Hi, The deploy folder is managed by deployer.
You can create a deployer that use jarsigner to verify the jar. A JarSigner deployer could register a ArtifactInstaller service and implement the canHandle(), install(), uninstall() methods, delegating the the jar deployer. NB: we have different deployers scanning the deploy folder (features, blueprint, spring, kar, etc): it's not only jar, so it depends what the artifacts you want to "verify". Regards JB On 03/09/2018 01:42 AM, jonathanknez wrote: > I am currently using ServiceMix 7.0.1 and before that I was directly using > Karaf. I like having the ability to just drop jar files in the SMX/deploy > folder and have it installed automatically. > > Now my app is going to production and I wonder what I can do to secure that > installation technique. Ideally, jar files dropped into that folder would > still get installed but only after passing a signature check; something to > verify the originator of that jar is trusted and the contents have not > changed since they built it. > > This may be a stretch but is there any such capability built into Karaf? If > not, any thoughts on what technologies one might use to achieve this result? > Thanks. > > > > -- > Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html > -- Jean-Baptiste Onofré [email protected] http://blog.nanthrax.net Talend - http://www.talend.com
