About this task
Please take a look at the Security framework section of the Karaf Developers Guide (http://karaf.apache.org/) to get information on how to configure and use these different JAAS login modules in the container.
The configuration steps needed are as follows:
Enable authentication in a server container, by setting the corresponding
property in the ZooKeeper server configuration file
authentication = trueWarning: Do not switch off authentication after Service Locator is secured and services have been registered with the Service Locator.
Specify users with corresponding passwords and roles.
By default all information about users is stored in
<container>/etc/users.properties. So, modify this file in the container where the Service Locator is running, and add roles for the user(s).For example, add the following lines to <container>/etc/users.properties:
# tadmin is user with administrator privileges tadmin=tadmin,admin,sl_admin # sluser is a user for the client side that is just able to lookup # endpoints on Service Locator sluser=upassword,sl_read # slservice is a user for server side that is able to register and # lookup endpoints on Service Locator slservice=spassword,sl_maintainNote that the following roles are available for Service Locator clients:
This role is for clients, that only lookup endpoints.
sl_readrole is given to a user, they can get data from a node and list its children.
sl_maintainThis role is for users that register endpoints on the Service Locator server. The user can:
get data from a node and list its children
create a child node
set data for a node
delete a child node
sl_admin It is the same as
sl_maintain, but in addition, the user can set permissions.Note: Roles are case insensitive - you can use either uppercase or lowercase letters for roles in configuration files.Warning: For production use, the sample passwords used here will need to be replaced with your project's own passwords.