Search in sources :

Example 76 with ConfigurationAdmin

use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.

the class KarafMBeanServerGuardTest method testRequiredRolesHierarchy.

@SuppressWarnings("unchecked")
public void testRequiredRolesHierarchy() throws Exception {
    Dictionary<String, Object> conf1 = new Hashtable<>();
    conf1.put("foo", "editor");
    conf1.put(Constants.SERVICE_PID, "jmx.acl.foo.bar.Test");
    Dictionary<String, Object> conf2 = new Hashtable<>();
    conf2.put("bar", "viewer");
    conf2.put("foo", "viewer");
    conf2.put(Constants.SERVICE_PID, "jmx.acl.foo.bar");
    Dictionary<String, Object> conf3 = new Hashtable<>();
    conf3.put("tar", "admin");
    conf3.put(Constants.SERVICE_PID, "jmx.acl.foo");
    Dictionary<String, Object> conf4 = new Hashtable<>();
    conf4.put("zar", "visitor");
    conf4.put(Constants.SERVICE_PID, "jmx.acl");
    ConfigurationAdmin ca = getMockConfigAdmin2(conf1, conf2, conf3, conf4);
    assertEquals("Precondition", 4, ca.listConfigurations("(service.pid=jmx.acl*)").length);
    KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
    guard.setConfigAdmin(ca);
    ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
    assertEquals("Should only return the most specific definition", Collections.singletonList("editor"), guard.getRequiredRoles(on, "foo", new Object[] {}, new String[] {}));
    assertEquals(Collections.singletonList("viewer"), guard.getRequiredRoles(on, "bar", new Object[] { "test" }, new String[] { "java.lang.String" }));
    assertEquals("The top-level is the domain, subsections of the domain should not be searched", Collections.emptyList(), guard.getRequiredRoles(on, "tar", new Object[] {}, new String[] {}));
    assertEquals(Collections.singletonList("visitor"), guard.getRequiredRoles(on, "zar", new Object[] {}, new String[] {}));
}
Also used : ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)

Example 77 with ConfigurationAdmin

use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.

the class KarafMBeanServerGuardTest method testCanGetAttributeAnyOverload.

public void testCanGetAttributeAnyOverload() throws Exception {
    final ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
    MBeanAttributeInfo attr = new MBeanAttributeInfo("Foo", "int", "", true, true, false);
    MBeanInfo info = EasyMock.createMock(MBeanInfo.class);
    EasyMock.expect(info.getOperations()).andReturn(new MBeanOperationInfo[] {}).anyTimes();
    EasyMock.expect(info.getAttributes()).andReturn(new MBeanAttributeInfo[] { attr }).anyTimes();
    EasyMock.replay(info);
    final MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
    EasyMock.expect(mbs.getMBeanInfo(on)).andReturn(info).anyTimes();
    EasyMock.replay(mbs);
    Dictionary<String, Object> configuration = new Hashtable<>();
    configuration.put("getFoo(java.lang.String)", "admin");
    configuration.put("getFoo()", "viewer");
    ConfigurationAdmin ca = getMockConfigAdmin(configuration);
    final KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
    guard.setConfigAdmin(ca);
    Subject subject = loginWithTestRoles("viewer");
    Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
        try {
            assertTrue(guard.canInvoke(mbs, on, "getFoo"));
            return null;
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    });
}
Also used : Subject(javax.security.auth.Subject) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)

Example 78 with ConfigurationAdmin

use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.

the class JMXSecurityMBeanImplTestCase method testCanInvokeBulkWithDuplicateMethods.

public void testCanInvokeBulkWithDuplicateMethods() throws Exception {
    MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
    EasyMock.replay(mbs);
    ConfigurationAdmin testConfigAdmin = EasyMock.createMock(ConfigurationAdmin.class);
    EasyMock.expect(testConfigAdmin.listConfigurations(EasyMock.eq("(service.pid=jmx.acl*)"))).andReturn(new Configuration[0]).anyTimes();
    EasyMock.expect(testConfigAdmin.listConfigurations(EasyMock.eq("(service.pid=jmx.acl.whitelist)"))).andReturn(new Configuration[0]).once();
    EasyMock.replay(testConfigAdmin);
    KarafMBeanServerGuard testGuard = EasyMock.createMock(KarafMBeanServerGuard.class);
    String objectName = "foo.bar.testing:type=SomeMBean";
    final String[] la = new String[] { "long" };
    final String[] sa = new String[] { "java.lang.String" };
    EasyMock.expect(testGuard.getConfigAdmin()).andReturn(testConfigAdmin).anyTimes();
    EasyMock.expect(testGuard.canInvoke(EasyMock.anyObject(BulkRequestContext.class), EasyMock.eq(mbs), EasyMock.eq(new ObjectName(objectName)), EasyMock.eq("duplicateMethod1"), EasyMock.aryEq(la))).andReturn(true).anyTimes();
    EasyMock.expect(testGuard.canInvoke(EasyMock.anyObject(BulkRequestContext.class), EasyMock.eq(mbs), EasyMock.eq(new ObjectName(objectName)), EasyMock.eq("duplicateMethod1"), EasyMock.aryEq(sa))).andReturn(false).anyTimes();
    EasyMock.expect(testGuard.canInvoke(EasyMock.anyObject(BulkRequestContext.class), EasyMock.eq(mbs), EasyMock.eq(new ObjectName(objectName)), EasyMock.eq("duplicateMethod2"))).andReturn(true).anyTimes();
    EasyMock.replay(testGuard);
    JMXSecurityMBeanImpl mb = new JMXSecurityMBeanImpl();
    mb.setMBeanServer(mbs);
    mb.setGuard(testGuard);
    Map<String, List<String>> query = new HashMap<>();
    query.put(objectName, Arrays.asList("duplicateMethod1(long)", "duplicateMethod1(java.lang.String)", "duplicateMethod1(long)", "duplicateMethod2", "duplicateMethod2"));
    TabularData result = mb.canInvoke(query);
    assertEquals(3, result.size());
    CompositeData cd = result.get(new Object[] { objectName, "duplicateMethod1(long)" });
    assertEquals(objectName, cd.get("ObjectName"));
    assertEquals("duplicateMethod1(long)", cd.get("Method"));
    assertEquals(true, cd.get("CanInvoke"));
    CompositeData cd2 = result.get(new Object[] { objectName, "duplicateMethod1(java.lang.String)" });
    assertEquals(objectName, cd2.get("ObjectName"));
    assertEquals("duplicateMethod1(java.lang.String)", cd2.get("Method"));
    assertEquals(false, cd2.get("CanInvoke"));
    CompositeData cd3 = result.get(new Object[] { objectName, "duplicateMethod2" });
    assertEquals(objectName, cd3.get("ObjectName"));
    assertEquals("duplicateMethod2", cd3.get("Method"));
    assertEquals(true, cd3.get("CanInvoke"));
}
Also used : Configuration(org.osgi.service.cm.Configuration) KarafMBeanServerGuard(org.apache.karaf.management.KarafMBeanServerGuard) CompositeData(javax.management.openmbean.CompositeData) ObjectName(javax.management.ObjectName) TabularData(javax.management.openmbean.TabularData) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin) MBeanServer(javax.management.MBeanServer)

