Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-785

Interaction Problem Between Karaf Jetty Security and Spring Security - Jetty Exception

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Not A Problem
    • Affects Version/s: 2.2.2
    • Fix Version/s: None
    • Component/s: karaf-webcontainer
    • Labels:
      None
    • Environment:

      Description

      Hello,

      This issue has been initiated from a thread in the karaf user forum:

      http://karaf.922171.n3.nabble.com/Mixing-Jetty-Security-and-Spring-Security-In-Karaf-tc3202093.html

      I created a simple web application (which I hope I can attach) with two locations secured with spring security configured for basic authentication:

      http://localhost:8181/sst/index.html - static web page
      http://localhost:8181/sst/sst - executes a test servlet

      To reproduce the jetty exception, I:

      (1) First connect to http://localhost:8181/sst/index.html - a 401 response is returned and I enter username "rod", password "koala" ("rod" is a valid user in my sample app). The index.html page "Hello OSGi World" is displayed.

      (2) Now I repoint my browser at the servlet http://localhost:8181/sst/sst. I get through to my servlet page which displays "Hello OSGi World Servlet. User Principle = <User Principle>". Whilst the page is displayed correctly I also see the following exception from Jetty:

      14:58:52,909 | WARN | 56-57 - /sst/sst | log | .eclipse.jetty.util.log.Slf4jLog 50 | 46 - org.eclipse.jetty.util - 7.4.2.v20110526 | EXCEPTION
      javax.security.auth.login.FailedLoginException: User rod does not exist
      at org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.login(PropertiesLoginModule.java:98)
      at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_26]
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_26]
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_26]
      at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_26]
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_26]
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_26]
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_26]
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_26]
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_26]
      at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[59:org.eclipse.jetty.plus:7.4.2.v20110526]
      at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:77)[53:org.eclipse.jetty.security:7.4.2.v20110526]
      at org.eclipse.jetty.security.authentication.DeferredAuthentication.authenticate(DeferredAuthentication.java:100)[53:org.eclipse.jetty.security:7.4.2.v20110526]
      at org.eclipse.jetty.server.Request.getAuthType(Request.java:353)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
      at javax.servlet.http.HttpServletRequestWrapper.getAuthType(HttpServletRequestWrapper.java:59)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
      at com.mytestcompany.sst.SSTServlet.service(SSTServlet.java:36)[752:com.mytestcompany.spring-security-test:1.0.0]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)[43:org.apache.geronimo.specs.geronimo-servlet_2.5_spec:1.1.2]
      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:538)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1352)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)[752:com.mytestcompany.spring-security-test:1.0.0]
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
      at org.ops4j.pax.web.service.internal.WelcomeFilesFilter.doFilter(WelcomeFilesFilter.java:169)[62:org.ops4j.pax.web.pax-web-runtime:1.0.4]
      at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1323)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:476)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
      at org.ops4j.pax.web.service.jetty.internal.HttpServiceServletHandler.doHandle(HttpServiceServletHandler.java:70)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:480)[53:org.eclipse.jetty.security:7.4.2.v20110526]
      at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:937)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.ops4j.pax.web.service.jetty.internal.HttpServiceContext.doHandle(HttpServiceContext.java:116)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)[54:org.eclipse.jetty.servlet:7.4.2.v20110526]
      at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:871)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.ops4j.pax.web.service.jetty.internal.JettyServerHandlerCollection.handle(JettyServerHandlerCollection.java:72)[63:org.ops4j.pax.web.pax-web-jetty:1.0.4]
      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.server.Server.handle(Server.java:342)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:589)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1048)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:601)[48:org.eclipse.jetty.http:7.4.2.v20110526]
      at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:214)[48:org.eclipse.jetty.http:7.4.2.v20110526]
      at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:411)[52:org.eclipse.jetty.server:7.4.2.v20110526]
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:535)[47:org.eclipse.jetty.io:7.4.2.v20110526]
      at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:40)[47:org.eclipse.jetty.io:7.4.2.v20110526]
      at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:529)[46:org.eclipse.jetty.util:7.4.2.v20110526]
      at java.lang.Thread.run(Thread.java:680)[:1.6.0_26]

