This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch karaf-4.2.x
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.2.x by this push:
new b9d9e52 Improve the documentation of the security config options
relating to the webconsole
b9d9e52 is described below
commit b9d9e5205a60a654912560c820fa89d21220524d
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Wed Sep 18 16:50:00 2019 +0100
Improve the documentation of the security config options relating to the
webconsole
(cherry picked from commit f3cba03c0e72fc009b713fa391daddb9b0e5130c)
---
.../features/standard/src/main/feature/feature.xml | 4 ++++
manual/src/main/asciidoc/user-guide/webconsole.adoc | 16 ++++++++++++++--
.../main/resources/OSGI-INF/metatype/metatype.properties | 3 +++
.../src/main/resources/OSGI-INF/metatype/metatype.xml | 1 +
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/assemblies/features/standard/src/main/feature/feature.xml
b/assemblies/features/standard/src/main/feature/feature.xml
index bdb4010..51346e3 100644
--- a/assemblies/features/standard/src/main/feature/feature.xml
+++ b/assemblies/features/standard/src/main/feature/feature.xml
@@ -993,7 +993,11 @@ uninstall = admin
#
################################################################################
+# The JAAS realm name to use for authentication
realm=karaf
+
+# The role required to access the WebConsole
+role=admin
</config>
<feature>http</feature>
<bundle
start-level="30">mvn:org.apache.felix/org.apache.felix.metatype/${felix.metatype.version}</bundle>
diff --git a/manual/src/main/asciidoc/user-guide/webconsole.adoc
b/manual/src/main/asciidoc/user-guide/webconsole.adoc
index dd61a5f..31c4779 100644
--- a/manual/src/main/asciidoc/user-guide/webconsole.adoc
+++ b/manual/src/main/asciidoc/user-guide/webconsole.adoc
@@ -56,6 +56,18 @@ See the link:security[Security section] for details.
[NOTE]
====
-Only users with the `admin` role are allowed to logon on the Apache Karaf
WebConsole.
+By default, only users with the `admin` role are allowed to logon to the
Apache Karaf WebConsole.
Right now, the WebConsole doesn't use RBAC system as we have for console
commands, or MBeans.
-====
\ No newline at end of file
+====
+
+You can change the security configuration of the webconsole in the
+`etc/org.apache.karaf.webconsole.cfg` configuration file:
+
+----
+# The JAAS realm name to use for authentication
+realm=karaf
+
+# The role required to access the WebConsole
+role=admin
+----
+
diff --git
a/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.properties
b/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.properties
index f2fddfb..18fe716 100644
---
a/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.properties
+++
b/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.properties
@@ -26,3 +26,6 @@ webconsole.description = Configuration of Apache Karaf
WebConsole
realm.name = Realm
realm.description = The JAAS realm name to use for authentication
+
+role.name = Role
+role.description = The role required to access the WebConsole
diff --git
a/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.xml
b/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.xml
index f6abcfd..bfca9a7 100644
--- a/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.xml
+++ b/webconsole/console/src/main/resources/OSGI-INF/metatype/metatype.xml
@@ -20,6 +20,7 @@
<metatype:MetaData xmlns:metatype="http://www.osgi.org/xmlns/metatype/v1.0.0";
localization="OSGI-INF/metatype/metatype">
<OCD id="org.apache.karaf.webconsole" name="%webconsole.name"
description="%webconsole.description">
<AD id="realm" type="String" default="karaf" name="%realm.name"
description="%realm.description"/>
+ <AD id="role" type="String" default="admin" name="%role.name"
description="%role.description"/>
</OCD>
<Designate pid="org.apache.karaf.webconsole">
<Object ocdref="org.apache.karaf.webconsole"/>
