You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Martin Nielsen <mn...@gmail.com> on 2018/04/03 15:42:57 UTC
Using a custom JAAS LoginModule with karaf
Hello everyone
I am trying to create a new karaf JAAS module and preferably override the
current karaf JAAS domain.
I have my login module which basically just delegates everything to shiro,
as well as a blueprint to add it to the JAAS config.
My JAAS config xml from OSGI-INF\blueprint folder in the jar:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/
blueprint-ext/v1.0.0">
<ext:property-placeholder placeholder-prefix="$["
placeholder-suffix="]"/>
<jaas:config name="ShiroBridge" rank="-1">
<jaas:module className="my.test.security.
karaf.ShiroJaasIntegration"
flags="sufficient">
</jaas:module>
</jaas:config>
</blueprint>
My LoginModule:
public class ShiroJaasIntegration implements LoginModule {
public static final Logger LOGGER = LoggerFactory.getLogger(
ShiroJaasIntegration.class);
private static final Class<org.apache.shiro.session.Session>
shiroSessionClass = org.apache.shiro.session.Session.class;
protected Set<Principal> principals = new HashSet<>();
private Subject subject;
private org.apache.shiro.session.Session shiroSession;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
private String user;
protected BundleContext bundleContext;
private boolean authenticated = false;
@Override
public void initialize(Subject subject, CallbackHandler
callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
LOGGER.info("initialize "+System.identityHashCode(this));
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
this.bundleContext = ((BundleReference) this.getClass().
getClassLoader()).getBundle().getBundleContext();
}
@Override
public boolean login() throws LoginException {
LOGGER.debug("login "+System.identityHashCode(this));
if (callbackHandler == null) {
throw new LoginException("No CallbackHandler found");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available
to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback)
callbacks[1]).getPassword());
org.apache.shiro.subject.Subject shiroSubject = null;
//Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects
return authenticated;
}
@Override
public boolean commit() throws LoginException {
LOGGER.debug("commit "+System.identityHashCode(this));
subject.getPrincipals().addAll(principals);
return authenticated;
}
@Override
public boolean abort() throws LoginException {
user = null;
principals.clear();
user = null;
LOGGER.debug("abort "+System.identityHashCode(this));
return true;
}
@Override
public boolean logout() throws LoginException {
user = null;
subject.getPrincipals().removeAll(principals);
principals.clear();
LOGGER.debug("logout "+System.identityHashCode(this));
return true;
}
}
I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
ShiroBridge does move up and down the list, but no log statements from the
ShiroJaasIntegration LoginModule are ever called, and in all cases i can
still login with karaf/karaf.
karaf@root()> jaas:realm-list
Index | Realm Name | Login Module Class Name
------+-------------+---------------------------------------------------------------
1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
2 | karaf |
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
3 | karaf |
org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
4 | karaf | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule
5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
6 | karaf |
org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
So my module never seems to be called, and i can't really disable the karaf
realm.
Can someone help with this? My objective is to add my own LoginModule and
preferably replace the current karaf Realm
Re: Using a custom JAAS LoginModule with karaf
Posted by Martin Nielsen <mn...@gmail.com>.
I found the problem.
The blueprint configuration works as intended.
But as i debug my way through
the org.apache.karaf.jaas.boot.ProxyLoginModule i end up in the catch
clause when trying to create the PropertiesLoginModule.
ClassNotFoundException
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule not found by
dk.netdesign.common.karaf-security [118]
It happens here:
try {
target = (LoginModule) bundle.loadClass(module).newInstance();
} catch (Exception e) {
throw new IllegalStateException("Can not load or create login
module " + module + " for bundle " + bundleId, e);
}
So the issue seems to be that the ProxyLoginModule is somehow used by my
bundle, instead of the karaf jaas bundle. And because i don't have any
import statements in my bundle for any jaas modules this happens.
The odd thing is that the exception seems to get swallowed up somewhere, as
it never ends up in the karaf.log. I see some pretty complex errorhandling
in javax.security.auth.login.LoginContext so it might get swallowed up
there?
And i assume that it is intended behavior that the bundle which publishes
the blueprint takes over the full responsibility for the handling modules?
On Fri, Apr 6, 2018 at 11:52 AM, <lu...@code-house.org> wrote:
> Hey Martin,
> You raised an interesting scenario - have you tried to debug JAAS code
> from JRE which gets called after ShiroJaasIntegration module returns? Your
> configuration seems fine, if shiro fails properties login module is used as
> fallback. If it doesn’t get called then we need to check what is happening
> in LoginContext.
>
> Please try adding
> *java.security.debug=logincontext,configfile,configparser,policy* to your
> system properties and check if you get anything useful from this debug. If
> you see to little - switching this debug flag to *all* will print a lot
> of debug information.
>
> Cheers,
> Łukasz
> --
> Twitter: ldywicki
> Blog: http://dywicki.pl
> Code-House - http://code-house.org
>
>
> On 5 Apr 2018, at 14:40, Martin Nielsen <mn...@gmail.com> wrote:
>
> One problem down, one to go. I had he rank set to 0, upon setting it to 1
> i can succesfully override the default karaf realm.
>
> The new problem is that the PropertiesLoginModule is no longer called.
>
> My blueprint is below. What i am trying to accomplish is for JAAS to look
> in either module in order to authenticate a user. But right now i cannot
> login with karaf/karaf, as it seems that the PropertiesLoginModule is
> ignored. I can login with anything from the ShiroJaasIntegration module
> without issue.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/
> blueprint-ext/v1.0.0">
>
>
> <ext:property-placeholder placeholder-prefix="$["
> placeholder-suffix="]"/>
>
> <jaas:config name="karaf" rank="1">
> <jaas:module className="dk.netdesign.common.security.karaf.
> ShiroJaasIntegration"
> flags="sufficient">
> </jaas:module>
> <jaas:module className="org.apache.karaf.jaas.modules.properties.
> PropertiesLoginModule"
> flags="sufficient">
> users = $[karaf.base]/etc/users.properties
> </jaas:module>
> </jaas:config>
>
> </blueprint>
>
>
>
>
>
> On Thu, Apr 5, 2018 at 12:04 PM, Martin Nielsen <mn...@gmail.com> wrote:
>
>> The only way my module is called is if I force stop Apache Karaf ::
>> JAAS :: Modulesorg.apache.karaf.jaas.modules
>> <http://localhost:8181/system/console/bundles/148>. Is this intended
>> behavior?
>>
>> On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mn...@gmail.com> wrote:
>>
>>> I now tried changing the blueprint to this:
>>>
>>> <?xml version="1.0" encoding="UTF-8"?>
>>> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>>> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
>>> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
>>>
>>>
>>> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
>>>
>>> <jaas:config name="karaf" rank="0">
>>> <jaas:module className="my.test.common.security.karaf.ShiroJaasIntegration"
>>> flags="sufficient">
>>> </jaas:module>
>>> </jaas:config>
>>>
>>> </blueprint>
>>>
>>>
>>> That changes the realm list command to this
>>>
>>>
>>> karaf@root()> jaas:realm-list
>>> Index | Realm Name | Login Module Class Name
>>> ------+------------+--------------------------------------------------------
>>> 1 | karaf | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>>>
>>>
>>> But i can still log in with karaf/karaf, and my module is STILL not called. I do not understand this. How can i still log in through the property module when it is no longer listed?
>>>
>>>
>>>
>>> On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mn...@gmail.com> wrote:
>>>
>>>> No you understood completely. I obviously didn't though. So if i want
>>>> the loginmodule i made to be usable through the webconsole, I must place it
>>>> in the karaf realm, is that correct?
