Re: Karaf 4.2.0 fails when installing a feature with a configfile tag

[Martin Nielsen]

It is a runtime problem. The feature verifies and every other feature in
the feature.xml can be installed.

This is really odd. It seems it might be a problem with my custom distro.
When i download the Karaf 4.2.0 zip and install the feature there, there is
no exception.

Any idea how a custom distro might cause this issue?

-Martin

On Tue, Jul 31, 2018 at 1:42 PM, Jean-Baptiste Onofré 
wrote:

> Hi Martin,
>
> do you have this error at runtime or when you verify the feature using
> the karaf-maven-plugin.
>
> It's weird, as we use  in the war feature for instance.
>
> Regards
> JB
>
> On 31/07/2018 13:08, Martin Nielsen wrote:
> > I am getting an exception when i am attempting to install a feature
> > containing a configuration file.
> >
> > The feature looks like this:
> >
> > aries-blueprint
> >  > override="true">
> >  mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/
> cfg/jaas
> >  
> > 
> >
> >  mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/properties/users
> >  
> > mvn:my/bundle/4.0.1-SNAPSHOT
> >
> > I tried to add a framework prerequisite as well
> >
> > framework
> > aries-blueprint
> >  > override="true">
> >  mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/
> cfg/jaas
> >  
> > 
> >
> >  mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/properties/users
> >  
> > mvn:my/bundle/4.0.1-SNAPSHOT
> >
> > No matter what I do I get this exception.
> >
> > Has anyone encountered this, or even better, does anyone have a fix?
> >
> >
> > org.apache.karaf.features.core[org.apache.karaf.
> features.internal.service.FeaturesServiceImpl]
> > : Unknown protocol: mvn
> > java.net.MalformedURLException: Unknown protocol: mvn
> > at java.net.URL.(URL.java:620)
> > at java.net.URL.(URL.java:483)
> > at java.net.URL.(URL.java:432)
> > at
> > org.apache.karaf.features.internal.service.FeatureConfigInstaller.
> installConfigurationFile(FeatureConfigInstaller.java:230)
> > at
> > org.apache.karaf.features.internal.service.FeatureConfigInstaller.
> installFeatureConfigs(FeatureConfigInstaller.java:147)
> > at
> > org.apache.karaf.features.internal.service.BundleInstallSupportImpl.
> installConfigs(BundleInstallSupportImpl.java:297)
> > at
> > org.apache.karaf.features.internal.service.FeaturesServiceImpl.
> installConfigs(FeaturesServiceImpl.java:1141)
> > at
> > org.apache.karaf.features.internal.service.Deployer.
> deploy(Deployer.java:925)
> > at
> > org.apache.karaf.features.internal.service.FeaturesServiceImpl.
> doProvision(FeaturesServiceImpl.java:1025)
> > at
> > org.apache.karaf.features.internal.service.FeaturesServiceImpl.lambda$
> doProvisionInThread$13(FeaturesServiceImpl.java:964)
> > at
> > org.apache.karaf.features.internal.service.FeaturesServiceImpl$$Lambda$
> 360/2113030009.call(Unknown
> > Source)
> > at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> > at
> > java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> > at
> > java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> > at java.lang.Thread.run(Thread.java:744)
> > Caused by: java.lang.IllegalStateException: Unknown protocol: mvn
> > at
> > org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(
> URLHandlersStreamHandlerProxy.java:373)
> > at java.net.URL.(URL.java:615)
> > ... 14 more
> >
> >
> > Thank you
> >
> > -Martin
>
> --
> Jean-Baptiste Onofré
> jbono...@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>

Karaf 4.2.0 fails when installing a feature with a configfile tag

[Martin Nielsen]

I am getting an exception when i am attempting to install a feature
containing a configuration file.

The feature looks like this:

aries-blueprint

 mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/cfg/jaas
 


 mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/properties/users
 
mvn:my/bundle/4.0.1-SNAPSHOT

I tried to add a framework prerequisite as well

framework
aries-blueprint

 mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/cfg/jaas
 


 mvn:dk.netdesign.common/karaf-security/4.0.1-SNAPSHOT/properties/users
 
mvn:my/bundle/4.0.1-SNAPSHOT

No matter what I do I get this exception.

