You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2013/09/30 16:41:17 UTC

svn commit: r1527599 - /karaf/trunk/manual/src/main/webapp/users-guide/security.conf

Author: jbonofre
Date: Mon Sep 30 14:41:17 2013
New Revision: 1527599

URL: http://svn.apache.org/r1527599
Log:
[KARAF-2434] Add a quick update on the manual about JAAS users, groups, and roles.

Modified:
    karaf/trunk/manual/src/main/webapp/users-guide/security.conf

Modified: karaf/trunk/manual/src/main/webapp/users-guide/security.conf
URL: http://svn.apache.org/viewvc/karaf/trunk/manual/src/main/webapp/users-guide/security.conf?rev=1527599&r1=1527598&r2=1527599&view=diff
==============================================================================
--- karaf/trunk/manual/src/main/webapp/users-guide/security.conf (original)
+++ karaf/trunk/manual/src/main/webapp/users-guide/security.conf Mon Sep 30 14:41:17 2013
@@ -76,4 +76,37 @@ In addition, you may want to provide acc
 org.osgi.framework.bootdelegation = ...,org.bouncycastle*
 {code}
 
+h2. Users, groups, and roles
+
+An user can be a member of a group or have roles assigned directly.
+Groups typically have one or more roles assigned. Users that are part (member) of that group will get these roles
+associated too.
+Users have the union of the roles associated with their groups together with their own roles. When logging in, the user
+will get RolePrincipal objects from all of these. The user will also get a GroupPrincipal object associated for each
+group he is in.
+Groups are currently implemented for the PropertiesLoginModule and PropertiesBackingEngine, which is the default
+implementation used by Karaf. The other login modules (JDBC, LDAP, ...) will be gradually updated.
+
+For instance, the following shell commands can be used to set up users, groups, and roles:
+
+{code}
+karaf@root()> jaas
+karaf@root(jaas)> realm-manage --index 1
+karaf@root(jaas)> group-add managergroup
+karaf@root(jaas)> user-add joe joe
+karaf@root(jaas)> group-add joe managergroup
+karaf@root(jaas)> group-role-add managergroup manager
+karaf@root(jaas)> group-role-add managergroup viewer
+karaf@root(jaas)> update
+karaf@root(jaas)> user-list
+User Name | Group        | Role
+----------------------------------
+karaf     | admingroup   | admin
+karaf     | admingroup   | manager
+karaf     | admingroup   | viewer
+joe       | managergroup | manager
+joe       | managergroup | viewer
+{code}
+
+Roles are used by the JMX layer, and the Karaf shell console to define the "permission" of each users.