>>>>
>>>> Second question: what if i want to disable one of the current modules,
>>>> for example the properties module?
>>>>
>>>> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <jb...@nanthrax.net>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> Maybe I don't understand what you want to do.
>>>>>
>>>>> You added your login module in a new realm (ShiroBridge). So, it means
>>>>> that it
>>>>> will be used only for applications that will use this realm.
>>>>>
>>>>> It's not possible to remove the karaf realm easily today as core part
>>>>> of Karaf
>>>>> use it (shell, MBeanServer, ...).
>>>>>
>>>>> So:
>>>>> 1. If you want to use your login module in the core Karaf part (like
>>>>> the shell
>>>>> or ssh), then, your login module as to be in the karaf realm
>>>>> 2. No problem to create new realms and plug third party applications
>>>>> using this
>>>>> realm
>>>>>
>>>>> Regards
>>>>> JB
>>>>>
>>>>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>>>>> > Hello everyone
>>>>> >
>>>>> > I am trying to create a new karaf JAAS module and preferably
>>>>> override the
>>>>> > current karaf JAAS domain.
>>>>> >
>>>>> > I have my login module which basically just delegates everything to
>>>>> shiro, as
>>>>> > well as a blueprint to add it to the JAAS config.
>>>>> >
>>>>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>>>>> >
>>>>> > <?xml version="1.0" encoding="UTF-8"?>
>>>>> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0
>>>>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>>>>> > xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>>>>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>>>>> >
>>>>> > xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprin
>>>>> t-ext/v1.0.0
>>>>> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>>>>> >
>>>>> >
>>>>> > <ext:property-placeholder placeholder-prefix="$["
>>>>> placeholder-suffix="]"/>
>>>>> >
>>>>> > <jaas:config name="ShiroBridge" rank="-1">
>>>>> > <jaas:module className="my.test.security.ka
>>>>> raf.ShiroJaasIntegration"
>>>>> > flags="sufficient">
>>>>> > </jaas:module>
>>>>> > </jaas:config>
>>>>> >
>>>>> > </blueprint>
>>>>> >
>>>>> > My LoginModule:
>>>>> >
>>>>> > public class ShiroJaasIntegration implements LoginModule {
>>>>> >
>>>>> > public static final Logger LOGGER =
>>>>> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
>>>>> > private static final Class<org.apache.shiro.session.Session>
>>>>> > shiroSessionClass = org.apache.shiro.session.Session.class;
>>>>> >
>>>>> > protected Set<Principal> principals = new HashSet<>();
>>>>> > private Subject subject;
>>>>> > private org.apache.shiro.session.Session shiroSession;
>>>>> > private CallbackHandler callbackHandler;
>>>>> > private Map<String, ?> sharedState;
>>>>> > private Map<String, ?> options;
>>>>> > private String user;
>>>>> > protected BundleContext bundleContext;
>>>>> > private boolean authenticated = false;
>>>>> >
>>>>> > @Override
>>>>> > public void initialize(Subject subject, CallbackHandler
>>>>> callbackHandler,
>>>>> > Map<String, ?> sharedState, Map<String, ?> options) {
>>>>> > LOGGER.info("initialize "+System.identityHashCode(this));
>>>>> > this.subject = subject;
>>>>> > this.callbackHandler = callbackHandler;
>>>>> > this.sharedState = sharedState;
>>>>> > this.options = options;
>>>>> > this.bundleContext = ((BundleReference)
>>>>> > this.getClass().getClassLoader()).getBundle().getBundleContext();
>>>>> > }
>>>>> >
>>>>> > @Override
>>>>> > public boolean login() throws LoginException {
>>>>> > LOGGER.debug("login "+System.identityHashCode(this));
>>>>> > if (callbackHandler == null) {
>>>>> > throw new LoginException("No CallbackHandler found");
>>>>> > }
>>>>> >
>>>>> > Callback[] callbacks = new Callback[2];
>>>>> >
>>>>> > callbacks[0] = new NameCallback("Username: ");
>>>>> > callbacks[1] = new PasswordCallback("Password: ", false);
>>>>> > if (callbackHandler != null) {
>>>>> > try {
>>>>> > callbackHandler.handle(callbacks);
>>>>> > } catch (IOException ioe) {
>>>>> > throw new LoginException(ioe.getMessage());
>>>>> > } catch (UnsupportedCallbackException uce) {
>>>>> > throw new LoginException(uce.getMessage() + " not
>>>>> available to
>>>>> > obtain information from user");
>>>>> > }
>>>>> > }
>>>>> >
>>>>> > // user callback get value
>>>>> > if (((NameCallback) callbacks[0]).getName() == null) {
>>>>> > throw new LoginException("Username can not be null");
>>>>> > }
>>>>> > user = ((NameCallback) callbacks[0]).getName();
>>>>> >
>>>>> > // password callback get value
>>>>> > if (((PasswordCallback) callbacks[1]).getPassword() == null)
>>>>> {
>>>>> > throw new LoginException("Password can not be null");
>>>>> > }
>>>>> > String password = new String(((PasswordCallback)
>>>>> > callbacks[1]).getPassword());
>>>>> >
>>>>> > org.apache.shiro.subject.Subject shiroSubject = null;
>>>>> >
>>>>> > //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal
>>>>> objects
>>>>> >
>>>>> > return authenticated;
>>>>> >
>>>>> > }
>>>>> >
>>>>> > @Override
>>>>> > public boolean commit() throws LoginException {
>>>>> > LOGGER.debug("commit "+System.identityHashCode(this));
>>>>> > subject.getPrincipals().addAll(principals);
>>>>> > return authenticated;
>>>>> > }
>>>>> >
>>>>> > @Override
>>>>> > public boolean abort() throws LoginException {
>>>>> > user = null;
>>>>> > principals.clear();
>>>>> > user = null;
>>>>> > LOGGER.debug("abort "+System.identityHashCode(this));
>>>>> > return true;
>>>>> > }
>>>>> >
>>>>> > @Override
>>>>> > public boolean logout() throws LoginException {
>>>>> > user = null;
>>>>> > subject.getPrincipals().removeAll(principals);
>>>>> > principals.clear();
>>>>> > LOGGER.debug("logout "+System.identityHashCode(this));
>>>>> > return true;
>>>>> > }
>>>>> >
>>>>> > }
>>>>> >
>>>>> > I have tried setting the rank inside the blueprint to -1, 0, and 1
>>>>> and the
>>>>> > ShiroBridge does move up and down the list, but no log statements
>>>>> from the
>>>>> > ShiroJaasIntegration LoginModule are ever called, and in all cases i
>>>>> can still
>>>>> > login with karaf/karaf.
>>>>> >
>>>>> > karaf@root()> jaas:realm-list
>>>>>
>>>>> >
>>>>> > Index | Realm Name | Login Module Class Name
>>>>>
>>>>> >
>>>>> > ------+-------------+---------------------------------------
>>>>> ------------------------
>>>>> >
>>>>> > 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
>>>>>
>>>>> >
>>>>> > 2 | karaf |
>>>>> > org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>>>>>
>>>>> >
>>>>> > 3 | karaf |
>>>>> > org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>>>>>
>>>>> >
>>>>> > 4 | karaf | org.apache.karaf.jaas.modules.
>>>>> audit.FileAuditLoginModule
>>>>> >
>>>>> > 5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
>>>>>
>>>>> >
>>>>> > 6 | karaf |
>>>>> > org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
>>>>> >
>>>>> >
>>>>> > So my module never seems to be called, and i can't really disable
>>>>> the karaf realm.