Has anyone encountered this, or even better, does anyone have a fix?


org.apache.karaf.features.core[org.apache.karaf.features.internal.service.FeaturesServiceImpl]
: Unknown protocol: mvn
java.net.MalformedURLException: Unknown protocol: mvn
at java.net.URL.(URL.java:620)
at java.net.URL.(URL.java:483)
at java.net.URL.(URL.java:432)
at
org.apache.karaf.features.internal.service.FeatureConfigInstaller.installConfigurationFile(FeatureConfigInstaller.java:230)
at
org.apache.karaf.features.internal.service.FeatureConfigInstaller.installFeatureConfigs(FeatureConfigInstaller.java:147)
at
org.apache.karaf.features.internal.service.BundleInstallSupportImpl.installConfigs(BundleInstallSupportImpl.java:297)
at
org.apache.karaf.features.internal.service.FeaturesServiceImpl.installConfigs(FeaturesServiceImpl.java:1141)
at
org.apache.karaf.features.internal.service.Deployer.deploy(Deployer.java:925)
at
org.apache.karaf.features.internal.service.FeaturesServiceImpl.doProvision(FeaturesServiceImpl.java:1025)
at
org.apache.karaf.features.internal.service.FeaturesServiceImpl.lambda$doProvisionInThread$13(FeaturesServiceImpl.java:964)
at
org.apache.karaf.features.internal.service.FeaturesServiceImpl$$Lambda$360/2113030009.call(Unknown
Source)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:744)
Caused by: java.lang.IllegalStateException: Unknown protocol: mvn
at
org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:373)
at java.net.URL.(URL.java:615)
... 14 more


Thank you

-Martin

Karaf assembly fails

[Martin Nielsen]

 Hi everyone.

I have run into a problem upgrading a Karaf assembly build to 4.2.0.

When i run the assembly i run into this error:

Failed to execute goal
org.apache.karaf.tooling:karaf-maven-plugin:4.2.0:assembly
(default-assembly) on project wallboard-karaf: Unable to build assembly:
Could not find matching feature for aries-annotation/0.0.0

I don't use the aries-annotation myself, but i have tracked it down
to org.ops4j.pax.wicket/features/5.0.0-RC1/xml/features which i can't
easily change.

Does anyone know what feature repository that aries-annotation is located
in?

Thanks for your help
-Martin

Re: karaf-maven-plugin 4.2.0 "FAT" kar?

[Martin Nielsen]

Hello everyone
I am facing a similar issue, did you figure this out?

-Martin

On Wed, May 16, 2018 at 6:06 PM, nino martinez wael <
nino.martinez.w...@gmail.com> wrote:

> Did you get a chance to look at this?
>
> On 3 May 2018 20:23, "Jean-Baptiste Onofré"  wrote:
>
> Hi Nino,
>
> As I'm now back from vacation, I gonna take a look.
>
> Sorry for the delay.
>
> Regards
> JB
>
>
> On 05/03/2018 08:19 PM, nino martinez wael wrote:
> > Any chance someone has an idea?
> >
> > On Wed, 18 Apr 2018, 08:02 nino martinez wael, <
> nino.martinez.w...@gmail.com
> > > wrote:
> >
> > Actually if I read this part, it does seem that the kar goal should
> do what
> > I want. But I am missing the part where the kar plugin add the
> bundles to
> > the kar repo..
> >
> > https://github.com/apache/karaf/blob/master/manual/src/
> main/asciidoc/user-guide/kar.adoc
> >
> >
> > Maven
> >
> > Apache Karaf provides a Maven plugin: |karaf-maven-plugin|.
> >
> > The Apache Karaf Maven plugin provides the |kar| goal.
> >
> > The |kar| goal does: . Reads all features specified in the features
> XML. .
> > For each feature described in the features XML, the goal resolves the
> > bundles described in the feature. . The goal finally packages the
> features
> > XML, *_/and the resolved bundles in a zip file./_*
>
> >
> > For instance, the following Maven POM create |my-kar.kar|
> >
> > For instance, you can use the following POM to create a kar:
> >
> >
> >
> > On Wed, Apr 18, 2018 at 7:54 AM, nino martinez wael
> > mailto:nino.martinez.w...@gmail.com>>
> wrote:
> >
> > if I check the documentation the spring kar "example" are pretty
> much
> > what we want todo..
> >
> > https://karaf.apache.org/manual/latest/kar
> >
> > On Wed, Apr 18, 2018 at 7:52 AM, nino martinez wael
> > mailto:nino.martinez.wael@
> gmail.com>> wrote:
> >
> > Yes but, the problem arises when we want to mix our products
> but
> > only want / just need one karaf instance.. Plus each release
> does
> > actually require a significant amount of space on our
> artifact
> > servers.. around 150mb per release / snapshot.. Using the kar
> > approach and one common custom karaf for our products
> lightents this
> > a lot.
> >
> > So today we are doing one karaf assembly per project but
> want to
> > move away from it.
> >
> > -regards Nino
> >
> > On Tue, Apr 17, 2018 at 11:30 AM, Francois Papon
> > mailto:francois.papon@
> openobject.fr>>
>
> > wrote:
> >
> > Have you tried to create a custom distribution of Karaf
> ? It's
> > great to use in offline environment.
> >
> > Here an example of pom assembly :
> >
> > -- 
> > http://maven.apache.org/POM/4.0.0;
> > 
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> > 
> > xsi:schemaLocation="http://
> maven.apache.org/POM/4.0.0
> > http://maven.apache.org/xsd/maven-4.0.0.xsd;
> >  4.0.0http://maven.apache.org/xsd/maven-4.0.0.xsd>>
>
> >
> > 4.0.0
> >
> > 
> > org.mycustom
> > distrib
> > 1.0.0-SNAPSHOT
> > ../pom.xml
> > 
> >
> > org.mycustom.karaf.assembly
> > karaf-assembly
> >
> > Mycustom :: Karaf Distribution ::
> Assembly
> > Karaf Custom distribution
> assembly
> >
> > 
> > 
> > org.apache.karaf.features
> > framework
> > ${karaf.version}
> > kar
> > 
> >
> > 
> > org.apache.karaf.features
> > enterprise
> > ${karaf.version}
> > features
> > xml
> > runtime
> > 
> >
> > 
> > org.apache.cxf.karaf
> > apache-cxf
> > features
> > ${cxf-core.version}
> > xml
> > runtime
> > 
> >
> > 
> > org.ops4j.pax.jdbc
> > pax-jdbc-features
> >   

