You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@karaf.apache.org by Christoph Emmersberger <ce...@googlemail.com> on 2012/04/16 23:06:13 UTC
How to make JAAS config configurable via e.g. ${karaf.home}/container/etc
Dear all,
I'm looking for a way to make my JAAS config configurable from the outside, best from a file from ${karaf.home}/container/etc
It should be similar like the org.apache.karaf.jaas.cfg configuration but should contain also further information like the following JAAS config:
<jaas:config name="test">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
environment = TEST
connection.url = ldap://test:389
connection.username = cn=test,dc=test,dc=test,dc=org
connection.password = 1234
user.base.dn = ou=test,dc=test,dc=test,dc=org
user.filter = (&(cn=%u)(isActive=TRUE))
user.search.subtree = false
role.base.dn = ou=app,dc=test,dc=test,dc=org
role.filter = (&(cn=%u)(isActive=TRUE))
role.name.attribute = uniqueMember
role.search.subtree = false
service.role.base.dn = ou=test,dc=test,dc=test,dc=org
service.role.filter = (isActive=TRUE)
service.role.name.attribute = cn
service.role.search.subtree = false
authentication = simple
</jaas:module>
</jaas:config>
Especially the connection information should be externalized to enable a proper staging between environments.
Has anyone already some experience in achieving such a setup?
Many thanks for your support and kind regards,
Christoph
Re: How to make JAAS config configurable via e.g. ${karaf.home}/container/etc
Posted by Christoph Emmersberger <ce...@googlemail.com>.
Hi Freeman,
thanks for your reply. I guess your proposed solution would work quite well.
Maybe it's worth adding a section to the documentation on how to achieve that later.
Many thanks and kind regards,
Christoph
On 17.04.2012, at 01:21, Freeman Fang wrote:
> Hi,
>
> I'm afraid all configuration file through configAdmin should be put in ${karaf.home}/etc folder, though you can specify another configuration file name in jaas blueprint configuration like
> <cm:property-placeholder persistent-id="org.customer.jaas" update-strategy="reload">
>
> then you can edit ${karaf.home}/etc/org.customer.jaas.cfg to put all properties you want there. Take a look at [1] to get more details about how property placeholder works in blueprint.
> Also [2] for more about the Karaf JAAS framework
>
> [1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
> [2]http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html
>
> Freeman
>
> On 2012-4-17, at 上午5:06, Christoph Emmersberger wrote:
>
>> Dear all,
>>
>> I'm looking for a way to make my JAAS config configurable from the outside, best from a file from ${karaf.home}/container/etc
>>
>> It should be similar like the org.apache.karaf.jaas.cfg configuration but should contain also further information like the following JAAS config:
>>
>> <jaas:config name="test">
>> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
>> environment = TEST
>> connection.url = ldap://test:389
>> connection.username = cn=test,dc=test,dc=test,dc=org
>> connection.password = 1234
>> user.base.dn = ou=test,dc=test,dc=test,dc=org
>> user.filter = (&(cn=%u)(isActive=TRUE))
>> user.search.subtree = false
>> role.base.dn = ou=app,dc=test,dc=test,dc=org
>> role.filter = (&(cn=%u)(isActive=TRUE))
>> role.name.attribute = uniqueMember
>> role.search.subtree = false
>> service.role.base.dn = ou=test,dc=test,dc=test,dc=org
>> service.role.filter = (isActive=TRUE)
>> service.role.name.attribute = cn
>> service.role.search.subtree = false
>> authentication = simple
>> </jaas:module>
>> </jaas:config>
>>
>> Especially the connection information should be externalized to enable a proper staging between environments.
>>
>> Has anyone already some experience in achieving such a setup?
>>
>> Many thanks for your support and kind regards,
>>
>> Christoph
>
> ---------------------------------------------
> Freeman Fang
>
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
> http://blog.sina.com.cn/u/1473905042
> weibo: http://weibo.com/u/1473905042
>
>
>
>
>
>
>
>
>
>
Re: How to make JAAS config configurable via e.g. ${karaf.home}/container/etc
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I'm afraid all configuration file through configAdmin should be put
in ${karaf.home}/etc folder, though you can specify another
configuration file name in jaas blueprint configuration like
<cm:property-placeholder persistent-id="org.customer.jaas" update-
strategy="reload">
then you can edit ${karaf.home}/etc/org.customer.jaas.cfg to put all
properties you want there. Take a look at [1] to get more details
about how property placeholder works in blueprint.
Also [2] for more about the Karaf JAAS framework
[1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
[2]http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html
Freeman
On 2012-4-17, at 上午5:06, Christoph Emmersberger wrote:
> Dear all,
>
> I'm looking for a way to make my JAAS config configurable from the
> outside, best from a file from ${karaf.home}/container/etc
>
> It should be similar like the org.apache.karaf.jaas.cfg
> configuration but should contain also further information like the
> following JAAS config:
>
> <jaas:config name="test">
> <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
> flags="required">
> environment = TEST
> connection.url = ldap://test:389
> connection.username = cn=test,dc=test,dc=test,dc=org
> connection.password = 1234
> user.base.dn = ou=test,dc=test,dc=test,dc=org
> user.filter = (&(cn=%u)(isActive=TRUE))
> user.search.subtree = false
> role.base.dn = ou=app,dc=test,dc=test,dc=org
> role.filter = (&(cn=%u)(isActive=TRUE))
> role.name.attribute = uniqueMember
> role.search.subtree = false
> service.role.base.dn = ou=test,dc=test,dc=test,dc=org
> service.role.filter = (isActive=TRUE)
> service.role.name.attribute = cn
> service.role.search.subtree = false
> authentication = simple
> </jaas:module>
> </jaas:config>
>
> Especially the connection information should be externalized to
> enable a proper staging between environments.
>
> Has anyone already some experience in achieving such a setup?
>
> Many thanks for your support and kind regards,
>
> Christoph
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042