karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Karaf > 4.5. Security framework
Date Tue, 13 Jul 2010 12:12:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1810/9/3/_/styles/combined.css?spaceKey=KARAF&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/KARAF/4.5.+Security+framework">4.5.
Security framework</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~gnodet">Guillaume
Nodet</a>
    </h4>
        <br/>
                         <h4>Changes (11)</h4>
                                 
    
<div id="page-diffs">
            <table class="diff" cellpadding="0" cellspacing="0">
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >{code:lang=xml|title=JAAS XSD Schema}
<br>&lt;xs:schema elementFormDefault=&#39;qualified&#39; <br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">targetNamespace=&#39;http://felix.apache.org/karaf/xmlns/jaas/v1.0.0&#39;</span>
<span class="diff-added-words"style="background-color: #dfd;">targetNamespace=&#39;http://karaf.apache.org/xmlns/jaas/v1.0.0&#39;</span>
<br></td></tr>
            <tr><td class="diff-unchanged" >           xmlns:xs=&#39;http://www.w3.org/2001/XMLSchema&#39;
<br>           xmlns:bp=&quot;http://www.osgi.org/xmlns/blueprint/v1.0.0&quot;
<br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">xmlns:tns=&#39;http://felix.apache.org/karaf/xmlns/jaas/v1.0.0&#39;&gt;</span>
<span class="diff-added-words"style="background-color: #dfd;">xmlns:tns=&#39;http://karaf.apache.org/xmlns/jaas/v1.0.0&#39;&gt;</span>
<br></td></tr>
            <tr><td class="diff-unchanged" > <br>    &lt;xs:import namespace=&quot;http://www.osgi.org/xmlns/blueprint/v1.0.0&quot;/&gt;
<br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >{code} <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >You can find the schema at the
following <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">[location|https://svn.apache.org/repos/asf/felix/releases/karaf-1.0.0/jaas/config/src/main/resources/org/apache/felix/karaf/jaas/config/karaf-jaas.xsd].</span>
<span class="diff-added-words"style="background-color: #dfd;">[location|https://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/config/src/main/resources/org/apache/karaf/jaas/config/karaf-jaas.xsd].</span>
<br></td></tr>
            <tr><td class="diff-unchanged" > <br>Here are two example using
this schema: <br>{code:lang=xml|title=JAAS realm example} <br>&lt;blueprint
xmlns=&quot;http://www.osgi.org/xmlns/blueprint/v1.0.0&quot; <br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">xmlns:jaas=&quot;http://felix.apache.org/karaf/xmlns/jaas/v1.0.0&quot;</span>
<span class="diff-added-words"style="background-color: #dfd;">xmlns:jaas=&quot;http://karaf.apache.org/xmlns/jaas/v1.0.0&quot;</span>
<br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">xmlns:ext=&quot;http://geronimo.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0&quot;&gt;</span>
<span class="diff-added-words"style="background-color: #dfd;">xmlns:ext=&quot;http://aries.apache.org/xmlns/blueprint-ext/v1.0.0&quot;&gt;</span>
<br></td></tr>
            <tr><td class="diff-unchanged" > <br>    &lt;!-- Bean to
allow the $[karaf.base] property to be correctly resolved --&gt; <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" > <br>    &lt;jaas:config
name=&quot;karaf&quot;&gt; <br></td></tr>
            <tr><td class="diff-changed-lines" >&lt;jaas:module <span class="diff-changed-words">className=&quot;org.apache.<span
class="diff-deleted-chars"style="color:#999;background-color:#fdd;text-decoration:line-through;">felix.</span>karaf.jaas.modules.properties.PropertiesLoginModule&quot;</span>
flags=&quot;required&quot;&gt; <br></td></tr>
            <tr><td class="diff-unchanged" >            users = $[karaf.base]/etc/users.properties
<br>        &lt;/jaas:module&gt; <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >{code} <br>{code:lang=xml|title=Keystore
example} <br></td></tr>
            <tr><td class="diff-changed-lines" >&lt;jaas:keystore <span
class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">xmlns:jaas=&quot;http://felix.apache.org/karaf/xmlns/jaas/v1.0.0&quot;</span>
<span class="diff-added-words"style="background-color: #dfd;">xmlns:jaas=&quot;http://karaf.apache.org/xmlns/jaas/v1.0.0&quot;</span>
<br></td></tr>
            <tr><td class="diff-unchanged" >               id=&quot;keystore&quot;
<br>               name=&quot;ks&quot; <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >The {{id}} attribute is the blueprint
id of the bean, but it will be used by default as the name of the realm if no {{name}} attribute
is specified.   Additional attributes on the {{config}} elements are a {{rank}}, which is
an integer.  When the LoginContext looks for a realm for authenticating a given user, the
realms registered in the OSGi registry are matched against the required name.  If more than
