use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class ListUsersCommand method displayGroupRoles.
private List<String> displayGroupRoles(BackingEngine engine, String userName, GroupPrincipal group, ShellTable table) {
List<String> names = new ArrayList<>();
List<RolePrincipal> roles = engine.listRoles(group);
if (roles != null && roles.size() >= 1) {
for (RolePrincipal role : roles) {
String roleName = role.getName();
names.add(roleName);
table.addRow().addContent(userName, group.getName(), roleName);
}
}
return names;
}
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class GuardProxyCatalogTest method testInvocationBlocking4.
@SuppressWarnings("unchecked")
@Test
public void testInvocationBlocking4() throws Exception {
BundleContext bc = mockConfigAdminBundleContext();
final Object proxy = testCreateProxy(bc, new Class[] { TestServiceAPI.class, TestObjectWithoutInterface.class }, new CombinedTestService());
// Run with the right credentials so we can test the expected roles
Subject subject = new Subject();
subject.getPrincipals().add(new RolePrincipal("b"));
Subject.doAs(subject, (PrivilegedAction<Object>) () -> {
assertEquals("Doing it", ((TestServiceAPI) proxy).doit());
if (!runningUnderCoverage) {
assertEquals(42L, ((TestObjectWithoutInterface) proxy).compute(-42L));
assertEquals(-44L, ((TestObjectWithoutInterface) proxy).compute(44L));
}
return null;
});
}
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class JMXSecurityTest method testJMXSecurityAsViewer.
@Test
public void testJMXSecurityAsViewer() throws Exception {
String suffix = "_" + counter.incrementAndGet();
String managerUser = "managerUser" + System.currentTimeMillis() + suffix;
String managerGroup = "managerGroup" + System.currentTimeMillis() + suffix;
String viewerUser = "viewerUser" + System.currentTimeMillis() + suffix;
System.out.println(executeCommand("jaas:realm-manage --realm karaf" + ";jaas:user-add " + managerUser + " " + managerUser + ";jaas:group-add " + managerUser + " " + managerGroup + ";jaas:group-role-add " + managerGroup + " viewer" + ";jaas:group-role-add " + managerGroup + " manager" + ";jaas:user-add " + viewerUser + " " + viewerUser + ";jaas:role-add " + viewerUser + " viewer" + ";jaas:update" + ";jaas:realm-manage --realm karaf" + ";jaas:user-list", new RolePrincipal("admin")));
ConfigurationAdmin configurationAdmin = getOsgiService(ConfigurationAdmin.class, 30000);
org.osgi.service.cm.Configuration configuration = configurationAdmin.getConfiguration("org.apache.karaf.management", null);
if (configuration == null) {
}
JMXConnector connector = getJMXConnector(viewerUser, viewerUser);
MBeanServerConnection connection = connector.getMBeanServerConnection();
ObjectName systemMBean = new ObjectName("org.apache.karaf:type=system,name=root");
assertEquals(100, connection.getAttribute(systemMBean, "StartLevel"));
assertSetAttributeSecEx(connection, systemMBean, new Attribute("StartLevel", 101));
assertEquals("Changing the start level should have no effect for a viewer", 100, connection.getAttribute(systemMBean, "StartLevel"));
assertInvokeSecEx(connection, systemMBean, "halt");
ObjectName memoryMBean = new ObjectName("java.lang:type=Memory");
assertEquals(false, connection.getAttribute(memoryMBean, "Verbose"));
assertSetAttributeSecEx(connection, memoryMBean, new Attribute("Verbose", true));
assertEquals("Changing the verbosity should have no effect for a viewer", false, connection.getAttribute(memoryMBean, "Verbose"));
assertInvokeSecEx(connection, memoryMBean, "gc");
testJMXSecurityMBean(connection, false, false);
testKarafConfigAdminMBean(connection, false, false);
testOSGiConfigAdminMBean(connection, false, false);
}
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class JMXSecurityTest method testJMXSecurityAsManager.
@Test
public void testJMXSecurityAsManager() throws Exception {
String suffix = "_" + counter.incrementAndGet();
String managerUser = "managerUser" + System.currentTimeMillis() + suffix;
String managerGroup = "managerGroup" + System.currentTimeMillis() + suffix;
String viewerUser = "viewerUser" + System.currentTimeMillis() + suffix;
System.out.println(executeCommand("jaas:realm-manage --realm karaf" + ";jaas:user-add " + managerUser + " " + managerUser + ";jaas:group-add " + managerUser + " " + managerGroup + ";jaas:group-role-add " + managerGroup + " viewer" + ";jaas:group-role-add " + managerGroup + " manager" + ";jaas:user-add " + viewerUser + " " + viewerUser + ";jaas:role-add " + viewerUser + " viewer" + ";jaas:update" + ";jaas:realm-manage --realm karaf" + ";jaas:user-list", new RolePrincipal("admin")));
JMXConnector connector = getJMXConnector(managerUser, managerUser);
MBeanServerConnection connection = connector.getMBeanServerConnection();
ObjectName systemMBean = new ObjectName("org.apache.karaf:type=system,name=root");
assertEquals(100, connection.getAttribute(systemMBean, "StartLevel"));
assertSetAttributeSecEx(connection, systemMBean, new Attribute("StartLevel", 101));
assertEquals("Changing the start level should have no effect for a viewer", 100, connection.getAttribute(systemMBean, "StartLevel"));
assertInvokeSecEx(connection, systemMBean, "halt");
ObjectName memoryMBean = new ObjectName("java.lang:type=Memory");
assertEquals(false, connection.getAttribute(memoryMBean, "Verbose"));
assertSetAttributeSecEx(connection, memoryMBean, new Attribute("Verbose", true));
assertEquals("Changing the verbosity should have no effect for a viewer", false, connection.getAttribute(memoryMBean, "Verbose"));
connection.invoke(memoryMBean, "gc", new Object[] {}, new String[] {});
testJMXSecurityMBean(connection, true, false);
testKarafConfigAdminMBean(connection, true, false);
testOSGiConfigAdminMBean(connection, true, false);
}
use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.
the class ConfigManagedServiceFactoryTest method checkEditByFactoryPid.
private void checkEditByFactoryPid() throws IOException, InvalidSyntaxException {
executeCommand("config:edit '(service.factorypid=myconfig)'\n" + "config:property-set test1 data1new\n" + "config:update", new RolePrincipal("manager"));
Configuration config = readConfig();
assertEquals("data1new", config.getProperties().get("test1"));
assertEquals("data2", config.getProperties().get("test2"));
}
Aggregations