[
https://issues.apache.org/jira/browse/KARAF-172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12902865#action_12902865
]
Guillaume Nodet commented on KARAF-172:
---------------------------------------
+1 for that. That always struck me as odd that one had to depend on a specific
implementation classes for that. I actually did not investigate how others had
fixed that :-( A pluggable (or configurable) mechanism would be awesome.
> Implement a mechanism that would allow a karaf application to distingush
> between UserPrincipal & RolePrincipal without depending from Karaf JAAS
> Modules
> --------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KARAF-172
> URL: https://issues.apache.org/jira/browse/KARAF-172
> Project: Karaf
> Issue Type: New Feature
> Reporter: Ioannis Canellos
>
> A karaf application that makes use of JAAS for authentication and
> authorization will obtain a LoginContext that contains UserPrincipal and
> RolePrincipal objects (both classes are inside
> org.apache.karaf.jaas:org.apache.karaf.jaas.modules).
> If such application needs to distinguish between those two(e.g role based
> authorization), will have to depend from
> org.apache.karaf.jaas:org.apache.karaf.jaas.modules.
> I think that the application needs to be decoupled from Karaf JAAS Modules
> and this is why I think that an alternative needs to be provided to the user.
> Such alternative could be the use of a convention (maybe like having a prefix
> on Roles, or goruping roles under a Group with a fixed name (jboss
> approach)). This mechanism could be implemented by Karaf Login Modules and
> even better could be pluggable.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