>>>>> >
>>>>> >
>>>>> > Can someone help with this? My objective is to add my own
>>>>> LoginModule and
>>>>> > preferably replace the current karaf Realm
>>>>> >
>>>>>
>>>>> --
>>>>> Jean-Baptiste Onofré
>>>>> jbonofre@apache.org
>>>>> http://blog.nanthrax.net
>>>>> Talend - http://www.talend.com
>>>>>
>>>>
>>>
>>
>
>
Re: Using a custom JAAS LoginModule with karaf
Posted by lu...@code-house.org.
Hey Martin,
You raised an interesting scenario - have you tried to debug JAAS code from JRE which gets called after ShiroJaasIntegration module returns? Your configuration seems fine, if shiro fails properties login module is used as fallback. If it doesn’t get called then we need to check what is happening in LoginContext.
Please try adding java.security.debug=logincontext,configfile,configparser,policy to your system properties and check if you get anything useful from this debug. If you see to little - switching this debug flag to all will print a lot of debug information.
Cheers,
Łukasz
--
Twitter: ldywicki
Blog: http://dywicki.pl
Code-House - http://code-house.org
> On 5 Apr 2018, at 14:40, Martin Nielsen <mn...@gmail.com> wrote:
>
> One problem down, one to go. I had he rank set to 0, upon setting it to 1 i can succesfully override the default karaf realm.
>
> The new problem is that the PropertiesLoginModule is no longer called.
>
> My blueprint is below. What i am trying to accomplish is for JAAS to look in either module in order to authenticate a user. But right now i cannot login with karaf/karaf, as it seems that the PropertiesLoginModule is ignored. I can login with anything from the ShiroJaasIntegration module without issue.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0 <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0 <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0 <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>
>
> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
>
> <jaas:config name="karaf" rank="1">
> <jaas:module className="dk.netdesign.common.security.karaf.ShiroJaasIntegration"
> flags="sufficient">
> </jaas:module>
> <jaas:module className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
> flags="sufficient">
> users = $[karaf.base]/etc/users.properties
> </jaas:module>
> </jaas:config>
>
> </blueprint>
>
>
>
>
>
> On Thu, Apr 5, 2018 at 12:04 PM, Martin Nielsen <mnybon@gmail.com <ma...@gmail.com>> wrote:
> The only way my module is called is if I force stop Apache Karaf :: JAAS :: Modulesorg.apache.karaf.jaas.modules <http://localhost:8181/system/console/bundles/148>. Is this intended behavior?
>
> On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mnybon@gmail.com <ma...@gmail.com>> wrote:
> I now tried changing the blueprint to this:
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0 <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0 <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0 <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>
>
> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
>
> <jaas:config name="karaf" rank="0">
> <jaas:module className="my.test.common.security.karaf.ShiroJaasIntegration"
> flags="sufficient">
> </jaas:module>
> </jaas:config>
>
> </blueprint>
>
> That changes the realm list command to this
>
> karaf@root()> jaas:realm-list
> Index | Realm Name | Login Module Class Name
> ------+------------+--------------------------------------------------------
> 1 | karaf | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>
> But i can still log in with karaf/karaf, and my module is STILL not called. I do not understand this. How can i still log in through the property module when it is no longer listed?
>
>
> On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mnybon@gmail.com <ma...@gmail.com>> wrote:
> No you understood completely. I obviously didn't though. So if i want the loginmodule i made to be usable through the webconsole, I must place it in the karaf realm, is that correct?
>
> Second question: what if i want to disable one of the current modules, for example the properties module?
>
> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <jb@nanthrax.net <ma...@nanthrax.net>> wrote:
> Hi,
>
> Maybe I don't understand what you want to do.
>
> You added your login module in a new realm (ShiroBridge). So, it means that it
> will be used only for applications that will use this realm.
>
> It's not possible to remove the karaf realm easily today as core part of Karaf
> use it (shell, MBeanServer, ...).
>
> So:
> 1. If you want to use your login module in the core Karaf part (like the shell
> or ssh), then, your login module as to be in the karaf realm
> 2. No problem to create new realms and plug third party applications using this
> realm
>
> Regards
> JB
>
> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
> > Hello everyone
> >
> > I am trying to create a new karaf JAAS module and preferably override the
> > current karaf JAAS domain.
> >
> > I have my login module which basically just delegates everything to shiro, as
> > well as a blueprint to add it to the JAAS config.
> >
> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0 <http://www.osgi.org/xmlns/blueprint/v1.0.0>
> > <http://www.osgi.org/xmlns/blueprint/v1.0.0 <http://www.osgi.org/xmlns/blueprint/v1.0.0>>"
> > xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0 <http://karaf.apache.org/xmlns/jaas/v1.0.0>
> > <http://karaf.apache.org/xmlns/jaas/v1.0.0 <http://karaf.apache.org/xmlns/jaas/v1.0.0>>"
> >
> > xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0 <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>
> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0 <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>>">
> >
> >
> > <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
> >
> > <jaas:config name="ShiroBridge" rank="-1">
> > <jaas:module className="my.test.security.karaf.ShiroJaasIntegration"
> > flags="sufficient">
> > </jaas:module>
> > </jaas:config>
> >
> > </blueprint>
> >
> > My LoginModule:
> >
> > public class ShiroJaasIntegration implements LoginModule {
> >
> > public static final Logger LOGGER =
> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
> > private static final Class<org.apache.shiro.session.Session>
> > shiroSessionClass = org.apache.shiro.session.Session.class;
> >
> > protected Set<Principal> principals = new HashSet<>();
> > private Subject subject;
> > private org.apache.shiro.session.Session shiroSession;
> > private CallbackHandler callbackHandler;
> > private Map<String, ?> sharedState;
> > private Map<String, ?> options;
> > private String user;
> > protected BundleContext bundleContext;
> > private boolean authenticated = false;
> >
> > @Override
> > public void initialize(Subject subject, CallbackHandler callbackHandler,
> > Map<String, ?> sharedState, Map<String, ?> options) {
> > LOGGER.info("initialize "+System.identityHashCode(this));
> > this.subject = subject;
> > this.callbackHandler = callbackHandler;
> > this.sharedState = sharedState;
> > this.options = options;
> > this.bundleContext = ((BundleReference)
> > this.getClass().getClassLoader()).getBundle().getBundleContext();
> > }
> >
> > @Override
> > public boolean login() throws LoginException {
> > LOGGER.debug("login "+System.identityHashCode(this));
> > if (callbackHandler == null) {
> > throw new LoginException("No CallbackHandler found");
> > }
> >
> > Callback[] callbacks = new Callback[2];
> >
> > callbacks[0] = new NameCallback("Username: ");
> > callbacks[1] = new PasswordCallback("Password: ", false);
> > if (callbackHandler != null) {
> > try {
> > callbackHandler.handle(callbacks);
> > } catch (IOException ioe) {
> > throw new LoginException(ioe.getMessage());
> > } catch (UnsupportedCallbackException uce) {
> > throw new LoginException(uce.getMessage() + " not available to
> > obtain information from user");
> > }
> > }
> >
> > // user callback get value
> > if (((NameCallback) callbacks[0]).getName() == null) {
> > throw new LoginException("Username can not be null");
> > }
> > user = ((NameCallback) callbacks[0]).getName();
> >
> > // password callback get value
> > if (((PasswordCallback) callbacks[1]).getPassword() == null) {
> > throw new LoginException("Password can not be null");
> > }
> > String password = new String(((PasswordCallback)
> > callbacks[1]).getPassword());
> >
> > org.apache.shiro.subject.Subject shiroSubject = null;
> >
> > //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects
> >
> > return authenticated;
> >
> > }
> >
> > @Override
> > public boolean commit() throws LoginException {
> > LOGGER.debug("commit "+System.identityHashCode(this));
> > subject.getPrincipals().addAll(principals);
> > return authenticated;
> > }
> >
> > @Override
> > public boolean abort() throws LoginException {
> > user = null;
> > principals.clear();
> > user = null;
> > LOGGER.debug("abort "+System.identityHashCode(this));
> > return true;
> > }
> >
> > @Override
> > public boolean logout() throws LoginException {
> > user = null;
> > subject.getPrincipals().removeAll(principals);
> > principals.clear();
> > LOGGER.debug("logout "+System.identityHashCode(this));
> > return true;
> > }
> >
> > }
> >
> > I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
> > ShiroBridge does move up and down the list, but no log statements from the
> > ShiroJaasIntegration LoginModule are ever called, and in all cases i can still
> > login with karaf/karaf.