      1. SpringSecurityExtTest.tar.gz
        5 kB
        Gareth Collins
      2. SpringSecurityExtTest.war
        4 kB
        Gareth Collins
      3. SpringSecurityTest.jar.gz
        3.11 MB
        Gareth Collins
      4. SpringSecurityTest.war
        3.09 MB
        Gareth Collins

        Activity

        Hide
        gcollins Gareth Collins added a comment -

        Simple web application war deployed to Karaf

        Show
        gcollins Gareth Collins added a comment - Simple web application war deployed to Karaf
        Hide
        gcollins Gareth Collins added a comment -

        The eclipse project for the web application (includes the java source)

        Show
        gcollins Gareth Collins added a comment - The eclipse project for the web application (includes the java source)
        Hide
        achim_nierbeck Achim Nierbeck added a comment -
        Show
        achim_nierbeck Achim Nierbeck added a comment - this issue depends on https://team.ops4j.org/browse/PAXWEB-292
        Hide
        achim_nierbeck Achim Nierbeck added a comment -

        Ok I've been playing around with this today.

        the sources jar unfortunately only contains slf4j srcs, therfore I can't use that
        second: I don't think you need all those spring jars inside your web-inf/lib directory
        those are already provided by Karaf.
        The missing spring-security bundles I'd rather install into the container with

        install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE
        (I'm to lazy to post all 5 bundles )

        this way you can be sure all spring bundles play together.
        Now you just need to make sure your Manifest does contain the correct imports.

        I played with Karaf 3.0-SNAPSHOT and had no luck unfortunately the servlet didn't seem to start right.

        This is just a quick status

        regards, Achim

        Show
        achim_nierbeck Achim Nierbeck added a comment - Ok I've been playing around with this today. the sources jar unfortunately only contains slf4j srcs, therfore I can't use that second: I don't think you need all those spring jars inside your web-inf/lib directory those are already provided by Karaf. The missing spring-security bundles I'd rather install into the container with install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE (I'm to lazy to post all 5 bundles ) this way you can be sure all spring bundles play together. Now you just need to make sure your Manifest does contain the correct imports. I played with Karaf 3.0-SNAPSHOT and had no luck unfortunately the servlet didn't seem to start right. This is just a quick status regards, Achim
        Hide
        gcollins Gareth Collins added a comment -

        Hello Achim,

        There was a problem because I included an slf4j log statement in the servlet? I can easily remove that, remove the slf4j jar I used
        for building and create another servlet.

        I only left the Spring jars in because I thought it would be easier that way (I know I don't need them if I add the Spring DM
        dependency). I can attach the Servlet using Spring DM. Would that be better? I am also able to reproduce the issue with
        an equivalent servlet using Apache Shiro as well.

        Let me know if there is anything else I could provide.

        thanks,
        Gareth

        Show
        gcollins Gareth Collins added a comment - Hello Achim, There was a problem because I included an slf4j log statement in the servlet? I can easily remove that, remove the slf4j jar I used for building and create another servlet. I only left the Spring jars in because I thought it would be easier that way (I know I don't need them if I add the Spring DM dependency). I can attach the Servlet using Spring DM. Would that be better? I am also able to reproduce the issue with an equivalent servlet using Apache Shiro as well. Let me know if there is anything else I could provide. thanks, Gareth
        Hide
        achim_nierbeck Achim Nierbeck added a comment -

        The provided src jar only contains sources for some slf4j stuff but unfortunately no servlet sources and web.xml.

        The war itself does contain a manifest that still references the Spring libs from inside, this way you won't get the needed
        references which are provided by karaf.

        So for you to test, Build a war that doesn't contain any spring specific jars in it's lib folder. Make sure you have the
        needed imports in your Manifest
        Add the needed spring-security bundles by

        install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE
        do this for all 5 of them

        For me for better testing add the right src.jar

        regards, Achim

        Show
        achim_nierbeck Achim Nierbeck added a comment - The provided src jar only contains sources for some slf4j stuff but unfortunately no servlet sources and web.xml. The war itself does contain a manifest that still references the Spring libs from inside, this way you won't get the needed references which are provided by karaf. So for you to test, Build a war that doesn't contain any spring specific jars in it's lib folder. Make sure you have the needed imports in your Manifest Add the needed spring-security bundles by install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE do this for all 5 of them For me for better testing add the right src.jar regards, Achim
        Hide
        gcollins Gareth Collins added a comment -

        SpringSecurityExtTest.war - Updated deployable war removing Spring Security jars (now depends on spring-dm-web) and removed any dependency on slf4j. The war now also includes the source file.
        SprintSecurityExtTest.jar.tz - Updated source file to remove dependency on slf4j. Removed spring jars and slf4j-api.jar from the eclipse project.

