Hi Benjamin,

your proposal makes sense. I will review, create a Jira, and implement.

In the mean time, as a workaround, I think you can provide your own login module acting as a bypass.


On 10/18/2016 06:19 PM, Benjamin Papez wrote:

we plan to use Karaf embedded in the next version of our Web
Application, which means that we still start the application server
(Tomcat/JBoss/Websphere). Some of our customers are using a JAAS
configuration, mainly Kerberos for SPNEGO. Unfortunately with the step
to use Karaf the current default JAAS configuration is no longer picked
up and used, because Karaf is setting the OsgiConfiguration object into
Configuration.setConfiguration within OsgiConfiguration.init method.

Is it wanted (by design) to ignore all standard/app-server specific ways
of JAAS configuration?

I would otherwise suggest a modification to OsgiConfiguration, with
something like:

    private Configuration defaultConfiguration;

    public void init() {
        try {
            defaultConfiguration = Configuration.getConfiguration();
        } catch (RuntimeException ex) {
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        JaasRealm realm = null;
        for (JaasRealm r : realms) {
            if (r.getName().equals(name)) {
                if (realm == null || r.getRank() > realm.getRank()) {
                    realm = r;
        if (realm != null) {
            return realm.getEntries();
        } else if (defaultConfiguration != null) {
           return defaultConfiguration.getAppConfigurationEntry(name);
        return null;

    public void refresh() {
        if (defaultConfiguration != null) {

This way if no OSGI configured JAAS realm can find an
AppConfigurationEntry, we would still try to get it from the default
JAAS configuration, and our customers could keep the same JAAS
configuration as before. Would implementing this suggestion break
anything in Karaf?


Jean-Baptiste Onofré
Talend - http://www.talend.com

Reply via email to