3 Replies Latest reply on Feb 20, 2013 9:33 PM by ffang

    Jetty.xml settings causes JAAS realm problem

    wayn23
    wayn23 Feb 8, 2013 1:19 PM

      I am using Enterprise ESB 7.1

       

      I was using the "karaf" realm and added a user to users.properties and that worked perfectly. I use the Karaf Web Console and it works fine.

       

      This problem started when I tried to use the MQ Console. I installed feature mq-web-console successfully. However, it is a war file, which requires changes to jetty in order to make it work.  I found I had to set

       

      etc\org.ops4j.pax.web.cfg    org.ops4j.pax.web.config.file=etc/jetty.xml

       

      However after enabling the jetty.xml file, now I am getting a security problem when trying to call a web service published with CXF.

       

      Get error java.lang.ClassNotFoundException: org.apache.karaf.jaas.boot.principal.RolePrincipal not found by org.apache.cxf.cxf-rt-transports-http (see attached detailed log)

       

      That class is specified in etc/jetty.xml

           

       

      Shouldn't jetty.xml be configured to use the same JAAS realm that is used by karaf? If so, how do I do that?

      • 871 Views
      • Tags:
        • 1. Re: Jetty.xml settings causes JAAS realm problem
          ffang
          ffang Feb 18, 2013 1:38 AM (in response to wayn23)

          Hi,

           

          You need comment out 

          <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
                <Set name="name">karaf</Set>
                <Set name="loginModuleName">karaf</Set>
                <Set name="roleClassNames">
                    <Array type="java.lang.String">
                        <Item>org.apache.karaf.jaas.boot.principal.RolePrincipal</Item>
                    </Array>
                </Set>
            </New>
        </Arg>
    </Call>

           

          As  cxf will use JAASLoginInterceptor with KARAF jaas realm to do authentication, shouldn't have jetty JAASLoginService enabled to do the authentication.

           

          Freeman

            • Actions
          • 2. Re: Jetty.xml settings causes JAAS realm problem
            wayn23
            wayn23 Feb 20, 2013 10:47 AM (in response to ffang)

            That thought had occurred to me. When I comment out the "addBean" section, it still fails complaining that there is no LoginService provided.  Please see the attached log file called mq-webconsole.log.

             

            All this started as mq-webconsole is a war file.  Could it be packaged as a bundle like the Karaf WebConsole?

              • Actions
            • 3. Re: Jetty.xml settings causes JAAS realm problem
              ffang
              ffang Feb 20, 2013 9:33 PM (in response to wayn23)

              Hi,

               

              Please don't comment out the "addBean" section, the mq-webconsole need it.

               

              The error like

              error java.lang.ClassNotFoundException: org.apache.karaf.jaas.boot.principal.RolePrincipal not found by org.apache.cxf.cxf-rt-transports-http

               

              is a bug in CXF which get resolved yesterday. Basically, it's a context classloader issue, which means should try to look for Principal class from customer bundle classloader but not from cxf-rt-transports-http. Next release will pick up this fix.

               

              Btw, currently the org.eclipse.jetty.plus.jaas.JAASLoginService configuration is globally so it apply for all context path, but my gut feeling is that  jetty configuration should be able to provide a way to specify a context path, which means jetty JAASLoginService can only apply for some certain path, not really sure though.

               

              Freeman

                • Actions