Re: Using a custom JAAS LoginModule with karaf

[Martin Nielsen]

I found the problem.
The blueprint configuration works as intended.

But as i debug my way through
the org.apache.karaf.jaas.boot.ProxyLoginModule i end up in the catch
clause when trying to create the  PropertiesLoginModule.
ClassNotFoundException
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule not found by
dk.netdesign.common.karaf-security [118]

It happens here:

try {
target = (LoginModule) bundle.loadClass(module).newInstance();
} catch (Exception e) {
throw new IllegalStateException("Can not load or create login
module " + module + " for bundle " + bundleId, e);
}

So the issue seems to be that the ProxyLoginModule is somehow used by my
bundle, instead of the karaf jaas bundle. And because i don't have any
import statements in my bundle for any jaas modules this happens.

The odd thing is that the exception seems to get swallowed up somewhere, as
it never ends up in the karaf.log. I see some pretty complex errorhandling
in javax.security.auth.login.LoginContext so it might get swallowed up
there?

And i assume that it is intended behavior that the bundle which publishes
the blueprint takes over the full responsibility for the handling modules?

On Fri, Apr 6, 2018 at 11:52 AM, <l...@code-house.org> wrote:

> Hey Martin,
> You raised an interesting scenario - have you tried to debug JAAS code
> from JRE which gets called after ShiroJaasIntegration module returns? Your
> configuration seems fine, if shiro fails properties login module is used as
> fallback. If it doesn’t get called then we need to check what is happening
> in LoginContext.
>
> Please try adding
> *java.security.debug=logincontext,configfile,configparser,policy* to your
> system properties and check if you get anything useful from this debug. If
> you see to little - switching this debug flag to *all* will print a lot
> of debug information.
>
> Cheers,
> Łukasz
> --
> Twitter: ldywicki
> Blog: http://dywicki.pl
> Code-House - http://code-house.org
>
>
> On 5 Apr 2018, at 14:40, Martin Nielsen <mny...@gmail.com> wrote:
>
> One problem down, one to go. I had he rank set to 0, upon setting it to 1
> i can succesfully override the default karaf realm.
>
> The new problem is that the PropertiesLoginModule is no longer called.
>
> My blueprint is below. What i am trying to accomplish is for JAAS to look
> in either module in order to authenticate a user. But right now i cannot
> login with karaf/karaf, as it seems that the PropertiesLoginModule is
> ignored. I can login with anything from the ShiroJaasIntegration module
> without issue.
>
> 
> http://www.osgi.org/xmlns/blueprint/v1.0.0;
>xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
>xmlns:ext="http://aries.apache.org/blueprint/xmlns/
> blueprint-ext/v1.0.0">
>
>
>  placeholder-suffix="]"/>
>
> 
>   flags="sufficient">
> 
>   flags="sufficient">
> users = $[karaf.base]/etc/users.properties
> 
> 
>
> 
>
>
>
>
>
> On Thu, Apr 5, 2018 at 12:04 PM, Martin Nielsen <mny...@gmail.com> wrote:
>
>> The only way my module is called is if I force stop  Apache Karaf ::
>> JAAS :: Modulesorg.apache.karaf.jaas.modules
>> <http://localhost:8181/system/console/bundles/148>. Is this intended
>> behavior?
>>
>> On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mny...@gmail.com> wrote:
>>
>>> I now tried changing the blueprint to this:
>>>
>>> 
>>> http://www.osgi.org/xmlns/blueprint/v1.0.0;
>>>xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
>>>
>>> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0;>
>>>
>>>
>>> >> placeholder-suffix="]"/>
>>>
>>> 
>>> >> className="my.test.common.security.karaf.ShiroJaasIntegration"
>>>  flags="sufficient">
>>> 
>>> 
>>>
>>> 
>>>
>>>
>>> That changes the realm list command to this
>>>
>>>
>>> karaf@root()> jaas:realm-list
>>> Index | Realm Name | Login Module Class Name
>>> --++
>>> 1 | karaf  | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>>>
>>>
>>> But i can still log in with karaf/karaf, and my module is STILL not called. 
>>> I do not 

