Karaf
  1. Karaf
  2. KARAF-1368

Make it easy to enable Karaf PropertiesLoginModule via an optional feature

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Not a Problem
    • Affects Version/s: None
    • Fix Version/s: 2.2.7, 2.3.0
    • Component/s: karaf-feature
    • Labels:

      Description

      Typically it is recommended to deploy the following Blueprint context in order to enable a JAAS PropertiesLoginModule shipped with Karaf:

      <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
                 xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
                 xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
      
          <!-- Bean to allow the $[karaf.base] property to be correctly resolved -->
          <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
      
          <jaas:config name="karaf">
              <jaas:module className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
                           flags="required">
                 users=$[karaf.base]/etc/users.properties
              </jaas:module>
          </jaas:config>
      
      </blueprint>
      

      and here is a typical pom.xml:

      <project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
      
         <modelVersion>4.0.0</modelVersion>
         <artifactId>my-service-jaas</artifactId>
         <name>Service JAAS</name>
         <packaging>bundle</packaging>
         <url>http://maven.apache.org</url>
      
         <dependencies>
          <dependency>
            <groupId>org.apache.karaf.jaas</groupId>
            <artifactId>org.apache.karaf.jaas.config</artifactId>
            <version>2.1.2</version>
          </dependency>
         </dependencies>
      
         <build>
            <plugins>
              <plugin>
      <groupId>org.apache.felix</groupId>
      <artifactId>maven-bundle-plugin</artifactId>
      <configuration>
      <instructions>
      <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
      <Import-Package>
      javax.net.ssl,
                         javax.security.auth.login,
                         org.osgi.service.blueprint,
                         org.apache.karaf.jaas.config,
                         org.apache.karaf.jaas.boot,
                      </Import-Package>
                      <DynamicImport-Package>*</DynamicImport-Package>
      </instructions>
      </configuration>
      </plugin>
          </plugins>
        </build>
         
      </project>
      

      Such a bundle is generic and will work with any service depending on PropertiesLoginModule.
      It would be nice if Karaf itself shipped such a bundle and offered an optional feature, tentatively named 'karaf-jaas-login-properties' (or similar) so that whenever a user want to work with PropertiesLoginModule all he/she needs to do is to modify etc/user.properties and do 'features:install karaf-jaas-login-properties'.

      Note it is not a new enhancement request but simply a wish to get the default properties login module easily enabled when needed

        Activity

        Hide
        Freeman Fang added a comment -

        Hi Sergey,

        Karaf already shipped this jaas module, please take a look at [1], and as jaas is very basic functionality of Karaf, so the jaas related bundle already put into etc/startup.properties, which means once you start Karaf, the jaas is already available for you out-of-box, you needn't write your own bundle to enable PropertiesLoginModule. You can simply edit etc/user.properties to add user/password/role there and it could be picked up out-of-box.

        [1]https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml

        Best Regards
        Freeman

        Show
        Freeman Fang added a comment - Hi Sergey, Karaf already shipped this jaas module, please take a look at [1] , and as jaas is very basic functionality of Karaf, so the jaas related bundle already put into etc/startup.properties, which means once you start Karaf, the jaas is already available for you out-of-box, you needn't write your own bundle to enable PropertiesLoginModule. You can simply edit etc/user.properties to add user/password/role there and it could be picked up out-of-box. [1] https://svn.apache.org/repos/asf/karaf/branches/karaf-2.2.x/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml Best Regards Freeman
        Hide
        Jean-Baptiste Onofré added a comment -

        Hi Freeman,

        If I right understood, the Sergey's request is to be able to install PropertiesLoginModule (or others login module) by a simple command instead of installing all login modules at startup.
        The user can pick up the login modules that he wants exactly.

        Show
        Jean-Baptiste Onofré added a comment - Hi Freeman, If I right understood, the Sergey's request is to be able to install PropertiesLoginModule (or others login module) by a simple command instead of installing all login modules at startup. The user can pick up the login modules that he wants exactly.
        Hide
        Freeman Fang added a comment -

        Hi JB,

        Do you mean remove all jaas bundle from startup.properties and put them into a feature?
        If so, -1. Given the very basic role jaas bundle plays here, a lot of other karaf functionality depend on it, such as admin, shell, management, features, etc. I believe we need the jaas for JMX/SSH/Webconsole aslo. startup.properties is the place to put some very basic bundles, which can do self-boot for container, if we remove jaas bundles from startup.properties, we also need remove almost all other karaf bundles from the startup.properties, which I think not doable, think about without features related bundles ready at very early stage, who take responsibility to launch the features from features.xml?

