You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@karaf.apache.org by Mike Wilson <mi...@hotmail.com> on 2012/11/30 02:28:10 UTC

how to set up jaas both outside and inside osgi container?

We are embedding Karaf within an existing application which
is using JAAS for user login handling. As we want to use
the Karaf console as well, we need to have JAAS available
both in the existing application's "static" code, and in
the OSGI container.

How is this best set up?
- let application refer to JAAS service in OSGI
- or, let OSGI refer to statically loaded JAAS in application
- or, somehow load two independent JAAS implementations
?

Thanks
Mike Wilson

Re: how to set up jaas both outside and inside osgi container?

Posted by Łukasz Dywicki <lu...@code-house.org>.

Hey Mike (sorry, I am late as JB answered partially your question),
This scenario is a bit tricky because Karaf JAAS module from JVM point of view is proxy. However typical JAAS constructions still works well under OSGi ie. if you create new LoginContext you can expect that it will reach deployed realm.

If you would like to use InitialContext you should override initial factory property I believe to call provider you expect, not default one - in Karaf case it will be Aries.
My personal recomendation is to port your realm and run it normally under OSGi, as it will let you control everything.

Cheers,
Łukasz Dywicki
--
Twitter: ldywicki
Blog: http://dywicki.pl
Code-House - http://code-house.org

Wiadomość napisana przez Mike Wilson w dniu 30 lis 2012, o godz. 14:04:

> I've tried both bootdelegation and packages.extra settings, for
> referring to my LoginModule residing in non-OSGI code, and both
> ways seem to work.
> 
> Though in both cases, when the LoginModule tries to create an
> InitialContext, I am getting an exception from Aries JNDI:
> 
> javax.naming.NoInitialContextException: The calling code's BundleContext
> could not be determined.
> 	at
> org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSG
> iInitialContextFactoryBuilder.java:46)
> 	at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
> 	at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
> 	at javax.naming.InitialContext.init(InitialContext.java:242)
> 	at javax.naming.InitialContext.<init>(InitialContext.java:192)
> 	at org.apache.jsp.index_jsp._jspService(org.apache.jsp.index_jsp:51)
> 	at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> 	at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3
> 89)
> 	at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
> 	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> 	at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> 	at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
> 	at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> 	at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> 	at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> 	at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> 	at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
> 	at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
> 	at
> org.mortbay.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:503)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> 	at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> 	at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
> 	at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> 	at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> 	at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> 	at
> org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> 	at
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerColl
> ection.java:230)
> 	at
> org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:11
> 4)
> 	at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> 	at org.mortbay.jetty.Server.handle(Server.java:326)
> 	at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> 	at
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnectio
> n.java:928)
> 	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
> 	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
> 	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> 	at
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
> 	at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582
> )
> 
> I've asked on the Aries ML how to solve this, but if someone here 
> has a clue that'd be great too :-)
> 
> Thanks
> Mike Wilson
> 
> Mike Wilson wrote:
>> Thanks Jean-Baptiste,
>> 
>> So then I should do all JAAS configuration from Karaf, right?
>> The application has its own JAAS LoginModule in the non-OSGI codebase 
>> so would it be something like this? :
>> 
>> <blueprint ...>
>>  ... 
>>  <jaas:config name="karaf" rank="1">
>>    <jaas:module className="org.apache...PropertiesLoginModule"/> 
>>  </jaas:config>
>>  <jaas:config name="myjaas" rank="1">
>>    <jaas:module className="MyJaasLoginModule"/>
>>  </jaas:config>
>> </blueprint> 
>> 
>> Should I use bootdelegation or packages.extra to make OSGI find my
>> non-OSGI LoginModule?
>> 
>> Best regards
>> Mike
>> 
>> Jean-Baptiste Onofré wrote:
>>> Hi Mike,
>>> 
>>> my advice is to use the JAAS/Security framework provided by 
>>> Karaf. You 
>>> can create your own realms, using different login modules 
>> (including 
>>> your own modules).
>>> 
>>> This framework is available as an OSGi service, and can be 
>>> injected in 
>>> your application.
>>> 
>>> Regards
>>> JB
>>> 
>>> On 11/30/2012 02:28 AM, Mike Wilson wrote:
>>>> We are embedding Karaf within an existing application which
>>>> is using JAAS for user login handling. As we want to use
>>>> the Karaf console as well, we need to have JAAS available
>>>> both in the existing application's "static" code, and in
>>>> the OSGI container.
>>>> 
>>>> How is this best set up?
>>>> - let application refer to JAAS service in OSGI
>>>> - or, let OSGI refer to statically loaded JAAS in application
>>>> - or, somehow load two independent JAAS implementations
>>>> ?
>>>> 
>>>> Thanks
>>>> Mike Wilson
>>>> 
>>> 
>>> -- 
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>> 
>> 
>

RE: how to set up jaas both outside and inside osgi container?

Posted by Mike Wilson <mi...@hotmail.com>.

I've tried both bootdelegation and packages.extra settings, for
referring to my LoginModule residing in non-OSGI code, and both
ways seem to work.