one realm is found, the one with the highest rank will be used, thus allowing the override
of some realms with new values.  The last attribute is {{publish}} which can be set to false
to not publish the realm in the OSGi registry, hereby disabling the use of this realm. <br>
<br></td></tr>
            <tr><td class="diff-changed-lines" >Each realm can contain one or
more module definition.  Each module identify a LoginModule and the {{className}} attribute
must be set to the class name of the login module to use.   Note that this login module must
be available from the bundle classloader, so either it has to be defined in the bundle itself,
or the needed package needs to be correctly imported. The {{flags}} attribute can take one
of four values that are explained on the [JAAS <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">documentation|http://svn.apache.org/repos/asf/felix/releases/karaf-1.0.0/jaas/boot/src/main/java/org/apache/felix/karaf/jaas/boot/ProxyLoginModule.java].</span>
<span class="diff-added-words"style="background-color: #dfd;">documentation|http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/ProxyLoginModule.java].</span>
<br></td></tr>
            <tr><td class="diff-unchanged" >The content of the {{module}} element
is parsed as a properties file and will be used to further configure the login module. <br>
<br></td></tr>
            <tr><td class="diff-changed-lines" >Deploying such a code will lead
to a <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">[JaasRealm|http://svn.apache.org/repos/asf/felix/releases/karaf-1.0.0/jaas/config/src/main/java/org/apache/felix/karaf/jaas/config/JaasRealm.java]</span>
<span class="diff-added-words"style="background-color: #dfd;">[JaasRealm|http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/config/src/main/java/org/apache/karaf/jaas/config/JaasRealm.java]</span>
object in the OSGi registry, which will then be used when using the JAAS login module. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>h2. Architecture <br>
<br></td></tr>
            <tr><td class="diff-changed-lines" >Due to constraints in the JAAS
specification, one class has to be available for all bundles.  This class is called <span
class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">[ProxyLoginModule|http://svn.apache.org/repos/asf/felix/releases/karaf-1.0.0/jaas/boot/src/main/java/org/apache/felix/karaf/jaas/boot/ProxyLoginModule.java]</span>
<span class="diff-added-words"style="background-color: #dfd;">[ProxyLoginModule|http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/ProxyLoginModule.java]</span>
and is a LoginModule that acts as a proxy for an OSGi defines LoginModule.  If you plan to
integrate this feature into another OSGi runtime, this class must be made available from the
system classloader and the related package be part of the boot delegation classpath (or be
deployed as a fragment attached to the system bundle). <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >The xml schema defined above allow
the use of a simple xml (leveraging spring xml extensibility) to configure and register a
JAAS configuration for a given realm.  This configuration will be made available into the
OSGi registry as a <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">[JaasRealm|http://svn.apache.org/repos/asf/felix/releases/karaf-1.0.0/jaas/config/src/main/java/org/apache/felix/karaf/jaas/config/JaasRealm.java]</span>
<span class="diff-added-words"style="background-color: #dfd;">[JaasRealm|http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/config/src/main/java/org/apache/karaf/jaas/config/JaasRealm.java]</span>
and the OSGi specific Configuration will look for such services.  Then the proxy login module
will be able to use the information provided by the realm to actually load the class from
the bundle containing the real login module. <br></td></tr>
            <tr><td class="diff-unchanged" > <br>[#top] <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
        </table>
</div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
class='ScrollbarPrevIcon'><a href="/confluence/display/KARAF/4.4.+Deployer"><img
border='0' align='middle' src='/confluence/images/icons/back_16.gif' width='16' height='16'></a></td><td
width='33%' class='ScrollbarPrevName'><a href="/confluence/display/KARAF/4.4.+Deployer">4.4.
Deployer</a>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/KARAF/4.+Understanding+Karaf"><img border='0' align='middle'
src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/KARAF/4.+Understanding+Karaf">4. Understanding Karaf</a></td><td
width='33%' class='ScrollbarNextName'>&nbsp;<a href="/confluence/display/KARAF/4.6.+Provisioning">4.6.
Provisioning</a></td><td class='ScrollbarNextIcon'><a href="/confluence/display/KARAF/4.6.+Provisioning"><img
border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>
<p><a name="4.5.Securityframework-top"></a></p>

