You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2014/05/07 07:52:20 UTC
git commit: [KARAF-2934]Role-based security for Shell/Console
commands - backport to 2.x branch-add JaasSshCommandSecurityTest
Repository: karaf
Updated Branches:
refs/heads/karaf-2.x 21c1d8d74 -> a08c8e1b7
[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add JaasSshCommandSecurityTest
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/a08c8e1b
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/a08c8e1b
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/a08c8e1b
Branch: refs/heads/karaf-2.x
Commit: a08c8e1b7689766f1e7438fac4b65b246c71ae32
Parents: 21c1d8d
Author: Freeman Fang <fr...@gmail.com>
Authored: Wed May 7 13:52:06 2014 +0800
Committer: Freeman Fang <fr...@gmail.com>
Committed: Wed May 7 13:52:06 2014 +0800
----------------------------------------------------------------------
.../itests/ConfigSshCommandSecurityTest.java | 2 +-
.../itests/JaasSshCommandSecurityTest.java | 48 ++++++++++++++++++++
2 files changed, 49 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/a08c8e1b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
index 6b72241..87fe488 100644
--- a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java
@@ -24,7 +24,7 @@ import org.ops4j.pax.exam.spi.reactors.PerClass;
/**
* This test exercises the Shell Command ACL for the config scope commands as defined in
- * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
+ * apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg
*/
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
http://git-wip-us.apache.org/repos/asf/karaf/blob/a08c8e1b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java
new file mode 100644
index 0000000..426de40
--- /dev/null
+++ b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.karaf.itests;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+
+/**
+ * This test exercises the Shell Command ACL for the jaas scope commands as defined in
+ * apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg
+ */
+public class JaasSshCommandSecurityTest extends SshCommandTestBase {
+ @Test
+ public void testJaasCommandSecurityViaSsh() throws Exception {
+ String vieweruser = "viewer" + System.nanoTime() + "_jaas";
+
+ addViewer(vieweruser);
+
+ String userName = "XXX" + System.nanoTime();
+ assertCommand(vieweruser, "jaas:manage --realm karaf;" +
+ "jaas:useradd " + userName + " pwd;" +
+ "jaas:update", Result.NOT_FOUND);
+ String r = assertCommand(vieweruser, "jaas:manage --realm karaf;" +
+ "jaas:users", Result.OK);
+ Assert.assertFalse("The viewer should not have the credentials to add the new user",
+ r.contains(userName));
+
+ assertCommand("karaf", "jaas:manage --realm karaf;" +
+ "jaas:useradd " + userName + " pwd;" +
+ "jaas:update", Result.OK);
+ String r2 = assertCommand(vieweruser, "jaas:manage --realm karaf;" +
+ "jaas:users", Result.OK);
+ Assert.assertTrue("The admin user should have the rights to add the new user",
+ r2.contains(userName));
+ }
+}