> >
> > karaf@root()> jaas:realm-list
> >
> > Index | Realm Name | Login Module Class Name
> >
> > ------+-------------+---------------------------------------------------------------
> >
> > 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
> >
> > 2 | karaf |
> > org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
> >
> > 3 | karaf |
> > org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
> >
> > 4 | karaf | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule
> >
> > 5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
> >
> > 6 | karaf |
> > org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
> >
> >
> > So my module never seems to be called, and i can't really disable the karaf realm.
> >
> >
> > Can someone help with this? My objective is to add my own LoginModule and
> > preferably replace the current karaf Realm
> >
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org <ma...@apache.org>
> http://blog.nanthrax.net <http://blog.nanthrax.net/>
> Talend - http://www.talend.com <http://www.talend.com/>
>
>
>
Re: Using a custom JAAS LoginModule with karaf
Posted by Martin Nielsen <mn...@gmail.com>.
One problem down, one to go. I had he rank set to 0, upon setting it to 1 i
can succesfully override the default karaf realm.
The new problem is that the PropertiesLoginModule is no longer called.
My blueprint is below. What i am trying to accomplish is for JAAS to look
in either module in order to authenticate a user. But right now i cannot
login with karaf/karaf, as it seems that the PropertiesLoginModule is
ignored. I can login with anything from the ShiroJaasIntegration module
without issue.
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="
http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<ext:property-placeholder placeholder-prefix="$["
placeholder-suffix="]"/>
<jaas:config name="karaf" rank="1">
<jaas:module
className="dk.netdesign.common.security.karaf.ShiroJaasIntegration"
flags="sufficient">
</jaas:module>
<jaas:module
className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
flags="sufficient">
users = $[karaf.base]/etc/users.properties
</jaas:module>
</jaas:config>
</blueprint>
On Thu, Apr 5, 2018 at 12:04 PM, Martin Nielsen <mn...@gmail.com> wrote:
> The only way my module is called is if I force stop Apache Karaf :: JAAS
> :: Modulesorg.apache.karaf.jaas.modules
> <http://localhost:8181/system/console/bundles/148>. Is this intended
> behavior?
>
> On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mn...@gmail.com> wrote:
>
>> I now tried changing the blueprint to this:
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
>> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
>>
>>
>> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
>>
>> <jaas:config name="karaf" rank="0">
>> <jaas:module className="my.test.common.security.karaf.ShiroJaasIntegration"
>> flags="sufficient">
>> </jaas:module>
>> </jaas:config>
>>
>> </blueprint>
>>
>>
>> That changes the realm list command to this
>>
>>
>> karaf@root()> jaas:realm-list
>> Index | Realm Name | Login Module Class Name
>> ------+------------+--------------------------------------------------------
>> 1 | karaf | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>>
>>
>> But i can still log in with karaf/karaf, and my module is STILL not called. I do not understand this. How can i still log in through the property module when it is no longer listed?
>>
>>
>>
>> On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mn...@gmail.com> wrote:
>>
>>> No you understood completely. I obviously didn't though. So if i want
>>> the loginmodule i made to be usable through the webconsole, I must place it
>>> in the karaf realm, is that correct?
>>>
>>> Second question: what if i want to disable one of the current modules,
>>> for example the properties module?
>>>
>>> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <jb...@nanthrax.net> wrote:
>>>
>>>> Hi,
>>>>
>>>> Maybe I don't understand what you want to do.
>>>>
>>>> You added your login module in a new realm (ShiroBridge). So, it means
>>>> that it
>>>> will be used only for applications that will use this realm.
>>>>
>>>> It's not possible to remove the karaf realm easily today as core part
>>>> of Karaf
>>>> use it (shell, MBeanServer, ...).
>>>>
>>>> So:
>>>> 1. If you want to use your login module in the core Karaf part (like
>>>> the shell
>>>> or ssh), then, your login module as to be in the karaf realm
>>>> 2. No problem to create new realms and plug third party applications
>>>> using this
>>>> realm
>>>>
>>>> Regards
>>>> JB
>>>>
>>>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>>>> > Hello everyone
>>>> >
>>>> > I am trying to create a new karaf JAAS module and preferably override
>>>> the
>>>> > current karaf JAAS domain.
>>>> >
>>>> > I have my login module which basically just delegates everything to
>>>> shiro, as
>>>> > well as a blueprint to add it to the JAAS config.
>>>> >
>>>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>>>> >
>>>> > <?xml version="1.0" encoding="UTF-8"?>
>>>> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0
>>>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>>>> > xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>>>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>>>> >
>>>> > xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprin
>>>> t-ext/v1.0.0
>>>> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>>>> >
>>>> >
>>>> > <ext:property-placeholder placeholder-prefix="$["
>>>> placeholder-suffix="]"/>
>>>> >
>>>> > <jaas:config name="ShiroBridge" rank="-1">
>>>> > <jaas:module className="my.test.security.ka
>>>> raf.ShiroJaasIntegration"
>>>> > flags="sufficient">
>>>> > </jaas:module>
>>>> > </jaas:config>
>>>> >
>>>> > </blueprint>
>>>> >
>>>> > My LoginModule:
>>>> >
>>>> > public class ShiroJaasIntegration implements LoginModule {
>>>> >
>>>> > public static final Logger LOGGER =
>>>> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
>>>> > private static final Class<org.apache.shiro.session.Session>
>>>> > shiroSessionClass = org.apache.shiro.session.Session.class;
>>>> >
>>>> > protected Set<Principal> principals = new HashSet<>();
>>>> > private Subject subject;
>>>> > private org.apache.shiro.session.Session shiroSession;
>>>> > private CallbackHandler callbackHandler;
>>>> > private Map<String, ?> sharedState;
>>>> > private Map<String, ?> options;
>>>> > private String user;
>>>> > protected BundleContext bundleContext;
>>>> > private boolean authenticated = false;
>>>> >
>>>> > @Override
>>>> > public void initialize(Subject subject, CallbackHandler
>>>> callbackHandler,
>>>> > Map<String, ?> sharedState, Map<String, ?> options) {
