use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.
the class KarafMBeanServerGuardTest method testRequiredRolesHierarchy.
@SuppressWarnings("unchecked")
public void testRequiredRolesHierarchy() throws Exception {
Dictionary<String, Object> conf1 = new Hashtable<>();
conf1.put("foo", "editor");
conf1.put(Constants.SERVICE_PID, "jmx.acl.foo.bar.Test");
Dictionary<String, Object> conf2 = new Hashtable<>();
conf2.put("bar", "viewer");
conf2.put("foo", "viewer");
conf2.put(Constants.SERVICE_PID, "jmx.acl.foo.bar");
Dictionary<String, Object> conf3 = new Hashtable<>();
conf3.put("tar", "admin");
conf3.put(Constants.SERVICE_PID, "jmx.acl.foo");
Dictionary<String, Object> conf4 = new Hashtable<>();
conf4.put("zar", "visitor");
conf4.put(Constants.SERVICE_PID, "jmx.acl");
ConfigurationAdmin ca = getMockConfigAdmin2(conf1, conf2, conf3, conf4);
assertEquals("Precondition", 4, ca.listConfigurations("(service.pid=jmx.acl*)").length);
KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
guard.setConfigAdmin(ca);
ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
assertEquals("Should only return the most specific definition", Collections.singletonList("editor"), guard.getRequiredRoles(on, "foo", new Object[] {}, new String[] {}));
assertEquals(Collections.singletonList("viewer"), guard.getRequiredRoles(on, "bar", new Object[] { "test" }, new String[] { "java.lang.String" }));
assertEquals("The top-level is the domain, subsections of the domain should not be searched", Collections.emptyList(), guard.getRequiredRoles(on, "tar", new Object[] {}, new String[] {}));
assertEquals(Collections.singletonList("visitor"), guard.getRequiredRoles(on, "zar", new Object[] {}, new String[] {}));
}
use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.
the class KarafMBeanServerGuardTest method testCanGetAttributeAnyOverload.
public void testCanGetAttributeAnyOverload() throws Exception {
final ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
MBeanAttributeInfo attr = new MBeanAttributeInfo("Foo", "int", "", true, true, false);
MBeanInfo info = EasyMock.createMock(MBeanInfo.class);
EasyMock.expect(info.getOperations()).andReturn(new MBeanOperationInfo[] {}).anyTimes();
EasyMock.expect(info.getAttributes()).andReturn(new MBeanAttributeInfo[] { attr }).anyTimes();
EasyMock.replay(info);
final MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
EasyMock.expect(mbs.getMBeanInfo(on)).andReturn(info).anyTimes();
EasyMock.replay(mbs);
Dictionary<String, Object> configuration = new Hashtable<>();
configuration.put("getFoo(java.lang.String)", "admin");
configuration.put("getFoo()", "viewer");
ConfigurationAdmin ca = getMockConfigAdmin(configuration);
final KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
guard.setConfigAdmin(ca);
Subject subject = loginWithTestRoles("viewer");
Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
try {
assertTrue(guard.canInvoke(mbs, on, "getFoo"));
return null;
} catch (Throwable th) {
throw new RuntimeException(th);
}
});
}
use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.
the class JMXSecurityMBeanImplTestCase method testCanInvokeBulkWithDuplicateMethods.
public void testCanInvokeBulkWithDuplicateMethods() throws Exception {
MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
EasyMock.replay(mbs);
ConfigurationAdmin testConfigAdmin = EasyMock.createMock(ConfigurationAdmin.class);
EasyMock.expect(testConfigAdmin.listConfigurations(EasyMock.eq("(service.pid=jmx.acl*)"))).andReturn(new Configuration[0]).anyTimes();
EasyMock.expect(testConfigAdmin.listConfigurations(EasyMock.eq("(service.pid=jmx.acl.whitelist)"))).andReturn(new Configuration[0]).once();
EasyMock.replay(testConfigAdmin);
KarafMBeanServerGuard testGuard = EasyMock.createMock(KarafMBeanServerGuard.class);
String objectName = "foo.bar.testing:type=SomeMBean";
final String[] la = new String[] { "long" };
final String[] sa = new String[] { "java.lang.String" };
EasyMock.expect(testGuard.getConfigAdmin()).andReturn(testConfigAdmin).anyTimes();
EasyMock.expect(testGuard.canInvoke(EasyMock.anyObject(BulkRequestContext.class), EasyMock.eq(mbs), EasyMock.eq(new ObjectName(objectName)), EasyMock.eq("duplicateMethod1"), EasyMock.aryEq(la))).andReturn(true).anyTimes();
