You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by da...@apache.org on 2014/02/11 18:04:12 UTC

git commit: Itests for the system command shell security ACL

Updated Branches:
  refs/heads/master bf6705f1e -> 8fbcb873f


Itests for the system command shell security ACL

Also renamed the test names in the Kar and Shell command tests as they
were wrongly named.


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/8fbcb873
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/8fbcb873
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/8fbcb873

Branch: refs/heads/master
Commit: 8fbcb873f467157d529b92393b8a6b6b0e1284a4
Parents: bf6705f
Author: David Bosschaert <da...@apache.org>
Authored: Tue Feb 11 17:00:27 2014 +0000
Committer: David Bosschaert <da...@apache.org>
Committed: Tue Feb 11 17:00:27 2014 +0000

----------------------------------------------------------------------
 .../karaf/itests/KarSshCommandSecurityTest.java |  2 +-
 .../karaf/itests/ShellCommandSecurityTest.java  |  2 +-
 .../karaf/itests/SystemCommandSecurityTest.java | 63 ++++++++++++++++++++
 3 files changed, 65 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/8fbcb873/itests/src/test/java/org/apache/karaf/itests/KarSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/KarSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/KarSshCommandSecurityTest.java
index e94c33e..e4ca49c 100644
--- a/itests/src/test/java/org/apache/karaf/itests/KarSshCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/KarSshCommandSecurityTest.java
@@ -28,7 +28,7 @@ import org.ops4j.pax.exam.spi.reactors.PerClass;
 public class KarSshCommandSecurityTest extends SshCommandTestBase {
     private static int counter = 0;
     @Test
-    public void testConfigCommandSecurityViaSsh() throws Exception {
+    public void testKarCommandSecurityViaSsh() throws Exception {
         String vieweruser = "view" + System.nanoTime() + "_" + counter++;
 
         addViewer(vieweruser);

http://git-wip-us.apache.org/repos/asf/karaf/blob/8fbcb873/itests/src/test/java/org/apache/karaf/itests/ShellCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/ShellCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/ShellCommandSecurityTest.java
index 7fec653..d365211 100644
--- a/itests/src/test/java/org/apache/karaf/itests/ShellCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/ShellCommandSecurityTest.java
@@ -28,7 +28,7 @@ import org.ops4j.pax.exam.spi.reactors.PerClass;
 public class ShellCommandSecurityTest extends SshCommandTestBase {
     private static int counter = 0;
     @Test
-    public void testConfigCommandSecurityViaSsh() throws Exception {
+    public void testShellCommandSecurityViaSsh() throws Exception {
         String vieweruser = "view" + System.nanoTime() + "_" + counter++;
 
         addViewer(vieweruser);

http://git-wip-us.apache.org/repos/asf/karaf/blob/8fbcb873/itests/src/test/java/org/apache/karaf/itests/SystemCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/SystemCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/SystemCommandSecurityTest.java
new file mode 100644
index 0000000..b888e28
--- /dev/null
+++ b/itests/src/test/java/org/apache/karaf/itests/SystemCommandSecurityTest.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.itests;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.junit.PaxExam;
+import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
+import org.ops4j.pax.exam.spi.reactors.PerClass;
+
+/**
+ * This test exercises the Shell Command ACL for the system scope commands as defined in
+ * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg
+ */
+@RunWith(PaxExam.class)
+@ExamReactorStrategy(PerClass.class)
+public class SystemCommandSecurityTest extends SshCommandTestBase {
+    private static int counter = 0;
+    @Test
+    public void testSystemCommandSecurityViaSsh() throws Exception {
+        String manageruser = "man" + System.nanoTime() + "_" + counter++;
+        String vieweruser = "view" + System.nanoTime() + "_" + counter++;
+
+        addUsers(manageruser, vieweruser);
+
+
+        assertCommand(vieweruser, "system:name", Result.OK);
+        assertCommand(vieweruser, "system:start-level", Result.OK);
+        assertCommand(vieweruser, "system:start-level 150", Result.NO_CREDENTIALS);
+        assertCommand(vieweruser, "system:property", Result.NOT_FOUND);
+        assertCommand(vieweruser, "system:shutdown", Result.NOT_FOUND);
+
+        assertCommand(manageruser, "system:name", Result.OK);
+        assertCommand(manageruser, "system:start-level", Result.OK);
+        assertCommand(manageruser, "system:start-level 0", Result.NO_CREDENTIALS);
+        assertCommand(manageruser, "system:start-level  1 ", Result.NO_CREDENTIALS);
+        assertCommand(manageruser, "system:start-level 99", Result.NO_CREDENTIALS);
+        assertCommand(manageruser, "system:start-level 105", Result.OK);
+        assertCommand(manageruser, "system:property", Result.NOT_FOUND);
+        assertCommand(manageruser, "system:shutdown", Result.NOT_FOUND);
+
+        assertCommand("karaf", "system:name", Result.OK);
+        assertCommand("karaf", "system:start-level", Result.OK);
+        assertCommand("karaf", "system:start-level 99", Result.OK);
+        Assert.assertTrue(assertCommand("karaf", "system:start-level", Result.OK).contains("99"));
+        assertCommand("karaf", "system:start-level 100", Result.OK);
+        assertCommand("karaf", "system:property vieweruser " + vieweruser, Result.OK);
+        Assert.assertTrue(assertCommand("karaf", "system:property vieweruser", Result.OK).contains(vieweruser));
+        assertCommand("karaf", "system:shutdown --help", Result.OK);
+    }
+}