>>>> > LOGGER.info("initialize "+System.identityHashCode(this));
>>>> > this.subject = subject;
>>>> > this.callbackHandler = callbackHandler;
>>>> > this.sharedState = sharedState;
>>>> > this.options = options;
>>>> > this.bundleContext = ((BundleReference)
>>>> > this.getClass().getClassLoader()).getBundle().getBundleContext();
>>>> > }
>>>> >
>>>> > @Override
>>>> > public boolean login() throws LoginException {
>>>> > LOGGER.debug("login "+System.identityHashCode(this));
>>>> > if (callbackHandler == null) {
>>>> > throw new LoginException("No CallbackHandler found");
>>>> > }
>>>> >
>>>> > Callback[] callbacks = new Callback[2];
>>>> >
>>>> > callbacks[0] = new NameCallback("Username: ");
>>>> > callbacks[1] = new PasswordCallback("Password: ", false);
>>>> > if (callbackHandler != null) {
>>>> > try {
>>>> > callbackHandler.handle(callbacks);
>>>> > } catch (IOException ioe) {
>>>> > throw new LoginException(ioe.getMessage());
>>>> > } catch (UnsupportedCallbackException uce) {
>>>> > throw new LoginException(uce.getMessage() + " not
>>>> available to
>>>> > obtain information from user");
>>>> > }
>>>> > }
>>>> >
>>>> > // user callback get value
>>>> > if (((NameCallback) callbacks[0]).getName() == null) {
>>>> > throw new LoginException("Username can not be null");
>>>> > }
>>>> > user = ((NameCallback) callbacks[0]).getName();
>>>> >
>>>> > // password callback get value
>>>> > if (((PasswordCallback) callbacks[1]).getPassword() == null) {
>>>> > throw new LoginException("Password can not be null");
>>>> > }
>>>> > String password = new String(((PasswordCallback)
>>>> > callbacks[1]).getPassword());
>>>> >
>>>> > org.apache.shiro.subject.Subject shiroSubject = null;
>>>> >
>>>> > //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal
>>>> objects
>>>> >
>>>> > return authenticated;
>>>> >
>>>> > }
>>>> >
>>>> > @Override
>>>> > public boolean commit() throws LoginException {
>>>> > LOGGER.debug("commit "+System.identityHashCode(this));
>>>> > subject.getPrincipals().addAll(principals);
>>>> > return authenticated;
>>>> > }
>>>> >
>>>> > @Override
>>>> > public boolean abort() throws LoginException {
>>>> > user = null;
>>>> > principals.clear();
>>>> > user = null;
>>>> > LOGGER.debug("abort "+System.identityHashCode(this));
>>>> > return true;
>>>> > }
>>>> >
>>>> > @Override
>>>> > public boolean logout() throws LoginException {
>>>> > user = null;
>>>> > subject.getPrincipals().removeAll(principals);
>>>> > principals.clear();
>>>> > LOGGER.debug("logout "+System.identityHashCode(this));
>>>> > return true;
>>>> > }
>>>> >
>>>> > }
>>>> >
>>>> > I have tried setting the rank inside the blueprint to -1, 0, and 1
>>>> and the
>>>> > ShiroBridge does move up and down the list, but no log statements
>>>> from the
>>>> > ShiroJaasIntegration LoginModule are ever called, and in all cases i
>>>> can still
>>>> > login with karaf/karaf.
>>>> >
>>>> > karaf@root()> jaas:realm-list
>>>>
>>>> >
>>>> > Index | Realm Name | Login Module Class Name
>>>>
>>>> >
>>>> > ------+-------------+---------------------------------------
>>>> ------------------------
>>>> >
>>>> > 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
>>>>
>>>> >
>>>> > 2 | karaf |
>>>> > org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>>>>
>>>> >
>>>> > 3 | karaf |
>>>> > org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>>>>
>>>> >
>>>> > 4 | karaf | org.apache.karaf.jaas.modules.
>>>> audit.FileAuditLoginModule
>>>> >
>>>> > 5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
>>>>
>>>> >
>>>> > 6 | karaf |
>>>> > org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
>>>> >
>>>> >
>>>> > So my module never seems to be called, and i can't really disable the
>>>> karaf realm.
>>>> >
>>>> >
>>>> > Can someone help with this? My objective is to add my own LoginModule
>>>> and
>>>> > preferably replace the current karaf Realm
>>>> >
>>>>
>>>> --
>>>> Jean-Baptiste Onofré
>>>> jbonofre@apache.org
>>>> http://blog.nanthrax.net
>>>> Talend - http://www.talend.com
>>>>
>>>
>>
>
Re: Using a custom JAAS LoginModule with karaf
Posted by Martin Nielsen <mn...@gmail.com>.
The only way my module is called is if I force stop Apache Karaf :: JAAS
:: Modulesorg.apache.karaf.jaas.modules
<http://localhost:8181/system/console/bundles/148>. Is this intended
behavior?
On Wed, Apr 4, 2018 at 9:28 AM, Martin Nielsen <mn...@gmail.com> wrote:
> I now tried changing the blueprint to this:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
>
>
> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
>
> <jaas:config name="karaf" rank="0">
> <jaas:module className="my.test.common.security.karaf.ShiroJaasIntegration"
> flags="sufficient">
> </jaas:module>
> </jaas:config>
>
> </blueprint>
>
>
> That changes the realm list command to this
>
>
> karaf@root()> jaas:realm-list
> Index | Realm Name | Login Module Class Name
> ------+------------+--------------------------------------------------------
> 1 | karaf | dk.netdesign.common.security.karaf.ShiroJaasIntegration
>
>
> But i can still log in with karaf/karaf, and my module is STILL not called. I do not understand this. How can i still log in through the property module when it is no longer listed?
>
>
>
> On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mn...@gmail.com> wrote:
>
>> No you understood completely. I obviously didn't though. So if i want the
>> loginmodule i made to be usable through the webconsole, I must place it in
>> the karaf realm, is that correct?
>>
>> Second question: what if i want to disable one of the current modules,
>> for example the properties module?
>>
>> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <jb...@nanthrax.net> wrote:
>>
>>> Hi,
>>>
>>> Maybe I don't understand what you want to do.
>>>
>>> You added your login module in a new realm (ShiroBridge). So, it means
>>> that it
>>> will be used only for applications that will use this realm.
>>>
>>> It's not possible to remove the karaf realm easily today as core part of
>>> Karaf
>>> use it (shell, MBeanServer, ...).
>>>
>>> So:
>>> 1. If you want to use your login module in the core Karaf part (like the
>>> shell
>>> or ssh), then, your login module as to be in the karaf realm
>>> 2. No problem to create new realms and plug third party applications
>>> using this
>>> realm
>>>
>>> Regards
>>> JB
>>>
>>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>>> > Hello everyone
>>> >
>>> > I am trying to create a new karaf JAAS module and preferably override
>>> the
>>> > current karaf JAAS domain.
>>> >
>>> > I have my login module which basically just delegates everything to
>>> shiro, as
>>> > well as a blueprint to add it to the JAAS config.
