karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Keep clean repo and JAAS configuration for the end-users
Date Sun, 30 Jan 2011 09:27:44 GMT
Hi all,

I have some questions about the current scm repo:

- @David: I saw that you created an assemblies module. We still have the 
assembly module defined and used in the <modules/> main POM. I guess 
it's a temporary situation and, after some more tests, the assemblies 
module will replace the assembly module ? What about profiles 
implementation and brainstorm ?
- @Achim: I saw that you added a src/main/configfiles directory 
(containing a jetty.xml) in the assembly module. Why not used the 
src/main/filtered-resources directory (and eventually create a new 
directory in this one) or define a new sub-module ? I don't wanna split 
the resources in a lot of directories. WDYT ?

Now regarding the JAAS configuration. Correct me if I'm wrong, but up to 
now, the JAAS configuration is defined in the blueprint 
(OSGI-INF/blueprint/karaf-jaas-module.xml) descriptor of the 
jaas/modules module:

     <jaas:config name="karaf">
             users = $[karaf.base]/etc/users.properties
             encryption.name = ${encryption.name}
             encryption.enabled = ${encryption.enabled}
             encryption.prefix = ${encryption.prefix}
             encryption.suffix = ${encryption.suffix}
             encryption.algorithm = ${encryption.algorithm}
             encryption.encoding = ${encryption.encoding}

So by default, we "force" the usage of the PropertiesLoginModule.

It could be helpful for the end users to have access to a 
etc/login.properties file to be able to define the login modules to use 
with the policy associated (required, sufficient, optional).
For instance, we can add a property in the etc/org.apache.karaf.jaas.cfg 
file to define the location of this login.properties file 
(etc/login.properties by default) and reference the 
PropertiesLoginModule by default. It could be more clear for the users.



View raw message