Re: Using a custom JAAS LoginModule with karaf

[Martin Nielsen]

One problem down, one to go. I had he rank set to 0, upon setting it to 1 i
can succesfully override the default karaf realm.

The new problem is that the PropertiesLoginModule is no longer called.

My blueprint is below. What i am trying to accomplish is for JAAS to look
in either module in order to authenticate a user. But right now i cannot
login with karaf/karaf, as it seems that the PropertiesLoginModule is
ignored. I can login with anything from the ShiroJaasIntegration module
without issue.


http://www.osgi.org/xmlns/blueprint/v1.0.0;
   xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
   xmlns:ext="
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0;>








users = $[karaf.base]/etc/users.properties









On Thu, Apr 5, 2018 at 12:04 PM, Martin Nielsen <mny...@gmail.com> wrote:

> The only way my module is called is if I force stop  Apache Karaf :: JAAS
> :: Modulesorg.apache.karaf.jaas.modules
> <http://localhost:8181/system/console/bundles/148>. Is this intended
> behavior?
>
> On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mny...@gmail.com> wrote:
>
>> I now tried changing the blueprint to this:
>>
>> 
>> http://www.osgi.org/xmlns/blueprint/v1.0.0;
>>xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
>>
>> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0;>
>>
>>
>> > placeholder-suffix="]"/>
>>
>> 
>> > className="my.test.common.security.karaf.ShiroJaasIntegration"
>>  flags="sufficient">
>> 
>> 
>>
>> 
>>
>>
>> That changes the realm list command to this
>>
>>
>> karaf@root()> jaas:realm-list
>> Index | Realm Name | Login Module Class Name
>> --++
>> 1 | karaf  | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>>
>>
>> But i can still log in with karaf/karaf, and my module is STILL not called. 
>> I do not understand this. How can i still log in through the property module 
>> when it is no longer listed?
>>
>>
>>
>> On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mny...@gmail.com> wrote:
>>
>>> No you understood completely. I obviously didn't though. So if i want
>>> the loginmodule i made to be usable through the webconsole, I must place it
>>> in the karaf realm, is that correct?
>>>
>>> Second question: what if i want to disable one of the current modules,
>>> for example the properties module?
>>>
>>> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <j...@nanthrax.net> wrote:
>>>
>>>> Hi,
>>>>
>>>> Maybe I don't understand what you want to do.
>>>>
>>>> You added your login module in a new realm (ShiroBridge). So, it means
>>>> that it
>>>> will be used only for applications that will use this realm.
>>>>
>>>> It's not possible to remove the karaf realm easily today as core part
>>>> of Karaf
>>>> use it (shell, MBeanServer, ...).
>>>>
>>>> So:
>>>> 1. If you want to use your login module in the core Karaf part (like
>>>> the shell
>>>> or ssh), then, your login module as to be in the karaf realm
>>>> 2. No problem to create new realms and plug third party applications
>>>> using this
>>>> realm
>>>>
>>>> Regards
>>>> JB
>>>>
>>>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>>>> > Hello everyone
>>>> >
>>>> > I am trying to create a new karaf JAAS module and preferably override
>>>> the
>>>> > current karaf JAAS domain.
>>>> >
>>>> > I have my login module which basically just delegates everything to
>>>> shiro, as
>>>> > well as a blueprint to add it to the JAAS config.
>>>> >
>>>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>>>> >
>>>> > 
>>>> > http://www.osgi.org/xmlns/blueprint/v1.0.0
>>>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>>>> >xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>>>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>>>> >
>>>> >  xml

