You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2013/09/30 16:41:17 UTC
svn commit: r1527599 -
/karaf/trunk/manual/src/main/webapp/users-guide/security.conf
Author: jbonofre
Date: Mon Sep 30 14:41:17 2013
New Revision: 1527599
URL: http://svn.apache.org/r1527599
Log:
[KARAF-2434] Add a quick update on the manual about JAAS users, groups, and roles.
Modified:
karaf/trunk/manual/src/main/webapp/users-guide/security.conf
Modified: karaf/trunk/manual/src/main/webapp/users-guide/security.conf
URL: http://svn.apache.org/viewvc/karaf/trunk/manual/src/main/webapp/users-guide/security.conf?rev=1527599&r1=1527598&r2=1527599&view=diff
==============================================================================
--- karaf/trunk/manual/src/main/webapp/users-guide/security.conf (original)
+++ karaf/trunk/manual/src/main/webapp/users-guide/security.conf Mon Sep 30 14:41:17 2013
@@ -76,4 +76,37 @@ In addition, you may want to provide acc
org.osgi.framework.bootdelegation = ...,org.bouncycastle*
{code}
+h2. Users, groups, and roles
+
+An user can be a member of a group or have roles assigned directly.
+Groups typically have one or more roles assigned. Users that are part (member) of that group will get these roles
+associated too.
+Users have the union of the roles associated with their groups together with their own roles. When logging in, the user
+will get RolePrincipal objects from all of these. The user will also get a GroupPrincipal object associated for each
+group he is in.
+Groups are currently implemented for the PropertiesLoginModule and PropertiesBackingEngine, which is the default
+implementation used by Karaf. The other login modules (JDBC, LDAP, ...) will be gradually updated.
+
+For instance, the following shell commands can be used to set up users, groups, and roles:
+
+{code}
+karaf@root()> jaas
+karaf@root(jaas)> realm-manage --index 1
+karaf@root(jaas)> group-add managergroup
+karaf@root(jaas)> user-add joe joe
+karaf@root(jaas)> group-add joe managergroup
+karaf@root(jaas)> group-role-add managergroup manager
+karaf@root(jaas)> group-role-add managergroup viewer
+karaf@root(jaas)> update
+karaf@root(jaas)> user-list
+User Name | Group | Role
+----------------------------------
+karaf | admingroup | admin
+karaf | admingroup | manager
+karaf | admingroup | viewer
+joe | managergroup | manager
+joe | managergroup | viewer
+{code}
+
+Roles are used by the JMX layer, and the Karaf shell console to define the "permission" of each users.