>>> >
>>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>>> >
>>> > <?xml version="1.0" encoding="UTF-8"?>
>>> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0
>>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>>> > xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>>> >
>>> > xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprin
>>> t-ext/v1.0.0
>>> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>>> >
>>> >
>>> > <ext:property-placeholder placeholder-prefix="$["
>>> placeholder-suffix="]"/>
>>> >
>>> > <jaas:config name="ShiroBridge" rank="-1">
>>> > <jaas:module className="my.test.security.ka
>>> raf.ShiroJaasIntegration"
>>> > flags="sufficient">
>>> > </jaas:module>
>>> > </jaas:config>
>>> >
>>> > </blueprint>
>>> >
>>> > My LoginModule:
>>> >
>>> > public class ShiroJaasIntegration implements LoginModule {
>>> >
>>> > public static final Logger LOGGER =
>>> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
>>> > private static final Class<org.apache.shiro.session.Session>
>>> > shiroSessionClass = org.apache.shiro.session.Session.class;
>>> >
>>> > protected Set<Principal> principals = new HashSet<>();
>>> > private Subject subject;
>>> > private org.apache.shiro.session.Session shiroSession;
>>> > private CallbackHandler callbackHandler;
>>> > private Map<String, ?> sharedState;
>>> > private Map<String, ?> options;
>>> > private String user;
>>> > protected BundleContext bundleContext;
>>> > private boolean authenticated = false;
>>> >
>>> > @Override
>>> > public void initialize(Subject subject, CallbackHandler
>>> callbackHandler,
>>> > Map<String, ?> sharedState, Map<String, ?> options) {
>>> > LOGGER.info("initialize "+System.identityHashCode(this));
>>> > this.subject = subject;
>>> > this.callbackHandler = callbackHandler;
>>> > this.sharedState = sharedState;
>>> > this.options = options;
>>> > this.bundleContext = ((BundleReference)
>>> > this.getClass().getClassLoader()).getBundle().getBundleContext();
>>> > }
>>> >
>>> > @Override
>>> > public boolean login() throws LoginException {
>>> > LOGGER.debug("login "+System.identityHashCode(this));
>>> > if (callbackHandler == null) {
>>> > throw new LoginException("No CallbackHandler found");
>>> > }
>>> >
>>> > Callback[] callbacks = new Callback[2];
>>> >
>>> > callbacks[0] = new NameCallback("Username: ");
>>> > callbacks[1] = new PasswordCallback("Password: ", false);
>>> > if (callbackHandler != null) {
>>> > try {
>>> > callbackHandler.handle(callbacks);
>>> > } catch (IOException ioe) {
>>> > throw new LoginException(ioe.getMessage());
>>> > } catch (UnsupportedCallbackException uce) {
>>> > throw new LoginException(uce.getMessage() + " not
>>> available to
>>> > obtain information from user");
>>> > }
>>> > }
>>> >
>>> > // user callback get value
>>> > if (((NameCallback) callbacks[0]).getName() == null) {
>>> > throw new LoginException("Username can not be null");
>>> > }
>>> > user = ((NameCallback) callbacks[0]).getName();
>>> >
>>> > // password callback get value
>>> > if (((PasswordCallback) callbacks[1]).getPassword() == null) {
>>> > throw new LoginException("Password can not be null");
>>> > }
>>> > String password = new String(((PasswordCallback)
>>> > callbacks[1]).getPassword());
>>> >
>>> > org.apache.shiro.subject.Subject shiroSubject = null;
>>> >
>>> > //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal
>>> objects
>>> >
>>> > return authenticated;
>>> >
>>> > }
>>> >
>>> > @Override
>>> > public boolean commit() throws LoginException {
>>> > LOGGER.debug("commit "+System.identityHashCode(this));
>>> > subject.getPrincipals().addAll(principals);
>>> > return authenticated;
>>> > }
>>> >
>>> > @Override
>>> > public boolean abort() throws LoginException {
>>> > user = null;
>>> > principals.clear();
>>> > user = null;
>>> > LOGGER.debug("abort "+System.identityHashCode(this));
>>> > return true;
>>> > }
>>> >
>>> > @Override
>>> > public boolean logout() throws LoginException {
>>> > user = null;
>>> > subject.getPrincipals().removeAll(principals);
>>> > principals.clear();
>>> > LOGGER.debug("logout "+System.identityHashCode(this));
>>> > return true;
>>> > }
>>> >
>>> > }
>>> >
>>> > I have tried setting the rank inside the blueprint to -1, 0, and 1 and
>>> the
>>> > ShiroBridge does move up and down the list, but no log statements from
>>> the
>>> > ShiroJaasIntegration LoginModule are ever called, and in all cases i
>>> can still
>>> > login with karaf/karaf.
>>> >
>>> > karaf@root()> jaas:realm-list
>>>
>>> >
>>> > Index | Realm Name | Login Module Class Name
>>>
>>> >
>>> > ------+-------------+---------------------------------------
>>> ------------------------
>>> >
>>> > 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
>>>
>>> >
>>> > 2 | karaf |
>>> > org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>>>
>>> >
>>> > 3 | karaf |
>>> > org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>>>
>>> >
>>> > 4 | karaf | org.apache.karaf.jaas.modules.
>>> audit.FileAuditLoginModule
>>> >
>>> > 5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
>>>
>>> >
>>> > 6 | karaf |
>>> > org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
>>> >
>>> >
>>> > So my module never seems to be called, and i can't really disable the
>>> karaf realm.
>>> >
>>> >
>>> > Can someone help with this? My objective is to add my own LoginModule
>>> and
>>> > preferably replace the current karaf Realm
>>> >
>>>
>>> --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>>>
>>
>
Re: Using a custom JAAS LoginModule with karaf
Posted by Martin Nielsen <mn...@gmail.com>.
I now tried changing the blueprint to this:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
<jaas:config name="karaf" rank="0">
<jaas:module
className="my.test.common.security.karaf.ShiroJaasIntegration"
flags="sufficient">
</jaas:module>
</jaas:config>
</blueprint>
That changes the realm list command to this
karaf@root()> jaas:realm-list
Index | Realm Name | Login Module Class Name
------+------------+--------------------------------------------------------
1 | karaf | dk.netdesign.common.security.karaf.ShiroJaasIntegration
But i can still log in with karaf/karaf, and my module is STILL not
called. I do not understand this. How can i still log in through the
property module when it is no longer listed?
On Tue, Apr 3, 2018 at 6:40 PM, Martin Nielsen <mn...@gmail.com> wrote:
> No you understood completely. I obviously didn't though. So if i want the
> loginmodule i made to be usable through the webconsole, I must place it in
> the karaf realm, is that correct?
>
> Second question: what if i want to disable one of the current modules, for
> example the properties module?
>
> On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <jb...@nanthrax.net> wrote:
>
>> Hi,
>>
>> Maybe I don't understand what you want to do.
>>
>> You added your login module in a new realm (ShiroBridge). So, it means
>> that it
>> will be used only for applications that will use this realm.
>>
>> It's not possible to remove the karaf realm easily today as core part of
>> Karaf
>> use it (shell, MBeanServer, ...).
>>
>> So:
>> 1. If you want to use your login module in the core Karaf part (like the
>> shell
>> or ssh), then, your login module as to be in the karaf realm
>> 2. No problem to create new realms and plug third party applications
>> using this
>> realm
>>
>> Regards
>> JB
>>
>> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
>> > Hello everyone
>> >
>> > I am trying to create a new karaf JAAS module and preferably override
>> the
>> > current karaf JAAS domain.
>> >
>> > I have my login module which basically just delegates everything to
>> shiro, as
>> > well as a blueprint to add it to the JAAS config.
>> >
>> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>> >
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0
>> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
>> > xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
>> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>> >
>> > xmlns:ext="http://aries.apache.org/blueprint/xmlns/
>> blueprint-ext/v1.0.0
>> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>> >
>> >
>> > <ext:property-placeholder placeholder-prefix="$["
>> placeholder-suffix="]"/>
>> >
>> > <jaas:config name="ShiroBridge" rank="-1">
>> > <jaas:module className="my.test.security.
