AAA-147: Jolokia credentials are backed by AAA 69/68069/2
authorRyan Goulding <ryandgoulding@gmail.com>
Thu, 8 Feb 2018 19:04:53 +0000 (14:04 -0500)
committerTom Pantelis <tompantelis@gmail.com>
Fri, 9 Feb 2018 14:02:11 +0000 (14:02 +0000)
Upgrade jolokia-osgi to enable use of "authMode=service-all".  This
was added by:

https://github.com/rhuss/jolokia/commit/ \
1441b0df476e7bb5728d32210e13d18aaaa783cb

A corresponding patch is added in AAA to add an Authenticator to the
OSGi service registry which is backed by ODL AAA.

This closes the vulnerability of using plaintext credentials for
odl-jolokia, and also centralizes credential management.

Change-Id: I5d3a63e47adefbcae96f3794b51da69a3f4980c5
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
features/extras/odl-jolokia/pom.xml
opendaylight/commons/jolokia/src/main/resources/org.jolokia.osgi.cfg

index 340e3d7..45c80d1 100644 (file)
@@ -33,6 +33,8 @@
         <dependency>
             <groupId>org.jolokia</groupId>
             <artifactId>jolokia-osgi</artifactId>
+            <!-- TODO: remove once the version upgrade makes it to odlparent -->
+            <version>1.5.0</version>
         </dependency>
         <dependency>
             <!-- finalname="/etc/org.jolokia.osgi.cfg" -->
index fdad9e9..bb9c367 100644 (file)
@@ -1,4 +1,13 @@
 #ODL Default Jolokia Configuration File
-org.jolokia.authMode=basic
-org.jolokia.user=admin
-org.jolokia.password=admin
+
+# The default strategy is to use "service-all", which requires AAA to be installed to access
+# Jolokia REST endpoints at runtime.  AAA is responsible for creating and registering the
+# Authenticator service with the OSGi service registry.
+org.jolokia.authMode=service-all
+
+# The below may be uncommented by the operator to enable basic authentication for Jolokia. Prior
+# to the Oxygen release, only basic authentication was available.  This is provided to show how
+# backwards compatibility can be achieved.
+#org.jolokia.authMode=basic
+#org.jolokia.user=admin
+#org.jolokia.password=admin

©2013 OpenDaylight, A Linux Foundation Collaborative Project. All Rights Reserved.
OpenDaylight is a registered trademark of The OpenDaylight Project, Inc.
Linux Foundation and OpenDaylight are registered trademarks of the Linux Foundation.
Linux is a registered trademark of Linus Torvalds.