Fuse ESB Enterprise provides a set of jaas:* console commands, which you can use to
edit JAAS user data from the console. This works both for
standalone JAAS realms and for Fabric JAAS realms.
![[Note]](imagesdb/note.gif) | Note |
|---|---|
The |
A standalone container (which uses the JAAS PropertiesLoginModule and the
PublickeyLoginModule) maintains its own database of secure user data,
independently of any other containers. To configure the user data for a standalone
container, you must log into the specific container (see Connecting and Disconnecting Remotely) whose data
you want to modify. Each standalone container must be configured separately.
To start editing the standalone JAAS user data, you must first specify the JAAS realm
that you want to modify. To see the available realms, enter the jaas:realms
command, as follows:
karaf@root> jaas:realms
Index Realm Module Class
1 karaf org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
2 karaf org.apache.karaf.jaas.modules.publickey.PublickeyLoginModuleBoth of these login modules are active in the default karaf JAAS realm.
Enter the following console command to start editing the properties login module in the
karaf realm:
karaf@root> jaas:manage --index 1
A container in a fabric (which uses the JAAS ZookeeperLoginModule by
default) shares its secure user data with all of the other containers in the fabric and
the user data is stored in the Fabric Registry. To configure the user data for a fabric,
you can log into any of the containers. Because the user data is shared in the registry,
any modifications you make are instantly propagated to all of the containers in the
fabric.
To start editing the fabric JAAS user data, you must first specify the JAAS login
module you want to modify. In the context of fabric, you must modify the Zookeeper login
module. For example, if you enter the jaas:realms console command, you might
see a listing similar to this:
Index Realm Module Class
1 karaf org.fusesource.fabric.jaas.ZookeeperLoginModule
2 karaf org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
3 karaf org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule The ZookeeperLoginModule login module has the highest priority and is
used by the fabric (you cannot see this from the listing, but its realm is defined to have a
higher rank than the other modules). In this example, the ZookeeperLoginModule
has the index 1, but it might have a different index number in your
container.
Enter the following console command to start editing the fabric's JAAS realm (specifying
the index of the ZookeeperLoginModule):
karaf@root> jaas:manage --index 1
For example, consider how to add a new user, jdoe, to the JAAS
realm.
First of all, start to manage the relevant JAAS realm as follows:
List the available realms and login modules by entering the following command:
karaf@root> jaas:realms
Choose the login module to edit by specifying its index,
Index, using a command of the following form:karaf@root> jaas:manage --index
Index
Add the user, jdoe, with password, secret, by entering the
following console command:
karaf@root> jaas:useradd jdoe secret
Add the admin role to jdoe, by entering the following
console command:
karaf@root> jaas:roleadd jdoe admin
As a matter of fact, these changes are not applied right away.
Initially, the changes are queued in a list of pending operations. To see this list, enter
the jaas:pending console command, as follows:
karaf@root> jaas:pending
Jaas Realm:karaf Jaas Module:org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
UserAddCommand{username='jdoe', password='secret'}
RoleAddCommand{username='jdoe', role='admin'}Now you can apply the changes by invoking jaas:update, as follows:
karaf@root> jaas:update
The new user entry is then persisted (either by writing to the remote container's
etc/users.properties file, in the case of a standalone container, or by
storing the user data in the Fabric Registry, in the case of a fabric).
 |  |  |
 |
