Karaf and Security provider

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Karaf and Security provider

Charles Moulliard
Administrator
Hi,

Is the following info page always up to date (
http://felix.apache.org/site/65-deploying-security-providers.html) ? Why
don't we have it in karaf documentation ?

Regards,

Charles Moulliard

Apache Committer

Blog : http://cmoulliard.blogspot.com
Twitter : http://twitter.com/cmoulliard
Linkedin : http://www.linkedin.com/in/charlesmoulliard
Skype: cmoulliard
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

iocanel
I don't know if its up to date. I was under the impression that you can use
the bouncy castle jce provider just by installing it as bundle.

--
*Ioannis Canellos*
*
FuseSource <http://fusesource.com>

**
Blog: http://iocanel.blogspot.com
**
Apache Karaf <http://karaf.apache.org/> Committer & PMC
Apache Camel <http://camel.apache.org/> Committer
Apache ServiceMix <http://servicemix.apache.org/>  Committer
Apache Gora <http://incubator.apache.org/gora/> Committer
Apache DirectMemory <http://incubator.apache.org/directmemory/> Committer
*
Ioannis Canellos
http://iocanel.blogspot.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

jbonofre
In reply to this post by Charles Moulliard
Hi Charles,

I'm not sure the doc is up to date, as bouncy castle is available
directly as a bundle.

Regards
JB

On 02/03/2012 12:54 PM, Charles Moulliard wrote:

> Hi,
>
> Is the following info page always up to date (
> http://felix.apache.org/site/65-deploying-security-providers.html) ? Why
> don't we have it in karaf documentation ?
>
> Regards,
>
> Charles Moulliard
>
> Apache Committer
>
> Blog : http://cmoulliard.blogspot.com
> Twitter : http://twitter.com/cmoulliard
> Linkedin : http://www.linkedin.com/in/charlesmoulliard
> Skype: cmoulliard
>

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

Charles Moulliard
Administrator
In reply to this post by iocanel
You are right. I have made a test using boucycastle jce provider as a
bundle and that works fine

Remark : some users are abuse about hat note as they are thinking that we
must add the lib in the jre/lib or jre/lib/security and not as a bundle ;-)


On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <[hidden email]> wrote:

> I don't know if its up to date. I was under the impression that you can use
> the bouncy castle jce provider just by installing it as bundle.
>
> --
> *Ioannis Canellos*
> *
> FuseSource <http://fusesource.com>
>
> **
> Blog: http://iocanel.blogspot.com
> **
> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> Apache Camel <http://camel.apache.org/> Committer
> Apache ServiceMix <http://servicemix.apache.org/>  Committer
> Apache Gora <http://incubator.apache.org/gora/> Committer
> Apache DirectMemory <http://incubator.apache.org/directmemory/> Committer
> *
>
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

Guillaume Nodet
In reply to this post by Charles Moulliard
See http://karaf.apache.org/manual/2.2.5/users-guide/security.html

Deploying bouncy castle as a bundle does not allow BC to be used as a
security provider, so you have to follow the above steps.

On Fri, Feb 3, 2012 at 12:54, Charles Moulliard <[hidden email]> wrote:

> Hi,
>
> Is the following info page always up to date (
> http://felix.apache.org/site/65-deploying-security-providers.html) ? Why
> don't we have it in karaf documentation ?
>
> Regards,
>
> Charles Moulliard
>
> Apache Committer
>
> Blog : http://cmoulliard.blogspot.com
> Twitter : http://twitter.com/cmoulliard
> Linkedin : http://www.linkedin.com/in/charlesmoulliard
> Skype: cmoulliard



--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

Guillaume Nodet
In reply to this post by Charles Moulliard
A security provider has to be a signed bundle and be loaded by the
root class loader, so deploying it as a bundle will allow you to use
BouncyCastle api and code, but not as a real security provider.

On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <[hidden email]> wrote:

> You are right. I have made a test using boucycastle jce provider as a
> bundle and that works fine
>
> Remark : some users are abuse about hat note as they are thinking that we
> must add the lib in the jre/lib or jre/lib/security and not as a bundle ;-)
>
>
> On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <[hidden email]> wrote:
>
>> I don't know if its up to date. I was under the impression that you can use
>> the bouncy castle jce provider just by installing it as bundle.
>>
>> --
>> *Ioannis Canellos*
>> *
>> FuseSource <http://fusesource.com>
>>
>> **
>> Blog: http://iocanel.blogspot.com
>> **
>> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> Apache Camel <http://camel.apache.org/> Committer
>> Apache ServiceMix <http://servicemix.apache.org/>  Committer
>> Apache Gora <http://incubator.apache.org/gora/> Committer
>> Apache DirectMemory <http://incubator.apache.org/directmemory/> Committer
>> *
>>



--
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

Charles Moulliard
Administrator
Thx for the clarification.

