You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@karaf.apache.org by Charles Moulliard <cm...@gmail.com> on 2012/02/03 12:54:12 UTC
Karaf and Security provider
Hi,
Is the following info page always up to date (
http://felix.apache.org/site/65-deploying-security-providers.html) ? Why
don't we have it in karaf documentation ?
Regards,
Charles Moulliard
Apache Committer
Blog : http://cmoulliard.blogspot.com
Twitter : http://twitter.com/cmoulliard
Linkedin : http://www.linkedin.com/in/charlesmoulliard
Skype: cmoulliard
Re: Karaf and Security provider
Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.
Hi Charles,
I'm not sure the doc is up to date, as bouncy castle is available
directly as a bundle.
Regards
JB
On 02/03/2012 12:54 PM, Charles Moulliard wrote:
> Hi,
>
> Is the following info page always up to date (
> http://felix.apache.org/site/65-deploying-security-providers.html) ? Why
> don't we have it in karaf documentation ?
>
> Regards,
>
> Charles Moulliard
>
> Apache Committer
>
> Blog : http://cmoulliard.blogspot.com
> Twitter : http://twitter.com/cmoulliard
> Linkedin : http://www.linkedin.com/in/charlesmoulliard
> Skype: cmoulliard
>
--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
Re: Karaf and Security provider
Posted by Charles Moulliard <cm...@gmail.com>.
You are right except that this procedure is only required if we would like
to sign a jar file or a bundle on the platform (
http://docs.oracle.com/javase/1.4.2/docs/guide/jar/jar.html#Signed JAR
File).
So deploying bouncycastle bcprov-jdk16 should be enough in all cases lin
combination with --> Security.addprovider()
On Fri, Feb 3, 2012 at 1:23 PM, Guillaume Nodet <gn...@gmail.com> wrote:
> A security provider has to be a signed bundle and be loaded by the
> root class loader, so deploying it as a bundle will allow you to use
> BouncyCastle api and code, but not as a real security provider.
>
> On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <cm...@gmail.com>
> wrote:
> > You are right. I have made a test using boucycastle jce provider as a
> > bundle and that works fine
> >
> > Remark : some users are abuse about hat note as they are thinking that we
> > must add the lib in the jre/lib or jre/lib/security and not as a bundle
> ;-)
> >
> >
> > On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <io...@gmail.com>
> wrote:
> >
> >> I don't know if its up to date. I was under the impression that you can
> use
> >> the bouncy castle jce provider just by installing it as bundle.
> >>
> >> --
> >> *Ioannis Canellos*
> >> *
> >> FuseSource <http://fusesource.com>
> >>
> >> **
> >> Blog: http://iocanel.blogspot.com
> >> **
> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >> Apache Camel <http://camel.apache.org/> Committer
> >> Apache ServiceMix <http://servicemix.apache.org/> Committer
> >> Apache Gora <http://incubator.apache.org/gora/> Committer
> >> Apache DirectMemory <http://incubator.apache.org/directmemory/>
> Committer
> >> *
> >>
>
>
>
> --
> ------------------------
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> FuseSource, Integration everywhere
> http://fusesource.com
>
Re: Karaf and Security provider
Posted by Charles Moulliard <cm...@gmail.com>.
In fact, there is a missing piece of information in the Karaf
Documentation, the packages of bouncycastle to be exported must be defined
with this variable
*org.osgi.framework.system.packages.extra = \*
On Fri, Feb 3, 2012 at 1:24 PM, Charles Moulliard <cm...@gmail.com>wrote:
> Thx for the clarification.
>
>
> On Fri, Feb 3, 2012 at 1:23 PM, Guillaume Nodet <gn...@gmail.com> wrote:
>
>> A security provider has to be a signed bundle and be loaded by the
>> root class loader, so deploying it as a bundle will allow you to use
>> BouncyCastle api and code, but not as a real security provider.
>>
>> On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <cm...@gmail.com>
>> wrote:
>> > You are right. I have made a test using boucycastle jce provider as a
>> > bundle and that works fine
>> >
>> > Remark : some users are abuse about hat note as they are thinking that
>> we
>> > must add the lib in the jre/lib or jre/lib/security and not as a bundle
>> ;-)
>> >
>> >
>> > On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <io...@gmail.com>
>> wrote:
>> >
>> >> I don't know if its up to date. I was under the impression that you
>> can use
>> >> the bouncy castle jce provider just by installing it as bundle.
>> >>
>> >> --
>> >> *Ioannis Canellos*
>> >> *
>> >> FuseSource <http://fusesource.com>
>> >>
>> >> **
>> >> Blog: http://iocanel.blogspot.com
>> >> **
>> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> >> Apache Camel <http://camel.apache.org/> Committer
>> >> Apache ServiceMix <http://servicemix.apache.org/> Committer
>> >> Apache Gora <http://incubator.apache.org/gora/> Committer
>> >> Apache DirectMemory <http://incubator.apache.org/directmemory/>
>> Committer
>> >> *
>> >>
>>
>>
>>
>> --
>> ------------------------
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> FuseSource, Integration everywhere
>> http://fusesource.com
>>
>
>
Re: Karaf and Security provider
Posted by Charles Moulliard <cm...@gmail.com>.
