Hi, Guillaume wrote about pluggable user authentication mechanism for Karaf shell. I think it's good for second part of my GSoC program. Could you write more about security in Karaf and Felix? Where passwords are stored and how?
regards, Marcin 2009/6/10 Guillaume Nodet <[email protected]> > The security part can be slit in two different goals imho; > * pluggable user authentication mechanism > * command based authorization for the authenticated user > > The last one is much more optional, but it would mean defining roles / > groups that the user needs to belong to for each shell command / ui > tab / ui action, and make sure the authenticated user is authorized to > perform such a command. > > On Wed, Jun 10, 2009 at 13:17, Felix Meschberger<[email protected]> > wrote: > > Hi, > > > > Guillaume Nodet schrieb: > >> Another idea as the first step for security would be the > >> authentication mechanism we discussed on another thread. > >> Currently, the web console uses a ConfigAdmin to retrieve the username > >> / password. This layer should be pluggable and allow the current > >> mechanism, UserAdmin or JAAS to be plugged in somehow. > > > > That's in fact how I understood your first point ;-) > > > > Regards > > Felix > > > >> > >> On Wed, Jun 10, 2009 at 12:04, Guillaume Nodet<[email protected]> wrote: > >>> Two ideas for the console: > >>> * add some security to the console / shell (role based for a given > >>> action / command) > >>> * have a low level shell access from the console (using command line > >>> as we already discussed) > >>> I guess both are not simple problems to tackle, so not sure Marcin > >>> availability will be enough. > >>> If not, I'd be glad to try implementing the low level shell access > >>> from the console. > >>> > >>> My thinking about that was to have a hidden feature as Hiram > >>> demonstrated some time ago on his prototype. > >>> Typing '~' in the console would bring up a popup and start a shell > >>> with the credentials of the user that logged into the web console (not > >>> sure how to retrieve those in a safe manner yet). Typing again the > >>> same key would hide the popup. > >>> > >>> On Wed, Jun 10, 2009 at 09:37, Gert Vanthienen< > [email protected]> wrote: > >>>> Guillaume, > >>>> > >>>> I created http://cwiki.apache.org/confluence/display/FELIX/GSoC+2009 > >>>> to keep track of this. The current working schedule is at the top of > >>>> the page, with the bits of information I'm aware of already filled in. > >>>> > >>>> I added the original schedule at the bottom, but because of our > >>>> decision to leverage the Felix Web Console, most of the tasks in that > >>>> schedule are no longer necessary. So if people have any suggestions > >>>> for other work to fill in those gaps... > >>>> > >>>> Regards, > >>>> > >>>> Gert Vanthienen > >>>> ------------------------ > >>>> Open Source SOA: http://fusesource.com > >>>> Blog: http://gertvanthienen.blogspot.com/ > >>>> > >>>> > >>>> > >>>> 2009/6/9 Guillaume Nodet <[email protected]>: > >>>>> Yeah ! Keep up the good work. > >>>>> Do you have a plan for the coming weeks / monthes. Maybe you could > >>>>> create a wiki page somewhere or maybe even an email so we can get see > >>>>> what you plan to work on and maybe give some input / discuss things ? > >>>>> > >>>>> On Mon, Jun 8, 2009 at 23:32, Marcin Wilkos<[email protected]> > wrote: > >>>>>> Hi, > >>>>>> I'm Marcin Wilkos. Like Gert Vanthienen wrote before I'm working on > >>>>>> webconsole for Karaf and ServiceMix as GSoC project. I'll be sending > weekly > >>>>>> reports to this list. > >>>>>> In last week I focused on first extension for felix web console, > which lists > >>>>>> Karaf features. I created JIRA issue for this and uploaded a patch. > Gert > >>>>>> checked it and uploaded to svn. > >>>>>> Regards, > >>>>>> Marcin Wilkos > >>>>>> > >>>>> > >>>>> > >>>>> -- > >>>>> Cheers, > >>>>> Guillaume Nodet > >>>>> ------------------------ > >>>>> Blog: http://gnodet.blogspot.com/ > >>>>> ------------------------ > >>>>> Open Source SOA > >>>>> http://fusesource.com > >>>>> > >>> > >>> > >>> -- > >>> Cheers, > >>> Guillaume Nodet > >>> ------------------------ > >>> Blog: http://gnodet.blogspot.com/ > >>> ------------------------ > >>> Open Source SOA > >>> http://fusesource.com > >>> > >> > >> > >> > > > > > > -- > Cheers, > Guillaume Nodet > ------------------------ > Blog: http://gnodet.blogspot.com/ > ------------------------ > Open Source SOA > http://fusesource.com >
