Skip to main content

Managing roles

JAAS roles can be used by various components. The three management layers (SSH, JMX and WebConsole) all use a global role based authorization system. The default role name is configured in the etc/system.properties using the karaf.local.roles system property and the default value is admin. All users authenticating for the management layer must have this role defined. The syntax for this value is the following:

[classname:]principal

Where classname is the class name of the principal object (defaults to org.apache.karaf.jaas.modules.RolePrincipal) and principal is the name of the principal of that class (defaults to admin). Note that roles can be changed for a given layer using ConfigAdmin in the following configurations:

Layer PID Value
SSH org.apache.karaf.shell sshRole
JMX org.apache.karaf.management jmxRole
Web org.apache.karaf.webconsole role

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!