karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Bosschaert <david.bosscha...@gmail.com>
Subject Re: Toward Karaf 3.0.0
Date Sun, 24 Nov 2013 19:56:26 GMT
Great, thanks JB!

David

On 24 November 2013 17:26, Jean-Baptiste Onofré <jb@nanthrax.net> wrote:
> As said this morning, I've enabled the JMX RBAC by default on the root
> instance.
>
> Now, I'm updating to the same behaviour for:
> - instance started using the wrapper
> - instances managed by the instance script or the instance:* commands/MBeans
>
> It should be done tonight.
>
> Regards
> JB
>
>
> On 11/24/2013 07:04 AM, Jean-Baptiste Onofré wrote:
>>
>> Hi David,
>>
>> Now that KARAF-2513 is fixed, I'm OK to enable it by default.
>>
>> I gonna do that, and I will add the documentation to explain how to
>> disable it (if an user really wants to).
>>
>> Thanks,
>> Regards
>> JB
>>
>> On 11/23/2013 11:40 PM, David Bosschaert wrote:
>>>
>>> Hi all,
>>>
>>> I would like to come to a conclusion before we release 3.0.0 on
>>> whether we want JMX Role-based Access Control enabled by default or
>>> not.
>>>
>>> Right now it's not enabled and you have to set the KARAF_ACL
>>> environment variable for this.
>>> While I have no problem with adding a command line flag to control
>>> this I think it would be nice if it was enabled by default. I realize
>>> that until recently KARAF-2513 was standing in the way of that, but
>>> this should now be fixed. I'm personally not aware of any other issues
>>> with it...
>>> Shell commands (and OSGi Services in general) already have RBAC
>>> enabled by default and I think they should probably line up.
>>>
>>> However if people disagree with having this enabled, then I could live
>>> with that, but in that case I think it would be good to also disable
>>> the shell command/osgi service RBAC switched on/off via the same
>>> mechanism.
>>>
>>> Thoughts anyone?
>>>
>>> David
>>>
>>> On 21 November 2013 12:50, Jean-Baptiste Onofré <jb@nanthrax.net> wrote:
>>>>
>>>> Thanks David.
>>>>
>>>> Let me test it again. I will get back to you soon.
>>>>
>>>> Regards
>>>> JB
>>>>
>>>>
>>>> On 11/21/2013 01:32 PM, David Bosschaert wrote:
>>>>>
>>>>>
>>>>> Hi JB,
>>>>>
>>>>> I fixed the issue with Camel MBeans (KARAF-2513): the JMX RBAC code
>>>>> wasnt properly unwrapping exceptions before throwing them up to the
>>>>> caller.
>>>>>
>>>>>> We disabled JMX RBAC by default as it "breaks" projects MBeans (like
>>>>>> Camel, CXF, etc).
>>>>>
>>>>>
>>>>>
>>>>> You also mention 'CXF' and 'etc'. Are there other actual bugs or use
>>>>> cases that don't work? If so please let me know and I'll look into
>>>>> them
>>>>>
>>>>> Cheers,
>>>>>
>>>>> David
>>>>>
>>>>> On 20 November 2013 15:04, Jean-Baptiste Onofré <jb@nanthrax.net>
>>>>> wrote:
>>>>>>
>>>>>>
>>>>>> Awesome, thanks a lot David !
>>>>>>
>>>>>> Regards
>>>>>> JB
>>>>>>
>>>>>>
>>>>>> On 11/20/2013 04:02 PM, David Bosschaert wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 20 November 2013 14:55, Jean-Baptiste Onofré <jb@nanthrax.net>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I checked in bin/karaf and bin/karaf.bat, and actually, in
both, JMX
>>>>>>>> RBAC
>>>>>>>> are disabled by default (the test is just different on Windows
and
>>>>>>>> Unix).
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Yep, my bad for not see that one is doing '==' where the other
does
>>>>>>> '!='.
>>>>>>>
>>>>>>> The problem with Camel is captured in
>>>>>>> https://issues.apache.org/jira/browse/KARAF-2513
>>>>>>> I'm going to have a look to see whether I can address that. I'd
>>>>>>> really
>>>>>>> like to see the JMX RBAC stuff working in all contexts :)
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> David
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Jean-Baptiste Onofré
>>>>>> jbonofre@apache.org
>>>>>> http://blog.nanthrax.net
>>>>>> Talend - http://www.talend.com
>>>>
>>>>
>>>>
>>>> --
>>>> Jean-Baptiste Onofré
>>>> jbonofre@apache.org
>>>> http://blog.nanthrax.net
>>>> Talend - http://www.talend.com
>>
>>
>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com

Mime
View raw message