5.2. Defining JAAS Realms in a Fabric
Overview
Fabric containers, like standalone containers, use a special
jaas:config
element for defining JAAS realms. The difference is that when containers are deployed in a fabric, the JAAS realms need to be pushed out the fabric registry and all of the containers in the fabric need to share the same JAAS realms.
Procedure
To change the JAAS realm used by the fabric containers for authentication:
- Create a Maven project to package and deploy the JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
- Create a JAAS realm that uses the LDAP login module:
- Open the blueprint XML file in
src/main/resources/OSGI-INF/my-service.xml
in a text editor. - Delete the
bean
andservice
elements. - Add a
jaas:config
element to the blueprint.See Section 4.1, “Defining JAAS Realms” for details on configuring the JAAS realm.
- Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
- In the management console create a new profile for deploying the new realm.
- Select the Bundles tab.
- Add the bundle you uploaded for the JAAS realm to the profile.Bundles are specified using Maven URLs. For example if your project's group ID is
my.jaas.realm
and the artifact ID isjaas
, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version. - Add the new profile to all of the containers in the fabric.
Creating a Maven project for deploying a JAAS realm
To create a Maven project for deploying a JAAS realm to a fabric registry:
- Use the
karaf-blueprint-archetype
archetype to generate a template project.Example 5.2, “Create a Maven Project” shows how to invoke the archetype from the command line.Example 5.2. Create a Maven Project
mvn archetype:generate -DarchetypeGroupId=org.apache.karaf.archetypes -DarchetypeArtifactId=karaf-blueprint-archetype -DgroupId=groupID -DartifactId=artifactID
- Remove the project's
src/main/java
folder.This folder holds template Java classes for implementing an OSGi service, but the JAAS realm does not require any Java classes. - Open the project's POM in a text editor.
- Add a
distributionManagement
element, similar to the one shown in Example 5.3, “Fabric Maven Proxy Distribution Settings”, to the POM.Example 5.3. Fabric Maven Proxy Distribution Settings
<distributionManagement> <repository> <id>fabric-maven-proxy</id> <name>FMC Maven Proxy</name> <url>http://username:password@localhost:8107/maven/upload/</url> </repository> </distributionManagement>
You will need to modify theurl
element to include the connection details for your environment:- The username and password are the credentials used access the Fabric Server to which you are trying to connect.
- The hostname,
localhost
in Example 5.3, “Fabric Maven Proxy Distribution Settings”, is the address of the machine hosting the Fabric Server. - The port number,
8107
in Example 5.3, “Fabric Maven Proxy Distribution Settings”, is the port number exposed by the Fabric Server.8107
is the default setting. - The path,
/maven/upload/
in Example 5.3, “Fabric Maven Proxy Distribution Settings”, is the same for all Fabric Servers.