3 Replies Latest reply on Jan 15, 2014 8:55 AM by eric.wittmann

    How do I use a custom LoginService for my WAR in Fuse 6.1?

    eric.wittmann
    eric.wittmann Jan 9, 2014 2:39 PM

      I'm currently using the latest download of Fuse 6.1 Alpha and I'm trying to use a custom LoginService for my web app (I need a login service that supports both BASIC authentication and SAML Bearer Token authentication).  I have a very simple test web application here:

       

        https://github.com/EricWittmann/fuse-test-apps/tree/master/fta-custom-login-service-war

       

      This web application includes a custom login service here:

       

        https://github.com/EricWittmann/fuse-test-apps/blob/master/fta-custom-login-service-war/src/main/java/org/overlord/fta/login/MyLoginService.java

       

      And it attempts to configure it in Jetty via the jetty-web.xml file included in the WEB-INF:

       

        https://github.com/EricWittmann/fuse-test-apps/blob/master/fta-custom-login-service-war/src/main/webapp/WEB-INF/jetty-web.xml

       

      Unfortunately this gives me a ClassNotFoundError:

       

        java.lang.ClassNotFoundException: org.overlord.fta.login.MyLoginService not found by io.hawt.hawtio-karaf-terminal [239]

       

      If I then try to use the standard hash login service instead, I get this:

       

        java.lang.NoSuchMethodException: org.eclipse.jetty.security.ConstraintSecurityHandler.setLoginService(org.eclipse.jetty.security.HashLoginService)

       

      Help me Obi-Wan!

        • 1. Re: How do I use a custom LoginService for my WAR in Fuse 6.1?
          eric.wittmann
          eric.wittmann Jan 9, 2014 2:46 PM (in response to eric.wittmann)

          I should add that I'm not married to the idea of providing a custom LoginService if there is a better way to contribute custom authentication mechanisms for web applications in Fuse 6.1!

            • Actions
          • 2. Re: How do I use a custom LoginService for my WAR in Fuse 6.1?
            gnodet
            gnodet Jan 15, 2014 5:30 AM (in response to eric.wittmann)

            This does not seem to be properly supported.  The real problem is that when loading the custom jetty.xml, jetty uses the thread context classloader to load the classes, but pax-web does not set it to the classloader of the war bundle being deployed, leading to a CNFE.

            Please raise a JIRA issue at Pax Web - OPS4J Issues so that we can get that fixed.

             

            As a workaround, the easiest way would be to delegate to a native jetty login service or to implement security using a custom web filter maybe.  The jetty-all-server contains a JAAS LoginService (org.eclipse.jetty.plus.jaas.JAASLoginService) which you can use.  All security auth is done using JAAS in Fuse.

              • Actions
            • 3. Re: How do I use a custom LoginService for my WAR in Fuse 6.1?
              eric.wittmann
              eric.wittmann Jan 15, 2014 8:55 AM (in response to gnodet)

              Ok thanks very much, I'll do that. 

               

              I'm not too surprised, since I ran into a similar problem when trying to get Weld working.  In that case, the Weld Listener class (a servlet listener) was failing to load because the thread context classloader was set to the wrong WAR bundle CL.  Might be a separate bug, but I'll mention both in the JIRA.

                • Actions