karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Nielsen <mny...@gmail.com>
Subject Using a custom JAAS LoginModule with karaf
Date Tue, 03 Apr 2018 15:42:57 GMT
 Hello everyone

I am trying to create a new karaf JAAS module and preferably override the
current karaf JAAS domain.

I have my login module which basically just delegates everything to shiro,
as well as a blueprint to add it to the JAAS config.

My JAAS config xml from OSGI-INF\blueprint folder in the jar:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"

    <ext:property-placeholder placeholder-prefix="$["

    <jaas:config name="ShiroBridge" rank="-1">
        <jaas:module className="my.test.security.


My LoginModule:

public class ShiroJaasIntegration implements LoginModule {

    public static final Logger LOGGER = LoggerFactory.getLogger(
    private static final Class<org.apache.shiro.session.Session>
shiroSessionClass = org.apache.shiro.session.Session.class;

    protected Set<Principal> principals = new HashSet<>();
    private Subject subject;
    private org.apache.shiro.session.Session shiroSession;
    private CallbackHandler callbackHandler;
    private Map<String, ?> sharedState;
    private Map<String, ?> options;
    private String user;
    protected BundleContext bundleContext;
    private boolean authenticated = false;

    public void initialize(Subject subject, CallbackHandler
callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
        LOGGER.info("initialize "+System.identityHashCode(this));
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = sharedState;
        this.options = options;
        this.bundleContext = ((BundleReference) this.getClass().

    public boolean login() throws LoginException {
        LOGGER.debug("login "+System.identityHashCode(this));
        if (callbackHandler == null) {
            throw new LoginException("No CallbackHandler found");

        Callback[] callbacks = new Callback[2];

        callbacks[0] = new NameCallback("Username: ");
        callbacks[1] = new PasswordCallback("Password: ", false);
        if (callbackHandler != null) {
            try {
            } catch (IOException ioe) {
                throw new LoginException(ioe.getMessage());
            } catch (UnsupportedCallbackException uce) {
                throw new LoginException(uce.getMessage() + " not available
to obtain information from user");

        // user callback get value
        if (((NameCallback) callbacks[0]).getName() == null) {
            throw new LoginException("Username can not be null");
        user = ((NameCallback) callbacks[0]).getName();

        // password callback get value
        if (((PasswordCallback) callbacks[1]).getPassword() == null) {
            throw new LoginException("Password can not be null");
        String password = new String(((PasswordCallback)

        org.apache.shiro.subject.Subject shiroSubject = null;

//Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects

        return authenticated;


    public boolean commit() throws LoginException {
        LOGGER.debug("commit "+System.identityHashCode(this));
        return authenticated;

    public boolean abort() throws LoginException {
        user = null;
        user = null;
        LOGGER.debug("abort "+System.identityHashCode(this));
        return true;

    public boolean logout() throws LoginException {
        user = null;
        LOGGER.debug("logout "+System.identityHashCode(this));
        return true;


I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
ShiroBridge does move up and down the list, but no log statements from the
ShiroJaasIntegration LoginModule are ever called, and in all cases i can
still login with karaf/karaf.

karaf@root()> jaas:realm-list

Index | Realm Name  | Login Module Class Name


1     | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration

2     | karaf       |

3     | karaf       |

4     | karaf       | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule

5     | karaf       | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule

6     | karaf       |

So my module never seems to be called, and i can't really disable the karaf

Can someone help with this? My objective is to add my own LoginModule and
preferably replace the current karaf Realm

View raw message