Configuration override and use of the rank attribute

The rank attribute on the config element is tied to the ranking of the underlying OSGi service. When the JAAS framework performs an authentication, it will use the realm name to find a matching JAAS configuration. If multiple configurations are used, the one with the highest rank attribute will be used. So if you want to override the default security configuration in Karaf (which is used by the ssh shell, web console and JMX layer), you need to deploy a JAAS configuration with the name name="karaf" and rank="1".

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
   xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
   xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/
      v1.0.0">

   <!-- Bean that allows the $[karaf.base] property to be resolved -->
   <ext:property-placeholder 
      placeholder-prefix="$[" placeholder-suffix="]"/>

   <jaas:config name="karaf" rank="1">
      <jaas:module className="org.apache.karaf.jaas.modules.properties.
         PropertiesLoginModule" flags="required">
         users = $[karaf.base]/etc/users.properties
         ...
      </jaas:module>
   </jaas:config>

</blueprint>

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here