You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Benjamin Papez (JIRA)" <ji...@apache.org> on 2016/10/19 08:44:58 UTC
[jira] [Created] (KARAF-4784) OsgiConfiguration for JAAS should
fallback to default configuration
Benjamin Papez created KARAF-4784:
-------------------------------------
Summary: OsgiConfiguration for JAAS should fallback to default configuration
Key: KARAF-4784
URL: https://issues.apache.org/jira/browse/KARAF-4784
Project: Karaf
Issue Type: Bug
Components: karaf-security
Affects Versions: 4.0.7
Reporter: Benjamin Papez
We will use Karaf embedded in the next version of our Web Application, which means that we still first start the application server (Tomcat/JBoss/Websphere) and then Karaf is started inside. Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO. Unfortunately with the step to use Karaf the current default JAAS configuration is no longer picked up and used, because Karaf is setting the {{org.apache.karaf.jaas.config.impl.OsgiConfiguration}} object into {{javax.security.auth.login.Configuration.setConfiguration}} within the {{OsgiConfiguration.init}} method.
This way all standard/app-server specific ways of JAAS configuration are ignored.
I would propose a modification to {{OsgiConfiguration}}, with something like:
{code}
private Configuration defaultConfiguration;
public void init() {
try {
defaultConfiguration = Configuration.getConfiguration();
} catch (RuntimeException ex) {
// default configuration for fallback could not be retrieved - should be logged
}
Configuration.setConfiguration(this);
}
...
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
JaasRealm realm = null;
for (JaasRealm r : realms) {
if (r.getName().equals(name)) {
if (realm == null || r.getRank() > realm.getRank()) {
realm = r;
}
}
}
if (realm != null) {
return realm.getEntries();
} else if (defaultConfiguration != null) {
return defaultConfiguration.getAppConfigurationEntry(name);
}
return null;
}
public void refresh() {
if (defaultConfiguration != null) {
defaultConfiguration.refresh();
}
}
{code}
This way if no OSGI configured JAAS realm can find an {{AppConfigurationEntry}}, we would still try to get it from the default JAAS configuration, and our customers could keep the same JAAS configuration as before.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)