You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/07 08:47:08 UTC

git commit: [KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add more test in OsgiSshCommandSecurityTest

Repository: karaf
Updated Branches:
  refs/heads/karaf-2.x e14acd0c8 -> 30becb18f


[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add more test in  OsgiSshCommandSecurityTest


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/30becb18
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/30becb18
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/30becb18

Branch: refs/heads/karaf-2.x
Commit: 30becb18f75e54cb1700535be078f82197d1b87f
Parents: e14acd0
Author: Freeman Fang <fr...@gmail.com>
Authored: Wed May 7 14:46:38 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Wed May 7 14:46:38 2014 +0800

----------------------------------------------------------------------
 .../etc/org.apache.karaf.command.acl.osgi.cfg   |  4 ++++
 .../itests/OsgiSshCommandSecurityTest.java      | 25 +++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/30becb18/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
index 0d03627..7852cf8 100644
--- a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
@@ -64,3 +64,7 @@ uninstall = manager
 update[/.*[-][f].*/] = admin
 update = manager
 watch = admin
+shutdown = admin
+start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100
+start-level[/[^0-9]*/] = viewer               # viewer can obtain the current start level
+start-level = admin                           # admin can set any start level, including < 100

http://git-wip-us.apache.org/repos/asf/karaf/blob/30becb18/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
index 0aabc82..d2cb4ba 100644
--- a/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/OsgiSshCommandSecurityTest.java
@@ -13,6 +13,8 @@
  */
 package org.apache.karaf.itests;
 
+import junit.framework.Assert;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.ops4j.pax.exam.junit.PaxExam;
@@ -29,7 +31,7 @@ public class OsgiSshCommandSecurityTest extends SshCommandTestBase {
     private static int counter = 0;
 
     @Test
-    public void testBundleCommandSecurityViaSsh() throws Exception {
+    public void testOsgiCommandSecurityViaSsh() throws Exception {
         String manageruser = "man" + System.nanoTime() + "_" + counter++;
         String vieweruser = "view" + System.nanoTime() + "_" + counter++;
 
@@ -74,5 +76,26 @@ public class OsgiSshCommandSecurityTest extends SshCommandTestBase {
         assertCommand(vieweruser, "osgi:install xyz", Result.NOT_FOUND);
         assertCommand(manageruser, "osgi:install xyz", Result.NOT_FOUND);
         assertCommand("karaf", "osgi:install xyz", Result.OK);
+        
+        assertCommand(vieweruser, "osgi:name", Result.OK);
+        assertCommand(vieweruser, "osgi:start-level", Result.OK);
+        assertCommand(vieweruser, "osgi:start-level 150", Result.NO_CREDENTIALS);
+        assertCommand(vieweruser, "osgi:shutdown", Result.NOT_FOUND);
+
+        assertCommand(manageruser, "osgi:name", Result.OK);
+        assertCommand(manageruser, "osgi:start-level", Result.OK);
+        assertCommand(manageruser, "osgi:start-level 0", Result.NO_CREDENTIALS);
+        assertCommand(manageruser, "osgi:start-level  1 ", Result.NO_CREDENTIALS);
+        assertCommand(manageruser, "osgi:start-level 99", Result.NO_CREDENTIALS);
+        assertCommand(manageruser, "osgi:start-level 105", Result.OK);
+        assertCommand(manageruser, "osgi:shutdown", Result.NOT_FOUND);
+
+        assertCommand("karaf", "osgi:name", Result.OK);
+        assertCommand("karaf", "osgi:start-level", Result.OK);
+        assertCommand("karaf", "osgi:start-level 99", Result.OK);
+        Assert.assertTrue(assertCommand("karaf", "osgi:start-level", Result.OK).contains("99"));
+        assertCommand("karaf", "osgi:start-level 100", Result.OK);
+        assertCommand("karaf", "osgi:shutdown --help", Result.OK);
+
     }
 }