Hi
Le mer. 19 mai 2021 à 11:31, Bernd <e...@zusammenkunft.net> a écrit : > Hello, > > I noticed that Karaf provides quite useful principals for Roles, Groups and > Client. But if I want to consume or create those principals in my own code, > I have to depend on the karaf-boot bundle. > > I wonder: > > a) would it make sense for Karaf5 to move the classes to a more focused API > jar. That would be helpful if I want to build a Microservice Servlet which > should also run in other containers or if I just dont want to depend on the > -boot bunfle. > For karaf 5 I don't know but a reusable module makes sense to me. TomEE got some but not being released independently makes it poorly reusable/perceived. Maybe a neutral home can help (subproject or incubator?). > > b) would it make sense to provide utilities (JAASContext.getClientIP() or > something) > > c) would it make sense to add this to the logger so that it can add this > (subject/ip) to all log lines generated with active JAAS context. > guess it is already supported with attributes or things like that in access valve or alike (mdc for ex) > > d) if I have my own http listener, is there a filter I can use to establish > the JAAS login and especially also attach the http-client IP principal? > attributes, subjects and friends should enable that, main trick is to authenticate in the used context for the request to attach it to the right context AFAIK - but you still use a single jaas context > > e) we are using Felix RSA/fastbin, I wonder if somebody has experience with > adding instance-level authentication to something like this (and to RMI)? > f) do an optimized jaas context (a lot an be speed up in most cases ;)) in a "home" > > Gruss > Bernd >
