You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by gn...@apache.org on 2014/11/27 16:04:42 UTC
[2/2] karaf git commit: [KARAF-3389] Move security configurations
(for commands and jmx) to their respective features
[KARAF-3389] Move security configurations (for commands and jmx) to their respective features
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/5a6ee1b4
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/5a6ee1b4
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/5a6ee1b4
Branch: refs/heads/master
Commit: 5a6ee1b48aca0881a622b4bbd34cc88145f21b90
Parents: c4c54f2
Author: Guillaume Nodet <gn...@gmail.com>
Authored: Thu Nov 27 14:55:24 2014 +0100
Committer: Guillaume Nodet <gn...@gmail.com>
Committed: Thu Nov 27 16:04:28 2014 +0100
----------------------------------------------------------------------
assemblies/apache-karaf/pom.xml | 1 +
.../resources/etc/jmx.acl.java.lang.Memory.cfg | 25 ---
.../etc/jmx.acl.org.apache.karaf.bundle.cfg | 40 ----
.../etc/jmx.acl.org.apache.karaf.config.cfg | 52 -----
.../jmx.acl.org.apache.karaf.security.jmx.cfg | 27 ---
.../etc/jmx.acl.osgi.compendium.cm.cfg | 53 -----
.../etc/org.apache.karaf.command.acl.bundle.cfg | 44 ----
.../etc/org.apache.karaf.command.acl.config.cfg | 45 ----
.../org.apache.karaf.command.acl.feature.cfg | 27 ---
.../etc/org.apache.karaf.command.acl.jaas.cfg | 27 ---
.../etc/org.apache.karaf.command.acl.kar.cfg | 27 ---
...rg.apache.karaf.command.acl.scope_bundle.cfg | 34 ---
.../etc/org.apache.karaf.command.acl.shell.cfg | 29 ---
.../etc/org.apache.karaf.command.acl.system.cfg | 53 -----
.../etc/org.apache.karaf.features.obr.cfg | 38 ----
.../standard/src/main/feature/feature.xml | 225 +++++++++++++++++++
.../features/internal/service/Deployer.java | 15 +-
.../core/internal/InstanceServiceImpl.java | 14 --
.../karaf/tooling/features/InstallKarsMojo.java | 70 ++++--
19 files changed, 286 insertions(+), 560 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/apache-karaf/pom.xml
----------------------------------------------------------------------
diff --git a/assemblies/apache-karaf/pom.xml b/assemblies/apache-karaf/pom.xml
index c084744..3a28875 100644
--- a/assemblies/apache-karaf/pom.xml
+++ b/assemblies/apache-karaf/pom.xml
@@ -172,6 +172,7 @@
<feature>config</feature>
<feature>deployer</feature>
<feature>diagnostic</feature>
+ <feature>feature</feature>
<feature>instance</feature>
<feature>kar</feature>
<feature>log</feature>
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg b/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg
deleted file mode 100644
index a58bcf5..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.java.lang.Memory.cfg
+++ /dev/null
@@ -1,25 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# JMX ACL specific to the java.lang.Memory MBean
-#
-# For a description of the format of this file, see jmx.acl.cfg
-#
-gc = manager
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg b/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg
deleted file mode 100644
index dd318d8..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.bundle.cfg
+++ /dev/null
@@ -1,40 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# JMX ACL specific to the org.apache.karaf:type=bundle,name=* MBean which maps to the Karaf MBean
-# to control OSGi bundles.
-#
-# For a description of the format of this file, see jmx.acl.cfg
-#
-install = manager
-refresh = manager
-resolve = manager
-restart = manager
-setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
-setStartLevel = manager
-start(java.lang.String)[/([1-4])?[0-9]/] = admin
-start = manager
-stop(java.lang.String)[/([1-4])?[0-9]/] = admin
-stop = manager
-uninstall(java.lang.String)["0"] = #this is a comment, no roles can perform this operation
-uninstall = admin
-update(java.lang.String)[/([1-4])?[0-9]/] = admin
-update(java.lang.String,java.lang.String)[/([1-4])?[0-9]/,/.*/] = admin
-update = manager
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg b/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg
deleted file mode 100644
index a597112..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg
+++ /dev/null
@@ -1,52 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# JMX ACL specific to the org.apache.karaf:type=config,name=* MBean which maps to the Karaf MBean to interact with the
-# OSGi Config Admin service.