Re: Using a custom JAAS LoginModule with karaf

[Martin Nielsen]

The only way my module is called is if I force stop  Apache Karaf :: JAAS
:: Modulesorg.apache.karaf.jaas.modules
<http://localhost:8181/system/console/bundles/148>. Is this intended
behavior?

On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mny...@gmail.com> wrote:

> I now tried changing the blueprint to this:
>
> 
> http://www.osgi.org/xmlns/blueprint/v1.0.0;
>xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
>
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0;>
>
>
> 
>
> 
>  className="my.test.common.security.karaf.ShiroJaasIntegration"
>  flags="sufficient">
> 
> 
>
> 
>
>
> That changes the realm list command to this
>
>
> karaf@root()> jaas:realm-list
> Index | Realm Name | Login Module Class Name
> --++
> 1 | karaf  | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>
>
> But i can still log in with karaf/karaf, and my module is STILL not called. I 
> do not understand this. How can i still log in through the property module 
> when it is no longer listed?
>
>
>
> On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mny...@gmail.com> wrote:
>
>> No you understood completely. I obviously didn't though. So if i want the
>> loginmodule i made to be usable through the webconsole, I must place it in
>> the karaf realm, is that correct?
>>
>> Second question: what if i want to disable one of the current modules,
>> for example the properties module?
>>
>> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <j...@nanthrax.net> wrote:
>>
>>> Hi,
>>>
>>> Maybe I don't understand what you want to do.
>>>
>>> You added your login module in a new realm (ShiroBridge). So, it means
>>> that it
>>> will be used only for applications that will use this realm.
>>>
>>> It's not possible to remove the karaf realm easily today as core part of
>>> Karaf
>>> use it (shell, MBeanServer, ...).
>>>
>>> So:
>>> 1. If you want to use your login module in the core Karaf part (like the
>>> shell
>>> or ssh), then, your login module as to be in the karaf realm
>>> 2. No problem to create new realms and plug third party applications
>>> using this
>>> realm
>>>
>>> Regards
>>> JB
>>>
>>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>>> > Hello everyone
>>> >
>>> > I am trying to create a new karaf JAAS module and preferably override
>>> the
>>> > current karaf JAAS domain.
>>> >
>>> > I have my login module which basically just delegates everything to
>>> shiro, as
>>> > well as a blueprint to add it to the JAAS config.
>>> >
>>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>>> >
>>> > 
>>> > http://www.osgi.org/xmlns/blueprint/v1.0.0
>>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>>> >xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>>> >
>>> >  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprin
>>> t-ext/v1.0.0
>>> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>>> >
>>> >
>>> > >> placeholder-suffix="]"/>
>>> >
>>> > 
>>> > >> >  flags="sufficient">
>>> > 
>>> > 
>>> >
>>> > 
>>> >
>>> > My LoginModule:
>>> >
>>> > public class ShiroJaasIntegration implements LoginModule {
>>> >
>>> > public static final Logger LOGGER =
>>> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
>>> > private static final Class
>>> > shiroSessionClass = org.apache.shiro.session.Session.class;
>>> >
>>> > protected Set principals = new HashSet<>();
>>> > private Subject subject;
>>> > private org.apache.shiro.session.Session shiroSession;
>>> > private CallbackHandler callbackHandler;
>>> > private Map<String, ?> sharedState;
>>> > private Map<String, ?> options;
>>> >   

Re: Using a custom JAAS LoginModule with karaf

[Martin Nielsen]

I now tried changing the blueprint to this:


http://www.osgi.org/xmlns/blueprint/v1.0.0;
   xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
   
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0;>












That changes the realm list command to this


karaf@root()> jaas:realm-list
Index | Realm Name | Login Module Class Name
--++
1 | karaf  | dk.netdesign.common.security.karaf.ShiroJaasIntegration


But i can still log in with karaf/karaf, and my module is STILL not
called. I do not understand this. How can i still log in through the
property module when it is no longer listed?