Though in both cases, when the LoginModule tries to create an
InitialContext, I am getting an exception from Aries JNDI:

javax.naming.NoInitialContextException: The calling code's BundleContext
could not be determined.
	at
org.apache.aries.jndi.OSGiInitialContextFactoryBuilder.getInitialContext(OSG
iInitialContextFactoryBuilder.java:46)
	at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
	at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
	at javax.naming.InitialContext.init(InitialContext.java:242)
	at javax.naming.InitialContext.<init>(InitialContext.java:192)
	at org.apache.jsp.index_jsp._jspService(org.apache.jsp.index_jsp:51)
	at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
	at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3
89)
	at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
	at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
	at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
	at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
	at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
	at
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
	at
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
	at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
	at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
	at
org.mortbay.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:503)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
	at
org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
	at
org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
	at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
	at
org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at
org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
	at
org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
	at
org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerColl
ection.java:230)
	at
org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:11
4)
	at
org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.Server.handle(Server.java:326)
	at
org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
	at
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnectio
n.java:928)
	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
	at
org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
	at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582
)

I've asked on the Aries ML how to solve this, but if someone here 
has a clue that'd be great too :-)

Thanks
Mike Wilson

Mike Wilson wrote:
> Thanks Jean-Baptiste,
> 
> So then I should do all JAAS configuration from Karaf, right?
> The application has its own JAAS LoginModule in the non-OSGI codebase 
> so would it be something like this? :
> 
> <blueprint ...>
>   ... 
>   <jaas:config name="karaf" rank="1">
>     <jaas:module className="org.apache...PropertiesLoginModule"/> 
>   </jaas:config>
>   <jaas:config name="myjaas" rank="1">
>     <jaas:module className="MyJaasLoginModule"/>
>   </jaas:config>
> </blueprint> 
> 
> Should I use bootdelegation or packages.extra to make OSGI find my
> non-OSGI LoginModule?
> 
> Best regards
> Mike
> 
> Jean-Baptiste Onofré wrote:
> > Hi Mike,
> > 
> > my advice is to use the JAAS/Security framework provided by 
> > Karaf. You 
> > can create your own realms, using different login modules 
> (including 
> > your own modules).
> > 
> > This framework is available as an OSGi service, and can be 
> > injected in 
> > your application.
> > 
> > Regards
> > JB
> > 
> > On 11/30/2012 02:28 AM, Mike Wilson wrote:
> > > We are embedding Karaf within an existing application which
> > > is using JAAS for user login handling. As we want to use
> > > the Karaf console as well, we need to have JAAS available
> > > both in the existing application's "static" code, and in
> > > the OSGI container.
> > >
> > > How is this best set up?
> > > - let application refer to JAAS service in OSGI
> > > - or, let OSGI refer to statically loaded JAAS in application
> > > - or, somehow load two independent JAAS implementations
> > > ?
> > >
> > > Thanks
> > > Mike Wilson
> > >
> > 
> > -- 
> > Jean-Baptiste Onofré
> > jbonofre@apache.org
> > http://blog.nanthrax.net
> > Talend - http://www.talend.com
> 
>

RE: how to set up jaas both outside and inside osgi container?

Posted by Mike Wilson <mi...@hotmail.com>.

Thanks Jean-Baptiste,

So then I should do all JAAS configuration from Karaf, right?
The application has its own JAAS LoginModule in the non-OSGI codebase 
so would it be something like this? :

<blueprint ...>
  ... 
  <jaas:config name="karaf" rank="1">
    <jaas:module className="org.apache...PropertiesLoginModule"/> 
  </jaas:config>
  <jaas:config name="myjaas" rank="1">
    <jaas:module className="MyJaasLoginModule"/>
  </jaas:config>
</blueprint> 

Should I use bootdelegation or packages.extra to make OSGI find my
non-OSGI LoginModule?

Best regards
Mike

Jean-Baptiste Onofré wrote:
> Hi Mike,
> 
> my advice is to use the JAAS/Security framework provided by 
> Karaf. You 
> can create your own realms, using different login modules (including 
> your own modules).
> 
> This framework is available as an OSGi service, and can be 
> injected in 
> your application.
> 
> Regards
> JB
> 
> On 11/30/2012 02:28 AM, Mike Wilson wrote:
> > We are embedding Karaf within an existing application which
> > is using JAAS for user login handling. As we want to use
> > the Karaf console as well, we need to have JAAS available
> > both in the existing application's "static" code, and in
> > the OSGI container.
> >
> > How is this best set up?
> > - let application refer to JAAS service in OSGI
> > - or, let OSGI refer to statically loaded JAAS in application
> > - or, somehow load two independent JAAS implementations
> > ?
> >
> > Thanks
> > Mike Wilson
> >
> 
> -- 
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com

Re: how to set up jaas both outside and inside osgi container?

Posted by Jean-Baptiste Onofré <jb...@nanthrax.net>.

Hi Mike,

my advice is to use the JAAS/Security framework provided by Karaf. You 
can create your own realms, using different login modules (including 
your own modules).

This framework is available as an OSGi service, and can be injected in 
your application.

Regards
JB

On 11/30/2012 02:28 AM, Mike Wilson wrote:
> We are embedding Karaf within an existing application which
> is using JAAS for user login handling. As we want to use
> the Karaf console as well, we need to have JAAS available
> both in the existing application's "static" code, and in
> the OSGI container.
>
> How is this best set up?
> - let application refer to JAAS service in OSGI
> - or, let OSGI refer to statically loaded JAAS in application
> - or, somehow load two independent JAAS implementations
> ?
>
> Thanks
> Mike Wilson
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com