Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

8.5. Configuring Access to OSGi Administrative Functions

Overview
Link kopieren

This tutorial explains how to configure the OSGi administrative functions to use specific roles for authorization. By configuring each of the administrative functions to use a different role for access, you can provide fine grained control over who can monitor and manipulate running containers.
When LDAP is enabled, the OSGi container expects the user role data to be stored along with the user authentication data in the LDAP directory server. The LDAP search query to extract the role data is specified by the role.* properties in the jaas:module element.
The JAAS LDAP login module used in this tutorial, shown in Example 8.1, “Blueprint JAAS Realm”, is configured to extract the role name from the cn property of all entries selected by the filter member=uid=%u which is run on the tree selected using the base DN uo=roles,ou=system. In the section called “Adding groups for the roles”, you added three groups to the uo=roles,ou=system tree. The filter will match with any group that has a member specified by uid=%u.
For example, when you attempted to connect to the remote console as user jdoe the filter searched for a group with a member uid=jdoe and matched on the group cn=admin,uo=roles,ou=system. The LDAP module extracted the cn property's value of admin and used it as the role for authorizing user jdoe.

Goals
Link kopieren

You will change the role used for each of the administrative functions:

Prerequisites
Link kopieren

Before you can perfrom any of the following tutorials, you must ensure that the ApacheDS server is running.

Configure a role for the remote console
Link kopieren

To configure a role for the remote console:
  1. Open InstallDir/etc/org.apache.karaf.shell.cfg in a text editor.
  2. Add the following line: 
    sshRole=sshConsole
    Copy to Clipboard Toggle word wrap
  3. Save the changes.
  4. Start Red Hat JBoss Fuse by entering the following command in a terminal window: 
    > fuse
    Copy to Clipboard Toggle word wrap
  5. Open a new command prompt.
  6. Change directory to the JBoss Fuse install directory.
  7. Enter the following command to log on to the running container instance using the identity janedoe: 
    client -u janedoe -p secret
    Copy to Clipboard Toggle word wrap
    You should successfully log into the container's remote console because janedoe does have the sshConsole role.

Configure a role for JMX access
Link kopieren

To configure a role for JMX access:
  1. Open InstallDir/etc/org.apache.karaf.management.cfg in a text editor.
  2. Add the following line: 
    jmxRole=jmxUser
    Copy to Clipboard Toggle word wrap
  3. Save the changes.
  4. Start JBoss Fuse by entering the following command in a terminal window: 
    > fuse
    Copy to Clipboard Toggle word wrap
  5. Start JConsole or another JMX console.
  6. Connect to JBoss Fuse's JMX server using the following settings:
    • JMX URL: service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-root
    • User: jdoe
    • Password: secret
    The connection will fail because jdoe user does not have the jmxUser role.
  7. Connect to JBoss Fuse's JMX server as using the following settings:
    • JMX URL: service:jmx:rmi://localhost:44444/jndi/rmi://localhost:1099/karaf-root
    • User: crider
    • Password: secret
    The connection will succeed because crider user does have the jmxUser role.

Configure a role for the Web console
Link kopieren

To configure a role for the Web console:
    • If the file InstallDir/etc/org.apache.karaf.webconsole.cfg does not exist create it.
    • If the file does exist, open in a text editor.
  2. Edit the line containing role= to read role=webconsole.
    The configuration should resemble Example 8.2, “Web console configuration for a specific realm”.

    Example 8.2. Web console configuration for a specific realm

    <config name="org.apache.karaf.webconsole">
realm=karaf
role=webconsole
</config>
    Copy to Clipboard Toggle word wrap
  3. Start Red Hat JBoss Fuse by entering the following command in a terminal window: 
    > fuse
    Copy to Clipboard Toggle word wrap
  4. Enable the Web console feature by entering the following command at the JBoss Fuse console prompt: 
    JBossFuse:karaf@root> features:install webconsole
    Copy to Clipboard Toggle word wrap
  5. Open a Web browser.
  6. Navigate to http://localhost:8181/system/console.
    You will be prompted to enter user credentials.
  7. Log in using the following credentials:
    • User: janedoe
    • Password: secret
    You will be logged into the Web console because janedoe has the role webconsole.

More information
Link kopieren

For more information on configuring the JBoss Fuse LDAP login module see Section 2.2, “Enabling LDAP Authentication”.
For more information on configuring the JBoss Fuse administrative functions see Section 2.4, “Configuring Roles for the Administrative Protocols”.
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat