Deploying security providers - 7.0

Talend ESB Container Administration Guide

EnrichVersion
7.0
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Administration and Monitoring
Design and Development
Installation and Upgrade
EnrichPlatform
Talend ESB

Some applications require specific security providers to be available, such as BouncyCastle. The JVM imposes some restrictions about the use of such provider JAR files, namely, that they need to be signed and be available on the boot classpath. One way to deploy such providers is to put them in the JRE folder at $JAVA_HOME/jre/lib/ext and modify each provider's security policy configuration ($JAVA_HOME/jre/lib/security/java.security) in order to register them. While this approach works fine, it has a global effect and requires that all servers are configured accordingly.

However Talend ESB offers a simple way to configure additional security providers:

  • put your provider jar in [karaf-install-dir]/lib/ext

  • modify the [karaf-install-dir]/etc/config.properties configuration file to add the following property:

    org.apache.karaf.security.providers = xxx,yyy

    The value of this property is a comma separated list of the provider class names to register. For example:

    org.apache.karaf.security.providers = \\
       org.bouncycastle.jce.provider.BouncyCastleProvider

    In addition, you may want to provide access to the classes from those providers from the system bundle so that all bundles can access those. It can be done by modifying the org.osgi.framework.bootdelegation property in the same configuration file:

    org.osgi.framework.bootdelegation = ...,org.bouncycastle*