[ https://issues.apache.org/jira/browse/KARAF-172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12902865#action_12902865 ]
Guillaume Nodet commented on KARAF-172: --------------------------------------- +1 for that. That always struck me as odd that one had to depend on a specific implementation classes for that. I actually did not investigate how others had fixed that :-( A pluggable (or configurable) mechanism would be awesome. > Implement a mechanism that would allow a karaf application to distingush > between UserPrincipal & RolePrincipal without depending from Karaf JAAS > Modules > -------------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: KARAF-172 > URL: https://issues.apache.org/jira/browse/KARAF-172 > Project: Karaf > Issue Type: New Feature > Reporter: Ioannis Canellos > > A karaf application that makes use of JAAS for authentication and > authorization will obtain a LoginContext that contains UserPrincipal and > RolePrincipal objects (both classes are inside > org.apache.karaf.jaas:org.apache.karaf.jaas.modules). > If such application needs to distinguish between those two(e.g role based > authorization), will have to depend from > org.apache.karaf.jaas:org.apache.karaf.jaas.modules. > I think that the application needs to be decoupled from Karaf JAAS Modules > and this is why I think that an alternative needs to be provided to the user. > Such alternative could be the use of a convention (maybe like having a prefix > on Roles, or goruping roles under a Group with a fixed name (jboss > approach)). This mechanism could be implemented by Karaf Login Modules and > even better could be pluggable. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.