Dear Sahoo, Security Leader,
About GLASSFISH-12975(Use glassfish admin realm for authentication and
authorisation of OSGi admin console),
I have made a basic prototype put on
https://github.com/tangyong/GLASSFISH-12975.
You can copy
tree/master/felix-webconsole-extension/target/felix-webconsole-extension.jar
into modules\autostart and start
"GlassFish OSGi Administration Console", then, input GF's admin account
and check whether having glassfish admin realm for authentication or not.
The following is my design idea and a critical problem needed to discuss.
[Desgin]
1 Implement the felix web console's WebConsoleSecurityProvider interface.
Note:
The current karaf's JaasSecurityProvider class implements felix web
console's WebConsoleSecurityProvider2, and the
WebConsoleSecurityProvider2 is not in org.apache.felix.webconsole-3.1.2.
2 On FelixWebConsoleExtensionActivator class, register GF's
implementation of WebConsoleSecurityProvider.
3 On GF's implementation of WebConsoleSecurityProvider, integrate the
glassfish admin realm called "admin-realm". On the current my prototype,
I used LoginContextDriver.login(subject, PasswordCredential.class).
However, I indeed did not want to use the way, because I found that if
using org.glassfish.security.services.impl.AuthenticationServiceFactory
to get authentication related to services which should be registered
into HK2 components, I think that it will be very good because
security-services module can get realm from domain.xml.
So, I tried to do it and however, I met a big problem on the whole night.
[Problem]
Firstly, Please allow me put the codes having the problem as following:
@Service
public class GlassFishSecurityProvider implements
WebConsoleSecurityProvider{
@Inject
StateManager manager;
@Inject
BaseServiceLocator serviceLocator;
@Override
public Object authenticate(String username, String password) {
String currentState = manager.getCurrent();
// Get Service Instance
AuthenticationService atnService =
serviceLocator.getComponent(AuthenticationService.class);
// Get Service Configuration
org.glassfish.security.services.config.AuthenticationService
atnConfiguration =
serviceLocator.getComponent(org.glassfish.security.services.config.AuthenticationService.class,currentState);
// Initialize Service
atnService.initialize(atnConfiguration);
final Subject fs = null;
try {
atnService.login(username, password.toCharArray(), fs);
} catch (LoginException e) {
e.printStackTrace();
return null;
}
return fs;
}
When debugging the authenticate method, both manager and serviceLocator
are null. I have tried many ways and have no effect. So, I want to ask
whether from felix-webconsole-extension module, can not get HK2
components or not?
--Best Regard!
--Tang