felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcin Wilkos <marcin.wil...@gmail.com>
Subject Re: Google Summer of Code
Date Tue, 21 Jul 2009 18:23:24 GMT
Hi,

Guillaume wrote about pluggable user authentication mechanism for Karaf
shell.
I think it's good for second part of my GSoC program. Could you write more
about security in Karaf and Felix?
Where passwords are stored and how?

regards,

Marcin

2009/6/10 Guillaume Nodet <gnodet@gmail.com>

> The security part can be slit in two different goals imho;
>  * pluggable user authentication mechanism
>  * command based authorization for the authenticated user
>
> The last one is much more optional, but it would mean defining roles /
> groups that the user needs to belong to for each shell command / ui
> tab / ui action, and make sure the authenticated user is authorized to
> perform such a command.
>
> On Wed, Jun 10, 2009 at 13:17, Felix Meschberger<fmeschbe@gmail.com>
> wrote:
> > Hi,
> >
> > Guillaume Nodet schrieb:
> >> Another idea as the first step for security would be the
> >> authentication mechanism we discussed on another thread.
> >> Currently, the web console uses a ConfigAdmin to retrieve the username
> >> / password.  This layer should be pluggable and allow the current
> >> mechanism, UserAdmin or JAAS to be plugged in somehow.
> >
> > That's in fact how I understood your first point ;-)
> >
> > Regards
> > Felix
> >
> >>
> >> On Wed, Jun 10, 2009 at 12:04, Guillaume Nodet<gnodet@gmail.com> wrote:
> >>> Two ideas for the console:
> >>>  * add some security to the console / shell (role based for a given
> >>> action / command)
> >>>  * have a low level shell access from the console (using command line
> >>> as we already discussed)
> >>> I guess both are not simple problems to tackle, so not sure Marcin
> >>> availability will be enough.
> >>> If not, I'd be glad to try implementing the low level shell access
> >>> from the console.
> >>>
> >>> My thinking about that was to have a hidden feature as Hiram
> >>> demonstrated some time ago on his prototype.
> >>> Typing '~' in the console would bring up a popup and start a shell
> >>> with the credentials of the user that logged into the web console (not
> >>> sure how to retrieve those in a safe manner yet).  Typing again the
> >>> same key would hide the popup.
> >>>
> >>> On Wed, Jun 10, 2009 at 09:37, Gert Vanthienen<
> gert.vanthienen@gmail.com> wrote:
> >>>> Guillaume,
> >>>>
> >>>> I created http://cwiki.apache.org/confluence/display/FELIX/GSoC+2009
> >>>> to keep track of this.  The current working schedule is at the top of
> >>>> the page, with the bits of information I'm aware of already filled in.
> >>>>
> >>>> I added the original schedule at the bottom, but because of our
> >>>> decision to leverage the Felix Web Console, most of the tasks in that
> >>>> schedule are no longer necessary.  So if people have any suggestions
> >>>> for other work to fill in those gaps...
> >>>>
> >>>> Regards,
> >>>>
> >>>> Gert Vanthienen
> >>>> ------------------------
> >>>> Open Source SOA: http://fusesource.com
> >>>> Blog: http://gertvanthienen.blogspot.com/
> >>>>
> >>>>
> >>>>
> >>>> 2009/6/9 Guillaume Nodet <gnodet@gmail.com>:
> >>>>> Yeah ! Keep up the good work.
> >>>>> Do you have a plan for the coming weeks / monthes.  Maybe you could
> >>>>> create a wiki page somewhere or maybe even an email so we can get
see
> >>>>> what you plan to work on and maybe give some input / discuss things
?
> >>>>>
> >>>>> On Mon, Jun 8, 2009 at 23:32, Marcin Wilkos<marcin.wilkos@gmail.com>
> wrote:
> >>>>>> Hi,
> >>>>>> I'm Marcin Wilkos. Like Gert Vanthienen wrote before I'm working
on
> >>>>>> webconsole for Karaf and ServiceMix as GSoC project. I'll be
sending
> weekly
> >>>>>> reports to this list.
> >>>>>> In last week I focused on first extension for felix web console,
> which lists
> >>>>>> Karaf features. I created JIRA issue for this and uploaded a
patch.
> Gert
> >>>>>> checked it and uploaded to svn.
> >>>>>> Regards,
> >>>>>> Marcin Wilkos
> >>>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Cheers,
> >>>>> Guillaume Nodet
> >>>>> ------------------------
> >>>>> Blog: http://gnodet.blogspot.com/
> >>>>> ------------------------
> >>>>> Open Source SOA
> >>>>> http://fusesource.com
> >>>>>
> >>>
> >>>
> >>> --
> >>> Cheers,
> >>> Guillaume Nodet
> >>> ------------------------
> >>> Blog: http://gnodet.blogspot.com/
> >>> ------------------------
> >>> Open Source SOA
> >>> http://fusesource.com
> >>>
> >>
> >>
> >>
> >
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message