Details
Description
We will use Karaf embedded in the next version of our Web Application, which means that we still first start the application server (Tomcat/JBoss/Websphere) and then Karaf is started inside. Some of our customers are using a JAAS configuration, mainly Kerberos for SPNEGO. Unfortunately with the step to use Karaf the current default JAAS configuration is no longer picked up and used, because Karaf is setting the org.apache.karaf.jaas.config.impl.OsgiConfiguration object into javax.security.auth.login.Configuration.setConfiguration within the OsgiConfiguration.init method.
This way all standard/app-server specific ways of JAAS configuration are ignored.
I would propose a modification to OsgiConfiguration, with something like:
private Configuration defaultConfiguration; public void init() { try { defaultConfiguration = Configuration.getConfiguration(); } catch (RuntimeException ex) { // default configuration for fallback could not be retrieved - should be logged } Configuration.setConfiguration(this); } ... public AppConfigurationEntry[] getAppConfigurationEntry(String name) { JaasRealm realm = null; for (JaasRealm r : realms) { if (r.getName().equals(name)) { if (realm == null || r.getRank() > realm.getRank()) { realm = r; } } } if (realm != null) { return realm.getEntries(); } else if (defaultConfiguration != null) { return defaultConfiguration.getAppConfigurationEntry(name); } return null; } public void refresh() { if (defaultConfiguration != null) { defaultConfiguration.refresh(); } }
This way if no OSGI configured JAAS realm can find an AppConfigurationEntry, we would still try to get it from the default JAAS configuration, and our customers could keep the same JAAS configuration as before.
Attachments
Issue Links
- links to