karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ioannis Canellos (JIRA)" <j...@apache.org>
Subject [jira] Commented: (KARAF-172) Implement a mechanism that would allow a karaf application to distingush between UserPrincipal & RolePrincipal without depending from Karaf JAAS Modules
Date Fri, 03 Sep 2010 13:10:34 GMT

    [ https://issues.apache.org/jira/browse/KARAF-172?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12905880#action_12905880
] 

Ioannis Canellos commented on KARAF-172:
----------------------------------------

Adding         jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
Adding         jaas/modules/src/main/java/org/apache/karaf/jaas/modules/GroupPrincipal.java
Adding         jaas/modules/src/main/java/org/apache/karaf/jaas/modules/RolePolicy.java
Sending        jaas/modules/src/main/java/org/apache/karaf/jaas/modules/osgi/OsgiConfigLoginModule.java
Sending        jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
Transmitting file data .....
Committed revision 992286.


> Implement a mechanism that would allow a karaf application to distingush between UserPrincipal
& RolePrincipal without depending from Karaf JAAS Modules
> --------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KARAF-172
>                 URL: https://issues.apache.org/jira/browse/KARAF-172
>             Project: Karaf
>          Issue Type: New Feature
>            Reporter: Ioannis Canellos
>            Assignee: Ioannis Canellos
>         Attachments: KARAF-172-patch.txt
>
>
> A karaf application that makes use of JAAS for authentication and authorization will
obtain a LoginContext that contains UserPrincipal and RolePrincipal objects (both classes
are inside org.apache.karaf.jaas:org.apache.karaf.jaas.modules).
> If such application needs to distinguish between those two(e.g role based authorization),
will have to depend from org.apache.karaf.jaas:org.apache.karaf.jaas.modules.
> I think that the application needs to be decoupled from Karaf JAAS Modules and this is
why I think that an alternative needs to be provided to the user.
> Such alternative could be the use of a convention (maybe like having a prefix on Roles,
or goruping roles under a Group with a fixed name (jboss approach)). This mechanism could
be implemented by Karaf Login Modules and even better could be pluggable.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message