You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/07 08:47:08 UTC
git commit: [KARAF-2934]Role-based security for Shell/Console
commands - backport to 2.x branch-add more test in OsgiSshCommandSecurityTest
Repository: karaf
Updated Branches:
refs/heads/karaf-2.x e14acd0c8 -> 30becb18f
[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add more test in OsgiSshCommandSecurityTest
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/30becb18
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/30becb18
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/30becb18
Branch: refs/heads/karaf-2.x
Commit: 30becb18f75e54cb1700535be078f82197d1b87f
Parents: e14acd0
Author: Freeman Fang <fr...@gmail.com>
Authored: Wed May 7 14:46:38 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Wed May 7 14:46:38 2014 +0800
----------------------------------------------------------------------
.../etc/org.apache.karaf.command.acl.osgi.cfg | 4 ++++
.../itests/OsgiSshCommandSecurityTest.java | 25 +++++++++++++++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/30becb18/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
index 0d03627..7852cf8 100644
--- a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
@@ -64,3 +64,7 @@ uninstall = manager
update[/.*[-][f].*/] = admin
update = manager
watch = admin
+shutdown = admin
+start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100
+start-level[/[^0-9]*/] = viewer # viewer can obtain the current start level
+start-level = admin # admin can set any start level, including < 100
http://git-wip-us.apache.org/repos/asf/karaf/blob/30becb18/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
index 0aabc82..d2cb4ba 100644
--- a/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
@@ -13,6 +13,8 @@
*/
package org.apache.karaf.itests;
+import junit.framework.Assert;
+
import org.junit.Test;
import org.junit.runner.RunWith;
import org.ops4j.pax.exam.junit.PaxExam;
@@ -29,7 +31,7 @@ public class OsgiSshCommandSecurityTest extends SshCommandTestBase {
private static int counter = 0;
@Test
- public void testBundleCommandSecurityViaSsh() throws Exception {
+ public void testOsgiCommandSecurityViaSsh() throws Exception {
String manageruser = "man" + System.nanoTime() + "_" + counter++;
String vieweruser = "view" + System.nanoTime() + "_" + counter++;
@@ -74,5 +76,26 @@ public class OsgiSshCommandSecurityTest extends SshCommandTestBase {
assertCommand(vieweruser, "osgi:install xyz", Result.NOT_FOUND);
assertCommand(manageruser, "osgi:install xyz", Result.NOT_FOUND);
assertCommand("karaf", "osgi:install xyz", Result.OK);
+
+ assertCommand(vieweruser, "osgi:name", Result.OK);
+ assertCommand(vieweruser, "osgi:start-level", Result.OK);
+ assertCommand(vieweruser, "osgi:start-level 150", Result.NO_CREDENTIALS);
+ assertCommand(vieweruser, "osgi:shutdown", Result.NOT_FOUND);
+
+ assertCommand(manageruser, "osgi:name", Result.OK);
+ assertCommand(manageruser, "osgi:start-level", Result.OK);
+ assertCommand(manageruser, "osgi:start-level 0", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "osgi:start-level 1 ", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "osgi:start-level 99", Result.NO_CREDENTIALS);
+ assertCommand(manageruser, "osgi:start-level 105", Result.OK);
+ assertCommand(manageruser, "osgi:shutdown", Result.NOT_FOUND);
+
+ assertCommand("karaf", "osgi:name", Result.OK);
+ assertCommand("karaf", "osgi:start-level", Result.OK);
+ assertCommand("karaf", "osgi:start-level 99", Result.OK);
+ Assert.assertTrue(assertCommand("karaf", "osgi:start-level", Result.OK).contains("99"));
+ assertCommand("karaf", "osgi:start-level 100", Result.OK);
+ assertCommand("karaf", "osgi:shutdown --help", Result.OK);
+
}
}