-#
-# For a description of the format of this file, see jmx.acl.cfg
-#
-# By default, only an admin can make changes to the JMX ACL and shell command rules, but managers can make
-# changes to other PIDs.
-#
-appendProperty(java.lang.String,java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/,/.*/] = admin
-appendProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/,/.*/] = admin
-appendProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/,/.*/] = admin
-appendProperty(java.lang.String,java.lang.String,java.lang.String) = manager
-create(java.lang.String)[/jmx[.]acl.*/] = admin
-create(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/] = admin
-create(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/] = admin
-create(java.lang.String) = manager
-delete(java.lang.String)[/jmx[.]acl.*/] = admin
-delete(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/] = admin
-delete(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/] = admin
-delete(java.lang.String) = manager
-deleteProperty(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin
-deleteProperty(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/] = admin
-deleteProperty(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/] = admin
-deleteProperty(java.lang.String,java.lang.String) = manager
-setProperty(java.lang.String,java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/,/.*/] = admin
-setProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/,/.*/] = admin
-setProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/,/.*/] = admin
-setProperty(java.lang.String,java.lang.String,java.lang.String) = manager
-update(java.lang.String,java.util.Map)[/jmx[.]acl.*/,/.*/] = admin
-update(java.lang.String,java.util.Map)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/] = admin
-update(java.lang.String,java.util.Map)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/] = admin
-update(java.lang.String,java.util.Map) = manager
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg b/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg
deleted file mode 100644
index 0af2c96..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.security.jmx.cfg
+++ /dev/null
@@ -1,27 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# JMX ACL specific to the org.apache.karaf:type=security,area=jmx MBean which
-# can be used to find out whether the currently logged in JMX user can invoke
-# the requested JMX operations.
-#
-# For a description of the format of this file, see jmx.acl.cfg
-#
-canInvoke = viewer
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg b/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg
deleted file mode 100644
index 7de362d..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.osgi.compendium.cm.cfg
+++ /dev/null
@@ -1,53 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# JMX ACL specific to osgi.compendium.cm MBean
-#
-# For a description of the format of this file, see jmx.acl.cfg
-#
-# This configuration file configures the management of ConfigAdmin via the standard ConfigAdmin MBean
-# Such that only an admin can make changes to the JMX ACL rules, but managers can make
-# changes to other PIDs.
-#
-createFactoryConfiguration(java.lang.String)[/jmx[.]acl.*/] = admin
-createFactoryConfiguration(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
-createFactoryConfiguration(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
-createFactoryConfiguration(java.lang.String) = manager
-createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin
-createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin
-createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin
-createFactoryConfigurationForLocation(java.lang.String,java.lang.String) = manager
-delete(java.lang.String)[/jmx[.]acl.*/] = admin
-delete(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
-delete(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
-delete(java.lang.String) = manager
-deleteConfigurations = admin
-deleteForLocation(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin
-deleteForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin
-deleteForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin
-deleteForLocation(java.lang.String,java.lang.String) = manager
-update(java.lang.String,javax.management.openmbean.TabularData)[/jmx[.]acl.*/,/.*/] = admin
-update(java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin
-update(java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin
-update(java.lang.String,javax.management.openmbean.TabularData) = manager
-updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/jmx[.]acl.*/,/.*/,/.*/] = admin
-updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/,/.*/] = admin
-updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/,/.*/] = admin
-updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData) = manager
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg
deleted file mode 100644
index d50320e..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg
+++ /dev/null
@@ -1,44 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for commands in the bundle subshell
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-# This configuration relies on the fact that 'system' bundles need to be managed
-# with the
-# -f (--force)
-# flag. Operations with -f need admin permission. Most of these operations without
-# the 'force' option can be done by a manager.