EasyMock.expect(testGuard.canInvoke(EasyMock.anyObject(BulkRequestContext.class), EasyMock.eq(mbs), EasyMock.eq(new ObjectName(objectName)), EasyMock.eq("duplicateMethod1"), EasyMock.aryEq(sa))).andReturn(false).anyTimes();
EasyMock.expect(testGuard.canInvoke(EasyMock.anyObject(BulkRequestContext.class), EasyMock.eq(mbs), EasyMock.eq(new ObjectName(objectName)), EasyMock.eq("duplicateMethod2"))).andReturn(true).anyTimes();
EasyMock.replay(testGuard);
JMXSecurityMBeanImpl mb = new JMXSecurityMBeanImpl();
mb.setMBeanServer(mbs);
mb.setGuard(testGuard);
Map<String, List<String>> query = new HashMap<>();
query.put(objectName, Arrays.asList("duplicateMethod1(long)", "duplicateMethod1(java.lang.String)", "duplicateMethod1(long)", "duplicateMethod2", "duplicateMethod2"));
TabularData result = mb.canInvoke(query);
assertEquals(3, result.size());
CompositeData cd = result.get(new Object[] { objectName, "duplicateMethod1(long)" });
assertEquals(objectName, cd.get("ObjectName"));
assertEquals("duplicateMethod1(long)", cd.get("Method"));
assertEquals(true, cd.get("CanInvoke"));
CompositeData cd2 = result.get(new Object[] { objectName, "duplicateMethod1(java.lang.String)" });
assertEquals(objectName, cd2.get("ObjectName"));
assertEquals("duplicateMethod1(java.lang.String)", cd2.get("Method"));
assertEquals(false, cd2.get("CanInvoke"));
CompositeData cd3 = result.get(new Object[] { objectName, "duplicateMethod2" });
assertEquals(objectName, cd3.get("ObjectName"));
assertEquals("duplicateMethod2", cd3.get("Method"));
assertEquals(true, cd3.get("CanInvoke"));
}
use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.
the class KarafMBeanServerGuardTest method testCanInvokeMBeanGetter.
public void testCanInvokeMBeanGetter() throws Exception {
final ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
MBeanAttributeInfo attr = new MBeanAttributeInfo("a1", "boolean", "", true, false, true);
MBeanInfo info = EasyMock.createMock(MBeanInfo.class);
EasyMock.expect(info.getOperations()).andReturn(new MBeanOperationInfo[] {}).anyTimes();
EasyMock.expect(info.getAttributes()).andReturn(new MBeanAttributeInfo[] { attr }).anyTimes();
EasyMock.replay(info);
final MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
EasyMock.expect(mbs.getMBeanInfo(on)).andReturn(info).anyTimes();
EasyMock.replay(mbs);
Dictionary<String, Object> configuration = new Hashtable<>();
configuration.put("get*", "admin");
configuration.put("is*", "viewer");
configuration.put("*", "admin");
ConfigurationAdmin ca = getMockConfigAdmin(configuration);
final KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
guard.setConfigAdmin(ca);
Subject subject = loginWithTestRoles("viewer");
Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
try {
assertTrue(guard.canInvoke(mbs, on));
return null;
} catch (Throwable th) {
throw new RuntimeException(th);
}
});
}
use of org.osgi.service.cm.ConfigurationAdmin in project karaf by apache.
the class KarafMBeanServerGuardTest method testCanInvokeAnyOverload3.
public void testCanInvokeAnyOverload3() throws Exception {
final ObjectName on = ObjectName.getInstance("foo.bar:type=Test");
MBeanInfo info = EasyMock.createMock(MBeanInfo.class);
EasyMock.expect(info.getOperations()).andReturn(new MBeanOperationInfo[] {}).anyTimes();
EasyMock.expect(info.getAttributes()).andReturn(new MBeanAttributeInfo[] {}).anyTimes();
EasyMock.replay(info);
final MBeanServer mbs = EasyMock.createMock(MBeanServer.class);
EasyMock.expect(mbs.getMBeanInfo(on)).andReturn(info).anyTimes();
EasyMock.replay(mbs);
Dictionary<String, Object> configuration = new Hashtable<>();
configuration.put("doit(java.lang.String)", "admin");
configuration.put("doit(java.lang.String,java.lang.String)", "viewer");
ConfigurationAdmin ca = getMockConfigAdmin(configuration);
final KarafMBeanServerGuard guard = new KarafMBeanServerGuard();
guard.setConfigAdmin(ca);
Subject subject = loginWithTestRoles("viewer");
Subject.doAs(subject, (PrivilegedAction<Void>) () -> {
try {
assertFalse(guard.canInvoke(mbs, on, "doit"));
return null;
} catch (Throwable th) {
throw new RuntimeException(th);
}
});
}
Aggregations