[jira] [Created] (KARAF-4784) OsgiConfiguration for JAAS should fallback to default configuration

Wed, 19 Oct 2016 01:45:08 -0700 

Benjamin Papez created KARAF-4784:
-------------------------------------

             Summary: OsgiConfiguration for JAAS should fallback to default 
configuration
                 Key: KARAF-4784
                 URL: https://issues.apache.org/jira/browse/KARAF-4784
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
    Affects Versions: 4.0.7
            Reporter: Benjamin Papez


We will use Karaf embedded in the next version of our Web Application, which 
means that we still first start the application server (Tomcat/JBoss/Websphere) 
and then Karaf is started inside. Some of our customers are using a JAAS 
configuration, mainly Kerberos for SPNEGO. Unfortunately with the step to use 
Karaf the current default JAAS configuration is no longer picked up and used, 
because Karaf is setting the 
{{org.apache.karaf.jaas.config.impl.OsgiConfiguration}} object into 
{{javax.security.auth.login.Configuration.setConfiguration}} within the 
{{OsgiConfiguration.init}} method.

This way all standard/app-server specific ways of JAAS configuration are 
ignored.

I would propose a modification to {{OsgiConfiguration}}, with something like:
{code}
    private Configuration defaultConfiguration;

    public void init() {
        try {
            defaultConfiguration = Configuration.getConfiguration();
        } catch (RuntimeException ex) {
            // default configuration for fallback could not be retrieved - 
should be logged
        }
        Configuration.setConfiguration(this);
    }
    ...
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        JaasRealm realm = null;
        for (JaasRealm r : realms) {
            if (r.getName().equals(name)) {
                if (realm == null || r.getRank() > realm.getRank()) {
                    realm = r;
                }
            }
        }
        if (realm != null) {
            return realm.getEntries();
        } else if (defaultConfiguration != null) {
           return defaultConfiguration.getAppConfigurationEntry(name);
        }
        return null;
    }

    public void refresh() {
        if (defaultConfiguration != null) {
            defaultConfiguration.refresh();
        }
    }
{code}

This way if no OSGI configured JAAS realm can find an 
{{AppConfigurationEntry}}, we would still try to get it from the default JAAS 
configuration, and our customers could keep the same JAAS configuration as 
before. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to