we plan to use Karaf embedded in the next version of our Web Application, which means that we still start the application server (Tomcat/JBoss/Websphere). Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO. Unfortunately with the step to use Karaf the current default JAAS configuration is no longer picked up and used, because Karaf is setting the OsgiConfiguration object into Configuration.setConfiguration within OsgiConfiguration.init method.

Is it wanted (by design) to ignore all standard/app-server specific ways of JAAS configuration?

I would otherwise suggest a modification to OsgiConfiguration, with something like:

    private Configuration defaultConfiguration;

    public void init() {
        try {
            defaultConfiguration = Configuration.getConfiguration();
        } catch (RuntimeException ex) {
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        JaasRealm realm = null;
        for (JaasRealm r : realms) {
            if (r.getName().equals(name)) {
                if (realm == null || r.getRank() > realm.getRank()) {
                    realm = r;
        if (realm != null) {
            return realm.getEntries();
        } else if (defaultConfiguration != null) {
           return defaultConfiguration.getAppConfigurationEntry(name);
        return null;

    public void refresh() {
        if (defaultConfiguration != null) {

This way if no OSGI configured JAAS realm can find an AppConfigurationEntry, we would still try to get it from the default JAAS configuration, and our customers could keep the same JAAS configuration as before. Would implementing this suggestion break anything in Karaf?


Reply via email to