-install = admin
-refresh[/.*[-][f].*/] = admin
-refresh = manager
-restart[/.*[-][f].*/] = admin
-restart = manager
-start[/.*[-][f].*/] = admin
-start = manager
-stop[/.*[-][f].*/] = admin
-stop = manager
-uninstall[/.*[-][f].*/] = admin
-uninstall = manager
-update[/.*[-][f].*/] = admin
-update = manager
-watch = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
deleted file mode 100644
index e9a5be2..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg
+++ /dev/null
@@ -1,45 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for various commands in the config subshell
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-
-cancel = manager
-delete = admin
-edit = manager
-edit[/.*jmx[.]acl.*/] = admin
-edit[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
-edit[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
-property-append = manager
-property-append[/.*jmx[.]acl.*/] = admin
-property-append[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
-property-append[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
-property-delete = manager
-property-delete[/.*jmx[.]acl.*/] = admin
-property-delete[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
-property-delete[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
-property-set = manager
-property-set[/.*jmx[.]acl.*/] = admin
-property-set[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
-property-set[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
-update = manager
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg
deleted file mode 100644
index fd41ab9..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg
+++ /dev/null
@@ -1,27 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for commands in the kar subshell
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-install = admin
-uninstall = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg
deleted file mode 100644
index 0c0644b..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.jaas.cfg
+++ /dev/null
@@ -1,27 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for commands in the jaas subshell
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-# Jaas commands commands have no effect until update is called.
-update = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg
deleted file mode 100644
index fd41ab9..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.kar.cfg
+++ /dev/null
@@ -1,27 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for commands in the kar subshell
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-install = admin
-uninstall = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg
deleted file mode 100644
index 5e2621f..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.scope_bundle.cfg
+++ /dev/null
@@ -1,34 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for scope bundles
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-features=org.apache.karaf.features.command
-jaas=org.apache.karaf.jaas.command
-admin=org.apache.karaf.admin.command
-osgi=org.apache.karaf.shell.osgi
-log=org.apache.karaf.shell.log
-packages=org.apache.karaf.shell.packages
-config=org.apache.karaf.shell.config
-ssh=org.apache.karaf.shell.ssh
-shell=org.apache.karaf.shell.commands
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg
deleted file mode 100644
index 28880b6..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg
+++ /dev/null
@@ -1,29 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for commands in the shell subshell
-#
-# For an explanation of the syntax of this file, see the file:
-# org.apache.karaf.command.acl.system.cfg
-#
-edit = admin
-exec = admin
-new = admin
-java = admin
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg
deleted file mode 100644
index 7927798..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg
+++ /dev/null
@@ -1,53 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file defines the ACLs for commands in the system subshell
-#
-# The format of this file is as follows:
-# The name of the file corresponds to a Configuration Admin PID. This file is for PID:
-# org.apache.karaf.command.acl.system
-# The prefix org.apache.karaf.command.acl. determines that this file defines ACLs for karaf
-# commands. The last word on the PID declares the scope that it applies to, i.e. this file
-# is for the 'system' scope.
-# Entries in this file map to commands within the defined scope. The simplest role definition
-# has the form:
-# command = role1, role2, role3
-# Specific roles can also be declared for certain arguments to the command. This is done using
-# regular expression matching.
-# All the arguments to the command are represented as a list using the following syntax:
-# [arg1,arg2,arg3]
-# The matching is done after converting this list into a string. So the line
-# start-level[/.*[0-9][0-9][0-9]+.*/] = manager
-# declares that a manager role is needed to set a start level with 3 digits or more. The .*
-# wildcards at the beginning and end are used to match the '[' and ']' characters surrounding.
-# When looking for a match the regular-expression based ACLs are always checked first. If any
-# of them match the associated roles are used.
-#
-# If no match can be found based on reg-exp ACLs, a match is looked for based purely on the
-# command name.
-#
-# If no command-name match can be found it is assumed that the command does not need a specific
-# role and can therefore be invoked by any user.
-
-property = admin
-shutdown = admin
-start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100
-start-level[/[^0-9]*/] = viewer # viewer can obtain the current start level
-start-level = admin # admin can set any start level, including < 100
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.features.obr.cfg
----------------------------------------------------------------------
diff --git a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.features.obr.cfg b/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.features.obr.cfg
deleted file mode 100644
index 12ba4cd..0000000
--- a/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.features.obr.cfg
+++ /dev/null
@@ -1,38 +0,0 @@
-################################################################################
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-################################################################################
-
-#
-# This configuration file is used to configure the default values for features OBR resolver
-#
-
-#
-# Defines whether or not the features OBR resolver has to resolve optional imports as well. The default value is
-# false (do not attempt to resolve optional imports).
-#
-resolveOptionalImports = false
-
-#
-# Defines whether resolved bundles should be started by default. The default is true.
-#
-startByDefault = true
-
-#
-# Defines the start level for resolved bundles. The default is 80.