On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mny...@gmail.com> wrote:

> No you understood completely. I obviously didn't though. So if i want the
> loginmodule i made to be usable through the webconsole, I must place it in
> the karaf realm, is that correct?
>
> Second question: what if i want to disable one of the current modules, for
> example the properties module?
>
> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <j...@nanthrax.net> wrote:
>
>> Hi,
>>
>> Maybe I don't understand what you want to do.
>>
>> You added your login module in a new realm (ShiroBridge). So, it means
>> that it
>> will be used only for applications that will use this realm.
>>
>> It's not possible to remove the karaf realm easily today as core part of
>> Karaf
>> use it (shell, MBeanServer, ...).
>>
>> So:
>> 1. If you want to use your login module in the core Karaf part (like the
>> shell
>> or ssh), then, your login module as to be in the karaf realm
>> 2. No problem to create new realms and plug third party applications
>> using this
>> realm
>>
>> Regards
>> JB
>>
>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>> > Hello everyone
>> >
>> > I am trying to create a new karaf JAAS module and preferably override
>> the
>> > current karaf JAAS domain.
>> >
>> > I have my login module which basically just delegates everything to
>> shiro, as
>> > well as a blueprint to add it to the JAAS config.
>> >
>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>> >
>> > 
>> > http://www.osgi.org/xmlns/blueprint/v1.0.0
>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>> >xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>> >
>> >  xmlns:ext="http://aries.apache.org/blueprint/xmlns/
>> blueprint-ext/v1.0.0
>> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>> >
>> >
>> > > placeholder-suffix="]"/>
>> >
>> > 
>> > > >  flags="sufficient">
>> > 
>> > 
>> >
>> > 
>> >
>> > My LoginModule:
>> >
>> > public class ShiroJaasIntegration implements LoginModule {
>> >
>> > public static final Logger LOGGER =
>> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
>> > private static final Class
>> > shiroSessionClass = org.apache.shiro.session.Session.class;
>> >
>> > protected Set principals = new HashSet<>();
>> > private Subject subject;
>> > private org.apache.shiro.session.Session shiroSession;
>> > private CallbackHandler callbackHandler;
>> > private Map<String, ?> sharedState;
>> > private Map<String, ?> options;
>> > private String user;
>> > protected BundleContext bundleContext;
>> > private boolean authenticated = false;
>> >
>> > @Override
>> > public void initialize(Subject subject, CallbackHandler
>> callbackHandler,
>> > Map<String, ?> sharedState, Map<String, ?> options) {
>> > LOGGER.info("initialize "+System.identityHashCode(this));
>> > this.subject = subject;
>> > this.callbackHandler = callbackHandler;
>> > this.sharedState = sharedState;
>> > this.options = options;
>> > this.bundleContext = ((BundleReference)
>> > this.getClass().getClassLoader()).getBundle().getBundleContext();
>> > }
>> >
>> > @Override
>> > public boolean login() throws Log

Re: Using a custom JAAS LoginModule with karaf

[Martin Nielsen]

No you understood completely. I obviously didn't though. So if i want the
loginmodule i made to be usable through the webconsole, I must place it in
the karaf realm, is that correct?

Second question: what if i want to disable one of the current modules, for
example the properties module?

On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <j...@nanthrax.net> wrote:

