Hi Karafers, I'm trying to build support for masked or encrypted system properties for bundles running in Karaf. So for instance instead of specifying -Djavax.net.ssl.trustStorePassword=my_secret_password you could specify -Djavax.net.ssl.trustStorePassword=<something masked>.
And the only way to make this work for unmodified bundles is to replace the <something masked> value with the clear text value. That part I think i nicked. Now I face another problem, if one connects via JMX the clear text value is present there, and I would like it not to be present, by either displaying it with original masked value or by eliminating it from the list of system properties. I've tried adding dynamic RBAC configuration that limits access to java.lang:type=Runtime getSystemProperties -- but that removes all system properties, bit of a overkill IMHO. Can you think of another way to achieve this? Perhaps add another layer to the RBAC mechanism, akin to @PostFilter in Spring Secuirty but as a plugin interface contributing bundles can implement? I also think it's a bit of an overkill to patch java.lang.System via bootclasspath zoran -- Zoran Regvart
