Hi Freeman,
thanks for your reply. I guess your proposed solution would work quite well.
Maybe it's worth adding a section to the documentation on how to achieve that
later.
Many thanks and kind regards,
Christoph
On 17.04.2012, at 01:21, Freeman Fang wrote:
> Hi,
>
> I'm afraid all configuration file through configAdmin should be put in
> ${karaf.home}/etc folder, though you can specify another configuration file
> name in jaas blueprint configuration like
> <cm:property-placeholder persistent-id="org.customer.jaas"
> update-strategy="reload">
>
> then you can edit ${karaf.home}/etc/org.customer.jaas.cfg to put all
> properties you want there. Take a look at [1] to get more details about how
> property placeholder works in blueprint.
> Also [2] for more about the Karaf JAAS framework
>
> [1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
> [2]http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html
>
> Freeman
>
> On 2012-4-17, at 上午5:06, Christoph Emmersberger wrote:
>
>> Dear all,
>>
>> I'm looking for a way to make my JAAS config configurable from the outside,
>> best from a file from ${karaf.home}/container/etc
>>
>> It should be similar like the org.apache.karaf.jaas.cfg configuration but
>> should contain also further information like the following JAAS config:
>>
>> <jaas:config name="test">
>> <jaas:module
>> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>> flags="required">
>> environment = TEST
>> connection.url = ldap://test:389
>> connection.username = cn=test,dc=test,dc=test,dc=org
>> connection.password = 1234
>> user.base.dn = ou=test,dc=test,dc=test,dc=org
>> user.filter = (&(cn=%u)(isActive=TRUE))
>> user.search.subtree = false
>> role.base.dn = ou=app,dc=test,dc=test,dc=org
>> role.filter = (&(cn=%u)(isActive=TRUE))
>> role.name.attribute = uniqueMember
>> role.search.subtree = false
>> service.role.base.dn = ou=test,dc=test,dc=test,dc=org
>> service.role.filter = (isActive=TRUE)
>> service.role.name.attribute = cn
>> service.role.search.subtree = false
>> authentication = simple
>> </jaas:module>
>> </jaas:config>
>>
>> Especially the connection information should be externalized to enable a
>> proper staging between environments.
>>
>> Has anyone already some experience in achieving such a setup?
>>
>> Many thanks for your support and kind regards,
>>
>> Christoph
>
> ---------------------------------------------
> Freeman Fang
>
> FuseSource
> Email:[email protected]
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
> http://blog.sina.com.cn/u/1473905042
> weibo: http://weibo.com/u/1473905042
>
>
>
>
>
>
>
>
>
>
