You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Benjamin Papez (JIRA)" <ji...@apache.org> on 2016/10/19 08:44:58 UTC

[jira] [Created] (KARAF-4784) OsgiConfiguration for JAAS should fallback to default configuration

Benjamin Papez created KARAF-4784:
-------------------------------------

             Summary: OsgiConfiguration for JAAS should fallback to default configuration
                 Key: KARAF-4784
                 URL: https://issues.apache.org/jira/browse/KARAF-4784
             Project: Karaf
          Issue Type: Bug
          Components: karaf-security
    Affects Versions: 4.0.7
            Reporter: Benjamin Papez


We will use Karaf embedded in the next version of our Web Application, which means that we still first start the application server (Tomcat/JBoss/Websphere) and then Karaf is started inside. Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO. Unfortunately with the step to use Karaf the current default JAAS configuration is no longer picked up and used, because Karaf is setting the {{org.apache.karaf.jaas.config.impl.OsgiConfiguration}} object into {{javax.security.auth.login.Configuration.setConfiguration}} within the {{OsgiConfiguration.init}} method.

This way all standard/app-server specific ways of JAAS configuration are ignored.

I would propose a modification to {{OsgiConfiguration}}, with something like:
{code}
    private Configuration defaultConfiguration;

    public void init() {
        try {
            defaultConfiguration = Configuration.getConfiguration();
        } catch (RuntimeException ex) {
            // default configuration for fallback could not be retrieved - should be logged
        }
        Configuration.setConfiguration(this);
    }
    ...
    public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
        JaasRealm realm = null;
        for (JaasRealm r : realms) {
            if (r.getName().equals(name)) {
                if (realm == null || r.getRank() > realm.getRank()) {
                    realm = r;
                }
            }
        }
        if (realm != null) {
            return realm.getEntries();
        } else if (defaultConfiguration != null) {
           return defaultConfiguration.getAppConfigurationEntry(name);
        }
        return null;
    }

    public void refresh() {
        if (defaultConfiguration != null) {
            defaultConfiguration.refresh();
        }
    }
{code}

This way if no OSGI configured JAAS realm can find an {{AppConfigurationEntry}}, we would still try to get it from the default JAAS configuration, and our customers could keep the same JAAS configuration as before. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)