Thx for the clarification.
On Fri, Feb 3, 2012 at 1:23 PM, Guillaume Nodet <gn...@gmail.com> wrote:
> A security provider has to be a signed bundle and be loaded by the
> root class loader, so deploying it as a bundle will allow you to use
> BouncyCastle api and code, but not as a real security provider.
>
> On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <cm...@gmail.com>
> wrote:
> > You are right. I have made a test using boucycastle jce provider as a
> > bundle and that works fine
> >
> > Remark : some users are abuse about hat note as they are thinking that we
> > must add the lib in the jre/lib or jre/lib/security and not as a bundle
> ;-)
> >
> >
> > On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <io...@gmail.com>
> wrote:
> >
> >> I don't know if its up to date. I was under the impression that you can
> use
> >> the bouncy castle jce provider just by installing it as bundle.
> >>
> >> --
> >> *Ioannis Canellos*
> >> *
> >> FuseSource <http://fusesource.com>
> >>
> >> **
> >> Blog: http://iocanel.blogspot.com
> >> **
> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >> Apache Camel <http://camel.apache.org/> Committer
> >> Apache ServiceMix <http://servicemix.apache.org/> Committer
> >> Apache Gora <http://incubator.apache.org/gora/> Committer
> >> Apache DirectMemory <http://incubator.apache.org/directmemory/>
> Committer
> >> *
> >>
>
>
>
> --
> ------------------------
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> FuseSource, Integration everywhere
> http://fusesource.com
>
Re: Karaf and Security provider
Posted by Guillaume Nodet <gn...@gmail.com>.
A security provider has to be a signed bundle and be loaded by the
root class loader, so deploying it as a bundle will allow you to use
BouncyCastle api and code, but not as a real security provider.
On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <cm...@gmail.com> wrote:
> You are right. I have made a test using boucycastle jce provider as a
> bundle and that works fine
>
> Remark : some users are abuse about hat note as they are thinking that we
> must add the lib in the jre/lib or jre/lib/security and not as a bundle ;-)
>
>
> On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <io...@gmail.com> wrote:
>
>> I don't know if its up to date. I was under the impression that you can use
>> the bouncy castle jce provider just by installing it as bundle.
>>
>> --
>> *Ioannis Canellos*
>> *
>> FuseSource <http://fusesource.com>
>>
>> **
>> Blog: http://iocanel.blogspot.com
>> **
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> Apache Camel <http://camel.apache.org/> Committer
>> Apache ServiceMix <http://servicemix.apache.org/> Committer
>> Apache Gora <http://incubator.apache.org/gora/> Committer
>> Apache DirectMemory <http://incubator.apache.org/directmemory/> Committer
>> *
>>
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com
Re: Karaf and Security provider
Posted by Charles Moulliard <cm...@gmail.com>.
You are right. I have made a test using boucycastle jce provider as a
bundle and that works fine
Remark : some users are abuse about hat note as they are thinking that we
must add the lib in the jre/lib or jre/lib/security and not as a bundle ;-)
On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <io...@gmail.com> wrote:
> I don't know if its up to date. I was under the impression that you can use
> the bouncy castle jce provider just by installing it as bundle.
>
> --
> *Ioannis Canellos*
> *
> FuseSource <http://fusesource.com>
>
> **
> Blog: http://iocanel.blogspot.com
> **
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> Apache Camel <http://camel.apache.org/> Committer
> Apache ServiceMix <http://servicemix.apache.org/> Committer
> Apache Gora <http://incubator.apache.org/gora/> Committer
> Apache DirectMemory <http://incubator.apache.org/directmemory/> Committer
> *
>
Re: Karaf and Security provider
Posted by Ioannis Canellos <io...@gmail.com>.
I don't know if its up to date. I was under the impression that you can use
the bouncy castle jce provider just by installing it as bundle.
--
*Ioannis Canellos*
*
FuseSource <http://fusesource.com>
**
Blog: http://iocanel.blogspot.com
**
Apache Karaf <http://karaf.apache.org/> Committer & PMC
Apache Camel <http://camel.apache.org/> Committer
Apache ServiceMix <http://servicemix.apache.org/> Committer
Apache Gora <http://incubator.apache.org/gora/> Committer
Apache DirectMemory <http://incubator.apache.org/directmemory/> Committer
*
Re: Karaf and Security provider
Posted by Guillaume Nodet <gn...@gmail.com>.
See http://karaf.apache.org/manual/2.2.5/users-guide/security.html
Deploying bouncy castle as a bundle does not allow BC to be used as a
security provider, so you have to follow the above steps.
On Fri, Feb 3, 2012 at 12:54, Charles Moulliard <cm...@gmail.com> wrote:
> Hi,
>
> Is the following info page always up to date (
> http://felix.apache.org/site/65-deploying-security-providers.html) ? Why
> don't we have it in karaf documentation ?
>
> Regards,
>
> Charles Moulliard
>
> Apache Committer
>
> Blog : http://cmoulliard.blogspot.com
> Twitter : http://twitter.com/cmoulliard
> Linkedin : http://www.linkedin.com/in/charlesmoulliard
> Skype: cmoulliard
--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com