>> karaf.ShiroJaasIntegration"
>> > flags="sufficient">
>> > </jaas:module>
>> > </jaas:config>
>> >
>> > </blueprint>
>> >
>> > My LoginModule:
>> >
>> > public class ShiroJaasIntegration implements LoginModule {
>> >
>> > public static final Logger LOGGER =
>> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
>> > private static final Class<org.apache.shiro.session.Session>
>> > shiroSessionClass = org.apache.shiro.session.Session.class;
>> >
>> > protected Set<Principal> principals = new HashSet<>();
>> > private Subject subject;
>> > private org.apache.shiro.session.Session shiroSession;
>> > private CallbackHandler callbackHandler;
>> > private Map<String, ?> sharedState;
>> > private Map<String, ?> options;
>> > private String user;
>> > protected BundleContext bundleContext;
>> > private boolean authenticated = false;
>> >
>> > @Override
>> > public void initialize(Subject subject, CallbackHandler
>> callbackHandler,
>> > Map<String, ?> sharedState, Map<String, ?> options) {
>> > LOGGER.info("initialize "+System.identityHashCode(this));
>> > this.subject = subject;
>> > this.callbackHandler = callbackHandler;
>> > this.sharedState = sharedState;
>> > this.options = options;
>> > this.bundleContext = ((BundleReference)
>> > this.getClass().getClassLoader()).getBundle().getBundleContext();
>> > }
>> >
>> > @Override
>> > public boolean login() throws LoginException {
>> > LOGGER.debug("login "+System.identityHashCode(this));
>> > if (callbackHandler == null) {
>> > throw new LoginException("No CallbackHandler found");
>> > }
>> >
>> > Callback[] callbacks = new Callback[2];
>> >
>> > callbacks[0] = new NameCallback("Username: ");
>> > callbacks[1] = new PasswordCallback("Password: ", false);
>> > if (callbackHandler != null) {
>> > try {
>> > callbackHandler.handle(callbacks);
>> > } catch (IOException ioe) {
>> > throw new LoginException(ioe.getMessage());
>> > } catch (UnsupportedCallbackException uce) {
>> > throw new LoginException(uce.getMessage() + " not
>> available to
>> > obtain information from user");
>> > }
>> > }
>> >
>> > // user callback get value
>> > if (((NameCallback) callbacks[0]).getName() == null) {
>> > throw new LoginException("Username can not be null");
>> > }
>> > user = ((NameCallback) callbacks[0]).getName();
>> >
>> > // password callback get value
>> > if (((PasswordCallback) callbacks[1]).getPassword() == null) {
>> > throw new LoginException("Password can not be null");
>> > }
>> > String password = new String(((PasswordCallback)
>> > callbacks[1]).getPassword());
>> >
>> > org.apache.shiro.subject.Subject shiroSubject = null;
>> >
>> > //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal
>> objects
>> >
>> > return authenticated;
>> >
>> > }
>> >
>> > @Override
>> > public boolean commit() throws LoginException {
>> > LOGGER.debug("commit "+System.identityHashCode(this));
>> > subject.getPrincipals().addAll(principals);
>> > return authenticated;
>> > }
>> >
>> > @Override
>> > public boolean abort() throws LoginException {
>> > user = null;
>> > principals.clear();
>> > user = null;
>> > LOGGER.debug("abort "+System.identityHashCode(this));
>> > return true;
>> > }
>> >
>> > @Override
>> > public boolean logout() throws LoginException {
>> > user = null;
>> > subject.getPrincipals().removeAll(principals);
>> > principals.clear();
>> > LOGGER.debug("logout "+System.identityHashCode(this));
>> > return true;
>> > }
>> >
>> > }
>> >
>> > I have tried setting the rank inside the blueprint to -1, 0, and 1 and
>> the
>> > ShiroBridge does move up and down the list, but no log statements from
>> the
>> > ShiroJaasIntegration LoginModule are ever called, and in all cases i
>> can still
>> > login with karaf/karaf.
>> >
>> > karaf@root()> jaas:realm-list
>>
>> >
>> > Index | Realm Name | Login Module Class Name
>>
>> >
>> > ------+-------------+---------------------------------------
>> ------------------------
>> >
>> > 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
>>
>> >
>> > 2 | karaf |
>> > org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>>
>> >
>> > 3 | karaf |
>> > org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>>
>> >
>> > 4 | karaf | org.apache.karaf.jaas.modules.
>> audit.FileAuditLoginModule
>> >
>> > 5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
>>
>> >
>> > 6 | karaf |
>> > org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
>> >
>> >
>> > So my module never seems to be called, and i can't really disable the
>> karaf realm.
>> >
>> >
>> > Can someone help with this? My objective is to add my own LoginModule
>> and
>> > preferably replace the current karaf Realm
>> >
>>
>> --
>> Jean-Baptiste Onofré
>> jbonofre@apache.org
>> http://blog.nanthrax.net
>> Talend - http://www.talend.com
>>
>
Re: Using a custom JAAS LoginModule with karaf
Posted by Martin Nielsen <mn...@gmail.com>.
No you understood completely. I obviously didn't though. So if i want the
loginmodule i made to be usable through the webconsole, I must place it in
the karaf realm, is that correct?
Second question: what if i want to disable one of the current modules, for
example the properties module?
On Tue, 3 Apr 2018, 18:18 Jean-Baptiste Onofré, <jb...@nanthrax.net> wrote:
> Hi,
>
> Maybe I don't understand what you want to do.
>
> You added your login module in a new realm (ShiroBridge). So, it means
> that it
> will be used only for applications that will use this realm.
>
> It's not possible to remove the karaf realm easily today as core part of
> Karaf
> use it (shell, MBeanServer, ...).
>
> So:
> 1. If you want to use your login module in the core Karaf part (like the
> shell
> or ssh), then, your login module as to be in the karaf realm
> 2. No problem to create new realms and plug third party applications using
> this
> realm
>
> Regards
> JB
>
> On 04/03/2018 05:42 PM, Martin Nielsen wrote:
> > Hello everyone
> >
> > I am trying to create a new karaf JAAS module and preferably override the
> > current karaf JAAS domain.
> >
> > I have my login module which basically just delegates everything to
> shiro, as
> > well as a blueprint to add it to the JAAS config.
> >
> > My JAAS config xml from OSGI-INF\blueprint folder in the jar:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0
> > <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
> > xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
> > <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
> >
> > xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0
> > <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
> >
> >
> > <ext:property-placeholder placeholder-prefix="$["
> placeholder-suffix="]"/>
> >
> > <jaas:config name="ShiroBridge" rank="-1">
> > <jaas:module
> className="my.test.security.karaf.ShiroJaasIntegration"
> > flags="sufficient">
> > </jaas:module>
> > </jaas:config>
> >
> > </blueprint>
> >
> > My LoginModule:
> >
> > public class ShiroJaasIntegration implements LoginModule {
> >
> > public static final Logger LOGGER =
> > LoggerFactory.getLogger(ShiroJaasIntegration.class);
> > private static final Class<org.apache.shiro.session.Session>
> > shiroSessionClass = org.apache.shiro.session.Session.class;
> >
> > protected Set<Principal> principals = new HashSet<>();
> > private Subject subject;
> > private org.apache.shiro.session.Session shiroSession;
> > private CallbackHandler callbackHandler;
> > private Map<String, ?> sharedState;
> > private Map<String, ?> options;
> > private String user;
> > protected BundleContext bundleContext;
> > private boolean authenticated = false;
> >
> > @Override
> > public void initialize(Subject subject, CallbackHandler
> callbackHandler,
> > Map<String, ?> sharedState, Map<String, ?> options) {
> > LOGGER.info("initialize "+System.identityHashCode(this));
> > this.subject = subject;
> > this.callbackHandler = callbackHandler;
> > this.sharedState = sharedState;
> > this.options = options;
> > this.bundleContext = ((BundleReference)
> > this.getClass().getClassLoader()).getBundle().getBundleContext();
> > }
> >
> > @Override
> > public boolean login() throws LoginException {
> > LOGGER.debug("login "+System.identityHashCode(this));
> > if (callbackHandler == null) {
> > throw new LoginException("No CallbackHandler found");
> > }
> >
> > Callback[] callbacks = new Callback[2];
> >
> > callbacks[0] = new NameCallback("Username: ");
> > callbacks[1] = new PasswordCallback("Password: ", false);
> > if (callbackHandler != null) {
> > try {
> > callbackHandler.handle(callbacks);
> > } catch (IOException ioe) {
> > throw new LoginException(ioe.getMessage());
> > } catch (UnsupportedCallbackException uce) {
> > throw new LoginException(uce.getMessage() + " not
> available to
> > obtain information from user");
> > }
> > }
> >
> > // user callback get value
> > if (((NameCallback) callbacks[0]).getName() == null) {
> > throw new LoginException("Username can not be null");
> > }
> > user = ((NameCallback) callbacks[0]).getName();
> >
> > // password callback get value
> > if (((PasswordCallback) callbacks[1]).getPassword() == null) {
> > throw new LoginException("Password can not be null");
> > }
> > String password = new String(((PasswordCallback)
> > callbacks[1]).getPassword());
> >
> > org.apache.shiro.subject.Subject shiroSubject = null;
> >
> > //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal
> objects
> >
> > return authenticated;
> >
> > }
> >
> > @Override
> > public boolean commit() throws LoginException {
> > LOGGER.debug("commit "+System.identityHashCode(this));
> > subject.getPrincipals().addAll(principals);
> > return authenticated;
> > }
> >
> > @Override
> > public boolean abort() throws LoginException {
> > user = null;
> > principals.clear();
> > user = null;
> > LOGGER.debug("abort "+System.identityHashCode(this));
> > return true;
> > }
> >
> > @Override
> > public boolean logout() throws LoginException {
> > user = null;
> > subject.getPrincipals().removeAll(principals);
> > principals.clear();
> > LOGGER.debug("logout "+System.identityHashCode(this));
> > return true;
> > }
> >
> > }
> >
> > I have tried setting the rank inside the blueprint to -1, 0, and 1 and
> the
> > ShiroBridge does move up and down the list, but no log statements from
> the
> > ShiroJaasIntegration LoginModule are ever called, and in all cases i can
> still
> > login with karaf/karaf.
