Re: How to make JAAS config configurable via e.g. ${karaf.home}/container/etc

Mon, 16 Apr 2012 16:22:13 -0700 

Hi,
I'm afraid all configuration file through configAdmin should be put in ${karaf.home}/etc folder, though you can specify another configuration file name in jaas blueprint configuration like <cm:property-placeholder persistent-id="org.customer.jaas" update- strategy="reload"> 


then you can edit ${karaf.home}/etc/org.customer.jaas.cfg to put all  
properties you want there. Take a look at [1] to get more details  
about how property placeholder works in blueprint.

Also [2] for more about the Karaf JAAS framework

[1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
[2]http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html

Freeman

On 2012-4-17, at 上午5:06, Christoph Emmersberger wrote:


Dear all,


I'm looking for a way to make my JAAS config configurable from the  
outside, best from a file from ${karaf.home}/container/etc



It should be similar like the org.apache.karaf.jaas.cfg  
configuration but should contain also further information like the  
following JAAS config:


  <jaas:config name="test">

    <jaas:module  
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"  
flags="required">

     environment = TEST
      connection.url = ldap://test:389
      connection.username = cn=test,dc=test,dc=test,dc=org
      connection.password = 1234
      user.base.dn = ou=test,dc=test,dc=test,dc=org
      user.filter = (&amp;(cn=%u)(isActive=TRUE))
      user.search.subtree = false
      role.base.dn = ou=app,dc=test,dc=test,dc=org
      role.filter = (&amp;(cn=%u)(isActive=TRUE))
      role.name.attribute = uniqueMember
      role.search.subtree = false
      service.role.base.dn = ou=test,dc=test,dc=test,dc=org
      service.role.filter = (isActive=TRUE)
      service.role.name.attribute = cn
      service.role.search.subtree = false
      authentication = simple
    </jaas:module>
  </jaas:config>


Especially the connection information should be externalized to  
enable a proper staging between environments.


Has anyone already some experience in achieving such a setup?

Many thanks for your support and kind regards,

Christoph


---------------------------------------------
Freeman Fang

FuseSource
Email:[email protected]
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042
































					Reply via email to