You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/06 08:41:52 UTC
git commit: [KARAF-2934]Role-based security for Shell/Console
commands - backport to 2.x branch-fix itests failure caused by new added ACL
file
Repository: karaf
Updated Branches:
refs/heads/karaf-2.x 3fec576a1 -> b67977120
[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-fix itests failure caused by new added ACL file
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/b6797712
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/b6797712
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/b6797712
Branch: refs/heads/karaf-2.x
Commit: b679771205a5feed0939c7aab03922e25e4d3ef7
Parents: 3fec576
Author: Freeman Fang <fr...@gmail.com>
Authored: Tue May 6 14:41:27 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Tue May 6 14:41:27 2014 +0800
----------------------------------------------------------------------
.../org/apache/karaf/itests/FeaturesTest.java | 5 +-
.../apache/karaf/itests/JMXSecurityTest.java | 8 ++-
.../apache/karaf/itests/KarafTestSupport.java | 70 ++++++++++++++------
.../java/org/apache/karaf/itests/ObrTest.java | 4 +-
.../java/org/apache/karaf/itests/OsgiTest.java | 5 +-
.../org/apache/karaf/itests/WrapperTest.java | 4 +-
6 files changed, 66 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/b6797712/itests/src/test/java/org/apache/karaf/itests/FeaturesTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/FeaturesTest.java b/itests/src/test/java/org/apache/karaf/itests/FeaturesTest.java
index 1c02ddb..2c940bf 100644
--- a/itests/src/test/java/org/apache/karaf/itests/FeaturesTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/FeaturesTest.java
@@ -21,6 +21,7 @@ import javax.management.ObjectName;
import javax.management.openmbean.TabularData;
import javax.management.remote.JMXConnector;
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.ops4j.pax.exam.junit.PaxExam;
@@ -58,13 +59,13 @@ public class FeaturesTest extends KarafTestSupport {
@Test
public void installUninstallCommand() throws Exception {
- String featureInstallOutput = executeCommand("features:install -v eventadmin");
+ String featureInstallOutput = executeCommand("features:install -v eventadmin", new RolePrincipal("admin"));
System.out.println(featureInstallOutput);
assertFalse(featureInstallOutput.isEmpty());
String featureListOutput = executeCommand("features:list -i | grep eventadmin");
System.out.println(featureListOutput);
assertFalse(featureListOutput.isEmpty());
- System.out.println(executeCommand("features:uninstall eventadmin"));
+ System.out.println(executeCommand("features:uninstall eventadmin", new RolePrincipal("admin")));
featureListOutput = executeCommand("features:list -i | grep eventadmin");
System.out.println(featureListOutput);
assertTrue(featureListOutput.isEmpty());
http://git-wip-us.apache.org/repos/asf/karaf/blob/b6797712/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
index aeb60e9..fac0b88 100644
--- a/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
@@ -50,6 +50,8 @@ import javax.management.remote.JMXConnector;
import org.junit.Test;
import org.junit.runner.RunWith;
+
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.ops4j.pax.exam.Configuration;
import org.ops4j.pax.exam.Option;
import org.ops4j.pax.exam.junit.PaxExam;
@@ -92,7 +94,7 @@ public class JMXSecurityTest extends KarafTestSupport {
";jaas:roleadd " + viewerUser + " viewer" +
";jaas:update" +
";jaas:manage --realm karaf" +
- ";jaas:users"));
+ ";jaas:users", new RolePrincipal("admin")));
JMXConnector connector = getJMXConnector(viewerUser, viewerUser);
MBeanServerConnection connection = connector.getMBeanServerConnection();
@@ -133,7 +135,7 @@ public class JMXSecurityTest extends KarafTestSupport {
";jaas:roleadd " + viewerUser + " viewer" +
";jaas:update" +
";jaas:manage --realm karaf" +
- ";jaas:users"));
+ ";jaas:users", new RolePrincipal("admin")));
JMXConnector connector = getJMXConnector(managerUser, managerUser);
MBeanServerConnection connection = connector.getMBeanServerConnection();
@@ -207,7 +209,7 @@ public class JMXSecurityTest extends KarafTestSupport {
";jaas:roleadd " + viewerUser + " viewer" +
";jaas:update" +
";jaas:manage --realm karaf" +
- ";jaas:users"));
+ ";jaas:users", new RolePrincipal("admin")));
try {
getJMXConnector("admingroup", "group");
http://git-wip-us.apache.org/repos/asf/karaf/blob/b6797712/itests/src/test/java/org/apache/karaf/itests/KarafTestSupport.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/KarafTestSupport.java b/itests/src/test/java/org/apache/karaf/itests/KarafTestSupport.java
index 19c7d1c..87d3cd5 100644
--- a/itests/src/test/java/org/apache/karaf/itests/KarafTestSupport.java
+++ b/itests/src/test/java/org/apache/karaf/itests/KarafTestSupport.java
@@ -13,7 +13,6 @@
*/
package org.apache.karaf.itests;
-import static org.junit.Assert.assertTrue;
import static org.ops4j.pax.exam.CoreOptions.maven;
import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.karafDistributionConfiguration;
import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.keepRuntimeFolder;
@@ -22,6 +21,8 @@ import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.logLevel;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.PrintStream;
+import java.security.Principal;
+import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -38,6 +39,7 @@ import javax.inject.Inject;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
+import javax.security.auth.Subject;
import org.apache.felix.service.command.CommandProcessor;
import org.apache.felix.service.command.CommandSession;
@@ -91,44 +93,68 @@ public class KarafTestSupport {
* Executes a shell command and returns output as a String.
* Commands have a default timeout of 10 seconds.
