[KARAF-172] Implement a mechanism that would allow a karaf application to distingush between UserPrincipal & RolePrincipal without depending from Karaf JAAS Modules - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.1.0
Component/s: None
Labels:
None

Description

A karaf application that makes use of JAAS for authentication and authorization will obtain a LoginContext that contains UserPrincipal and RolePrincipal objects (both classes are inside org.apache.karaf.jaas:org.apache.karaf.jaas.modules).

If such application needs to distinguish between those two(e.g role based authorization), will have to depend from org.apache.karaf.jaas:org.apache.karaf.jaas.modules.

I think that the application needs to be decoupled from Karaf JAAS Modules and this is why I think that an alternative needs to be provided to the user.

Such alternative could be the use of a convention (maybe like having a prefix on Roles, or goruping roles under a Group with a fixed name (jboss approach)). This mechanism could be implemented by Karaf Login Modules and even better could be pluggable.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KARAF-172-patch.txt
27/Aug/10 13:32
12 kB
Ioannis Canellos

Activity

People

Assignee:: Ioannis Canellos

Reporter:: Ioannis Canellos

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Aug/10 13:34

Updated:: 25/Jul/11 11:45

Resolved:: 03/Sep/10 13:11