This section describes how to manage user data in a for the default JAAS realm in a standalone container.
The Fuse ESB Enterprise container has a predefined JAAS realm, the karaf realm, which is
used by default to secure all aspects of the container.
You can use the karaf realm in your own applications. Simply configure
karaf as the name of the JAAS realm that you want to use.
When you start Fuse ESB Enterprise for the first time, the container is configured as a standalone
container and uses the karaf default realm. In this default configuration, the
karaf realm deploys two JAAS login modules, which are enabled simultaneously.
To see the deployed login modules, enter the jaas:realms console command, as
follows:
karaf@root> jaas:realms
Index Realm Module Class
1 karaf org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
2 karaf org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule ![[Important]](imagesdb/important.gif) | Important |
|---|---|
In a standalone container, both the properties login module and the public key login module are enabled. When JAAS authenticates a user, it tries first of all to authenticate the user with the properties login module. If that fails, it then tries to authenticate the user with the public key login module. If that module also fails, an error is raised. |
The properties login module is used to store username/password credentials in a flat
file format. To create a new user in the properties login module, open the
InstallDir/etc/users.properties
Username=Password[,Role1][,Role2]...
For example, to create the jdoe user with password, topsecret,
and role, admin, you could create an entry like the following:
jdoe=topsecret,admin
Where the admin role gives full administrative privileges to the
jdoe user.
The public key login module is used to store SSH public key credentials in a flat file
format. To create a new user in the public key login module, open the
InstallDir/etc/keys.properties
Username=PublicKey,Role1,Role2,...
For example, you can create the jdoe user with the admin role
by adding the following entry to the
InstallDir/etc/keys.properties
jdoe=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7 gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnfqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCX YFCPFSMLzLKSuYKi64QL8Fgc9QAAAnEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo FhO3zwkyjMim4TwWeotifI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACB AKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53Jj7uyk31drV2qxhIOsLDC9dGCWj4 7Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,admin
| Important |
|---|---|
Do not insert the entire contents of an |
By default, passwords are stored in the
InstallDir/etc/users.propertiesusers.properties file so that it can be read only by administrators. To
provide additional protection, you can optionally encrypt the stored passwords using a
message digest algorithm.
To enable the password encryption feature, edit the
InstallDir/etc/org.apache.karaf.jaas.cfg
encryption.enabled = true
encryption.name = basic
encryption.prefix = {CRYPT}
encryption.suffix = {CRYPT}
encryption.algorithm = MD5
encryption.encoding = hexadecimal![[Note]](imagesdb/note.gif) | Note |
|---|---|
The encryption settings in the |
For more details about password encryption, see Encrypting Stored Passwords.
If you want to customise the JAAS realm, the most convenient approach to take is to
override the default karaf realm by defining a higher ranking
karaf realm. This ensures that all of the Fuse ESB Enterprise security components switch to
use your custom realm. For details of how to define and deploy custom JAAS realms, see Defining JAAS Realms.
 |  |  |
 |
