I've just added a first version of commons/security/felixwebconsole. The bundle is not yet part of any launcher. The bundle implements a Felix Web Console Provider service which is used by the felix webconsole to authorize and if needed authenticate requests. When such a service is in place the password in the configuration of the Apache Felix OSGi Management Console is ignored.
The motivation is that there should not be different admin users in a system, as this is a likely cause of misconfiguration and thus security leaks. So with this bundle the credentials of a Stanbol admin users have to be used to login with the Felix Webconsole. The temporary drawback of a system using this bundle is that it's not currently easy to set and configure the Stanbol users. I'm currently working with Stephane Gamard on providing a user management tool (that integrates into the WebConsole) to easily manage the users. We expect to have something ready in the first days of the next week. Reto
