You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by ff...@apache.org on 2017/12/29 01:01:35 UTC
[karaf] branch master updated: [KARAF-5554]the
karaf.secured.command.compulsory.roles shouldn't apply for alias commands
This is an automated email from the ASF dual-hosted git repository.
ffang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/master by this push:
new 989cadc [KARAF-5554]the karaf.secured.command.compulsory.roles shouldn't apply for alias commands
989cadc is described below
commit 989cadc9cab63b224e34bd70ac4ec4fb5ac90f1c
Author: Freeman Fang <fr...@gmail.com>
AuthorDate: Fri Dec 29 09:01:20 2017 +0800
[KARAF-5554]the karaf.secured.command.compulsory.roles shouldn't apply for alias commands
---
.../guard/tools/ACLConfigurationParser.java | 24 ++++++++++++++++++++++
.../osgi/secured/SecuredSessionFactoryImpl.java | 4 ++--
2 files changed, 26 insertions(+), 2 deletions(-)
diff --git a/service/guard/src/main/java/org/apache/karaf/service/guard/tools/ACLConfigurationParser.java b/service/guard/src/main/java/org/apache/karaf/service/guard/tools/ACLConfigurationParser.java
index dbc2ee1..6902b3d 100644
--- a/service/guard/src/main/java/org/apache/karaf/service/guard/tools/ACLConfigurationParser.java
+++ b/service/guard/src/main/java/org/apache/karaf/service/guard/tools/ACLConfigurationParser.java
@@ -110,6 +110,30 @@ public class ACLConfigurationParser {
}
+ public static Specificity getRolesForInvocationForAlias(String methodName, Object[] params, String[] signature,
+ Dictionary<String, Object> config, List<String> addToRoles) {
+ Dictionary<String, Object> properties = trimKeys(config);
+ String pid = (String)properties.get("service.pid");
+ Specificity s = getRolesBasedOnSignature(methodName, params, signature, properties, addToRoles);
+ if (s != Specificity.NO_MATCH) {
+ return s;
+ }
+
+ s = getRolesBasedOnSignature(methodName, params, null, properties, addToRoles);
+ if (s != Specificity.NO_MATCH) {
+ return s;
+ }
+
+ List<String> roles = getMethodNameWildcardRoles(properties, methodName);
+ if (roles != null) {
+ addToRoles.addAll(roles);
+ return Specificity.WILDCARD_MATCH;
+ } else {
+ return Specificity.NO_MATCH;
+ }
+
+ }
+
public static void getCompulsoryRoles(List<String> roles) {
if (compulsoryRoles != null) {
roles.addAll(ACLConfigurationParser.parseRoles(compulsoryRoles));
diff --git a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
index b47594e..3f7f8f0 100644
--- a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
+++ b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
@@ -150,7 +150,7 @@ public class SecuredSessionFactoryImpl extends SessionFactoryImpl implements Con
Dictionary<String, Object> config = getScopeConfig(scope);
if (config != null) {
List<String> roles = new ArrayList<>();
- ACLConfigurationParser.getRolesForInvocation(name, null, null, config, roles);
+ ACLConfigurationParser.getRolesForInvocationForAlias(name, null, null, config, roles);
if (roles.isEmpty()) {
return true;
} else {
@@ -245,7 +245,7 @@ public class SecuredSessionFactoryImpl extends SessionFactoryImpl implements Con
throw new CommandNotFoundException(aliasCommand.getScope() + ":" + aliasCommand.getName());
}
List<String> roles = new ArrayList<>();
- ACLConfigurationParser.Specificity s = ACLConfigurationParser.getRolesForInvocation(aliasCommand.getName(), new Object[] { arguments.toString() }, null, config, roles);
+ ACLConfigurationParser.Specificity s = ACLConfigurationParser.getRolesForInvocationForAlias(aliasCommand.getName(), new Object[] { arguments.toString() }, null, config, roles);
if (s == ACLConfigurationParser.Specificity.NO_MATCH) {
return;
}
--
To stop receiving notification emails like this one, please contact
['"commits@karaf.apache.org" <co...@karaf.apache.org>'].