        Show
        gcollins Gareth Collins added a comment - SpringSecurityExtTest.war - Updated deployable war removing Spring Security jars (now depends on spring-dm-web) and removed any dependency on slf4j. The war now also includes the source file. SprintSecurityExtTest.jar.tz - Updated source file to remove dependency on slf4j. Removed spring jars and slf4j-api.jar from the eclipse project.
        Hide
        gcollins Gareth Collins added a comment -

        Hello Achim,

        The war now contains the one file of source as well:

        964 Thu Aug 04 15:15:04 EDT 2011 WEB-INF/classes/com/mytestcompany/sst/SSTServlet.java
        1511 Thu Aug 04 15:57:36 EDT 2011 WEB-INF/classes/com/mytestcompany/sst/SSTServlet.class

        Note that as well as installing spring, spring-web, spring-dm and spring-dm-web features (ugh), you need to install org.springframework.transaction-3.0.5.RELEASE.jar to get the war to run in Karaf.

        Let me know if this does/doesn't work for you.

        thanks again,
        Gareth

        Show
        gcollins Gareth Collins added a comment - Hello Achim, The war now contains the one file of source as well: 964 Thu Aug 04 15:15:04 EDT 2011 WEB-INF/classes/com/mytestcompany/sst/SSTServlet.java 1511 Thu Aug 04 15:57:36 EDT 2011 WEB-INF/classes/com/mytestcompany/sst/SSTServlet.class Note that as well as installing spring, spring-web, spring-dm and spring-dm-web features (ugh), you need to install org.springframework.transaction-3.0.5.RELEASE.jar to get the war to run in Karaf. Let me know if this does/doesn't work for you. thanks again, Gareth
        Hide
        achim_nierbeck Achim Nierbeck added a comment - - edited

        thank you will try, just a little note just installing the spring-dm-web feature pulls in all the other features as well.
        so basically you just need to install war and spring-dm-web

        Show
        achim_nierbeck Achim Nierbeck added a comment - - edited thank you will try, just a little note just installing the spring-dm-web feature pulls in all the other features as well. so basically you just need to install war and spring-dm-web
        Hide
        achim_nierbeck Achim Nierbeck added a comment - - edited

        Just tested the latest war and it works without any problem.

        • Used the latest 2.2.x-SNAPSHOT version of Karaf
        • installed features spring-dm-web (which in sub sequence does install the other spring related features)
        • installed the war feature, no war works without that
        • installed the transaction bundle
          • install -s mvn:org.springframework/org.springframework.transaction/3.0.5.RELEASE
        • installed the needed spring-security bundles:
          • install -s mvn:org.springframework.security/spring-security-core/3.0.5.RELEASE
          • install -s mvn:org.springframework.security/spring-security-config/3.0.5.RELEASE
          • install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE
          • install -s mvn:org.springframework.security/spring-security-web/3.0.5.RELEASE
          • install -s mvn:org.springframework.security/spring-security-taglibs/3.0.5.RELEASE

        dropped the provided test war in the deploy folder

        called http://localhost:8181/sste
        with my browser:
        used wrong credential:
        dummy
        dummy
        failed to log in

        retry with the credentials provided:
        rod
        koala

        The login works out allright.

        Now if I http://localhost:8181/sste/sst
        I do get the information about the credentials.

        But I also see the log statement.
        wich is quite reasonable I'd think.
        In the web.xml there is nothing configured telling Jetty how the credentials are
        given to the server, so it falls back to the configured Karaf JAAS
        mechanism. Btw. a login with working std. karaf credentials doesn't work.
        Now if I do interpret the stack-trace in a correct way jetty doesn't know
        how to handle the given credentials since they do not exist in the
        Karaf JAAS configuration. Which let's you know by throwing this exception
        in WARN level.

