You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by Marcin Wilkos <ma...@gmail.com> on 2009/07/21 20:23:24 UTC
Re: Google Summer of Code
Hi,
Guillaume wrote about pluggable user authentication mechanism for Karaf
shell.
I think it's good for second part of my GSoC program. Could you write more
about security in Karaf and Felix?
Where passwords are stored and how?
regards,
Marcin
2009/6/10 Guillaume Nodet <gn...@gmail.com>
> The security part can be slit in two different goals imho;
> * pluggable user authentication mechanism
> * command based authorization for the authenticated user
>
> The last one is much more optional, but it would mean defining roles /
> groups that the user needs to belong to for each shell command / ui
> tab / ui action, and make sure the authenticated user is authorized to
> perform such a command.
>
> On Wed, Jun 10, 2009 at 13:17, Felix Meschberger<fm...@gmail.com>
> wrote:
> > Hi,
> >
> > Guillaume Nodet schrieb:
> >> Another idea as the first step for security would be the
> >> authentication mechanism we discussed on another thread.
> >> Currently, the web console uses a ConfigAdmin to retrieve the username
> >> / password. This layer should be pluggable and allow the current
> >> mechanism, UserAdmin or JAAS to be plugged in somehow.
> >
> > That's in fact how I understood your first point ;-)
> >
> > Regards
> > Felix
> >
> >>
> >> On Wed, Jun 10, 2009 at 12:04, Guillaume Nodet<gn...@gmail.com> wrote:
> >>> Two ideas for the console:
> >>> * add some security to the console / shell (role based for a given
> >>> action / command)
> >>> * have a low level shell access from the console (using command line
> >>> as we already discussed)
> >>> I guess both are not simple problems to tackle, so not sure Marcin
> >>> availability will be enough.
> >>> If not, I'd be glad to try implementing the low level shell access
> >>> from the console.
> >>>
> >>> My thinking about that was to have a hidden feature as Hiram
> >>> demonstrated some time ago on his prototype.
> >>> Typing '~' in the console would bring up a popup and start a shell
> >>> with the credentials of the user that logged into the web console (not
> >>> sure how to retrieve those in a safe manner yet). Typing again the
> >>> same key would hide the popup.
> >>>
> >>> On Wed, Jun 10, 2009 at 09:37, Gert Vanthienen<
> gert.vanthienen@gmail.com> wrote:
> >>>> Guillaume,
> >>>>
> >>>> I created http://cwiki.apache.org/confluence/display/FELIX/GSoC+2009
> >>>> to keep track of this. The current working schedule is at the top of
> >>>> the page, with the bits of information I'm aware of already filled in.
> >>>>
> >>>> I added the original schedule at the bottom, but because of our
> >>>> decision to leverage the Felix Web Console, most of the tasks in that
> >>>> schedule are no longer necessary. So if people have any suggestions
> >>>> for other work to fill in those gaps...
> >>>>
> >>>> Regards,
> >>>>
> >>>> Gert Vanthienen
> >>>> ------------------------
> >>>> Open Source SOA: http://fusesource.com
> >>>> Blog: http://gertvanthienen.blogspot.com/
> >>>>
> >>>>
> >>>>
> >>>> 2009/6/9 Guillaume Nodet <gn...@gmail.com>:
> >>>>> Yeah ! Keep up the good work.
> >>>>> Do you have a plan for the coming weeks / monthes. Maybe you could
> >>>>> create a wiki page somewhere or maybe even an email so we can get see
> >>>>> what you plan to work on and maybe give some input / discuss things ?
> >>>>>
> >>>>> On Mon, Jun 8, 2009 at 23:32, Marcin Wilkos<ma...@gmail.com>
> wrote:
> >>>>>> Hi,
> >>>>>> I'm Marcin Wilkos. Like Gert Vanthienen wrote before I'm working on
> >>>>>> webconsole for Karaf and ServiceMix as GSoC project. I'll be sending
> weekly
> >>>>>> reports to this list.
> >>>>>> In last week I focused on first extension for felix web console,
> which lists
> >>>>>> Karaf features. I created JIRA issue for this and uploaded a patch.
> Gert
> >>>>>> checked it and uploaded to svn.
> >>>>>> Regards,
> >>>>>> Marcin Wilkos
> >>>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Cheers,
> >>>>> Guillaume Nodet
> >>>>> ------------------------
> >>>>> Blog: http://gnodet.blogspot.com/
> >>>>> ------------------------
> >>>>> Open Source SOA
> >>>>> http://fusesource.com
> >>>>>
> >>>
> >>>
> >>> --
> >>> Cheers,
> >>> Guillaume Nodet
> >>> ------------------------
> >>> Blog: http://gnodet.blogspot.com/
> >>> ------------------------
> >>> Open Source SOA
> >>> http://fusesource.com
> >>>
> >>
> >>
> >>
> >
>
>
>
> --
> Cheers,
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> Open Source SOA
> http://fusesource.com
>