karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: jetty.xml --> spring jetty.xml
Date Fri, 24 Dec 2010 13:12:22 GMT
As i said I think the security config should be per endpoint, don't
you? Which means the problem isn't on the component or even global,
but rather at the endpoint level.
What if we simply improve the servlet itself to do the authentication
directly, based on the endpoint uri?  It's quite easy to do and we
already have the code available in the webconsole/branding karaf
module (it would need to be changed to retrieve the parameters from
the enpoint uri obviously).

On Friday, December 24, 2010, Charles Moulliard <cmoulliard@gmail.com> wrote:
> The problem that we have with camel-servlet is that if we provide a
> securityHandler using parameter (like we do for camel-jetty), then the
> component becomes specific to jetty and in fact camel-servlet can be
> deployed in every j2ee server.
>
> Does it make sense to deploy camel-servlet in a WAR on Karaf just to
> have the security features ?
>
>
> On Fri, Dec 24, 2010 at 1:04 PM, Guillaume Nodet <gnodet@gmail.com> wrote:
>> The security bits need to be configured per servlet or per webapp, not
>> globally.   Only the authenticator (jaas) can be configured globally.
>>
>> For example, the web console uses the HTTP osgi service and creates
>> its own HttpContext to do the authentication.   If you just expose a
>> servlet from an OSGi bundle, exporting a filter or a webapp security
>> config will work.  If you deploy a real war/wab you can use the
>> web.xml
>>
>> For camel, I'm not sure how this is done, so not sure what's the best
>> way, but it should be done per endpoint imho, using the url parameters
>> to cinfigure the auhthenticqtion mechanism (basic, digest, ssl...)
>>
>> On Friday, December 24, 2010, Charles Moulliard <cmoulliard@gmail.com> wrote:
>>> It is very difficult to transform spring bean xml into jetty xml
>>> syntax. Here is what I attempt to do but without success
>>>
>>> So it is not possible now to configure jetty + jaas on Karaf
>>>
>>>     <Call name="addBean">
>>>       <Arg>
>>>         <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>>         <Set name="name">ldap</Set>
>>>         <Set name="loginModuleName">ldap</Set>
>>>         <Set name="roleClassNames">
>>>                 <Array type="java.lang.String">
>>>                         <Item>org.apache.karaf.jaas.modules.RolePrincipal</Item>
>>>             </Array>
>>>         </Set>
>>>         </New>
>>>       </Arg>
>>>     </Call>
>>>      <Call name="addBean">
>>>       <Arg>
>>>         <New class="org.eclipse.jetty.http.security.Constraint">
>>>           <Set name="name">BASIC</Set>
>>>           <Set name="roles">
>>>                 <Array type="java.lang.String">
>>>                         <Item>admin</Item>
>>>             </Array>
>>>           </Set>
>>>           <Set name="authenticate">true</Set>
>>>         </New>
>>>       </Arg>
>>>     </Call>
>>>
>>>     <Call name="addBean">
>>>       <Arg>
>>>         <New class="org.eclipse.jetty.security.ConstraintMapping">
>>>                 <Set name="constraint">
>>>                 <Array type="org.eclipse.jetty.http.security.Constraint">
>>>                         <Item>
>>>                            <New class="org.eclipse.jetty.http.security.Constraint">
>>>                                 <Set name="name">BASIC</Set>
>>>                                 <Set name="roles">
>>>                                         <Array type="java.lang.String">
>>>

-- 
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com

Mime
View raw message