-#
-startLevel = 80
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/assemblies/features/standard/src/main/feature/feature.xml
----------------------------------------------------------------------
diff --git a/assemblies/features/standard/src/main/feature/feature.xml b/assemblies/features/standard/src/main/feature/feature.xml
index bdb2e5a..c94f496 100644
--- a/assemblies/features/standard/src/main/feature/feature.xml
+++ b/assemblies/features/standard/src/main/feature/feature.xml
@@ -72,11 +72,27 @@
<bundle start-level="30">mvn:org.apache.karaf.features/org.apache.karaf.features.core/${project.version}</bundle>
<conditional>
<condition>shell</condition>
+ <config name="org.apache.karaf.command.acl.feature">
+ #
+ # This configuration file defines the ACLs for commands in the feature subshell
+ #
+ install = admin
+ uninstall = admin
+ </config>
<bundle start-level="30">mvn:org.apache.karaf.features/org.apache.karaf.features.command/${project.version}</bundle>
</conditional>
</feature>
<feature name="shell" description="Karaf Shell" version="${project.version}">
+ <config name="org.apache.karaf.command.acl.shell">
+ #
+ # This configuration file defines the ACLs for commands in the shell subshell
+ #
+ edit = admin
+ exec = admin
+ new = admin
+ java = admin
+ </config>
<bundle dependency="true" start-level="30">mvn:jline/jline/${jline.version}</bundle>
<bundle dependency="true" start-level="30">mvn:org.jledit/core/${jledit.version}</bundle>
<bundle start-level="30">mvn:org.apache.karaf.shell/org.apache.karaf.shell.core/${project.version}</bundle>
@@ -128,10 +144,132 @@
<feature name="bundle" description="Provide Bundle support" version="${project.version}">
<bundle start-level="30" start="true">mvn:org.apache.karaf.bundle/org.apache.karaf.bundle.core/${project.version}</bundle>
+ <conditional>
+ <condition>management</condition>
+ <config name="jmx.acl.org.apache.karaf.bundle">
+ #
+ # JMX ACL specific to the org.apache.karaf:type=bundle,name=* MBean which maps to the Karaf MBean
+ # to control OSGi bundles.
+ #
+ install = manager
+ refresh = manager
+ resolve = manager
+ restart = manager
+ setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
+ setStartLevel = manager
+ start(java.lang.String)[/([1-4])?[0-9]/] = admin
+ start = manager
+ stop(java.lang.String)[/([1-4])?[0-9]/] = admin
+ stop = manager
+ uninstall(java.lang.String)["0"] = #this is a comment, no roles can perform this operation
+ uninstall = admin
+ update(java.lang.String)[/([1-4])?[0-9]/] = admin
+ update(java.lang.String,java.lang.String)[/([1-4])?[0-9]/,/.*/] = admin
+ update = manager
+ </config>
+ </conditional>
+ <conditional>
+ <condition>shell</condition>
+ <config name="org.apache.karaf.command.acl.bundle">
+ #
+ # This configuration file defines the ACLs for commands in the bundle subshell
+ #
+ # For an explanation of the syntax of this file, see the file:
+ # org.apache.karaf.command.acl.system.cfg
+ #
+ # This configuration relies on the fact that 'system' bundles need to be managed
+ # with the
+ # -f (--force)
+ # flag. Operations with -f need admin permission. Most of these operations without
+ # the 'force' option can be done by a manager.
+ install = admin
+ refresh[/.*[-][f].*/] = admin
+ refresh = manager
+ restart[/.*[-][f].*/] = admin
+ restart = manager
+ start[/.*[-][f].*/] = admin
+ start = manager
+ stop[/.*[-][f].*/] = admin
+ stop = manager
+ uninstall[/.*[-][f].*/] = admin
+ uninstall = manager
+ update[/.*[-][f].*/] = admin
+ update = manager
+ watch = admin
+ </config>
+ </conditional>
</feature>
<feature name="config" description="Provide OSGi ConfigAdmin support" version="${project.version}">
<bundle start-level="30" start="true">mvn:org.apache.karaf.config/org.apache.karaf.config.core/${project.version}</bundle>
+ <conditional>
+ <condition>management</condition>
+ <config name="jmx.acl.org.apache.karaf.config">
+ #
+ # JMX ACL specific to the org.apache.karaf:type=config,name=* MBean which maps to the Karaf MBean to interact with the
+ # OSGi Config Admin service.
+ #
+ # For a description of the format of this file, see jmx.acl.cfg
+ #
+ # By default, only an admin can make changes to the JMX ACL and shell command rules, but managers can make
+ # changes to other PIDs.