<h1><a name="4.5.Securityframework-4.5.Securityframework"></a>4.5. Security
framework</h1>

<p>Karaf supports <a href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/JAASRefGuide.html"
class="external-link" rel="nofollow">JAAS</a> with some enhancements to allow JAAS
to work nicely in an OSGi environment.  This framework also features an OSGi keystore manager
with the ability to deploy new keystores or truststores at runtime.  </p>

<h2><a name="4.5.Securityframework-Overview"></a>Overview</h2>

<p>This feature allow the deployment at runtime of JAAS based configuration for use
in various parts of the application. This includes the remote console login, which uses the
<tt>karaf</tt> realm, but which is configured with a dummy login module by default.
 These realms can also be used by the NMR, JBI components or the JMX server to authenticate
users logging in or sending messages into the bus.</p>

<p>In addition to JAAS realms, you can also deploy keystores and truststores to secure
the remote shell console, setting up HTTPS connectors or using certificates for WS-Security.</p>

<p>A very simple XML schema for spring has been defined, allowing the deployment of
a new realm or a new keystore very easily.</p>

<h2><a name="4.5.Securityframework-Schema"></a>Schema</h2>

<p>To deploy a new realm, you can use the following XSD which is supported by a Spring
namespace handler and can thus be defined in a spring xml configuration file.</p>

<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>JAAS XSD Schema</b></div><div
class="codeContent panelContent">
<pre class="code-xml">
&lt;xs:schema elementFormDefault='qualified'
           targetNamespace='http://karaf.apache.org/xmlns/jaas/v1.0.0'
           <span class="code-keyword">xmlns:xs</span>='http://www.w3.org/2001/XMLSchema'
           <span class="code-keyword">xmlns:bp</span>=<span class="code-quote">"http://www.osgi.org/xmlns/blueprint/v1.0.0"</span>
           <span class="code-keyword">xmlns:tns</span>='http://karaf.apache.org/xmlns/jaas/v1.0.0'&gt;

    <span class="code-tag">&lt;xs:import namespace=<span class="code-quote">"http://www.osgi.org/xmlns/blueprint/v1.0.0"</span>/&gt;</span>

    <span class="code-tag">&lt;xs:element name=<span class="code-quote">"config"</span>&gt;</span>
        <span class="code-tag">&lt;xs:complexType&gt;</span>
            <span class="code-tag">&lt;xs:sequence&gt;</span>
                <span class="code-tag">&lt;xs:element name=<span class="code-quote">"module"</span>
minOccurs=<span class="code-quote">"0"</span> maxOccurs=<span class="code-quote">"unbounded"</span>&gt;</span>
                    <span class="code-tag">&lt;xs:complexType mixed=<span class="code-quote">"true"</span>&gt;</span>
                        <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"className"</span>
use=<span class="code-quote">"required"</span> type=<span class="code-quote">"xs:string"</span>
/&gt;</span>
                        <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"flags"</span>
default=<span class="code-quote">"required"</span>&gt;</span>
                            <span class="code-tag">&lt;xs:simpleType&gt;</span>
                                <span class="code-tag">&lt;xs:restriction base=<span
class="code-quote">"xs:NMTOKEN"</span>&gt;</span>
                                    <span class="code-tag">&lt;xs:enumeration value=<span
class="code-quote">"required"</span>/&gt;</span>
                                    <span class="code-tag">&lt;xs:enumeration value=<span
class="code-quote">"requisite"</span>/&gt;</span>
                                    <span class="code-tag">&lt;xs:enumeration value=<span
class="code-quote">"sufficient"</span>/&gt;</span>
                                    <span class="code-tag">&lt;xs:enumeration value=<span
class="code-quote">"optional"</span>/&gt;</span>
                                <span class="code-tag">&lt;/xs:restriction&gt;</span>
                            <span class="code-tag">&lt;/xs:simpleType&gt;</span>
                        <span class="code-tag">&lt;/xs:attribute&gt;</span>
                    <span class="code-tag">&lt;/xs:complexType&gt;</span>
                <span class="code-tag">&lt;/xs:element&gt;</span>
            <span class="code-tag">&lt;/xs:sequence&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"name"</span>
use=<span class="code-quote">"required"</span> type=<span class="code-quote">"xs:string"</span>
/&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"rank"</span>
use=<span class="code-quote">"optional"</span> default=<span class="code-quote">"0"</span>
type=<span class="code-quote">"xs:int"</span> /&gt;</span>
        <span class="code-tag">&lt;/xs:complexType&gt;</span>
    <span class="code-tag">&lt;/xs:element&gt;</span>

