OSGI webconsole in read-only mode

[Jörg Hoh <jh...@googlemail.com.INVALID>]

Hi,

To improve operation and support we want to enable developers of our
applications to access the OSGI webconsole of the production environment.
With the current way I haven't found a way to restrict them from changing
anything. What we need is a  kind of "read-only" mode, which allows them
just to read settings and data, without a chance to perform any changes.

For example we would like to have them
* to read JMX beans and do not allow to invoke operations on MBeans
* to check bundles and configuration, but without deploying new bundles or
creating/deleting/changing configuration of components and services.
* (etc)

Is there a way to implement that? It seems that the
WebconsoleSecurityProvider cares only about authentication, but individual
actions are not checked. That means: If I am authenticated, I am free to do
whatever I want.

Has anyone faced the same challenge and solved it? I don't want to
implement functionality to read all the required information and dump it
into a file, which then must be delivered somehow to the developers/support.


-- 
Cheers,
Jörg Hoh,

http://cqdump.wordpress.com
Twitter: @joerghoh