karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Achim Nierbeck <achim.nierb...@ptv.de>
Subject Re: Karaf Webconsole and JAAS how does it work?
Date Wed, 14 Jul 2010 07:49:44 GMT

I now did some more in detail inspection, the exception is thrown while
loginContext.login() is executed and somehow it seems to be somewhere 

		invokePriv(LOGIN_METHOD);  <<< Here in class LoginContext
		invokePriv(COMMIT_METHOD);


    private void invokePriv(final String methodName) throws LoginException {
	try {
	    java.security.AccessController.doPrivileged
		(new java.security.PrivilegedExceptionAction() {
		public Object run() throws LoginException {
		    invoke(methodName); <<<---- Here 
		    return null;
		}
	    });


     // instantiate the LoginModule
		    Class c = Class.forName        <<< This class is not found :(
				(moduleStack[i].entry.getLoginModuleName(),
				true,
				contextClassLoader);


This is the contextClassLoader: 

BundleClassLoader{bundle=org.apache.felix.webconsole_3.1.0 [95],parent=null}

parent=null doesn't seem to be right, or am I wrong?

At least this is the place where the CNF Exception is comming from. 
When I hit a packages:exports 0 

I can see the package in question though. 

...
OSGi System Bundle (0): org.apache.karaf.jaas.boot;
version="1.99.0.SNAPSHOT"
OSGi System Bundle (0): org.apache.karaf.version; version="1.99.0.SNAPSHOT"
...


any ideas so far?


