You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Christoph Emmersberger <ce...@googlemail.com> on 2012/04/16 23:06:13 UTC

How to make JAAS config configurable via e.g. ${karaf.home}/container/etc

Dear all,

I'm looking for a way to make my JAAS config configurable from the outside, best from a file from ${karaf.home}/container/etc

It should be similar like the org.apache.karaf.jaas.cfg configuration but should contain also further information like the following JAAS config:

  <jaas:config name="test">
    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
     environment = TEST
      connection.url = ldap://test:389
      connection.username = cn=test,dc=test,dc=test,dc=org
      connection.password = 1234
      user.base.dn = ou=test,dc=test,dc=test,dc=org
      user.filter = (&amp;(cn=%u)(isActive=TRUE))
      user.search.subtree = false
      role.base.dn = ou=app,dc=test,dc=test,dc=org
      role.filter = (&amp;(cn=%u)(isActive=TRUE))
      role.name.attribute = uniqueMember
      role.search.subtree = false
      service.role.base.dn = ou=test,dc=test,dc=test,dc=org
      service.role.filter = (isActive=TRUE)
      service.role.name.attribute = cn
      service.role.search.subtree = false
      authentication = simple
    </jaas:module>
  </jaas:config>

Especially the connection information should be externalized to enable a proper staging between environments.

Has anyone already some experience in achieving such a setup?

Many thanks for your support and kind regards,

Christoph

Re: How to make JAAS config configurable via e.g. ${karaf.home}/container/etc

Posted by Christoph Emmersberger <ce...@googlemail.com>.

Hi Freeman,

thanks for your reply. I guess your proposed solution would work quite well.

Maybe it's worth adding a section to the documentation on how to achieve that later.

Many thanks and kind regards,

Christoph

On 17.04.2012, at 01:21, Freeman Fang wrote:

> Hi,
> 
> I'm afraid all configuration file  through configAdmin should be put in ${karaf.home}/etc folder, though you can specify another configuration file name in jaas blueprint configuration like
> <cm:property-placeholder persistent-id="org.customer.jaas" update-strategy="reload">
> 
> then you can edit ${karaf.home}/etc/org.customer.jaas.cfg to put all properties you want there. Take a look at [1] to get more details about how property placeholder works in blueprint.
> Also [2] for more about the Karaf JAAS framework
> 
> [1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
> [2]http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html
> 
> Freeman
> 
> On 2012-4-17, at 上午5:06, Christoph Emmersberger wrote:
> 
>> Dear all,
>> 
>> I'm looking for a way to make my JAAS config configurable from the outside, best from a file from ${karaf.home}/container/etc
>> 
>> It should be similar like the org.apache.karaf.jaas.cfg configuration but should contain also further information like the following JAAS config:
>> 
>>   <jaas:config name="test">
>>     <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
>>      environment = TEST
>>       connection.url = ldap://test:389
>>       connection.username = cn=test,dc=test,dc=test,dc=org
>>       connection.password = 1234
>>       user.base.dn = ou=test,dc=test,dc=test,dc=org
>>       user.filter = (&amp;(cn=%u)(isActive=TRUE))
>>       user.search.subtree = false
>>       role.base.dn = ou=app,dc=test,dc=test,dc=org
>>       role.filter = (&amp;(cn=%u)(isActive=TRUE))
>>       role.name.attribute = uniqueMember
>>       role.search.subtree = false
>>       service.role.base.dn = ou=test,dc=test,dc=test,dc=org
>>       service.role.filter = (isActive=TRUE)
>>       service.role.name.attribute = cn
>>       service.role.search.subtree = false
>>       authentication = simple
>>     </jaas:module>
>>   </jaas:config>
>> 
>> Especially the connection information should be externalized to enable a proper staging between environments.
>> 
>> Has anyone already some experience in achieving such a setup?
>> 
>> Many thanks for your support and kind regards,
>> 
>> Christoph
> 
> ---------------------------------------------
> Freeman Fang
> 
> FuseSource
> Email:ffang@fusesource.com
> Web: fusesource.com
> Twitter: freemanfang
> Blog: http://freemanfang.blogspot.com
> http://blog.sina.com.cn/u/1473905042
> weibo: http://weibo.com/u/1473905042
> 
> 
> 
> 
> 
> 
> 
> 
> 
>

Re: How to make JAAS config configurable via e.g. ${karaf.home}/container/etc

Posted by Freeman Fang <fr...@gmail.com>.

Hi,

I'm afraid all configuration file  through configAdmin should be put  
in ${karaf.home}/etc folder, though you can specify another  
configuration file name in jaas blueprint configuration like
<cm:property-placeholder persistent-id="org.customer.jaas" update- 
strategy="reload">

then you can edit ${karaf.home}/etc/org.customer.jaas.cfg to put all  
properties you want there. Take a look at [1] to get more details  
about how property placeholder works in blueprint.
Also [2] for more about the Karaf JAAS framework

[1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
[2]http://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html

Freeman

On 2012-4-17, at 上午5:06, Christoph Emmersberger wrote:

> Dear all,
>
> I'm looking for a way to make my JAAS config configurable from the  
> outside, best from a file from ${karaf.home}/container/etc
>
> It should be similar like the org.apache.karaf.jaas.cfg  
> configuration but should contain also further information like the  
> following JAAS config:
>
>   <jaas:config name="test">
>     <jaas:module  
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"  
> flags="required">
>      environment = TEST
>       connection.url = ldap://test:389
>       connection.username = cn=test,dc=test,dc=test,dc=org
>       connection.password = 1234
>       user.base.dn = ou=test,dc=test,dc=test,dc=org
>       user.filter = (&amp;(cn=%u)(isActive=TRUE))
>       user.search.subtree = false
>       role.base.dn = ou=app,dc=test,dc=test,dc=org
>       role.filter = (&amp;(cn=%u)(isActive=TRUE))
>       role.name.attribute = uniqueMember
>       role.search.subtree = false
>       service.role.base.dn = ou=test,dc=test,dc=test,dc=org
>       service.role.filter = (isActive=TRUE)
>       service.role.name.attribute = cn
>       service.role.search.subtree = false
>       authentication = simple
>     </jaas:module>
>   </jaas:config>
>
> Especially the connection information should be externalized to  
> enable a proper staging between environments.
>
> Has anyone already some experience in achieving such a setup?
>
> Many thanks for your support and kind regards,
>
> Christoph

---------------------------------------------
Freeman Fang

FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042