Versions Compared

Old Version 131

changes.mady.by.user Guillaume Nodet

Saved on

compared with

New Version Current

changes.mady.by.user Guillaume Nodet

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Wiki Markup
{scrollbar}

Anchor
top
top

6.5. Deploying security providers

Some applications require specific security providers to be available, such as BouncyCastle. The JVM impose some restrictions about the use of such jars: they have to be signed and be available on the boot classpath. One way to deploy those providers is to put them in the JRE folder at $JAVA_HOME/jre/lib/ext and modify the security policy configuration ($JAVA_HOME/jre/lib/security/java.security) in order to register such providers.

While this approach works fine, it has a global effect and require you to configure all your servers accordingly.

Karaf offers a simple way to configure additional security providers:

  • put your provider jar in [FELIX:KARAF]/lib
  • modify the [FELIX:KARAF]/etc/config.properties configuration file to add the following property
Code Block
org.apache.felix.karaf.security.providers = xxx,yyy

The value of this property is a comma separated list of the provider class names to register.
For example:

Code Block
org.apache.felix.karaf.security.providers = org.bouncycastle.jce.provider.BouncyCastleProvider

In addition, you may want to provide access to the classes from those providers from the system bundle so that all bundles can access those. It can be done by modifying the org.osgi.framework.bootdelegation property in the same configuration file:

Code Block
org.osgi.framework.bootdelegation = ...,org.bouncycastle*

#top

Wiki Markup
{scrollbar}