You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by da...@apache.org on 2013/11/25 15:36:32 UTC

svn commit: r1545300 - /karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java

Author: davidb
Date: Mon Nov 25 14:36:32 2013
New Revision: 1545300

URL: http://svn.apache.org/r1545300
Log:
Extra system test to ensure that you cannot log in as a groupname directly.

Modified:
    karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java

Modified: karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java
URL: http://svn.apache.org/viewvc/karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java?rev=1545300&r1=1545299&r2=1545300&view=diff
==============================================================================
--- karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java (original)
+++ karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java Mon Nov 25 14:36:32 2013
@@ -190,6 +190,50 @@ public class JMXSecurityTest extends Kar
         testOSGiConfigAdminMBean(connection, true, true);
     }
 
+    @Test
+    public void testJMXSecurityCannotLogInAsGroupDirectly() throws Exception {
+        String suffix = "_" + counter.incrementAndGet();
+        String managerUser = "managerUser" + System.currentTimeMillis() + suffix;
+        String managerGroup = "managerGroup" + System.currentTimeMillis() + suffix;
+        String viewerUser = "viewerUser" + System.currentTimeMillis() + suffix;
+
+        System.out.println(executeCommand("jaas:realm-manage --realm karaf" +
+            ";jaas:user-add " + managerUser + " " + managerUser +
+            ";jaas:group-add " + managerUser + " " + managerGroup +
+            ";jaas:group-role-add " + managerGroup + " viewer" +
+            ";jaas:group-role-add " + managerGroup + " manager" +
+            ";jaas:user-add " + viewerUser + " " + viewerUser +
+            ";jaas:role-add " + viewerUser + " viewer" +
+            ";jaas:update" +
+            ";jaas:realm-manage --realm karaf" +
+            ";jaas:user-list"));
+
+        try {
+            getJMXConnector("admingroup", "group");
+            fail("Login with a group name should have failed");
+        } catch (SecurityException se) {
+            // good
+        }
+        try {
+            getJMXConnector("_g_:admingroup", "group");
+            fail("Login with a group name should have failed");
+        } catch (SecurityException se) {
+            // good
+        }
+        try {
+            getJMXConnector(managerGroup, "group");
+            fail("Login with a group name should have failed");
+        } catch (SecurityException se) {
+            // good
+        }
+        try {
+            getJMXConnector("_g_:" + managerGroup, "group");
+            fail("Login with a group name should have failed");
+        } catch (SecurityException se) {
+            // good
+        }
+    }
+
     private void testJMXSecurityMBean(MBeanServerConnection connection, boolean isManager, boolean isAdmin)
             throws MalformedObjectNameException, InstanceNotFoundException, MBeanException, ReflectionException, IOException {
         ObjectName securityMBean = new ObjectName("org.apache.karaf:type=security,area=jmx,name=root");