*
- * @param command
+ * @param command The command to execute
+ * @param principals The principals (e.g. RolePrincipal objects) to run the command under
* @return
*/
- protected String executeCommand(final String command) {
- return executeCommand(command, COMMAND_TIMEOUT, false);
+ protected String executeCommand(final String command, Principal ... principals) {
+ return executeCommand(command, COMMAND_TIMEOUT, false, principals);
}
/**
* Executes a shell command and returns output as a String.
* Commands have a default timeout of 10 seconds.
*
- * @param command The command to execute.
- * @param timeout The amount of time in millis to wait for the command to execute.
- * @param silent Specifies if the command should be displayed in the screen.
+ * @param command The command to execute.
+ * @param timeout The amount of time in millis to wait for the command to execute.
+ * @param silent Specifies if the command should be displayed in the screen.
+ * @param principals The principals (e.g. RolePrincipal objects) to run the command under
* @return
*/
- protected String executeCommand(final String command, final Long timeout, final Boolean silent) {
+ protected String executeCommand(final String command, final Long timeout, final Boolean silent, final Principal ... principals) {
+
waitForCommandService(command);
String response;
final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
final PrintStream printStream = new PrintStream(byteArrayOutputStream);
final CommandProcessor commandProcessor = getOsgiService(CommandProcessor.class);
final CommandSession commandSession = commandProcessor.createSession(System.in, printStream, System.err);
- FutureTask<String> commandFuture = new FutureTask<String>(
- new Callable<String>() {
- public String call() {
- try {
- if (!silent) {
- System.err.println(command);
- }
- commandSession.execute(command);
- } catch (Exception e) {
- e.printStackTrace(System.err);
- }
- printStream.flush();
- return byteArrayOutputStream.toString();
+ final Callable<String> commandCallable = new Callable<String>() {
+ @Override
+ public String call() throws Exception {
+ try {
+ if (!silent) {
+ System.err.println(command);
}
- });
+ commandSession.execute(command);
+ } catch (Exception e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ printStream.flush();
+ return byteArrayOutputStream.toString();
+ }
+ };
+
+ FutureTask<String> commandFuture;
+ if (principals.length == 0) {
+ commandFuture = new FutureTask<String>(commandCallable);
+ } else {
+ // If principals are defined, run the command callable via Subject.doAs()
+ commandFuture = new FutureTask<String>(new Callable<String>() {
+ @Override
+ public String call() throws Exception {
+ Subject subject = new Subject();
+ subject.getPrincipals().addAll(Arrays.asList(principals));
+ return Subject.doAs(subject, new PrivilegedExceptionAction<String>() {
+ @Override
+ public String run() throws Exception {
+ return commandCallable.call();
+ }
+ });
+ }
+ });
+ }
+
try {
executor.submit(commandFuture);
http://git-wip-us.apache.org/repos/asf/karaf/blob/b6797712/itests/src/test/java/org/apache/karaf/itests/ObrTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/ObrTest.java b/itests/src/test/java/org/apache/karaf/itests/ObrTest.java
index ab968da..6cbb21d 100644
--- a/itests/src/test/java/org/apache/karaf/itests/ObrTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/ObrTest.java
@@ -25,6 +25,8 @@ import javax.management.remote.JMXConnector;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
+
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.ops4j.pax.exam.junit.PaxExam;
import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
import org.ops4j.pax.exam.spi.reactors.PerMethod;
@@ -35,7 +37,7 @@ public class ObrTest extends KarafTestSupport {
@Before
public void installObrFeature() throws Exception {
- System.out.println(executeCommand("features:install obr"));
+ System.out.println(executeCommand("features:install obr", new RolePrincipal("admin") ));
// give it time on faster machines to complete
Thread.sleep(500);
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/b6797712/itests/src/test/java/org/apache/karaf/itests/OsgiTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/OsgiTest.java b/itests/src/test/java/org/apache/karaf/itests/OsgiTest.java
index 1dfa6df..1619acd 100644
--- a/itests/src/test/java/org/apache/karaf/itests/OsgiTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/OsgiTest.java
@@ -24,6 +24,8 @@ import javax.management.remote.JMXConnector;
import org.junit.Test;
import org.junit.runner.RunWith;
+
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.ops4j.pax.exam.junit.PaxExam;
import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
import org.ops4j.pax.exam.spi.reactors.PerMethod;
@@ -87,7 +89,8 @@ public class OsgiTest extends KarafTestSupport {
@Test
public void installCommand() throws Exception {
- String installOutput = executeCommand("osgi:install mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-lang/2.4_6");
+ String installOutput = executeCommand("osgi:install mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.commons-lang/2.4_6",
+ new RolePrincipal("admin"));
System.out.println(installOutput);
String listOutput = executeCommand("osgi:list | grep -i commons-lang");
assertFalse(listOutput.isEmpty());
http://git-wip-us.apache.org/repos/asf/karaf/blob/b6797712/itests/src/test/java/org/apache/karaf/itests/WrapperTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/WrapperTest.java b/itests/src/test/java/org/apache/karaf/itests/WrapperTest.java
index cc14380..13f924b 100644
--- a/itests/src/test/java/org/apache/karaf/itests/WrapperTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/WrapperTest.java
@@ -18,6 +18,8 @@ import static org.junit.Assert.assertFalse;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
+
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.ops4j.pax.exam.junit.PaxExam;
import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
import org.ops4j.pax.exam.spi.reactors.PerMethod;
@@ -28,7 +30,7 @@ public class WrapperTest extends KarafTestSupport {
@Before
public void installObrFeature() throws Exception {
- System.out.println(executeCommand("features:install wrapper"));
+ System.out.println(executeCommand("features:install wrapper", new RolePrincipal("admin")));
// give it time on faster machines to complete
Thread.sleep(500);
}