in the
etc
>>>>>>> dir
>>>>>>> with the above properties, it should work.
>>>>>>>
>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some additional
>>>>>>>> bundles.
>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>> spring
>>>>>>>> spring-dm
>>>>>>>> http
>>>>>>>> war
>>>>>>>> webconsole
>>>>>>>>
>>>>>>>> and some additional bundles for all kinds of apache commons
stuff.
>>>>>>>>
>>>>>>>> when i call the webconsole I do get the prompt for the credentials,
>>>>>>>> but
>>>>>>>> they
>>>>>>>> are not accepted.
>>>>>>>>
>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those features
later
>>>>>>>> it
>>>>>>>> works,
>>>>>>>> so I don't know right now where the
>>>>>>>> problem is.
>>>>>>>>
>>>>>>>> Thanks in advance :)
>>>>>>>>
>>>>>>>> Achim
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Guillaume Nodet
>>>>>>> ------------------------
>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>> ------------------------
>>>>>>> Open Source SOA
>>>>>>> http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Guillaume Nodet
>>>>> ------------------------
>>>>> Blog: http://gnodet.blogspot.com/
>>>>> ------------------------
>>>>> Open Source SOA
>>>>> http://fusesource.com
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>
>>>
>>>
>>>
>>> --
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>>
>>>
>>
>> --
>> View this message in context:
>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>
> 
> 
> 
> -- 
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
> 
> 

-- 
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963617.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.

Mime
View raw message