Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
3.1
-
None
-
linux, intel, normal pc
-
Patch Available
Description
I have a servicemix running and I was trying to take over the security (including jetty), so I first went to read about servicemix-http in the official site and I found out about the "authenticationService" property in the http:component.
First I found out that there are 3 places where you can set this property, the first one is the http:component itself, then the "AuthenticationServiceName" property in the http:configuration and the "authenticationService" property in the http:configuration. That's ok, I made my own authenticationService by implementing AuthenticationService interface and I set it on the http:component. The problem I had is that no matter which of the 3 properties I set, my authenticationService wont take over jetty. So I gave a look at the code to both jetty and servicemix-http and I solved my problem by modifying a class in servicemix-http. I'll explain the changes below:
class: JettyContextManager.java ( servicemix/trunk/deployables/bindingcomponents/servicemix-http/src/main/java/org/apache/servicemix/http/jetty/JettyContextManager.java )
svn version: line 198-199
secHandler.setUserRealm(new JaasUserRealm());
context.setHandler(secHandler);
modified version: line 198-204
JaasUserRealm realm = new JaasUserRealm();
if (configuration.getAuthenticationService()!= null)
secHandler.setUserRealm(realm);
context.setHandler(secHandler);
So basically the problem I was having is that even if I set an authenticationService for my configuration, when jetty was creating the JaasUserRealm it was ignoring my settings and was creating a default JaasAuthenticationService in its constructor, so I modified it to take into account the configuration's authenticationService to be able to use it on the newly created JaasUserRealm.
I will attach my JettyContextManager.java