Example 79 with ConfigurationAdmin

use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.

the class KarafMBeanServerGuardTest method testCanInvokeMBeanGetter.

public void testCanInvokeMBeanGetter() throws Exception {
    final ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
    MBeanAttributeInfo attr = new MBeanAttributeInfo("a1", "boolean", "", true, false, true);
    MBeanInfo info = EasyMock.createMock(MBeanInfo.class);
    EasyMock.expect(info.getOperations()).andReturn(new MBeanOperationInfo[] {}).anyTimes();
    EasyMock.expect(info.getAttributes()).andReturn(new MBeanAttributeInfo[] { attr }).anyTimes();
    EasyMock.replay(info);
    final MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
    EasyMock.expect(mbs.getMBeanInfo(on)).andReturn(info).anyTimes();
    EasyMock.replay(mbs);
    Dictionary<String, Object> configuration = new Hashtable<>();
    configuration.put("get*", "admin");
    configuration.put("is*", "viewer");
    configuration.put("*", "admin");
    ConfigurationAdmin ca = getMockConfigAdmin(configuration);
    final KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
    guard.setConfigAdmin(ca);
    Subject subject = loginWithTestRoles("viewer");
    Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
        try {
            assertTrue(guard.canInvoke(mbs, on));
            return null;
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    });
}
Also used : Subject(javax.security.auth.Subject) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)

Example 80 with ConfigurationAdmin

use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.

the class KarafMBeanServerGuardTest method testCanInvokeAnyOverload3.

public void testCanInvokeAnyOverload3() throws Exception {
    final ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
    MBeanInfo info = EasyMock.createMock(MBeanInfo.class);
    EasyMock.expect(info.getOperations()).andReturn(new MBeanOperationInfo[] {}).anyTimes();
    EasyMock.expect(info.getAttributes()).andReturn(new MBeanAttributeInfo[] {}).anyTimes();
    EasyMock.replay(info);
    final MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
    EasyMock.expect(mbs.getMBeanInfo(on)).andReturn(info).anyTimes();
    EasyMock.replay(mbs);
    Dictionary<String, Object> configuration = new Hashtable<>();
    configuration.put("doit(java.lang.String)", "admin");
    configuration.put("doit(java.lang.String,java.lang.String)", "viewer");
    ConfigurationAdmin ca = getMockConfigAdmin(configuration);
    final KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
    guard.setConfigAdmin(ca);
    Subject subject = loginWithTestRoles("viewer");
    Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
        try {
            assertFalse(guard.canInvoke(mbs, on, "doit"));
            return null;
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    });
}
Also used : Subject(javax.security.auth.Subject) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)

Aggregations

ConfigurationAdmin (org.osgi.service.cm.ConfigurationAdmin)108 Configuration (org.osgi.service.cm.Configuration)42 Subject (javax.security.auth.Subject)24 Test (org.junit.Test)19 Hashtable (java.util.Hashtable)14 BundleContext (org.osgi.framework.BundleContext)14 ServiceReference (org.osgi.framework.ServiceReference)13 IOException (java.io.IOException)9 Dictionary (java.util.Dictionary)8 InvalidSyntaxException (org.osgi.framework.InvalidSyntaxException)7 Method (java.lang.reflect.Method)6 Bundle (org.osgi.framework.Bundle)6 File (java.io.File)4 Properties (java.util.Properties)4 MBeanServer (javax.management.MBeanServer)4 ObjectName (javax.management.ObjectName)4 KarafMBeanServerGuard (org.apache.karaf.management.KarafMBeanServerGuard)4 CountDownLatch (java.util.concurrent.CountDownLatch)3 AtomicReference (java.util.concurrent.atomic.AtomicReference)3 CompositeData (javax.management.openmbean.CompositeData)3