Hi JB,
thanks for looking into it. I already created a jira:
https://issues.apache.org/jira/browse/KARAF-4784
The workaround with an own login module ain't that easy, because we do
not know the names of all current jaas configurations customers have
today (can be multiple per installation). As I understand with OSGI we
(or they) would need to create one realm per such entry name and the
login module would need to be able to read and copy the default
configuration before osgi overrides it. If OsgiConfiguration would
fallback to the default configuration, no action would be required (for
us and for customers migrating to the new relase with Karaf).
Regards,
Benjamin
Am 18.10.2016 um 18:25 schrieb Jean-Baptiste Onofré:
Hi Benjamin,
your proposal makes sense. I will review, create a Jira, and implement.
In the mean time, as a workaround, I think you can provide your own
login module acting as a bypass.
Regards
JB
On 10/18/2016 06:19 PM, Benjamin Papez wrote:
Hello,
we plan to use Karaf embedded in the next version of our Web
Application, which means that we still start the application server
(Tomcat/JBoss/Websphere). Some of our customers are using a JAAS
configuration, mainly Kerberos for SPNEGO. Unfortunately with the step
to use Karaf the current default JAAS configuration is no longer picked
up and used, because Karaf is setting the OsgiConfiguration object into
Configuration.setConfiguration within OsgiConfiguration.init method.
Is it wanted (by design) to ignore all standard/app-server specific ways
of JAAS configuration?
I would otherwise suggest a modification to OsgiConfiguration, with
something like:
private Configuration defaultConfiguration;
public void init() {
try {
defaultConfiguration = Configuration.getConfiguration();
} catch (RuntimeException ex) {
//
}
Configuration.setConfiguration(this);
}
...
public AppConfigurationEntry[] getAppConfigurationEntry(String
name) {
JaasRealm realm = null;
for (JaasRealm r : realms) {
if (r.getName().equals(name)) {
if (realm == null || r.getRank() > realm.getRank()) {
realm = r;
}
}
}
if (realm != null) {
return realm.getEntries();
} else if (defaultConfiguration != null) {
return defaultConfiguration.getAppConfigurationEntry(name);
}
return null;
}
public void refresh() {
if (defaultConfiguration != null) {
defaultConfiguration.refresh();
}
}
This way if no OSGI configured JAAS realm can find an
AppConfigurationEntry, we would still try to get it from the default
JAAS configuration, and our customers could keep the same JAAS
configuration as before. Would implementing this suggestion break
anything in Karaf?
Regards,
Benjamin