        So I guess this is alright since the initial request of
        using the credentials of Spring-Security works for me and
        the credentials of the underlying Karaf aren't touched at all.
        The only not so nice about it is the point that Jetty complains
        about not beeing able to find the credentials.

        Besides that it seems to me the spring-security bundles
        could be packed into a specialized features descriptor

        So if this is OK with you I'd suggest closing this issue.

        regards, Achim

        Show
        achim_nierbeck Achim Nierbeck added a comment - - edited Just tested the latest war and it works without any problem. Used the latest 2.2.x-SNAPSHOT version of Karaf installed features spring-dm-web (which in sub sequence does install the other spring related features) installed the war feature, no war works without that installed the transaction bundle install -s mvn:org.springframework/org.springframework.transaction/3.0.5.RELEASE installed the needed spring-security bundles: install -s mvn:org.springframework.security/spring-security-core/3.0.5.RELEASE install -s mvn:org.springframework.security/spring-security-config/3.0.5.RELEASE install -s mvn:org.springframework.security/spring-security-acl/3.0.5.RELEASE install -s mvn:org.springframework.security/spring-security-web/3.0.5.RELEASE install -s mvn:org.springframework.security/spring-security-taglibs/3.0.5.RELEASE dropped the provided test war in the deploy folder called http://localhost:8181/sste with my browser: used wrong credential: dummy dummy failed to log in retry with the credentials provided: rod koala The login works out allright. Now if I http://localhost:8181/sste/sst I do get the information about the credentials. But I also see the log statement. wich is quite reasonable I'd think. In the web.xml there is nothing configured telling Jetty how the credentials are given to the server, so it falls back to the configured Karaf JAAS mechanism. Btw. a login with working std. karaf credentials doesn't work. Now if I do interpret the stack-trace in a correct way jetty doesn't know how to handle the given credentials since they do not exist in the Karaf JAAS configuration. Which let's you know by throwing this exception in WARN level. So I guess this is alright since the initial request of using the credentials of Spring-Security works for me and the credentials of the underlying Karaf aren't touched at all. The only not so nice about it is the point that Jetty complains about not beeing able to find the credentials. Besides that it seems to me the spring-security bundles could be packed into a specialized features descriptor So if this is OK with you I'd suggest closing this issue. regards, Achim
        Hide
        gcollins Gareth Collins added a comment -

        My apologies. I didn't see the response until now.

        I can close the JIRA. It isn't a big issue.

        Is there any way for me to configure Karaf JAAS/Pax Web/Jetty to not invoke the JAAS mechanism
        for my servlet whilst keeping the JAAS mechanism for the Karaf console? If someone eventually
        needs to monitor this system, it would be nice to have some way to suppress the exception.

        thanks again,
        Gareth

        Show
        gcollins Gareth Collins added a comment - My apologies. I didn't see the response until now. I can close the JIRA. It isn't a big issue. Is there any way for me to configure Karaf JAAS/Pax Web/Jetty to not invoke the JAAS mechanism for my servlet whilst keeping the JAAS mechanism for the Karaf console? If someone eventually needs to monitor this system, it would be nice to have some way to suppress the exception. thanks again, Gareth
        Hide
        achim_nierbeck Achim Nierbeck added a comment -

        No Problem, thanx for giving this feedback so I'll close the connected Pax web one too

        about your question, don't know right now, I'll do a research on this

        Show
        achim_nierbeck Achim Nierbeck added a comment - No Problem, thanx for giving this feedback so I'll close the connected Pax web one too about your question, don't know right now, I'll do a research on this
        Hide
        druminski Łukasz Drumiński added a comment -

        To supress the exception we can define appropriate user and password in ./etc/users.properties

        http://karaf.apache.org/manual/latest-2.3.x/developers-guide/security-framework.html

        Show
        druminski Łukasz Drumiński added a comment - To supress the exception we can define appropriate user and password in ./etc/users.properties http://karaf.apache.org/manual/latest-2.3.x/developers-guide/security-framework.html
        Hide
        achim_nierbeck Achim Nierbeck added a comment -

        as stated it's not a problem ...

        Show
        achim_nierbeck Achim Nierbeck added a comment - as stated it's not a problem ...

          People

          • Assignee:
            Unassigned
            Reporter:
            gcollins Gareth Collins
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development