You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2016/12/01 16:14:58 UTC

[jira] [Commented] (KARAF-4784) OsgiConfiguration for JAAS should fallback to default configuration

    [ https://issues.apache.org/jira/browse/KARAF-4784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15712373#comment-15712373 ] 

ASF subversion and git services commented on KARAF-4784:
--------------------------------------------------------

Commit 040c805f47abe0f0a3fd18258e14bec5f4bca5a8 in karaf's branch refs/heads/master from [~gnt]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=040c805 ]

[KARAF-4784] OsgiConfiguration for JAAS should fallback to default configuration

> OsgiConfiguration for JAAS should fallback to default configuration
> -------------------------------------------------------------------
>
>                 Key: KARAF-4784
>                 URL: https://issues.apache.org/jira/browse/KARAF-4784
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 4.0.7
>            Reporter: Benjamin Papez
>
> We will use Karaf embedded in the next version of our Web Application, which means that we still first start the application server (Tomcat/JBoss/Websphere) and then Karaf is started inside. Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO. Unfortunately with the step to use Karaf the current default JAAS configuration is no longer picked up and used, because Karaf is setting the {{org.apache.karaf.jaas.config.impl.OsgiConfiguration}} object into {{javax.security.auth.login.Configuration.setConfiguration}} within the {{OsgiConfiguration.init}} method.
> This way all standard/app-server specific ways of JAAS configuration are ignored.
> I would propose a modification to {{OsgiConfiguration}}, with something like:
> {code}
>     private Configuration defaultConfiguration;
>     public void init() {
>         try {
>             defaultConfiguration = Configuration.getConfiguration();
>         } catch (RuntimeException ex) {
>             // default configuration for fallback could not be retrieved - should be logged
>         }
>         Configuration.setConfiguration(this);
>     }
>     ...
>     public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>         JaasRealm realm = null;
>         for (JaasRealm r : realms) {
>             if (r.getName().equals(name)) {
>                 if (realm == null || r.getRank() > realm.getRank()) {
>                     realm = r;
>                 }
>             }
>         }
>         if (realm != null) {
>             return realm.getEntries();
>         } else if (defaultConfiguration != null) {
>            return defaultConfiguration.getAppConfigurationEntry(name);
>         }
>         return null;
>     }
>     public void refresh() {
>         if (defaultConfiguration != null) {
>             defaultConfiguration.refresh();
>         }
>     }
> {code}
> This way if no OSGI configured JAAS realm can find an {{AppConfigurationEntry}}, we would still try to get it from the default JAAS configuration, and our customers could keep the same JAAS configuration as before. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)