Search in sources :

Example 36 with RolePrincipal

use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.

the class ListUsersCommand method displayGroupRoles.

private List<String> displayGroupRoles(BackingEngine engine, String userName, GroupPrincipal group, ShellTable table) {
    List<String> names = new ArrayList<>();
    List<RolePrincipal> roles = engine.listRoles(group);
    if (roles != null && roles.size() >= 1) {
        for (RolePrincipal role : roles) {
            String roleName = role.getName();
            names.add(roleName);
            table.addRow().addContent(userName, group.getName(), roleName);
        }
    }
    return names;
}
Also used : ArrayList(java.util.ArrayList) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)

Example 37 with RolePrincipal

use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.

the class GuardProxyCatalogTest method testInvocationBlocking4.

@SuppressWarnings("unchecked")
@Test
public void testInvocationBlocking4() throws Exception {
    BundleContext bc = mockConfigAdminBundleContext();
    final Object proxy = testCreateProxy(bc, new Class[] { TestServiceAPI.class, TestObjectWithoutInterface.class }, new CombinedTestService());
    // Run with the right credentials so we can test the expected roles
    Subject subject = new Subject();
    subject.getPrincipals().add(new RolePrincipal("b"));
    Subject.doAs(subject, (PrivilegedAction<Object>) () -> {
        assertEquals("Doing it", ((TestServiceAPI) proxy).doit());
        if (!runningUnderCoverage) {
            assertEquals(42L, ((TestObjectWithoutInterface) proxy).compute(-42L));
            assertEquals(-44L, ((TestObjectWithoutInterface) proxy).compute(44L));
        }
        return null;
    });
}
Also used : RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) Subject(javax.security.auth.Subject) BundleContext(org.osgi.framework.BundleContext) Test(org.junit.Test)

Example 38 with RolePrincipal

use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.

the class JMXSecurityTest method testJMXSecurityAsViewer.

@Test
public void testJMXSecurityAsViewer() throws Exception {
    String suffix = "_" + counter.incrementAndGet();
    String managerUser = "managerUser" + System.currentTimeMillis() + suffix;
    String managerGroup = "managerGroup" + System.currentTimeMillis() + suffix;
    String viewerUser = "viewerUser" + System.currentTimeMillis() + suffix;
    System.out.println(executeCommand("jaas:realm-manage --realm karaf" + ";jaas:user-add " + managerUser + " " + managerUser + ";jaas:group-add " + managerUser + " " + managerGroup + ";jaas:group-role-add " + managerGroup + " viewer" + ";jaas:group-role-add " + managerGroup + " manager" + ";jaas:user-add " + viewerUser + " " + viewerUser + ";jaas:role-add " + viewerUser + " viewer" + ";jaas:update" + ";jaas:realm-manage --realm karaf" + ";jaas:user-list", new RolePrincipal("admin")));
    ConfigurationAdmin configurationAdmin = getOsgiService(ConfigurationAdmin.class, 30000);
    org.osgi.service.cm.Configuration configuration = configurationAdmin.getConfiguration("org.apache.karaf.management", null);
    if (configuration == null) {
    }
    JMXConnector connector = getJMXConnector(viewerUser, viewerUser);
    MBeanServerConnection connection = connector.getMBeanServerConnection();
    ObjectName systemMBean = new ObjectName("org.apache.karaf:type=system,name=root");
    assertEquals(100, connection.getAttribute(systemMBean, "StartLevel"));
    assertSetAttributeSecEx(connection, systemMBean, new Attribute("StartLevel", 101));
    assertEquals("Changing the start level should have no effect for a viewer", 100, connection.getAttribute(systemMBean, "StartLevel"));
    assertInvokeSecEx(connection, systemMBean, "halt");
    ObjectName memoryMBean = new ObjectName("java.lang:type=Memory");
    assertEquals(false, connection.getAttribute(memoryMBean, "Verbose"));
    assertSetAttributeSecEx(connection, memoryMBean, new Attribute("Verbose", true));
    assertEquals("Changing the verbosity should have no effect for a viewer", false, connection.getAttribute(memoryMBean, "Verbose"));
    assertInvokeSecEx(connection, memoryMBean, "gc");
    testJMXSecurityMBean(connection, false, false);
    testKarafConfigAdminMBean(connection, false, false);
    testOSGiConfigAdminMBean(connection, false, false);
}
Also used : Attribute(javax.management.Attribute) JMXConnector(javax.management.remote.JMXConnector) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin) MBeanServerConnection(javax.management.MBeanServerConnection) ObjectName(javax.management.ObjectName) Test(org.junit.Test)

Example 39 with RolePrincipal

use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.

the class JMXSecurityTest method testJMXSecurityAsManager.

