You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2016/06/30 02:52:00 UTC

karaf git commit: [KARAF-4600] RBAC - MBean fails to resolve ACL if the order of properties in object name differs

Repository: karaf
Updated Branches:
  refs/heads/master d082f8239 -> ce1b77813


[KARAF-4600] RBAC - MBean fails to resolve ACL if the order of properties in object name differs


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/ce1b7781
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/ce1b7781
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/ce1b7781

Branch: refs/heads/master
Commit: ce1b778138d4eee7992b25386aa19c6a7edaf384
Parents: d082f82
Author: Tadayoshi Sato <sa...@gmail.com>
Authored: Thu Jun 30 11:22:17 2016 +0900
Committer: Tadayoshi Sato <sa...@gmail.com>
Committed: Thu Jun 30 11:22:17 2016 +0900

----------------------------------------------------------------------
 .../karaf/management/KarafMBeanServerGuard.java |  4 ++--
 .../management/KarafMBeanServerGuardTest.java   | 21 ++++++++++++++++++++
 2 files changed, 23 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/ce1b7781/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
----------------------------------------------------------------------
diff --git a/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java b/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
index 831ab47..7530d7d 100644
--- a/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
+++ b/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
@@ -405,7 +405,7 @@ public class KarafMBeanServerGuard implements InvocationHandler {
         segments.add(objectName.getDomain());
         // TODO can an ObjectName property contain a comma as key or value ?
         // TODO support quoting as described in http://docs.oracle.com/javaee/1.4/api/javax/management/ObjectName.html
-        for (String s : objectName.getKeyPropertyListString().split("[,]")) {
+        for (String s : objectName.getCanonicalKeyPropertyListString().split("[,]")) {
             int index = s.indexOf('=');
             if (index < 0) {
                 continue;
@@ -417,7 +417,7 @@ public class KarafMBeanServerGuard implements InvocationHandler {
                 segments.add(key);
             }
         }
-        
+
         return segments;
     }
 

http://git-wip-us.apache.org/repos/asf/karaf/blob/ce1b7781/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java
----------------------------------------------------------------------
diff --git a/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java b/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java
index 3f69158..318ec34 100644
--- a/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java
+++ b/management/server/src/test/java/org/apache/karaf/management/KarafMBeanServerGuardTest.java
@@ -353,6 +353,27 @@ public class KarafMBeanServerGuardTest extends TestCase {
                 guard.getRequiredRoles(on3, "foo", new Object[]{}, new String[]{}));
     }
 
+    public void testRequiredRolesHierarchyCanonical() throws Exception {
+        Dictionary<String, Object> conf = new Hashtable<String, Object>();
+        conf.put("foo", "viewer");
+        conf.put(Constants.SERVICE_PID, "jmx.acl.foo.bar.Test.AAA.BBB");
+        ConfigurationAdmin ca = getMockConfigAdmin2(conf);
+
+        KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
+        guard.setConfigAdmin(ca);
+
+        // Canonical object name
+        ObjectName on1 = ObjectName.getInstance("foo.bar:prop1=AAA,prop2=BBB,type=Test");
+        assertEquals("Canonical ObjectName should work",
+                Collections.singletonList("viewer"),
+                guard.getRequiredRoles(on1, "foo", new String[]{}));
+        // Non-canonical object name
+        ObjectName on2 = ObjectName.getInstance("foo.bar:type=Test,prop2=BBB,prop1=AAA");
+        assertEquals("Non-canonical ObjectName should also work",
+                Collections.singletonList("viewer"),
+                guard.getRequiredRoles(on2, "foo", new String[]{}));
+    }
+
     public void testRequiredRolesMethodNameWildcard() throws Exception {
         Dictionary<String, Object> configuration = new Hashtable<String, Object>();
         configuration.put("getFoo", "viewer");