karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: Jetty + security + camel servlet
Date Mon, 20 Dec 2010 14:15:55 GMT
I'd use JAAS as there's no need to tie to jetty in that case.
You can find an implementation of HttpContext in the webconsole:
  http://svn.apache.org/repos/asf/felix/trunk/webconsole/src/main/java/org/apache/felix/webconsole/internal/servlet/OsgiManagerHttpContext.java
  http://svn.apache.org/repos/asf/karaf/trunk/webconsole/branding/src/main/java/org/apache/karaf/webconsole/JaasSecurityProvider.java

On Mon, Dec 20, 2010 at 15:08, Charles Moulliard <cmoulliard@gmail.com> wrote:
> As I configure the camelServlet using a Servlet Activator, I will follow the
> way of OSGI and
>
> org.osgi.service.http.HttpContext
>
>
> Do you suggest to call JAAS or to register the handlers required by Jetty in
> the osgi servlet?
>
> On 20/12/10 14:59, Guillaume Nodet wrote:
>>
>> On Mon, Dec 20, 2010 at 14:42, Charles Moulliard<cmoulliard@gmail.com>
>>  wrote:
>>>
>>> Hi,
>>>
>>> I would like to start a discussion around the following point as it does
>>> not
>>> seem obvious to find an answer. To authenticate a HTTP user with camel on
>>> Karaf we can use the component camel-jetty and camel-servlet. Jetty +
>>> JAAS +
>>> camel can be easily configured using Spring beans + securityHandler with
>>> camel but this does not seem the case with camel-servlet.
>>>
>>> The component camel-servlet does not accept as parameter a handler(s) for
>>> Jetty. This is normal as camel can be deployed in different Application
>>> Servers which are not build with Jetty. So what alternative(s) exist to
>>> configure camel-servlet with Jetty + JAAS on Karaf ? Using jetty.xml (in
>>> etc
>>> folder) but how to link camel servlet with jetty security handler ?
>>>
>> Unless I'm wrong, when you use camel-servlet, you're responsible for
>> setting up the CamelHttpTransportServlet servlet.
>> In OSGi, it could be done either using a standard web application
>> (deployed using the war support), or directly using the OSGi HTTP
>> service.  In the former case, you'd have to configure the web.xml for
>> security.  In the latter case, you need to use the OSGi HTTP service
>> api to properly configure the security bits (by implementing
>> org.osgi.service.http.HttpContext interface).
>>
>> I agree we could have an example of showing the last way in camel .
>> Configuring the war for security isn't specific to OSGi or Camel fwiw.
>>
>>> Regards,
>>>
>>> Charles
>>>
>>
>>
>



-- 
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com

Mime
View raw message