I am currently using ServiceMix 7.0.1 and before that I was directly using Karaf. I like having the ability to just drop jar files in the SMX/deploy folder and have it installed automatically.
Now my app is going to production and I wonder what I can do to secure that installation technique. Ideally, jar files dropped into that folder would still get installed but only after passing a signature check; something to verify the originator of that jar is trusted and the contents have not changed since they built it. This may be a stretch but is there any such capability built into Karaf? If not, any thoughts on what technologies one might use to achieve this result? Thanks. -- Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html
