By configuring each of the administrative functions to use a different role for authorization, you can provide fine grained control over who can monitor and manipulate running containers.
You can independently configure roles for the following different administrative protocols:
SSH (remote console login)
JMX management
Web console
The default role name for all of the administration protocols is set by the
karaf.admin.role property in the Fuse ESB's
etc/system.properties file. For example, the default setting of
karaf.admin.role is:
karaf.admin.role=admin
You have the option of overriding the default admin role set by
karaf.admin.role for each of the administrative protocols.
To override the default role for the remote console add a sshRole
property to the etc/org.apache.karaf.shell.cfg file. The following
sets the role to admin:
sshRole=admin
To override the default role for the remote console add a jmxRole
property to the etc/org.apache.karaf.management.cfg file. The
following sets the role to jmx:
jmxRole=jmx
The Web console is configured through the OSGi Configuration Admin service
and uses the
EsbInstallDir/etc/org.ops4j.pax.web.cfg
If it does not already exist, you must create this file. It is an XML file that
contains a single config element as shown in
Example 2.6.
Example 2.6. Web console configuration file
<config name="org.apache.karaf.webconsole"> realm=karaf role=fuseadmin </config>
 |  |  |
 |