    <span class="code-tag">&lt;xs:element name=<span class="code-quote">"keystore"</span>&gt;</span>
        <span class="code-tag">&lt;xs:complexType&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"name"</span>
use=<span class="code-quote">"required"</span> type=<span class="code-quote">"xs:string"</span>
/&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"rank"</span>
use=<span class="code-quote">"optional"</span> default=<span class="code-quote">"0"</span>
type=<span class="code-quote">"xs:int"</span> /&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"path"</span>
use=<span class="code-quote">"required"</span> type=<span class="code-quote">"xs:string"</span>
/&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"keystorePassword"</span>
use=<span class="code-quote">"optional"</span> type=<span class="code-quote">"xs:string"</span>
/&gt;</span>
            <span class="code-tag">&lt;xs:attribute name=<span class="code-quote">"keyPasswords"</span>
use=<span class="code-quote">"optional"</span> type=<span class="code-quote">"xs:string"</span>
/&gt;</span>
        <span class="code-tag">&lt;/xs:complexType&gt;</span>
    <span class="code-tag">&lt;/xs:element&gt;</span>
    
<span class="code-tag">&lt;/xs:schema&gt;</span>
</pre>
</div></div>

<p>You can find the schema at the following <a href="https://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/config/src/main/resources/org/apache/karaf/jaas/config/karaf-jaas.xsd"
class="external-link" rel="nofollow">location</a>.</p>

<p>Here are two example using this schema:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>JAAS realm example</b></div><div
class="codeContent panelContent">
<pre class="code-xml">
&lt;blueprint xmlns=<span class="code-quote">"http://www.osgi.org/xmlns/blueprint/v1.0.0"</span>
           <span class="code-keyword">xmlns:jaas</span>=<span class="code-quote">"http://karaf.apache.org/xmlns/jaas/v1.0.0"</span>
           <span class="code-keyword">xmlns:ext</span>=<span class="code-quote">"http://aries.apache.org/xmlns/blueprint-ext/v1.0.0"</span>&gt;

    <span class="code-tag"><span class="code-comment">&lt;!-- Bean to allow
the $[karaf.base] property to be correctly resolved --&gt;</span></span>
    <span class="code-tag">&lt;ext:property-placeholder placeholder-prefix=<span
class="code-quote">"$["</span> placeholder-suffix=<span class="code-quote">"]"</span>/&gt;</span>

    <span class="code-tag">&lt;jaas:config name=<span class="code-quote">"karaf"</span>&gt;</span>
        <span class="code-tag">&lt;jaas:module className=<span class="code-quote">"org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"</span>
flags=<span class="code-quote">"required"</span>&gt;</span>
            users = $[karaf.base]/etc/users.properties
        <span class="code-tag">&lt;/jaas:module&gt;</span>
    <span class="code-tag">&lt;/jaas:config&gt;</span>