+ #
+ appendProperty(java.lang.String,java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/,/.*/] = admin
+ appendProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/,/.*/] = admin
+ appendProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/,/.*/] = admin
+ appendProperty(java.lang.String,java.lang.String,java.lang.String) = manager
+ create(java.lang.String)[/jmx[.]acl.*/] = admin
+ create(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/] = admin
+ create(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/] = admin
+ create(java.lang.String) = manager
+ delete(java.lang.String)[/jmx[.]acl.*/] = admin
+ delete(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/] = admin
+ delete(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/] = admin
+ delete(java.lang.String) = manager
+ deleteProperty(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin
+ deleteProperty(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/] = admin
+ deleteProperty(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/] = admin
+ deleteProperty(java.lang.String,java.lang.String) = manager
+ setProperty(java.lang.String,java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/,/.*/] = admin
+ setProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/,/.*/] = admin
+ setProperty(java.lang.String,java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/,/.*/] = admin
+ setProperty(java.lang.String,java.lang.String,java.lang.String) = manager
+ update(java.lang.String,java.util.Map)[/jmx[.]acl.*/,/.*/] = admin
+ update(java.lang.String,java.util.Map)[/org[.]apache[.]karaf[.]command[.]acl.+/,/.*/] = admin
+ update(java.lang.String,java.util.Map)[/org[.]apache[.]karaf[.]service[.]acl.+/,/.*/] = admin
+ update(java.lang.String,java.util.Map) = manager
+ </config>
+ </conditional>
+ <conditional>
+ <condition>shell</condition>
+ <config name="org.apache.karaf.command.acl.config">
+ #
+ # This configuration file defines the ACLs for various commands in the config subshell
+ #
+ # For an explanation of the syntax of this file, see the file:
+ # org.apache.karaf.command.acl.system.cfg
+ #
+ cancel = manager
+ delete = admin
+ edit = manager
+ edit[/.*jmx[.]acl.*/] = admin
+ edit[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+ edit[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+ property-append = manager
+ property-append[/.*jmx[.]acl.*/] = admin
+ property-append[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+ property-append[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+ property-delete = manager
+ property-delete[/.*jmx[.]acl.*/] = admin
+ property-delete[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+ property-delete[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+ property-set = manager
+ property-set[/.*jmx[.]acl.*/] = admin
+ property-set[/.*org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+ property-set[/.*org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+ update = manager
+ </config>
+ </conditional>
</feature>
<feature name="diagnostic" description="Provide Diagnostic support" version="${project.version}">
@@ -151,6 +289,12 @@
</conditional>
<conditional>
<condition>shell</condition>
+ <config name="org.apache.karaf.command.acl.jaas">
+ #
+ # This configuration file defines the ACLs for commands in the jaas subshell
+ # Jaas commands commands have no effect until update is called.
+ update = admin
+ </config>
<bundle start-level="30" start="true">mvn:org.apache.karaf.jaas/org.apache.karaf.jaas.command/${project.version}</bundle>
</conditional>
</feature>
@@ -169,6 +313,20 @@
<feature name="system" description="Provide System support" version="${project.version}">
<bundle start-level="30" start="true">mvn:org.apache.karaf.system/org.apache.karaf.system.core/${project.version}</bundle>
+ <conditional>
+ <condition>shell</condition>
+ <config name="org.apache.karaf.command.acl.system">
+ #
+ # This configuration file defines the ACLs for commands in the system subshell
+ #
+ update = admin
+ property = admin
+ shutdown = admin
+ start-level[/.*[0-9][0-9][0-9]+.*/] = manager # manager can set startlevels above 100
+ start-level[/[^0-9]*/] = viewer # viewer can obtain the current start level
+ start-level = admin # admin can set any start level, including < 100
+ </config>
+ </conditional>
</feature>
<feature name="http" version="${project.version}" description="Implementation of the OSGI HTTP Service">
@@ -193,6 +351,19 @@
<feature name="kar" description="Provide KAR (KARaf archive) support" version="${project.version}">
<bundle start-level="30">mvn:org.apache.karaf.kar/org.apache.karaf.kar.core/${project.version}</bundle>
+ <conditional>
+ <condition>shell</condition>
+ <config name="org.apache.karaf.command.acl.kar">
+ #
+ # This configuration file defines the ACLs for commands in the kar subshell
+ #
+ # For an explanation of the syntax of this file, see the file:
+ # org.apache.karaf.command.acl.system.cfg
+ #
+ install = admin
+ uninstall = admin
+ </config>
+ </conditional>
</feature>
<feature name="webconsole" description="Base support of the Karaf WebConsole" version="${project.version}">
@@ -244,6 +415,60 @@
</feature>
<feature name="management" description="Provide a JMX MBeanServer and a set of MBeans in Karaf" version="${project.version}">
+ <config name="jmx.acl.org.apache.karaf.security.jmx">
+ #
+ # JMX ACL specific to the org.apache.karaf:type=security,area=jmx MBean which
+ # can be used to find out whether the currently logged in JMX user can invoke
+ # the requested JMX operations.
