You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/06 06:31:48 UTC
git commit: [KARAF-2934]Role-based security for Shell/Console
commands - backport to 2.x branch-add some ACL configuration files
Repository: karaf
Updated Branches:
refs/heads/karaf-2.x 857d0735d -> 3fec576a1
[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add some ACL configuration files
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/3fec576a
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/3fec576a
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/3fec576a
Branch: refs/heads/karaf-2.x
Commit: 3fec576a1379a7924ac6977a7fa73465cac17778
Parents: 857d073
Author: Freeman Fang <fr...@gmail.com>
Authored: Tue May 6 12:31:32 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Tue May 6 12:31:32 2014 +0800
----------------------------------------------------------------------
.../etc/org.apache.karaf.command.acl.config.cfg | 45 ++++++++++++++++++++
.../org.apache.karaf.command.acl.features.cfg | 27 ++++++++++++
.../etc/org.apache.karaf.command.acl.jaas.cfg | 27 ++++++++++++
.../etc/org.apache.karaf.command.acl.osgi.cfg | 44 +++++++++++++++++++
.../etc/org.apache.karaf.command.acl.shell.cfg | 29 +++++++++++++
5 files changed, 172 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/3fec576a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg
new file mode 100644
index 0000000..e9a5be2
--- /dev/null
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg
@@ -0,0 +1,45 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#
+# This configuration file defines the ACLs for various commands in the config subshell
+#
+# For an explanation of the syntax of this file, see the file:
+# org.apache.karaf.command.acl.system.cfg
+#
+
+cancel = manager
+delete = admin
+edit = manager
+edit[/.*jmx[.]acl.*/] = admin
+edit[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+edit[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+property-append = manager
+property-append[/.*jmx[.]acl.*/] = admin
+property-append[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+property-append[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+property-delete = manager
+property-delete[/.*jmx[.]acl.*/] = admin
+property-delete[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+property-delete[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+property-set = manager
+property-set[/.*jmx[.]acl.*/] = admin
+property-set[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+property-set[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+update = manager
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/3fec576a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.features.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.features.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.features.cfg
new file mode 100644
index 0000000..fd41ab9
--- /dev/null
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.features.cfg
@@ -0,0 +1,27 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#
+# This configuration file defines the ACLs for commands in the kar subshell
+#
+# For an explanation of the syntax of this file, see the file:
+# org.apache.karaf.command.acl.system.cfg
+#
+install = admin
+uninstall = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/3fec576a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg
new file mode 100644
index 0000000..0c0644b
--- /dev/null
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg
@@ -0,0 +1,27 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#
+# This configuration file defines the ACLs for commands in the jaas subshell
+#
+# For an explanation of the syntax of this file, see the file:
+# org.apache.karaf.command.acl.system.cfg
+#
+# Jaas commands commands have no effect until update is called.
+update = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/3fec576a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
new file mode 100644
index 0000000..d50320e
--- /dev/null
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.osgi.cfg
@@ -0,0 +1,44 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#
+# This configuration file defines the ACLs for commands in the bundle subshell
+#
+# For an explanation of the syntax of this file, see the file:
+# org.apache.karaf.command.acl.system.cfg
+#
+# This configuration relies on the fact that 'system' bundles need to be managed
+# with the
+# -f (--force)
+# flag. Operations with -f need admin permission. Most of these operations without
+# the 'force' option can be done by a manager.
+install = admin
+refresh[/.*[-][f].*/] = admin
+refresh = manager
+restart[/.*[-][f].*/] = admin
+restart = manager
+start[/.*[-][f].*/] = admin
+start = manager
+stop[/.*[-][f].*/] = admin
+stop = manager
+uninstall[/.*[-][f].*/] = admin
+uninstall = manager
+update[/.*[-][f].*/] = admin
+update = manager
+watch = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/3fec576a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.shell.cfg
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.shell.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.shell.cfg
new file mode 100644
index 0000000..28880b6
--- /dev/null
+++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.shell.cfg
@@ -0,0 +1,29 @@
+################################################################################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+#
+# This configuration file defines the ACLs for commands in the shell subshell
+#
+# For an explanation of the syntax of this file, see the file:
+# org.apache.karaf.command.acl.system.cfg
+#
+edit = admin
+exec = admin
+new = admin
+java = admin