Undefined behavior when two Karaf JAAS modules have the same rank
-----------------------------------------------------------------
Key: KARAF-1217
URL: https://issues.apache.org/jira/browse/KARAF-1217
Project: Karaf
Issue Type: Bug
Components: karaf-config
Affects Versions: 2.2.4
Reporter: Chris Dolan
Priority: Minor
I gave two <jaas:module/> login modules the same rank in the blueprint.xml
files of two different bundles. What I discovered was that the first one to
start was the one selected by the LoginContext. This behavior is not defined in
http://karaf.apache.org/manual/2.2.5/developers-guide/security-framework.html
which only mentions what happens with a higher rank.
I request that 1) the behavior should be documented and/or 2) the behavior be
changed to combine the login module lists that have the same rank. I request #2
because it's a more intuitive behavior than first-registered-service-wins.
My use case is that I've got a trivial bundle that implements a login via a
fixed username "local-administrator" with a randomly-generated password in a
flat file, and I have a more complicated optional bundle with the
authentication delegated to a remote service. I want either LoginModule to
satisfy the authentication in the "karaf" realm. I thought that setting them to
the same rank with 'flags="sufficient"' would work. My workaround is that I set
a rank=10 in the local-login bundle's blueprint.xml and a rank=20 in the
remote-login bundle's XML but I needed the remote-login bundle's XML to list
both LoginModules explicitly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