+ #
+ # For a description of the format of this file, see jmx.acl.cfg
+ #
+ canInvoke = viewer
+ </config>
+ <config name="jmx.acl.java.lang.Memory">
+ #
+ # JMX ACL specific to the java.lang.Memory MBean
+ #
+ # For a description of the format of this file, see jmx.acl.cfg
+ #
+ gc = manager
+ </config>
+ <config name="jmx.acl.osgi.compendium.cm">
+ #
+ # JMX ACL specific to osgi.compendium.cm MBean
+ #
+ # For a description of the format of this file, see jmx.acl.cfg
+ #
+ # This configuration file configures the management of ConfigAdmin via the standard ConfigAdmin MBean
+ # Such that only an admin can make changes to the JMX ACL rules, but managers can make
+ # changes to other PIDs.
+ #
+ createFactoryConfiguration(java.lang.String)[/jmx[.]acl.*/] = admin
+ createFactoryConfiguration(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+ createFactoryConfiguration(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+ createFactoryConfiguration(java.lang.String) = manager
+ createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin
+ createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin
+ createFactoryConfigurationForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin
+ createFactoryConfigurationForLocation(java.lang.String,java.lang.String) = manager
+ delete(java.lang.String)[/jmx[.]acl.*/] = admin
+ delete(java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/] = admin
+ delete(java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/] = admin
+ delete(java.lang.String) = manager
+ deleteConfigurations = admin
+ deleteForLocation(java.lang.String,java.lang.String)[/jmx[.]acl.*/,/.*/] = admin
+ deleteForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin
+ deleteForLocation(java.lang.String,java.lang.String)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin
+ deleteForLocation(java.lang.String,java.lang.String) = manager
+ update(java.lang.String,javax.management.openmbean.TabularData)[/jmx[.]acl.*/,/.*/] = admin
+ update(java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/] = admin
+ update(java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/] = admin
+ update(java.lang.String,javax.management.openmbean.TabularData) = manager
+ updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/jmx[.]acl.*/,/.*/,/.*/] = admin
+ updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]command[.]acl[.].+/,/.*/,/.*/] = admin
+ updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData)[/org[.]apache[.]karaf[.]service[.]acl[.].+/,/.*/,/.*/] = admin
+ updateForLocation(java.lang.String,java.lang.String,javax.management.openmbean.TabularData) = manager
+ </config>
<feature>jaas</feature>
<bundle dependency="true" start-level="20">mvn:org.apache.aries/org.apache.aries.util/${aries.util.version}</bundle>
<bundle start-level="30">mvn:org.apache.karaf.management/org.apache.karaf.management.server/${project.version}</bundle>
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/features/core/src/main/java/org/apache/karaf/features/internal/service/Deployer.java
----------------------------------------------------------------------
diff --git a/features/core/src/main/java/org/apache/karaf/features/internal/service/Deployer.java b/features/core/src/main/java/org/apache/karaf/features/internal/service/Deployer.java
index 3461115..ecef688 100644
--- a/features/core/src/main/java/org/apache/karaf/features/internal/service/Deployer.java
+++ b/features/core/src/main/java/org/apache/karaf/features/internal/service/Deployer.java
@@ -36,6 +36,7 @@ import java.util.TreeSet;
import org.apache.felix.utils.version.VersionRange;
import org.apache.felix.utils.version.VersionTable;
import org.apache.karaf.features.BundleInfo;
+import org.apache.karaf.features.Conditional;
import org.apache.karaf.features.Feature;
import org.apache.karaf.features.FeatureEvent;
import org.apache.karaf.features.FeaturesService;
@@ -699,9 +700,17 @@ public class Deployer {
// Install configurations
//
if (!newFeatures.isEmpty()) {
- Set<Feature> set = apply(flatten(newFeatures), map(dstate.features));
- for (Feature feature : set) {
- callback.installFeatureConfigs(feature);
+ Set<String> featureIds = flatten(newFeatures);
+ for (Feature feature : dstate.features.values()) {
+ if (featureIds.contains(feature.getId())) {
+ callback.installFeatureConfigs(feature);
+ }
+ for (Conditional cond : feature.getConditional()) {