On Fri, Feb 3, 2012 at 1:23 PM, Guillaume Nodet <[hidden email]> wrote:

> A security provider has to be a signed bundle and be loaded by the
> root class loader, so deploying it as a bundle will allow you to use
> BouncyCastle api and code, but not as a real security provider.
>
> On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <[hidden email]>
> wrote:
> > You are right. I have made a test using boucycastle jce provider as a
> > bundle and that works fine
> >
> > Remark : some users are abuse about hat note as they are thinking that we
> > must add the lib in the jre/lib or jre/lib/security and not as a bundle
> ;-)
> >
> >
> > On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <[hidden email]>
> wrote:
> >
> >> I don't know if its up to date. I was under the impression that you can
> use
> >> the bouncy castle jce provider just by installing it as bundle.
> >>
> >> --
> >> *Ioannis Canellos*
> >> *
> >> FuseSource <http://fusesource.com>
> >>
> >> **
> >> Blog: http://iocanel.blogspot.com
> >> **
> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >> Apache Camel <http://camel.apache.org/> Committer
> >> Apache ServiceMix <http://servicemix.apache.org/>  Committer
> >> Apache Gora <http://incubator.apache.org/gora/> Committer
> >> Apache DirectMemory <http://incubator.apache.org/directmemory/>
> Committer
> >> *
> >>
>
>
>
> --
> ------------------------
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> FuseSource, Integration everywhere
> http://fusesource.com
>
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

Charles Moulliard
Administrator
In fact, there is a missing piece of information in the Karaf
Documentation, the packages of bouncycastle to be exported must be defined
with this variable

*org.osgi.framework.system.packages.extra = \*


On Fri, Feb 3, 2012 at 1:24 PM, Charles Moulliard <[hidden email]>wrote:

> Thx for the clarification.
>
>
> On Fri, Feb 3, 2012 at 1:23 PM, Guillaume Nodet <[hidden email]> wrote:
>
>> A security provider has to be a signed bundle and be loaded by the
>> root class loader, so deploying it as a bundle will allow you to use
>> BouncyCastle api and code, but not as a real security provider.
>>
>> On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <[hidden email]>
>> wrote:
>> > You are right. I have made a test using boucycastle jce provider as a
>> > bundle and that works fine
>> >
>> > Remark : some users are abuse about hat note as they are thinking that
>> we
>> > must add the lib in the jre/lib or jre/lib/security and not as a bundle
>> ;-)
>> >
>> >
>> > On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <[hidden email]>
>> wrote:
>> >
>> >> I don't know if its up to date. I was under the impression that you
>> can use
>> >> the bouncy castle jce provider just by installing it as bundle.
>> >>
>> >> --
>> >> *Ioannis Canellos*
>> >> *
>> >> FuseSource <http://fusesource.com>
>> >>
>> >> **
>> >> Blog: http://iocanel.blogspot.com
>> >> **
>> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
>> >> Apache Camel <http://camel.apache.org/> Committer
>> >> Apache ServiceMix <http://servicemix.apache.org/>  Committer
>> >> Apache Gora <http://incubator.apache.org/gora/> Committer
>> >> Apache DirectMemory <http://incubator.apache.org/directmemory/>
>> Committer
>> >> *
>> >>
>>
>>
>>
>> --
>> ------------------------
>> Guillaume Nodet
>> ------------------------
>> Blog: http://gnodet.blogspot.com/
>> ------------------------
>> FuseSource, Integration everywhere
>> http://fusesource.com
>>
>
>
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Karaf and Security provider

Charles Moulliard
Administrator
In reply to this post by Guillaume Nodet
You are right except that this procedure is only required if we would like
to sign a jar file or a bundle on the platform (
http://docs.oracle.com/javase/1.4.2/docs/guide/jar/jar.html#Signed JAR
File).
So deploying bouncycastle bcprov-jdk16 should be enough in all cases lin
combination with --> Security.addprovider()

On Fri, Feb 3, 2012 at 1:23 PM, Guillaume Nodet <[hidden email]> wrote:

> A security provider has to be a signed bundle and be loaded by the
> root class loader, so deploying it as a bundle will allow you to use
> BouncyCastle api and code, but not as a real security provider.
>
> On Fri, Feb 3, 2012 at 13:19, Charles Moulliard <[hidden email]>
> wrote:
> > You are right. I have made a test using boucycastle jce provider as a
> > bundle and that works fine
> >
> > Remark : some users are abuse about hat note as they are thinking that we
> > must add the lib in the jre/lib or jre/lib/security and not as a bundle
> ;-)
> >
> >
> > On Fri, Feb 3, 2012 at 1:09 PM, Ioannis Canellos <[hidden email]>
> wrote:
> >
> >> I don't know if its up to date. I was under the impression that you can
> use
> >> the bouncy castle jce provider just by installing it as bundle.
> >>
> >> --
> >> *Ioannis Canellos*
> >> *
> >> FuseSource <http://fusesource.com>
> >>
> >> **
> >> Blog: http://iocanel.blogspot.com
> >> **
> >> Apache Karaf <http://karaf.apache.org/> Committer & PMC
> >> Apache Camel <http://camel.apache.org/> Committer
> >> Apache ServiceMix <http://servicemix.apache.org/>  Committer
> >> Apache Gora <http://incubator.apache.org/gora/> Committer
> >> Apache DirectMemory <http://incubator.apache.org/directmemory/>
> Committer
> >> *
> >>
>
>
>
> --
> ------------------------
> Guillaume Nodet
> ------------------------
> Blog: http://gnodet.blogspot.com/
> ------------------------
> FuseSource, Integration everywhere
> http://fusesource.com
>
Apache Committer / Sr. Pr. Consultant at FuseSource.com
Email: [hidden email]
Twitter : @cmoulliard, @fusenews
Blog : http://cmoulliard.blogspot.com
Loading...