karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Papez (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-4784) OsgiConfiguration for JAAS should fallback to default configuration
Date Wed, 19 Oct 2016 08:44:58 GMT
Benjamin Papez created KARAF-4784:
-------------------------------------

             Summary: OsgiConfiguration for JAAS should fallback to default configuration
                 Key: KARAF-4784
                 URL: https://issues.apache.org/jira/browse/KARAF-4784
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
    Affects Versions: 4.0.7
            Reporter: Benjamin Papez


We will use Karaf embedded in the next version of our Web Application, which means that we
still first start the application server (Tomcat/JBoss/Websphere) and then Karaf is started
inside. Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO.
Unfortunately with the step to use Karaf the current default JAAS configuration is no longer
picked up and used, because Karaf is setting the {{org.apache.karaf.jaas.config.impl.OsgiConfiguration}}
object into {{javax.security.auth.login.Configuration.setConfiguration}} within the {{OsgiConfiguration.init}}
method.

This way all standard/app-server specific ways of JAAS configuration are ignored.

I would propose a modification to {{OsgiConfiguration}}, with something like:
{code}
    private Configuration defaultConfiguration;

    public void init() {
        try {
            defaultConfiguration = Configuration.getConfiguration();
        } catch (RuntimeException ex) {
            // default configuration for fallback could not be retrieved - should be logged
        }
        Configuration.setConfiguration(this);
    }
    ...
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        JaasRealm realm = null;
        for (JaasRealm r : realms) {
            if (r.getName().equals(name)) {
                if (realm == null || r.getRank() > realm.getRank()) {
                    realm = r;
                }
            }
        }
        if (realm != null) {
            return realm.getEntries();
        } else if (defaultConfiguration != null) {
           return defaultConfiguration.getAppConfigurationEntry(name);
        }
        return null;
    }

    public void refresh() {
        if (defaultConfiguration != null) {
            defaultConfiguration.refresh();
        }
    }
{code}

This way if no OSGI configured JAAS realm can find an {{AppConfigurationEntry}}, we would
still try to get it from the default JAAS configuration, and our customers could keep the
same JAAS configuration as before. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message