<span class="code-tag">&lt;/blueprint&gt;</span>
</pre>
</div></div>
<div class="code panel" style="border-width: 1px;"><div class="codeHeader panelHeader"
style="border-bottom-width: 1px;"><b>Keystore example</b></div><div
class="codeContent panelContent">
<pre class="code-xml">
&lt;jaas:keystore <span class="code-keyword">xmlns:jaas</span>=<span class="code-quote">"http://karaf.apache.org/xmlns/jaas/v1.0.0"</span>
               id=<span class="code-quote">"keystore"</span>
               name=<span class="code-quote">"ks"</span>
               rank=<span class="code-quote">"1"</span>
               path=<span class="code-quote">"classpath:privatestore.jks"</span>
               keystorePassword=<span class="code-quote">"keyStorePassword"</span>
               keyPasswords=<span class="code-quote">"myalias=myAliasPassword"</span>&gt;
<span class="code-tag">&lt;/jaas:keystore&gt;</span>
</pre>
</div></div>

<p>The <tt>id</tt> attribute is the blueprint id of the bean, but it will
be used by default as the name of the realm if no <tt>name</tt> attribute is specified.
  Additional attributes on the <tt>config</tt> elements are a <tt>rank</tt>,
which is an integer.  When the LoginContext looks for a realm for authenticating a given user,
the realms registered in the OSGi registry are matched against the required name.  If more
than one realm is found, the one with the highest rank will be used, thus allowing the override
of some realms with new values.  The last attribute is <tt>publish</tt> which
can be set to false to not publish the realm in the OSGi registry, hereby disabling the use
of this realm.</p>

<p>Each realm can contain one or more module definition.  Each module identify a LoginModule
and the <tt>className</tt> attribute must be set to the class name of the login
module to use.   Note that this login module must be available from the bundle classloader,
so either it has to be defined in the bundle itself, or the needed package needs to be correctly
imported. The <tt>flags</tt> attribute can take one of four values that are explained
on the <a href="http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/ProxyLoginModule.java"
class="external-link" rel="nofollow">JAAS documentation</a>.<br/>
The content of the <tt>module</tt> element is parsed as a properties file and
will be used to further configure the login module.</p>

<p>Deploying such a code will lead to a <a href="http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/config/src/main/java/org/apache/karaf/jaas/config/JaasRealm.java"
class="external-link" rel="nofollow">JaasRealm</a> object in the OSGi registry, which
will then be used when using the JAAS login module.</p>

<h2><a name="4.5.Securityframework-Architecture"></a>Architecture</h2>

<p>Due to constraints in the JAAS specification, one class has to be available for all
bundles.  This class is called <a href="http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/boot/src/main/java/org/apache/karaf/jaas/boot/ProxyLoginModule.java"
class="external-link" rel="nofollow">ProxyLoginModule</a> and is a LoginModule that
acts as a proxy for an OSGi defines LoginModule.  If you plan to integrate this feature into
another OSGi runtime, this class must be made available from the system classloader and the
related package be part of the boot delegation classpath (or be deployed as a fragment attached
to the system bundle).</p>

<p>The xml schema defined above allow the use of a simple xml (leveraging spring xml
extensibility) to configure and register a JAAS configuration for a given realm.  This configuration
will be made available into the OSGi registry as a <a href="http://svn.apache.org/repos/asf/karaf/tags/karaf-2.0.0/jaas/config/src/main/java/org/apache/karaf/jaas/config/JaasRealm.java"
class="external-link" rel="nofollow">JaasRealm</a> and the OSGi specific Configuration
will look for such services.  Then the proxy login module will be able to use the information
provided by the realm to actually load the class from the bundle containing the real login
module.</p>

<p><a href="#4.5.Securityframework-top">top</a></p>
<style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
class='ScrollbarPrevIcon'><a href="/confluence/display/KARAF/4.4.+Deployer"><img
border='0' align='middle' src='/confluence/images/icons/back_16.gif' width='16' height='16'></a></td><td
width='33%' class='ScrollbarPrevName'><a href="/confluence/display/KARAF/4.4.+Deployer">4.4.
Deployer</a>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/KARAF/4.+Understanding+Karaf"><img border='0' align='middle'
src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/KARAF/4.+Understanding+Karaf">4. Understanding Karaf</a></td><td
width='33%' class='ScrollbarNextName'>&nbsp;<a href="/confluence/display/KARAF/4.6.+Provisioning">4.6.
Provisioning</a></td><td class='ScrollbarNextIcon'><a href="/confluence/display/KARAF/4.6.+Provisioning"><img
border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/KARAF/4.5.+Security+framework">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=86120&revisedVersion=11&originalVersion=10">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/KARAF/4.5.+Security+framework?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message