You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by da...@apache.org on 2013/11/25 15:36:32 UTC
svn commit: r1545300 -
/karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
Author: davidb
Date: Mon Nov 25 14:36:32 2013
New Revision: 1545300
URL: http://svn.apache.org/r1545300
Log:
Extra system test to ensure that you cannot log in as a groupname directly.
Modified:
karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
Modified: karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
URL: http://svn.apache.org/viewvc/karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java?rev=1545300&r1=1545299&r2=1545300&view=diff
==============================================================================
--- karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java (original)
+++ karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java Mon Nov 25 14:36:32 2013
@@ -190,6 +190,50 @@ public class JMXSecurityTest extends Kar
testOSGiConfigAdminMBean(connection, true, true);
}
+ @Test
+ public void testJMXSecurityCannotLogInAsGroupDirectly() throws Exception {
+ String suffix = "_" + counter.incrementAndGet();
+ String managerUser = "managerUser" + System.currentTimeMillis() + suffix;
+ String managerGroup = "managerGroup" + System.currentTimeMillis() + suffix;
+ String viewerUser = "viewerUser" + System.currentTimeMillis() + suffix;
+
+ System.out.println(executeCommand("jaas:realm-manage --realm karaf" +
+ ";jaas:user-add " + managerUser + " " + managerUser +
+ ";jaas:group-add " + managerUser + " " + managerGroup +
+ ";jaas:group-role-add " + managerGroup + " viewer" +
+ ";jaas:group-role-add " + managerGroup + " manager" +
+ ";jaas:user-add " + viewerUser + " " + viewerUser +
+ ";jaas:role-add " + viewerUser + " viewer" +
+ ";jaas:update" +
+ ";jaas:realm-manage --realm karaf" +
+ ";jaas:user-list"));
+
+ try {
+ getJMXConnector("admingroup", "group");
+ fail("Login with a group name should have failed");
+ } catch (SecurityException se) {
+ // good
+ }
+ try {
+ getJMXConnector("_g_:admingroup", "group");
+ fail("Login with a group name should have failed");
+ } catch (SecurityException se) {
+ // good
+ }
+ try {
+ getJMXConnector(managerGroup, "group");
+ fail("Login with a group name should have failed");
+ } catch (SecurityException se) {
+ // good
+ }
+ try {
+ getJMXConnector("_g_:" + managerGroup, "group");
+ fail("Login with a group name should have failed");
+ } catch (SecurityException se) {
+ // good
+ }
+ }
+
private void testJMXSecurityMBean(MBeanServerConnection connection, boolean isManager, boolean isAdmin)
throws MalformedObjectNameException, InstanceNotFoundException, MBeanException, ReflectionException, IOException {
ObjectName securityMBean = new ObjectName("org.apache.karaf:type=security,area=jmx,name=root");