        In summary, the jaas related bundles isn't be optional, it's very fundamental thus must be available at very early stage.
        Freeman

        Show
        Freeman Fang added a comment - Hi JB, Do you mean remove all jaas bundle from startup.properties and put them into a feature? If so, -1. Given the very basic role jaas bundle plays here, a lot of other karaf functionality depend on it, such as admin, shell, management, features, etc. I believe we need the jaas for JMX/SSH/Webconsole aslo. startup.properties is the place to put some very basic bundles, which can do self-boot for container, if we remove jaas bundles from startup.properties, we also need remove almost all other karaf bundles from the startup.properties, which I think not doable, think about without features related bundles ready at very early stage, who take responsibility to launch the features from features.xml? In summary, the jaas related bundles isn't be optional, it's very fundamental thus must be available at very early stage. Freeman
        Hide
        Jean-Baptiste Onofré added a comment -

        The purpose is more to clearly display which modules are available by default and give the ability to add new ones easily.

        Show
        Jean-Baptiste Onofré added a comment - The purpose is more to clearly display which modules are available by default and give the ability to add new ones easily.
        Hide
        Sergey Beryozkin added a comment - - edited

        Hi JB, Freeman,

        If JAAS PropertiesLoginModule is active and linked to etc/user.properties on startup then I'll be happy to close this JIRA, let me validate it now...

        Show
        Sergey Beryozkin added a comment - - edited Hi JB, Freeman, If JAAS PropertiesLoginModule is active and linked to etc/user.properties on startup then I'll be happy to close this JIRA, let me validate it now...
        Hide
        Freeman Fang added a comment -

        Hi Sergey,

        Thanks for clarifying. Just FYI, in Apache Servicemix 4.4.1 there's an examples/cxf/cxf-ws-security-osgi example, which leverage cxf JAASLoginInterceptor to authenticate against karaf default jaas configuration, where we add joe=password in etc/users.properties and it just work.

        You can add this example feature in pure Karaf and it should also work.
        Freeman

        Show
        Freeman Fang added a comment - Hi Sergey, Thanks for clarifying. Just FYI, in Apache Servicemix 4.4.1 there's an examples/cxf/cxf-ws-security-osgi example, which leverage cxf JAASLoginInterceptor to authenticate against karaf default jaas configuration, where we add joe=password in etc/users.properties and it just work. You can add this example feature in pure Karaf and it should also work. Freeman
        Hide
        Jean-Baptiste Onofré added a comment -

        The PropertiesLoginModule is available at startup. I misunderstood Sergey.

        My concern is more that all the JAAS modules bundle is there at startup (including JDBC, LDAP, OSGi). Maybe a better granularity is better. On the other hand, the configuration is largely easier like this.

        Show
        Jean-Baptiste Onofré added a comment - The PropertiesLoginModule is available at startup. I misunderstood Sergey. My concern is more that all the JAAS modules bundle is there at startup (including JDBC, LDAP, OSGi). Maybe a better granularity is better. On the other hand, the configuration is largely easier like this.
        Hide
        Sergey Beryozkin added a comment -

        Freeman: indeed, my demo works OK without specifically deploying this helper bundle, thanks for a tip
        JB: I agree it may not optimal to have all the JAAS modules up on the startup, but also agree that it also makes it easy for users not to worry about setting such modules in the first place.

        As far as I'm concerned, I consider this issue resolved as won't fix or not a problem, etc...
        Thanks

        Show
        Sergey Beryozkin added a comment - Freeman: indeed, my demo works OK without specifically deploying this helper bundle, thanks for a tip JB: I agree it may not optimal to have all the JAAS modules up on the startup, but also agree that it also makes it easy for users not to worry about setting such modules in the first place. As far as I'm concerned, I consider this issue resolved as won't fix or not a problem, etc... Thanks
        Hide
        Freeman Fang added a comment -

        JB,

        All JAAS LoginModule like Properties/JDBC/LDAP/OSGi are in same org.apache.karaf.jaas.modules.jar bundle, but only PropertiesLoginModule is the one configured by default to provide JAAS service, I think it's fine.

        Sergey,

        I'll make this issue as "Not a Problem" per the discussion here.

        Regards
        Freeman

        Show
        Freeman Fang added a comment - JB, All JAAS LoginModule like Properties/JDBC/LDAP/OSGi are in same org.apache.karaf.jaas.modules.jar bundle, but only PropertiesLoginModule is the one configured by default to provide JAAS service, I think it's fine. Sergey, I'll make this issue as "Not a Problem" per the discussion here. Regards Freeman

          People

          • Assignee:
            Freeman Fang
            Reporter:
            Sergey Beryozkin
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development