karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benjamin Papez (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-4784) OsgiConfiguration for JAAS should fallback to default configuration
Date Wed, 19 Oct 2016 08:44:58 GMT
Benjamin Papez created KARAF-4784:

             Summary: OsgiConfiguration for JAAS should fallback to default configuration
                 Key: KARAF-4784
                 URL: https://issues.apache.org/jira/browse/KARAF-4784
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
    Affects Versions: 4.0.7
            Reporter: Benjamin Papez

We will use Karaf embedded in the next version of our Web Application, which means that we
still first start the application server (Tomcat/JBoss/Websphere) and then Karaf is started
inside. Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO.
Unfortunately with the step to use Karaf the current default JAAS configuration is no longer
picked up and used, because Karaf is setting the {{org.apache.karaf.jaas.config.impl.OsgiConfiguration}}
object into {{javax.security.auth.login.Configuration.setConfiguration}} within the {{OsgiConfiguration.init}}

This way all standard/app-server specific ways of JAAS configuration are ignored.

I would propose a modification to {{OsgiConfiguration}}, with something like:
    private Configuration defaultConfiguration;

    public void init() {
        try {
            defaultConfiguration = Configuration.getConfiguration();
        } catch (RuntimeException ex) {
            // default configuration for fallback could not be retrieved - should be logged
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        JaasRealm realm = null;
        for (JaasRealm r : realms) {
            if (r.getName().equals(name)) {
                if (realm == null || r.getRank() > realm.getRank()) {
                    realm = r;
        if (realm != null) {
            return realm.getEntries();
        } else if (defaultConfiguration != null) {
           return defaultConfiguration.getAppConfigurationEntry(name);
        return null;

    public void refresh() {
        if (defaultConfiguration != null) {

This way if no OSGI configured JAAS realm can find an {{AppConfigurationEntry}}, we would
still try to get it from the default JAAS configuration, and our customers could keep the
same JAAS configuration as before. 

This message was sent by Atlassian JIRA

View raw message