Achim Nierbeck wrote:
> 
> Unfortunately, it still doesn't work. I now use the original
> config.properties and use the custom.properties to configure to use
> equinox as osgi framework
> 
> 
> Achim Nierbeck wrote:
>> 
>> Ok, somehow i merged the jaas.boot stuff to system.packages.extra and not
>> to system.packages :(
>> 
>> One more thing about the exception, I think a WARN with the Information
>> that there has been an Exception could be logged. 
>> 
>> Now I will try with the "right" configuration. Another PEBKAC :(
>> 
>> 
>> Guillaume Nodet wrote:
>>> 
>>> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>>> wrote:
>>>>
>>>> OK, got it.
>>>>
>>>> Got an LoginException which says it can't find the class
>>>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>>>
>>>> but just to mention, I don't think  it is a good style to catch an
>>>> exception
>>>> and not to do anything with it.
>>>> At leas you should log a warning, just for the records :)
>>> 
>>> Yes, but the problem is that this is a security related exception, so
>>> you certainly don't want to expose passwords in the log ...
>>> We've had users complaining about such exposure of sensitive data.
>>> 
>>>>
>>>> Now, what can I do about the "missing" Class :-)
>>>>
>>> 
>>> I bet you changed the default config.properties.  The
>>> org.apache.karaf.jaas.boot should be boot delegated.
>>> 
>>>>
>>>> Guillaume Nodet wrote:
>>>>>
>>>>> Yeah, debugging is a good solution in that case.
>>>>> You should try to put a breakpoint in
>>>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>>>> and see what happens.
>>>>> If you don't hit that breakpoint, it means the webconsole does not see
>>>>> karaf authenticator, else you should see an exception in that method.
>>>>>
>>>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck
>>>>> <achim.nierbeck@ptv.de>
>>>>> wrote:
>>>>>>
>>>>>> That's what is driving me nuts, I do not have any exceptions.
>>>>>> It asks me for the credentials over and over again :(
>>>>>>
>>>>>> I just started the whole server with DEBUG log level and the sift
>>>>>> logger
>>>>>> enabled.
>>>>>> It looks like I'm not authorized, I'll attach the
>>>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>>>
>>>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>>>
>>>>>>
>>>>>> Guillaume Nodet wrote:
>>>>>>>
>>>>>>> Any exception in the log ? Also, I'm not sure to understand what
you
>>>>>>> see, is the http request denied ?
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> I already did that, and I also configured
>>>>>>>> the pax-web Container with the following file:
>>>>>>>>
>>>>>>>> org.ops4j.pax.web.cfg
>>>>>>>>
>>>>>>>> and the following properties:
>>>>>>>>
>>>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>>>> org.osgi.service.http.port=8080
>>>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>>>
>>>>>>>> so if I call
>>>>>>>>
>>>>>>>> http://localhost:8080/system/console
>>>>>>>>
>>>>>>>> i do get the request for username and passwort, but I'm still
not
>>>>>>>> able
>>>>>>>> to
>>>>>>>> get to the webconsole,
>>>>>>>> which is quite strange since I did this also with the Karaf
1.6.0
>>>>>>>> release
>>>>>>>> where it did work.
>>>>>>>>
>>>>>>>>
>>>>>>>> Guillaume Nodet wrote:
>>>>>>>>>
>>>>>>>>> I think that' s because the webconsole feature has some
additional
>>>>>>>>> config:
>>>>>>>>>
>>>>>>>>>         <config name="org.apache.karaf.webconsole">
>>>>>>>>>           realm=karaf
>>>>>>>>>         </config>
>>>>>>>>>
>>>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg
in the etc
>>>>>>>>> dir
>>>>>>>>> with the above properties, it should work.
>>>>>>>>>
>>>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some
additional
>>>>>>>>>> bundles.
>>>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>>>> spring
>>>>>>>>>> spring-dm
>>>>>>>>>> http
>>>>>>>>>> war
>>>>>>>>>> webconsole
>>>>>>>>>>
>>>>>>>>>> and some additional bundles for all kinds of apache
commons
>>>>>>>>>> stuff.
>>>>>>>>>>
>>>>>>>>>> when i call the webconsole I do get the prompt for
the
>>>>>>>>>> credentials,
>>>>>>>>>> but
>>>>>>>>>> they
>>>>>>>>>> are not accepted.
>>>>>>>>>>
>>>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those
features
>>>>>>>>>> later it
>>>>>>>>>> works,
>>>>>>>>>> so I don't know right now where the
>>>>>>>>>> problem is.
>>>>>>>>>>
>>>>>>>>>> Thanks in advance :)
>>>>>>>>>>
>>>>>>>>>> Achim
>>>>>>>>>> --
>>>>>>>>>> View this message in context:
>>>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>>>> Sent from the Karaf - Dev mailing list archive at
Nabble.com.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Cheers,
>>>>>>>>> Guillaume Nodet
>>>>>>>>> ------------------------
>>>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>>>> ------------------------
>>>>>>>>> Open Source SOA
>>>>>>>>> http://fusesource.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Guillaume Nodet
>>>>>>> ------------------------
>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>> ------------------------
>>>>>>> Open Source SOA
>>>>>>> http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Guillaume Nodet
>>>>> ------------------------
>>>>> Blog: http://gnodet.blogspot.com/
>>>>> ------------------------
>>>>> Open Source SOA
>>>>> http://fusesource.com
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>
>>> 
>>> 
>>> 
>>> -- 
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>> 
>>> 
>> 
>> Guillaume Nodet wrote:
>>> 
>>> On Tue, Jul 13, 2010 at 4:26 PM, Achim Nierbeck <achim.nierbeck@ptv.de>
>>> wrote:
>>>>
>>>> OK, got it.
>>>>
>>>> Got an LoginException which says it can't find the class
