Hi all,
A quick update on this. JB has just merge my patches for KARAF-2434
and KARAF-2435 (thanks JB!) so this stuff is now available on trunk.
I wrote a little blog post about how it works here:
http://coderthoughts.blogspot.com/2013/10/jmx-role-based-access-control-for-karaf.html
Cheers,
Dav
Awesome, this fine-grained security is what Karaf want for a long time.
Adding it to the JMX access definitely is a good start, also looking forward to
this improvement on Karaf console command.
+1 for all the input here.
-
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Re
Hi David,
thanks for the update, it sounds good to me !!
How can I help on that ?
Maybe we can explore some options to leverage other projects (like
Apache Syncope for instance).
Regards
JB
On 08/07/2013 05:11 PM, David Bosschaert wrote:
Hi JB,
On 7 August 2013 15:33, Jean-Baptiste Onofré
Hi JB,
On 7 August 2013 15:33, Jean-Baptiste Onofré wrote:
> Hi,
>
> It sounds good. But currently, with our JAAS implementation, we have users
> and roles (not groups, even if roles can look like groups).
> An user can have multiple roles. For instance, in the default
> users.properties we h
Hi,
It sounds good. But currently, with our JAAS implementation, we have
users and roles (not groups, even if roles can look like groups).
An user can have multiple roles. For instance, in the default
users.properties we have:
user=password,role1,role2,role3,...
We don't use the roles curr
Hi Ioannis, Christian,
Thanks for the feedback!
Yes, providing similar Access Control for the Karaf shell is also on my
list. Hopefully I can look at that in the near future.
WRT to groups versus nested roles. I thought about that too. You could
achieve the same effect with roles if they can subs
Group and Role based security sounds like a good addition to karaf.
I am not sure if it is necessary to distinguish groups and roles though.
Can't we just support adding roles into roles (or groups into groups)?
This should provide the same additional layer of abstraction.
Btw. I am planning t
Hi David,
There have been long discussions in the past about more fine grained
security than what we currently have.
In most cases the discussion has been focused around commands but
there is a clear need for more fine grained control over jmx too.
With the quick glimpse at the commits, I think t
Hi all,
I have started an implementation of Role based security for JMX access into
Karaf.
Up until now, remote JMX access was guarded by one role. If you had that
role you could access everything. With my changes you can define roles
(ACLs) per MBean, per method or based on arguments to an MBean
