You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/07 07:52:20 UTC
git commit: [KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add JaasSshCommandSecurityTest

Repository: karaf
Updated Branches:
  refs/heads/karaf-2.x 21c1d8d74 -> a08c8e1b7


[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add JaasSshCommandSecurityTest


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/a08c8e1b
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/a08c8e1b
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/a08c8e1b

Branch: refs/heads/karaf-2.x
Commit: a08c8e1b7689766f1e7438fac4b65b246c71ae32
Parents: 21c1d8d
Author: Freeman Fang <fr...@gmail.com>
Authored: Wed May 7 13:52:06 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Wed May 7 13:52:06 2014 +0800

----------------------------------------------------------------------
 .../itests/ConfigSshCommandSecurityTest.java    |  2 +-
 .../itests/JaasSshCommandSecurityTest.java      | 48 ++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/a08c8e1b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
index 6b72241..87fe488 100644
--- a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
@@ -24,7 +24,7 @@ import org.ops4j.pax.exam.spi.reactors.PerClass;
 
 /**
  * This test exercises the Shell Command ACL for the config scope commands as defined in
- * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
+ * apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg
  */
 @RunWith(PaxExam.class)
 @ExamReactorStrategy(PerClass.class)

http://git-wip-us.apache.org/repos/asf/karaf/blob/a08c8e1b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java
new file mode 100644
index 0000000..426de40
--- /dev/null
+++ b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.itests;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+
+/**
+ * This test exercises the Shell Command ACL for the jaas scope commands as defined in
+ * apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg
+ */
+public class JaasSshCommandSecurityTest extends SshCommandTestBase {
+    @Test
+    public void testJaasCommandSecurityViaSsh() throws Exception {
+        String vieweruser = "viewer" + System.nanoTime() + "_jaas";
+
+        addViewer(vieweruser);
+
+        String userName = "XXX" + System.nanoTime();
+        assertCommand(vieweruser, "jaas:manage --realm karaf;" +
+        		"jaas:useradd " + userName + " pwd;" +
+				"jaas:update", Result.NOT_FOUND);
+        String r = assertCommand(vieweruser, "jaas:manage --realm karaf;" +
+				"jaas:users", Result.OK);
+        Assert.assertFalse("The viewer should not have the credentials to add the new user",
+                r.contains(userName));
+
+        assertCommand("karaf", "jaas:manage --realm karaf;" +
+                "jaas:useradd " + userName + " pwd;" +
+                "jaas:update", Result.OK);
+        String r2 = assertCommand(vieweruser, "jaas:manage --realm karaf;" +
+                "jaas:users", Result.OK);
+        Assert.assertTrue("The admin user should have the rights to add the new user",
+                r2.contains(userName));
+    }
+}