+ Feature condFeature = cond.asFeature(feature.getName(), feature.getVersion());
+ if (featureIds.contains(condFeature.getId())) {
+ callback.installFeatureConfigs(condFeature);
+ }
+ }
}
}
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java
----------------------------------------------------------------------
diff --git a/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java b/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java
index 936c32a..83169ef 100644
--- a/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java
+++ b/instance/src/main/java/org/apache/karaf/instance/core/internal/InstanceServiceImpl.java
@@ -292,23 +292,9 @@ public class InstanceServiceImpl implements InstanceService {
copyResourceToDir("etc/equinox-debug.properties", karafBase, textResources, printOutput);
copyResourceToDir("etc/java.util.logging.properties", karafBase, textResources, printOutput);
copyResourceToDir("etc/jmx.acl.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/jmx.acl.java.lang.Memory.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/jmx.acl.org.apache.karaf.bundle.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/jmx.acl.org.apache.karaf.config.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/jmx.acl.org.apache.karaf.security.jmx.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/jmx.acl.osgi.compendium.cm.cfg", karafBase, textResources, printOutput);
copyResourceToDir("etc/jre.properties", karafBase, textResources, printOutput);
copyResourceToDir("etc/keys.properties", karafBase, textResources, printOutput);
copyResourceToDir("etc/org.apache.felix.fileinstall-deploy.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.bundle.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.config.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.feature.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.jaas.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.kar.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.scope_bundle.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.shell.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.command.acl.system.cfg", karafBase, textResources, printOutput);
- copyResourceToDir("etc/org.apache.karaf.features.obr.cfg", karafBase, textResources, printOutput);
copyResourceToDir("etc/org.apache.karaf.features.repos.cfg", karafBase, textResources, printOutput);
copyResourceToDir("etc/org.apache.karaf.jaas.cfg", karafBase, textResources, printOutput);
copyResourceToDir("etc/org.apache.karaf.kar.cfg", karafBase, textResources, printOutput);
http://git-wip-us.apache.org/repos/asf/karaf/blob/5a6ee1b4/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/InstallKarsMojo.java
----------------------------------------------------------------------
diff --git a/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/InstallKarsMojo.java b/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/InstallKarsMojo.java
index 3fcc343..4306f17 100644
--- a/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/InstallKarsMojo.java
+++ b/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/InstallKarsMojo.java
@@ -25,10 +25,15 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import java.util.*;
import org.apache.felix.utils.properties.Properties;
import org.apache.karaf.features.BundleInfo;
+import org.apache.karaf.features.ConfigFileInfo;
+import org.apache.karaf.features.ConfigInfo;
import org.apache.karaf.features.Dependency;
import org.apache.karaf.features.internal.model.*;
import org.apache.karaf.kar.internal.Kar;
@@ -255,7 +260,7 @@ public class InstallKarsMojo extends MojoSupport {
}
}
// add the feature in the system folder
- resolveFeature(feature, features);
+ resolveFeature(feature, features, true);
} else if (bootFeatures != null && bootFeatures.contains(feature.getName())) {
// the feature is a boot feature, updating the etc/org.apache.karaf.features.cfg file
getLog().info("Feature " + feature.getName() + " is defined as a boot feature");
@@ -271,11 +276,11 @@ public class InstallKarsMojo extends MojoSupport {
}
}
// add the feature in the system folder
- resolveFeature(feature, features);
+ resolveFeature(feature, features, false);
} else if (installedFeatures != null && installedFeatures.contains(feature.getName())) {
getLog().info("Feature " + feature.getName() + " is defined as a installed feature");
