Hello, I noticed that Karaf provides quite useful principals for Roles, Groups and Client. But if I want to consume or create those principals in my own code, I have to depend on the karaf-boot bundle.
I wonder: a) would it make sense for Karaf5 to move the classes to a more focused API jar. That would be helpful if I want to build a Microservice Servlet which should also run in other containers or if I just dont want to depend on the -boot bunfle. b) would it make sense to provide utilities (JAASContext.getClientIP() or something) c) would it make sense to add this to the logger so that it can add this (subject/ip) to all log lines generated with active JAAS context. d) if I have my own http listener, is there a filter I can use to establish the JAAS login and especially also attach the http-client IP principal? e) we are using Felix RSA/fastbin, I wonder if somebody has experience with adding instance-level authentication to something like this (and to RMI)? Gruss Bernd