You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@karaf.apache.org by xav <xa...@eaton.com> on 2015/04/01 15:01:55 UTC
Jaas and users.properties
Hi all,
I have the following issue, I use the default jaas authentication
(encrypted), it's works, but in my bundle I would like using again the
password Inside the the users.properties.
I try to find, how to do that, without opening this file, extract the right
user, and decrypt this password with the EncryptionService. I found Jaas
command which do that but in the console, I don't found the right solution
to do that. Am I on the right way, or not???
Thanks you for the help.
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Hi all,
Any help?
Thx
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4040263.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Hi JB,
Thx for your quickly reply.
Do you use StandardPBEStringEncryptor in ActiveMQ:
I don't know, I used the jasypt cli to encrypt my password, like
encrypt.bat input=mypwd password=secret verbose=true
algorithm=PBEWithMD5AndDES
I copy and past the result inside the users.properties.
in the activemq.xml I provided this:
<plugins>
<jaasAuthenticationPlugin configuration="karaf" />
</plugins>
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4040050.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Xavier,
1/ correct
2/ the encryption is just for the Karaf PropertiesLoginModule (so
basically the etc/users.properties). It doesn't affect other login modules.
Do you use StandardPBEStringEncryptor in ActiveMQ ?
Regards
JB
On 04/28/2015 06:22 PM, xav wrote:
> Hi all,
>
> I am disappointed !!! with the encrypt data and configuration file!!
> I have a bundle who try to establish a connection with activemq broker
> (5.9.0) inside karaf (2.3.9)
> If in this file org.apache.karaf.jaas.cfg I turn on the encrypt value
> encryption.enabled = true
> encryption.name =
>
> I have this code in my bundle connectionFactory.createConnection(user,
> password);
> it's works, but I must provide the password in clear,
> - first question:
> if I retrieve this password from a configuration file I must decrypt it
> before, and use it, in Karaf the EncryptionService does not provide this
> services, so I must doing the reverse than the BasicEncryption class does,
> isn't it ???
> - second question
> If I want to use jasypt encryption for jaas in karaf, I did this
> encryption.enabled = true
> encryption.name = jasypt
> But with activemq it's doesn't work, the authentication fail, I don't know
> where I put the configuration for jasypt, like:
> name="algorithm" value="PBEWithMD5AndDES"
> name="passwordEnvName" value="secret"
> and must I doing the same thing like the first question, i.e. using
> connectionFactory.createConnection(user, password); with a plain text
> password ??
> Must I decrypt it like jasypt cli:
> decrypt input=YgWJNxz75OJJY...... password=secret
> algorithm=PBEWithMD5AndDES
>
> Thanks a lot for your help
>
> Regards
>
>
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4040047.html
> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
I miss somethings, I use ipojo, and not blueprint in my bundle
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4040048.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Hi all,
I am disappointed !!! with the encrypt data and configuration file!!
I have a bundle who try to establish a connection with activemq broker
(5.9.0) inside karaf (2.3.9)
If in this file org.apache.karaf.jaas.cfg I turn on the encrypt value
encryption.enabled = true
encryption.name =
I have this code in my bundle connectionFactory.createConnection(user,
password);
it's works, but I must provide the password in clear,
- first question:
if I retrieve this password from a configuration file I must decrypt it
before, and use it, in Karaf the EncryptionService does not provide this
services, so I must doing the reverse than the BasicEncryption class does,
isn't it ???
- second question
If I want to use jasypt encryption for jaas in karaf, I did this
encryption.enabled = true
encryption.name = jasypt
But with activemq it's doesn't work, the authentication fail, I don't know
where I put the configuration for jasypt, like:
name="algorithm" value="PBEWithMD5AndDES"
name="passwordEnvName" value="secret"
and must I doing the same thing like the first question, i.e. using
connectionFactory.createConnection(user, password); with a plain text
password ??
Must I decrypt it like jasypt cli:
decrypt input=YgWJNxz75OJJY...... password=secret
algorithm=PBEWithMD5AndDES
Thanks a lot for your help
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4040047.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Hi JB, all,
I work again this afternoon on this subject, But I have the following
problem:
How to decrypt my password recorded in the users.properties (I use
javax.jms.ConnectionFactory to create a connection with my broker) inside
this method, I must provide a clear password (I don't see how to pass an
encrypt password!)
