Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 366140 - javax.security.* shoud be imported by jetty-plus
Summary: javax.security.* shoud be imported by jetty-plus
Status: RESOLVED FIXED
Alias: None
Product: Jetty
Classification: RT
Component: osgi (show other bugs)
Version: 8.0.4   Edit
Hardware: PC Windows XP
: P3 normal (vote)
Target Milestone: 8.1.x   Edit
Assignee: Jan Bartel CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-09 02:04 EST by guofeng zhang CLA
Modified: 2012-03-21 23:54 EDT (History)
2 users (show)

See Also:


Attachments
the test runtime (6.54 MB, application/octet-stream)
2011-12-09 05:13 EST, guofeng zhang CLA
no flags Details
the test source code (4.28 KB, application/octet-stream)
2011-12-09 05:14 EST, guofeng zhang CLA
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description guofeng zhang CLA 2011-12-09 02:04:34 EST
Build Identifier: 8.0.4.v20111024

when using JAAS on OSGi platform like Felix 4.0.2, there is error reported:

java.lang.ClassNotFoundException: javax.security.auth.login.LoginException not found by org.eclipse.jetty.plus [31]
        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1460)
        .......
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:748)
        ....
        at org.eclipse.jetty.osgi.boot.internal.webapp.JettyContextHandlerServic
        ...
        at java.lang.Thread.run(Thread.java:662)
added javax.security.* in the Import-Package solve the issue.

7.5.4 has no such issue.


Reproducible: Always
Comment 1 Hugues Malphettes CLA 2011-12-09 03:25:43 EST
Guofeng reported some more work on this item on the mailing list:
---------- Forwarded message ----------
From: Guofeng Zhang <guofeng@***>
Date: Fri, Dec 9, 2011 at 3:14 PM
Subject: Re: [jetty-users] why does jetty-plus bundle not import javax.security.* package?
To: JETTY user mailing list <jetty-users@eclipse.org>
This issue is for 8.0.4. 7.5.4 works well for my application.

The following share what I have done for our application.

I deployed Jetty 8.0.4 on Felix framework 4.0.2. I used to use JAAS for my web application. When the framework deploy jetty-plus, it said that:
Caused by:
java.lang.ClassNotFoundException: javax.security.auth.login.LoginException not found by org.eclipse.jetty.plus [31]
        at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1460)
        .......
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:748)
        ....
        at org.eclipse.jetty.osgi.boot.internal.webapp.JettyContextHandlerServic
        ...
        at java.lang.Thread.run(Thread.java:662)

so I added javax.security.* in Import-Package for jetty-plus. For my web bundle, I need to import com.sun.security.auth.login in Import-Package for com.sun.security.auth.login.ConfigFile. I use jetty-web.xml configure JAASLoginService.

Then it works well.

It also needs to add:
com.sun.xml.internal.bind.v2,\   --- this line is for jetty-jaspi
com.sun.security.auth.login

in felix’s config.properties to make the system bundle export the required package.

Anyway, if jetty-plus works well, for other missing package, we could deal it with well.

By fixing bug 359329 (https://bugs.eclipse.org/bugs/show_bug.cgi?id=359329), and add the following in maven-bundle-plugin of jetty-jaspi’s pom.xml, JASPI also works well on Felix.

        <configuration>
          <instructions>
            <Import-Package>
              *
            </Import-Package>
            <Export-Package>
              org.eclipse.jetty.security.jaspi,
              org.eclipse.jetty.security.jaspi.modules
            </Export-Package>
          </instructions>
        </configuration>

I opened a bug 336140 for it.
Thanks
Guofeng
Comment 2 Hugues Malphettes CLA 2011-12-09 03:56:45 EST
Thanks Guofeng, I compared the import/export instructions on jetty-plus and jetty-jaspi and this is clearly an oversight.
I applied the fixes suggested and they match what we were doing in jetty-7.

Here is the commit:
http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/commit/?h=jetty-8&id=49556c0f406908786cc8075119a8289c6defc105

Just curious for jetty-jaspi your suggestion is to export only the 2 packages:
org.eclipse.jetty.security.jaspi,
org.eclipse.jetty.security.jaspi.modules

Should we keep org.eclipse.jetty.security.jaspi.callback private to the bundle?
Thanks!
Comment 3 guofeng zhang CLA 2011-12-09 04:25:56 EST
(In reply to comment #2)

> Here is the commit:
> http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/commit/?h=jetty-8&id=49556c0f406908786cc8075119a8289c6defc105
> 

> Just curious for jetty-jaspi your suggestion is to export only the 2 packages:
> org.eclipse.jetty.security.jaspi,
> org.eclipse.jetty.security.jaspi.modules
> 
> Should we keep org.eclipse.jetty.security.jaspi.callback private to the bundle?
> Thanks!

org.eclipse.jetty.security.jaspi is for JaspiAuthenticatorFactory in jetty-web.xml.

org.eclipse.jetty.security.jaspi.modules is for the built-in auth module defined in this package and could be referenced in JASPI configuration file.

I upload my test environment for you.

go to felix-4.0.2, run startup, this will launch the felix and test app.

http://localhost:8080/foo/secured/s.html, this pop up the BASIC login window, type admin/admin for password. this is a JASPI auth.

http://localhost:8080/system/console, type admin/admin to use Felix's WebConsole to check the deployed bundle data.
Comment 4 guofeng zhang CLA 2011-12-09 05:13:29 EST
Created attachment 208156 [details]
the test runtime
Comment 5 guofeng zhang CLA 2011-12-09 05:14:06 EST
Created attachment 208157 [details]
the test source code
Comment 6 Jan Bartel CLA 2012-03-21 23:54:58 EDT
This seems to have been fixed by Hugues' commit of 9/12/2011. Please reopen if there is still a problem.

thanks
Jan