// add the feature in the system folder
- resolveFeature(feature, features);
+ resolveFeature(feature, features, false);
} else {
getLog().debug("Feature " + feature.getName() + " is not installed");
}
@@ -384,11 +389,11 @@ public class InstallKarsMojo extends MojoSupport {
}
}
- private void resolveFeature(Feature feature, Map<Feature, Boolean> features) throws Exception {
+ private void resolveFeature(Feature feature, Map<Feature, Boolean> features, boolean installConfig) throws Exception {
for (Dependency dependency : feature.getFeature()) {
for (Feature f : features.keySet()) {
if (f.getName().equals(dependency.getName())) {
- resolveFeature(f, features);
+ resolveFeature(f, features, installConfig);
}
}
}
@@ -403,8 +408,13 @@ public class InstallKarsMojo extends MojoSupport {
// installing feature config files
getLog().info("= Installing configuration files from " + feature.getName() + " feature");
+ if (installConfig) {
+ for (Config config : feature.getConfig()) {
+ installConfig(config);
+ }
+ }
for (ConfigFile configFile : feature.getConfigfile()) {
- installConfigFile(configFile);
+ installConfigFile(configFile, installConfig);
}
// installing condition features
@@ -424,7 +434,7 @@ public class InstallKarsMojo extends MojoSupport {
for (Dependency dependency : conditional.getFeature()) {
for (Feature f : features.keySet()) {
if (f.getName().equals(dependency.getName())) {
- resolveFeature(f, features);
+ resolveFeature(f, features, installConfig);
}
}
}
@@ -433,8 +443,13 @@ public class InstallKarsMojo extends MojoSupport {
installBundle(bundle);
}
getLog().debug("== Conditional configuration files");
+ if (installConfig) {
+ for (Config config : conditional.getConfig()) {
+ installConfig(config);
+ }
+ }
for (ConfigFile configFile : conditional.getConfigfile()) {
- installConfigFile(configFile);
+ installConfigFile(configFile, installConfig);
}
// }
}
@@ -500,8 +515,15 @@ public class InstallKarsMojo extends MojoSupport {
}
}
- private void installConfigFile(ConfigFile configFile) throws Exception {
- getLog().warn("== Installing configuration file " + configFile.getLocation());
+ private void installConfig(Config config) throws Exception {
+ getLog().info("== Installing configuration " + config.getName());
+
+ Path configFile = Paths.get(workDirectory, "etc", config.getName());
+ Files.write(configFile, config.getValue().getBytes());
+ }
+
+ private void installConfigFile(ConfigFile configFile, boolean installConfig) throws Exception {
+ getLog().info("== Installing configuration file " + configFile.getLocation());
String configFileLocation = configFile.getLocation();
File configFileFile;
if (configFileLocation.startsWith("mvn:")) {
@@ -510,18 +532,22 @@ public class InstallKarsMojo extends MojoSupport {
} else {
configFileFile = new File(new URI(configFileLocation));
}
- File configFileSystemFile = new File(system.resolve(configFileLocation));
- copy(configFileFile, configFileSystemFile);
- // add metadata for snapshot
- if (configFileLocation.startsWith("mvn")) {
- Artifact configFileArtifact = dependencyHelper.mvnToArtifact(configFileLocation);
- if (configFileArtifact.isSnapshot()) {
- File metadataTarget = new File(configFileSystemFile.getParentFile(), "maven-metadata-local.xml");
- try {
- MavenUtil.generateMavenMetadata(configFileArtifact, metadataTarget);
- } catch (Exception e) {
- getLog().warn("Could not create maven-metadata-local.xml", e);
- getLog().warn("It means that this SNAPSHOT could be overwritten by an older one present on remote repositories");
+ if (installConfig) {
+ copy(configFileFile, new File(workDirectory + "/" + configFile.getFinalname()));
+ } else {
+ File configFileSystemFile = new File(system.resolve(configFileLocation));
+ copy(configFileFile, configFileSystemFile);
+ // add metadata for snapshot
+ if (configFileLocation.startsWith("mvn")) {
+ Artifact configFileArtifact = dependencyHelper.mvnToArtifact(configFileLocation);
+ if (configFileArtifact.isSnapshot()) {
+ File metadataTarget = new File(configFileSystemFile.getParentFile(), "maven-metadata-local.xml");
+ try {
+ MavenUtil.generateMavenMetadata(configFileArtifact, metadataTarget);
+ } catch (Exception e) {
+ getLog().warn("Could not create maven-metadata-local.xml", e);
+ getLog().warn("It means that this SNAPSHOT could be overwritten by an older one present on remote repositories");
+ }
}
}
}