> Hi,
>
> Maybe I don't understand what you want to do.
>
> You added your login module in a new realm (ShiroBridge). So, it means
> that it
> will be used only for applications that will use this realm.
>
> It's not possible to remove the karaf realm easily today as core part of
> Karaf
> use it (shell, MBeanServer, ...).
>
> So:
> 1. If you want to use your login module in the core Karaf part (like the
> shell
> or ssh), then, your login module as to be in the karaf realm
> 2. No problem to create new realms and plug third party applications using
> this
> realm
>
> Regards
> JB
>
> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
> > Hello everyone
> >
> > I am trying to create a new karaf JAAS module and preferably override the
> > current karaf JAAS domain.
> >
> > I have my login module which basically just delegates everything to
> shiro, as
> > well as a blueprint to add it to the JAAS config.
> >
> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
> >
> > 
> > http://www.osgi.org/xmlns/blueprint/v1.0.0
> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
> >xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
> >
> >  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0
> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
> >
> >
> >  placeholder-suffix="]"/>
> >
> > 
> >  className="my.test.security.karaf.ShiroJaasIntegration"
> >  flags="sufficient">
> > 
> > 
> >
> > 
> >
> > My LoginModule:
> >
> > public class ShiroJaasIntegration implements LoginModule {
> >
> > public static final Logger LOGGER =
> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
> > private static final Class
> > shiroSessionClass = org.apache.shiro.session.Session.class;
> >
> > protected Set principals = new HashSet<>();
> > private Subject subject;
> > private org.apache.shiro.session.Session shiroSession;
> > private CallbackHandler callbackHandler;
> > private Map<String, ?> sharedState;
> > private Map<String, ?> options;
> > private String user;
> > protected BundleContext bundleContext;
> > private boolean authenticated = false;
> >
> > @Override
> > public void initialize(Subject subject, CallbackHandler
> callbackHandler,
> > Map<String, ?> sharedState, Map<String, ?> options) {
> > LOGGER.info("initialize "+System.identityHashCode(this));
> > this.subject = subject;
> > this.callbackHandler = callbackHandler;
> > this.sharedState = sharedState;
> > this.options = options;
> > this.bundleContext = ((BundleReference)
> > this.getClass().getClassLoader()).getBundle().getBundleContext();
> > }
> >
> > @Override
> > public boolean login() throws LoginException {
> > LOGGER.debug("login "+System.identityHashCode(this));
> > if (callbackHandler == null) {
> > throw new LoginException("No CallbackHandler found");
> > }
> >
> > Callback[] callbacks = new Callback[2];
> >
> > callbacks[0] = new NameCallback("Username: ");
> > callbacks[1] = new PasswordCallback("Password: ", false);
> > if (callbackHandler != null) {
> > try {
> > callbackHandler.handle(callbacks);
> > } catch (IOException ioe) {
> > throw new LoginException(ioe.getMessage());
> > } catch (UnsupportedCallbackException uce) {
> > throw new LoginException(uce.getMessage() + " not
> available to
> > obtain information from user");
> > }
> > }
> >
> > // user callback get value
> > if (((NameCallback) callbacks[0]).getName() == null) {
> >   

Using a custom JAAS LoginModule with karaf

[Martin Nielsen]

 Hello everyone

I am trying to create a new karaf JAAS module and preferably override the
current karaf JAAS domain.

I have my login module which basically just delegates everything to shiro,
as well as a blueprint to add it to the JAAS config.

My JAAS config xml from OSGI-INF\blueprint folder in the jar:


http://www.osgi.org/xmlns/blueprint/v1.0.0;
   xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0;
   xmlns:ext="http://aries.apache.org/blueprint/xmlns/
blueprint-ext/v1.0.0">











My LoginModule:

public class ShiroJaasIntegration implements LoginModule {

public static final Logger LOGGER = LoggerFactory.getLogger(
ShiroJaasIntegration.class);
private static final Class
shiroSessionClass = org.apache.shiro.session.Session.class;

protected Set principals = new HashSet<>();
private Subject subject;
private org.apache.shiro.session.Session shiroSession;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private String user;
protected BundleContext bundleContext;
private boolean authenticated = false;

@Override
public void initialize(Subject subject, CallbackHandler
callbackHandler, Map sharedState, Map options) {
LOGGER.info("initialize "+System.identityHashCode(this));
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
this.bundleContext = ((BundleReference) this.getClass().
getClassLoader()).getBundle().getBundleContext();
}

@Override
public boolean login() throws LoginException {
LOGGER.debug("login "+System.identityHashCode(this));
if (callbackHandler == null) {
throw new LoginException("No CallbackHandler found");
}

Callback[] callbacks = new Callback[2];

callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available
to obtain information from user");
}
}

// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();

// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback)
callbacks[1]).getPassword());

org.apache.shiro.subject.Subject shiroSubject = null;

//Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects

return authenticated;

}

@Override
public boolean commit() throws LoginException {
LOGGER.debug("commit "+System.identityHashCode(this));
subject.getPrincipals().addAll(principals);
return authenticated;
}

@Override
public boolean abort() throws LoginException {
user = null;
principals.clear();
user = null;
LOGGER.debug("abort "+System.identityHashCode(this));
return true;
}

@Override
public boolean logout() throws LoginException {
user = null;
subject.getPrincipals().removeAll(principals);
principals.clear();
LOGGER.debug("logout "+System.identityHashCode(this));
return true;
}

}

I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
ShiroBridge does move up and down the list, but no log statements from the
ShiroJaasIntegration LoginModule are ever called, and in all cases i can
still login with karaf/karaf.

karaf@root()> jaas:realm-list

Index | Realm Name  | Login Module Class Name

--+-+---

1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration

2 | karaf   |
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule

3 | karaf   |
org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule

4 | karaf   | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule

5 | karaf   | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule

6 | karaf   |
org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule



So my module never seems to be called, and i can't really disable the karaf
realm.