>>>> org.apache.karaf.jaas.boot.ProxyLoginModule
>>>>
>>>> but just to mention, I don't think  it is a good style to catch an
>>>> exception
>>>> and not to do anything with it.
>>>> At leas you should log a warning, just for the records :)
>>> 
>>> Yes, but the problem is that this is a security related exception, so
>>> you certainly don't want to expose passwords in the log ...
>>> We've had users complaining about such exposure of sensitive data.
>>> 
>>>>
>>>> Now, what can I do about the "missing" Class :-)
>>>>
>>> 
>>> I bet you changed the default config.properties.  The
>>> org.apache.karaf.jaas.boot should be boot delegated.
>>> 
>>>>
>>>> Guillaume Nodet wrote:
>>>>>
>>>>> Yeah, debugging is a good solution in that case.
>>>>> You should try to put a breakpoint in
>>>>> org.apache.karaf.webconsole.JaasSecurityProvider#authenticate method
>>>>> and see what happens.
>>>>> If you don't hit that breakpoint, it means the webconsole does not see
>>>>> karaf authenticator, else you should see an exception in that method.
>>>>>
>>>>> On Tue, Jul 13, 2010 at 2:30 PM, Achim Nierbeck
>>>>> <achim.nierbeck@ptv.de>
>>>>> wrote:
>>>>>>
>>>>>> That's what is driving me nuts, I do not have any exceptions.
>>>>>> It asks me for the credentials over and over again :(
>>>>>>
>>>>>> I just started the whole server with DEBUG log level and the sift
>>>>>> logger
>>>>>> enabled.
>>>>>> It looks like I'm not authorized, I'll attach the
>>>>>> org.ops4j.pax.web.pax-web-jetty.log file
>>>>>>
>>>>>> http://karaf.922171.n3.nabble.com/file/n963228/org.ops4j.pax.web.pax-web-jetty.log
>>>>>> org.ops4j.pax.web.pax-web-jetty.log
>>>>>>
>>>>>>
>>>>>> Guillaume Nodet wrote:
>>>>>>>
>>>>>>> Any exception in the log ? Also, I'm not sure to understand what
you
>>>>>>> see, is the http request denied ?
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 13, 2010 at 2:03 PM, Achim Nierbeck
>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> I already did that, and I also configured
>>>>>>>> the pax-web Container with the following file:
>>>>>>>>
>>>>>>>> org.ops4j.pax.web.cfg
>>>>>>>>
>>>>>>>> and the following properties:
>>>>>>>>
>>>>>>>> org.apache.karaf.features.configKey=org.ops4j.pax.web
>>>>>>>> org.osgi.service.http.port=8080
>>>>>>>> org.ops4j.pax.web.session.timeout=30
>>>>>>>>
>>>>>>>> so if I call
>>>>>>>>
>>>>>>>> http://localhost:8080/system/console
>>>>>>>>
>>>>>>>> i do get the request for username and passwort, but I'm still
not
>>>>>>>> able
>>>>>>>> to
>>>>>>>> get to the webconsole,
>>>>>>>> which is quite strange since I did this also with the Karaf
1.6.0
>>>>>>>> release
>>>>>>>> where it did work.
>>>>>>>>
>>>>>>>>
>>>>>>>> Guillaume Nodet wrote:
>>>>>>>>>
>>>>>>>>> I think that' s because the webconsole feature has some
additional
>>>>>>>>> config:
>>>>>>>>>
>>>>>>>>>         <config name="org.apache.karaf.webconsole">
>>>>>>>>>           realm=karaf
>>>>>>>>>         </config>
>>>>>>>>>
>>>>>>>>> If you put a file named org.apache.karaf.webconsole.cfg
in the etc
>>>>>>>>> dir
>>>>>>>>> with the above properties, it should work.
>>>>>>>>>
>>>>>>>>> On Tue, Jul 13, 2010 at 10:35 AM, Achim Nierbeck
>>>>>>>>> <achim.nierbeck@ptv.de>
>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Right now I'm repackaging the Karaf 1.99 with some
additional
>>>>>>>>>> bundles.
>>>>>>>>>> Basically it is the same as if I would use the features
>>>>>>>>>> spring
>>>>>>>>>> spring-dm
>>>>>>>>>> http
>>>>>>>>>> war
>>>>>>>>>> webconsole
>>>>>>>>>>
>>>>>>>>>> and some additional bundles for all kinds of apache
commons
>>>>>>>>>> stuff.
>>>>>>>>>>
>>>>>>>>>> when i call the webconsole I do get the prompt for
the
>>>>>>>>>> credentials,
>>>>>>>>>> but
>>>>>>>>>> they
>>>>>>>>>> are not accepted.
>>>>>>>>>>
>>>>>>>>>> If i use the "Vanilla" Karaf 1.99 and install those
features
>>>>>>>>>> later it
>>>>>>>>>> works,
>>>>>>>>>> so I don't know right now where the
>>>>>>>>>> problem is.
>>>>>>>>>>
>>>>>>>>>> Thanks in advance :)
>>>>>>>>>>
>>>>>>>>>> Achim
>>>>>>>>>> --
>>>>>>>>>> View this message in context:
>>>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p962815.html
>>>>>>>>>> Sent from the Karaf - Dev mailing list archive at
Nabble.com.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Cheers,
>>>>>>>>> Guillaume Nodet
>>>>>>>>> ------------------------
>>>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>>>> ------------------------
>>>>>>>>> Open Source SOA
>>>>>>>>> http://fusesource.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963158.html
>>>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>> Guillaume Nodet
>>>>>>> ------------------------
>>>>>>> Blog: http://gnodet.blogspot.com/
>>>>>>> ------------------------
>>>>>>> Open Source SOA
>>>>>>> http://fusesource.com
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963228.html
>>>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Cheers,
>>>>> Guillaume Nodet
>>>>> ------------------------
>>>>> Blog: http://gnodet.blogspot.com/
>>>>> ------------------------
>>>>> Open Source SOA
>>>>> http://fusesource.com
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p963549.html
>>>> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>>>>
>>> 
>>> 
>>> 
>>> -- 
>>> Cheers,
>>> Guillaume Nodet
>>> ------------------------
>>> Blog: http://gnodet.blogspot.com/
>>> ------------------------
>>> Open Source SOA
>>> http://fusesource.com
>>> 
>>> 
>> 
>> 
> 
> 

-- 
View this message in context: http://karaf.922171.n3.nabble.com/Karaf-Webconsole-and-JAAS-how-does-it-work-tp962815p965847.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.

Mime
View raw message