JAAS roles can be used by various components. The three management layers (SSH, JMX and
WebConsole) all use a global role based authorization system. The default role name is
configured in the etc/system.properties using the
karaf.local.roles
system property and the default value is
admin
. All users authenticating for the management layer must have
this role defined. The syntax for this value is the following:
[classname:]principal
Where classname
is the class name of the principal object (defaults to
org.apache.karaf.jaas.modules.RolePrincipal
) and principal
is
the name of the principal of that class (defaults to admin
). Note that
roles can be changed for a given layer using ConfigAdmin in the following
configurations:
Layer | PID | Value |
---|---|---|
SSH | org.apache.karaf.shell | sshRole |
JMX | org.apache.karaf.management | jmxRole |
Web | org.apache.karaf.webconsole | role |