Can someone help with this? My objective is to add my own LoginModule and
preferably replace the current karaf Realm

Re: ManagedProperties: A configuration solution for felix/karaf

[Martin Nielsen]

I'm familiar with the managedservice that's part of the specification. But
i have always thought that it was slightly lacking in features.

What this project does is that it translates an interface with get methods
into an object that handles metatypes and configuration updates
automatically. Being just an interface,  the configuration is also very
easy to mock in unit tests,  as it can be replaced by anything really.

It is by no means a finished product, there are more features to add. But i
think the current version works l,  and reflects where i want to go with
the project.

I hope someone can use it at least. Im still getting into osgi,  so there
are no fancy DS integrations or anything, but it is easy to use,  and
removes the nees for a lot of code,  especially in bundles that doesn't do
DS.

On 20 Nov 2016 8:27 p.m., "Jean-Baptiste Onofré" <j...@nanthrax.net> wrote:

> Hi Martin,
>
> I gonna take a look.
>
> By the way, you have a ManagedProperties sample in Karaf samples:
>
> https://github.com/jbonofre/karaf-samples/tree/master/osgi-
> config-managed-service-bundle
>
> Regards
> JB
>
> On 11/18/2016 11:21 PM, Martin Nielsen wrote:
>
>> Hello karaf users.
>>
>> I have been working on what i believe to be a simplification of the
>> configuration handling in OSGi containers. The project is slated to be
>> able to handle different sources, but for now the the only configuration
>> source is the felix config admin.
>>
>> https://github.com/TDC-Netdesign/ManagedProperties
>>
>> The way it works is that you register an annotated interface, which is
>> turned into a proxy that keeps track of the configuration for you. The
>> proxy object is transparently updated whenever the configuration
>> changes. It is also possible to register mappers, which can parse values
>> into other types, for example a String to a File or an Long to an Instant.
>>
>> Most importantly the filters allow for validating data. This allows for
>> checking the validity of the configuration before applying it. The
>> MangedProperties object will revert to the last accepted configuration
>> if a new configuration fails, eliminating the situation where the config
>> admin holds a config set that was never applied.
>>
>> Two other features worth mentioning is the locking a callback functions.
>> The properties object can lock itself, allowing any update to the
>> configuration to be postponed. This is useful for combinations like
>> username-password, where you do not want the configuration to change in
>> between the calls. For example, you can lock the configuration before
>> calling config.getUsername() and config.getPassword().
>> The last function is a ConfigurationCallback, that can be registered on
>> the configuration object. When the configuration is updated the callback
>> is called afterwards, allowing for restarts of message queues, rest
>> clients or whatever is using the configuration but requires restarts
>> with new configurations.
>>
>> I hope you will take a look at this project and use it/comment and
>> participate, I look forward to your comments and i hope someone will
>> find it useful.
>>
>>
>> -Martin
>>
>>
> --
> Jean-Baptiste Onofré
> jbono...@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>

ManagedProperties: A configuration solution for felix/karaf

[Martin Nielsen]

Hello karaf users.

I have been working on what i believe to be a simplification of the
configuration handling in OSGi containers. The project is slated to be able
to handle different sources, but for now the the only configuration source
is the felix config admin.

https://github.com/TDC-Netdesign/ManagedProperties

The way it works is that you register an annotated interface, which is
turned into a proxy that keeps track of the configuration for you. The
proxy object is transparently updated whenever the configuration changes.
It is also possible to register mappers, which can parse values into other
types, for example a String to a File or an Long to an Instant.

Most importantly the filters allow for validating data. This allows for
checking the validity of the configuration before applying it. The
MangedProperties object will revert to the last accepted configuration if a
new configuration fails, eliminating the situation where the config admin
holds a config set that was never applied.

Two other features worth mentioning is the locking a callback functions.
The properties object can lock itself, allowing any update to the
configuration to be postponed. This is useful for combinations like
username-password, where you do not want the configuration to change in
between the calls. For example, you can lock the configuration before
calling config.getUsername() and config.getPassword().
The last function is a ConfigurationCallback, that can be registered on the
configuration object. When the configuration is updated the callback is
called afterwards, allowing for restarts of message queues, rest clients or
whatever is using the configuration but requires restarts with new
configurations.

I hope you will take a look at this project and use it/comment and
participate, I look forward to your comments and i hope someone will find
it useful.


-Martin