I saw this
http://camel.apache.org/jasypt.html
on this topic
http://karaf.922171.n3.nabble.com/Encryption-of-passwords-td3632948.html
But must I use this? or ???
Thanks
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4039554.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Thanks a lot for you answer, perfect, I will choose this one
Properties properties = Properties.load(System.getProperty("karaf.etc)" +
"users.properties");
I will send my feed back
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4039444.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
In that case, you can use the PropertiesBackendEngine.
As all backend engines (you have one backend engine per login module),
you have methods like:
listUsers()
listRoles()
etc
They are exposed as OSGi services, so you can use it programmatically.
The UserPrincipal gives you the username.
For the password, for security reason, you can't retrieve the password,
but you can validate a given password (as you should do with JAAS).
The big advantage of using backend engine is that you don't care of the
actual login module. An alternative in your case would be to parse the
etc/users.properties yourself (Properties properties =
Properties.load(System.getProperty("karaf.etc)" + "users.properties"),
but it works only when you use the PropertiesLoginModule.
Regards
JB
On 04/03/2015 09:07 AM, xav wrote:
> Hi JB,
>
> I don't want to add realm, but reusing, getting properties inside this
> class:
> org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.java
>
> I just want to access at the login + password inside the users.properties,
> without parsing myself this file (if it's possible)?
>
> Thank you
>
> Regards
>
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4039438.html
> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Hi JB,
I don't want to add realm, but reusing, getting properties inside this
class:
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule.java
I just want to access at the login + password inside the users.properties,
without parsing myself this file (if it's possible)?
Thank you
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4039438.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
You can create multiple realm with different login modules.
http://karaf.apache.org/manual/latest/developers-guide/security-framework.html
Regards
JB
On 04/01/2015 06:16 PM, xav wrote:
> Thx for your help, but I believe than ma question was not very clear!
> in fact I have a bundle which share credentials with activemq (for karaf)
> these credentials are in the uers.properties, so I would like to use them,
> and not have my own configuration file with the same credentials (user,
> password).
>
> Regards
>
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4039416.html
> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Jaas and users.properties
Posted by xav <xa...@eaton.com>.
Thx for your help, but I believe than ma question was not very clear!
in fact I have a bundle which share credentials with activemq (for karaf)
these credentials are in the uers.properties, so I would like to use them,
and not have my own configuration file with the same credentials (user,
password).
Regards
--
View this message in context: http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414p4039416.html
Sent from the Karaf - Dev mailing list archive at Nabble.com.
Re: Jaas and users.properties
Posted by Achim Nierbeck <bc...@googlemail.com>.
Hi,
this is not the way a JAAS application is supposed to work.
Usually you authenticate via the password, once authenticated the user is
connected to certain roles. For Authorization (thats the tow AAs in JAAS -
Authentication and Authorization).
So if you want to use it for a SingleSignOn solution you'll need to find
another solution.
Right now I strongly advice not to follow that path...
regards, Achim
2015-04-01 15:01 GMT+02:00 xav <xa...@eaton.com>:
> Hi all,
>
> I have the following issue, I use the default jaas authentication
> (encrypted), it's works, but in my bundle I would like using again the
> password Inside the the users.properties.
> I try to find, how to do that, without opening this file, extract the right
> user, and decrypt this password with the EncryptionService. I found Jaas
> command which do that but in the console, I don't found the right solution
> to do that. Am I on the right way, or not???
>
> Thanks you for the help.
>
> Regards
>
>
>
> --
> View this message in context:
> http://karaf.922171.n3.nabble.com/Jaas-and-users-properties-tp4039414.html
> Sent from the Karaf - Dev mailing list archive at Nabble.com.
>
--
Apache Member
Apache Karaf <http://karaf.apache.org/> Committer & PMC
OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer &
Project Lead
blog <http://notizblog.nierbeck.de/>
Co-Author of Apache Karaf Cookbook <http://bit.ly/1ps9rkS>
Software Architect / Project Manager / Scrum Master