Hi Kamil, Is the operator creating the account in the authentication service, so that the previously invalid credentials become valid?
How does your system deal with failures in communication to the authentication service? Is the operator required to restart all the “weather station” bundles? Is it possible to treat “invalid credentials” the same as “no communication to the authentication service”? In any case, with my proposal, restarting the bundle will certainly result in another attempt to authenticate if the configuration is present. Can you use the service presence rather than the bundle state to determine “health”? David Jencks > On Aug 23, 2019, at 7:07 AM, Kamil Paśko <kamil.pa...@antologic.com> wrote: > > @Dawid, > > Ok, here’s my situation: > Let’s say I have hundreds of weather stations > Each weather station gathers different data (some only the temperature, some > humidity, some both and some let’s say – radiation). They’re completly > independent of each other. Can be deployed separately, have different > versions etc. That’s why I represented each weather station as separate > bundle in Karaf cluster. > Each weather station sends it’s data to the server using „WeatherService” > But before weather station can send it’s first data – it must use > „AuthenticationService” and it’s own Configuration (containing it’s login and > password) in order to authenticate itself. If it can not – is should stop and > do not send data > Why restarting the bundle helps with authentication? Because Operator can > create weather station’s account in the system and restart the bundle – then > it’ll authenticate itself successfuly > > I hope that this explains my situation. > > Kind regards, > Kamil > > > Od: David Jencks <mailto:david.a.jen...@gmail.com> > Wysłano: piątek, 23 sierpnia 2019 15:41 > Do: user@karaf.apache.org <mailto:user@karaf.apache.org> > Temat: Re: ODP: ODP: Authentication with configuration: > BundlevsDeclarativeService? > > Services don’t have state, other than their properties, and you can certainly > investigate services with the console. Ds components do have state, which you > can investigate using the console. > > Your answer doesn’t make sense to me yet. What is the nature of the > authentication? If it’s entirely self contained then changes to the > configuration will be automatically propagated to a configuration-aware > component anyway without your doing anything special, and if it relies on > some sort of remote service I’d expect your component would be the only > reasonable place to track this remote services availability. > > I don’t recall ever finding a situation where restarting a bundle was a > reasonable response. > > I may not understand your situation... > David Jencks > > Sent from my iPhone > > On Aug 23, 2019, at 4:43 AM, Kamil Paśko <kamil.pa...@antologic.com > <mailto:kamil.pa...@antologic.com>> wrote: > > @David, > > Thank you for your answer. > I care „if the bundle is active” because as far as I know, Karaf console and > API allows me to check the state of bundles – not particular services. > Please, correct me if I’m wrong. > > Moreover - all our monitoring tools verify bundles health, and are able to > restart them when bundle will be able to authenticate again. > > That is why I need to stop whole bundle if authentication fails and I must > care about whole bundle – not particular service. > > Does it make sense? > > Kind regards, > Kamil > > Od: David Jencks <mailto:david.a.jen...@gmail.com> > Wysłano: poniedziałek, 19 sierpnia 2019 16:07 > Do: user@karaf.apache.org <mailto:user@karaf.apache.org> > Temat: Re: ODP: Authentication with configuration: Bundle > vsDeclarativeService? > > I suggest you: > -Reinterpret the 3rd requirement to be that a service is registered only when > a configuration is present and that configuration results in valid > authentication. Why do you care if the bundle is active? What’s usually > important is whether a service is present. > -write a ManagedService as a DS component that authenticates and if > successful creates the actual service. > > David Jencks > > > Sent from my iPhone > > On Aug 19, 2019, at 5:21 AM, Kamil Paśko <kamil.pa...@antologic.com > <mailto:kamil.pa...@antologic.com>> wrote: > > I see that my examples where trimmed. So I send them once again: > > I have a case with three requirements explained below: > > 1) I must implement "something" (Bundle or Component) that will receive > configuration (placed in $KARAF_HOME/etc/myPID.cfg), therefore I can use both: > > a) BundleActivator with ManagedService approach: > > > > @Override > public final void start(final BundleContext bundleContext) throws > InterruptedException { > serviceReg = bundleContext.registerService(ManagedService.class, new > ConfigUpdater(), new Hashtable<>(singletonMap(Constants.SERVICE_PID, pid))); > } > > b) DeclarativeService approach: > > > > @Component( > configurationPid = MyService.CONFIGURATION_PID > ) > public class MyService { > @Activate > public MyService(final MyConfiguration configuration) throws Exception { > } > } > > 2) But the second requirement is, that config MUST be available before > Bundle/Component starts (because my Bundle/Component must authenticate itself > using credentials from the config). Therefore: > > a) I have no idea how to achieve it using BundleActivator > > b) Using DeclarativeService approach it is easy: > > > > @Component( > immediate = true, > configurationPolicy = ConfigurationPolicy.REQUIRE, > configurationPid = MyService.CONFIGURATION_PID > ) > > 3) And the third requirement is: if authentication fails - bundle must stop > itself: > > a) it is easy using BundleActivator, because if start method throws exception > - Bundle stops itself > > > > @Override > public final void start(final BundleContext bundleContext) throws > InterruptedException { > bundleContext.registerService(ManagedService.class, new ConfigUpdater(), > new Hashtable<>(singletonMap(Constants.SERVICE_PID, pid))); > } > > private final class ConfigUpdater implements ManagedService { > @Override > public void updated(final Dictionary<String, ?> config) throws > ConfigurationException { > if (authenticate(config) == false) { > throw new NotAuthenticatedException(); > } > } > } > } > > b) I have no idea how to achieve it using DeclarativeService (let's say that > there is just one service per bundle) > > > Could you help me please with figuring out how I can achieve all three > requirements at the same time? > > Kind regards, > Kamil > > Od: kamilantlgc <mailto:kamil.pa...@antologic.com> > Wysłano: poniedziałek, 19 sierpnia 2019 14:19 > Do: user@karaf.apache.org <mailto:user@karaf.apache.org> > Temat: Authentication with configuration: Bundle vs DeclarativeService? > > Dear Karaf users, > > I'm aware that this post is more about OSGi, but you were so helpful so far, > that I hope it will be the same this time :) > > I have a case with three requirements explained below: > > 1) I must implement "something" (Bundle or Component) that will receive > configuration (placed in $KARAF_HOME/etc/myPID.cfg), therefore I can use > both: > > a) BundleActivator with ManagedService approach: > > > b) DeclarativeService approach: > > > 2) But the second requirement is, that config MUST be available before > Bundle/Component starts (because my Bundle/Component must authenticate > itself using credentials from the config). Therefore: > > a) I have no idea how to achieve it using BundleActivator > > b) Using DeclarativeService approach it is easy: > > > 3) And the third requirement is: if authentication fails - bundle must stop > itself: > > a) it is easy using BundleActivator, because if start method throws > exception - Bundle stops itself > > > b) I have no idea how to achieve it using DeclarativeService (let's say that > there is just one service per bundle) > > > Could you help me please with figuring out how I can achieve all three > requirements at the same time? > > Kind regards, > Kamil > > > > -- > Sent from: http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html > <http://karaf.922171.n3.nabble.com/Karaf-User-f930749.html>