> >
> > karaf@root()> jaas:realm-list
>
> >
> > Index | Realm Name | Login Module Class Name
>
> >
> >
> ------+-------------+---------------------------------------------------------------
> >
> > 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
>
> >
> > 2 | karaf |
> > org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>
> >
> > 3 | karaf |
> > org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>
> >
> > 4 | karaf |
> org.apache.karaf.jaas.modules.audit.FileAuditLoginModule
> >
> > 5 | karaf |
> org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
> >
> > 6 | karaf |
> > org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
> >
> >
> > So my module never seems to be called, and i can't really disable the
> karaf realm.
> >
> >
> > Can someone help with this? My objective is to add my own LoginModule and
> > preferably replace the current karaf Realm
> >
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>
Re: Using a custom JAAS LoginModule with karaf
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi,
Maybe I don't understand what you want to do.
You added your login module in a new realm (ShiroBridge). So, it means that it
will be used only for applications that will use this realm.
It's not possible to remove the karaf realm easily today as core part of Karaf
use it (shell, MBeanServer, ...).
So:
1. If you want to use your login module in the core Karaf part (like the shell
or ssh), then, your login module as to be in the karaf realm
2. No problem to create new realms and plug third party applications using this
realm
Regards
JB
On 04/03/2018 05:42 PM, Martin Nielsen wrote:
> Hello everyone
>
> I am trying to create a new karaf JAAS module and preferably override the
> current karaf JAAS domain.
>
> I have my login module which basically just delegates everything to shiro, as
> well as a blueprint to add it to the JAAS config.
>
> My JAAS config xml from OSGI-INF\blueprint folder in the jar:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0
> <http://www.osgi.org/xmlns/blueprint/v1.0.0>"
> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0
> <http://karaf.apache.org/xmlns/jaas/v1.0.0>"
>
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0
> <http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0>">
>
>
> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
>
> <jaas:config name="ShiroBridge" rank="-1">
> <jaas:module className="my.test.security.karaf.ShiroJaasIntegration"
> flags="sufficient">
> </jaas:module>
> </jaas:config>
>
> </blueprint>
>
> My LoginModule:
>
> public class ShiroJaasIntegration implements LoginModule {
>
> public static final Logger LOGGER =
> LoggerFactory.getLogger(ShiroJaasIntegration.class);
> private static final Class<org.apache.shiro.session.Session>
> shiroSessionClass = org.apache.shiro.session.Session.class;
>
> protected Set<Principal> principals = new HashSet<>();
> private Subject subject;
> private org.apache.shiro.session.Session shiroSession;
> private CallbackHandler callbackHandler;
> private Map<String, ?> sharedState;
> private Map<String, ?> options;
> private String user;
> protected BundleContext bundleContext;
> private boolean authenticated = false;
>
> @Override
> public void initialize(Subject subject, CallbackHandler callbackHandler,
> Map<String, ?> sharedState, Map<String, ?> options) {
> LOGGER.info("initialize "+System.identityHashCode(this));
> this.subject = subject;
> this.callbackHandler = callbackHandler;
> this.sharedState = sharedState;
> this.options = options;
> this.bundleContext = ((BundleReference)
> this.getClass().getClassLoader()).getBundle().getBundleContext();
> }
>
> @Override
> public boolean login() throws LoginException {
> LOGGER.debug("login "+System.identityHashCode(this));
> if (callbackHandler == null) {
> throw new LoginException("No CallbackHandler found");
> }
>
> Callback[] callbacks = new Callback[2];
>
> callbacks[0] = new NameCallback("Username: ");
> callbacks[1] = new PasswordCallback("Password: ", false);
> if (callbackHandler != null) {
> try {
> callbackHandler.handle(callbacks);
> } catch (IOException ioe) {
> throw new LoginException(ioe.getMessage());
> } catch (UnsupportedCallbackException uce) {
> throw new LoginException(uce.getMessage() + " not available to
> obtain information from user");
> }
> }
>
> // user callback get value
> if (((NameCallback) callbacks[0]).getName() == null) {
> throw new LoginException("Username can not be null");
> }
> user = ((NameCallback) callbacks[0]).getName();
>
> // password callback get value
> if (((PasswordCallback) callbacks[1]).getPassword() == null) {
> throw new LoginException("Password can not be null");
> }
> String password = new String(((PasswordCallback)
> callbacks[1]).getPassword());
>
> org.apache.shiro.subject.Subject shiroSubject = null;
>
> //Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects
>
> return authenticated;
>
> }
>
> @Override
> public boolean commit() throws LoginException {
> LOGGER.debug("commit "+System.identityHashCode(this));
> subject.getPrincipals().addAll(principals);
> return authenticated;
> }
>
> @Override
> public boolean abort() throws LoginException {
> user = null;
> principals.clear();
> user = null;
> LOGGER.debug("abort "+System.identityHashCode(this));
> return true;
> }
>
> @Override
> public boolean logout() throws LoginException {
> user = null;
> subject.getPrincipals().removeAll(principals);
> principals.clear();
> LOGGER.debug("logout "+System.identityHashCode(this));
> return true;
> }
>
> }
>
> I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
> ShiroBridge does move up and down the list, but no log statements from the
> ShiroJaasIntegration LoginModule are ever called, and in all cases i can still
> login with karaf/karaf.
>
> karaf@root()> jaas:realm-list
>
> Index | Realm Name | Login Module Class Name
>
> ------+-------------+---------------------------------------------------------------
>
> 1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
>
> 2 | karaf |
> org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
>
> 3 | karaf |
> org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
>
> 4 | karaf | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule
>
> 5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
>
> 6 | karaf |
> org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
>
>
> So my module never seems to be called, and i can't really disable the karaf realm.
>
>
> Can someone help with this? My objective is to add my own LoginModule and
> preferably replace the current karaf Realm
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com