@Test
public void testJMXSecurityAsManager() throws Exception {
    String suffix = "_" + counter.incrementAndGet();
    String managerUser = "managerUser" + System.currentTimeMillis() + suffix;
    String managerGroup = "managerGroup" + System.currentTimeMillis() + suffix;
    String viewerUser = "viewerUser" + System.currentTimeMillis() + suffix;
    System.out.println(executeCommand("jaas:realm-manage --realm karaf" + ";jaas:user-add " + managerUser + " " + managerUser + ";jaas:group-add " + managerUser + " " + managerGroup + ";jaas:group-role-add " + managerGroup + " viewer" + ";jaas:group-role-add " + managerGroup + " manager" + ";jaas:user-add " + viewerUser + " " + viewerUser + ";jaas:role-add " + viewerUser + " viewer" + ";jaas:update" + ";jaas:realm-manage --realm karaf" + ";jaas:user-list", new RolePrincipal("admin")));
    JMXConnector connector = getJMXConnector(managerUser, managerUser);
    MBeanServerConnection connection = connector.getMBeanServerConnection();
    ObjectName systemMBean = new ObjectName("org.apache.karaf:type=system,name=root");
    assertEquals(100, connection.getAttribute(systemMBean, "StartLevel"));
    assertSetAttributeSecEx(connection, systemMBean, new Attribute("StartLevel", 101));
    assertEquals("Changing the start level should have no effect for a viewer", 100, connection.getAttribute(systemMBean, "StartLevel"));
    assertInvokeSecEx(connection, systemMBean, "halt");
    ObjectName memoryMBean = new ObjectName("java.lang:type=Memory");
    assertEquals(false, connection.getAttribute(memoryMBean, "Verbose"));
    assertSetAttributeSecEx(connection, memoryMBean, new Attribute("Verbose", true));
    assertEquals("Changing the verbosity should have no effect for a viewer", false, connection.getAttribute(memoryMBean, "Verbose"));
    connection.invoke(memoryMBean, "gc", new Object[] {}, new String[] {});
    testJMXSecurityMBean(connection, true, false);
    testKarafConfigAdminMBean(connection, true, false);
    testOSGiConfigAdminMBean(connection, true, false);
}
Also used : Attribute(javax.management.Attribute) JMXConnector(javax.management.remote.JMXConnector) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal) MBeanServerConnection(javax.management.MBeanServerConnection) ObjectName(javax.management.ObjectName) Test(org.junit.Test)

Example 40 with RolePrincipal

use of org.apache.karaf.jaas.boot.principal.RolePrincipal in project karaf by apache.

the class ConfigManagedServiceFactoryTest method checkEditByFactoryPid.

private void checkEditByFactoryPid() throws IOException, InvalidSyntaxException {
    executeCommand("config:edit '(service.factorypid=myconfig)'\n" + "config:property-set test1 data1new\n" + "config:update", new RolePrincipal("manager"));
    Configuration config = readConfig();
    assertEquals("data1new", config.getProperties().get("test1"));
    assertEquals("data2", config.getProperties().get("test2"));
}
Also used : Configuration(org.osgi.service.cm.Configuration) RolePrincipal(org.apache.karaf.jaas.boot.principal.RolePrincipal)

Aggregations

RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)61 UserPrincipal (org.apache.karaf.jaas.boot.principal.UserPrincipal)20 Subject (javax.security.auth.Subject)19 Principal (java.security.Principal)15 Test (org.junit.Test)15 LoginException (javax.security.auth.login.LoginException)14 IOException (java.io.IOException)13 NameCallback (javax.security.auth.callback.NameCallback)13 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13 ArrayList (java.util.ArrayList)12 Callback (javax.security.auth.callback.Callback)11 PasswordCallback (javax.security.auth.callback.PasswordCallback)10 FailedLoginException (javax.security.auth.login.FailedLoginException)10 GroupPrincipal (org.apache.karaf.jaas.boot.principal.GroupPrincipal)9 BundleContext (org.osgi.framework.BundleContext)8 Hashtable (java.util.Hashtable)7 HashSet (java.util.HashSet)6 File (java.io.File)4 Configuration (org.osgi.service.cm.Configuration)4 Attribute (ddf.security.assertion.Attribute)3