Thanks, that is great information! As far as the CXF feature, I actually wrote my own to use in Jersey to do basic authentication (since i am using Jersey and couldn’t find anything out of the box). I should have a look at the JAASAuthenticationFeature in CXF since it is a RS compliant feature i am guessing to see how it compares.
Thanks again for all the help! Andy P > On Mar 26, 2015, at 2:49 PM, Christian Schneider <[email protected]> > wrote: > > There is one more thing you should look into. Quite often you will need the > authentication result in a place different from the place where you do the > authentication. > Passing the subject around is not very effective. > > Luckily there is a quite unknown way in JAAS to do this: > > AccessControlContext acc = AccessController.getContext(); > Subject subject = Subject.getSubject(acc); > > This allows to get the subject at any place in your code. > > An even more convenient way if you use blueprint is to authorize based on > security annotations. > See the blueprint-auhtz module: > https://fisheye6.atlassian.com/browse/~br=trunk/aries/trunk/blueprint/blueprint-authz > > <https://fisheye6.atlassian.com/browse/~br=trunk/aries/trunk/blueprint/blueprint-authz> > And an example: > https://github.com/cschneider/Karaf-Tutorial/tree/master/cxf/personservice/server > > <https://github.com/cschneider/Karaf-Tutorial/tree/master/cxf/personservice/server> > https://github.com/cschneider/Karaf-Tutorial/blob/master/cxf/personservice/server/src/main/resources/OSGI-INF/blueprint/blueprint.xml > > <https://github.com/cschneider/Karaf-Tutorial/blob/master/cxf/personservice/server/src/main/resources/OSGI-INF/blueprint/blueprint.xml> > https://github.com/cschneider/Karaf-Tutorial/blob/master/cxf/personservice/server/src/main/java/net/lr/tutorial/karaf/cxf/personservice/impl/PersonServiceImpl.java > > <https://github.com/cschneider/Karaf-Tutorial/blob/master/cxf/personservice/server/src/main/java/net/lr/tutorial/karaf/cxf/personservice/impl/PersonServiceImpl.java> > > The example uses cxf and the cxf JAASAuthenticationFeature for establishing > the JAAS login and the blueprint authz module to do the authorization using > @RolesAllowed. > So while the example uses cxf you the authorization part is in no way tied to > cxf. You can use it together with your own login code. > > Christian > > > On 26.03.2015 20:33, Andrew Phillips wrote: >> Now that i do it, seems so simple. The trick is that the Principals are >> exposed as Group and Role principals from the karaf boot module. >> >> Maybe an example of how to do something like that would be helpful on the >> site. I’d be more than happy to give an example or update it myself >> somewhere: >> >> Subject subject = new Subject(); >> LoginContext loginContext = new LoginContext(karafRealm, subject, new >> CallbackHandler() { >> @Override >> public void handle(Callback[] callbacks) throws IOException, >> UnsupportedCallbackException { >> for (Callback callback : callbacks) { >> if (callback instanceof NameCallback) { >> ((NameCallback) callback).setName(userName); >> } >> if (callback instanceof PasswordCallback) { >> ((PasswordCallback) >> callback).setPassword(password).toCharArray()); >> } >> } >> } >> }); >> loginContext.login(); >> then you can say something like: >> >> public boolean isUserInGroup(String g) { >> for (GroupPrincipal principal : >> subject.getPrincipals(GroupPrincipal.class)) { >> if (principal.getName().equals(g)) return true; >> } >> return false; >> } >> >> public boolean isUserInRole(String s) { >> for (RolePrincipal principal : >> subject.getPrincipals(RolePrincipal.class)) { >> if (principal.getName().equals(s)) return true; >> } >> return false; >> } >> Great product, Karaf! Love it, thanks! >> Andy P >> >> >> >> >>> On Mar 26, 2015, at 1:37 AM, Jean-Baptiste Onofré <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi Andy, >>> >>> you can directly use the JAAS subject provider. >>> >>> You get a LoginContext and Subject. >>> >>> Regards >>> JB >>> >>> On 03/26/2015 01:47 AM, Andrew Phillips wrote: >>>> I am hoping to utilize the Karaf security module in a bundle of mine. >>>> What is the best way, if there is an example, of authenticating a user if >>>> i have a user name and password and getting back the roles so i can use >>>> the built in security module? >>>> >>>> I appreciate the help. Love the product, I am using Karaf 3.0.3. >>>> >>>> >>>> Thanks! >>>> Andy P >>>> >>>> >>> >>> -- >>> Jean-Baptiste Onofré >>> [email protected] <mailto:[email protected]> >>> http://blog.nanthrax.net <http://blog.nanthrax.net/> >>> Talend - http://www.talend.com <http://www.talend.com/> >> > > > -- > Christian Schneider > http://www.liquid-reality.de <http://www.liquid-reality.de/> > > Open Source Architect > http://www.talend.com <http://www.talend.com/>
