Repository: karaf Updated Branches: refs/heads/karaf-2.x 21c1d8d74 -> a08c8e1b7
[KARAF-2934]Role-based security for Shell/Console commands - backport to 2.x branch-add JaasSshCommandSecurityTest Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/a08c8e1b Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/a08c8e1b Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/a08c8e1b Branch: refs/heads/karaf-2.x Commit: a08c8e1b7689766f1e7438fac4b65b246c71ae32 Parents: 21c1d8d Author: Freeman Fang <[email protected]> Authored: Wed May 7 13:52:06 2014 +0800 Committer: Freeman Fang <[email protected]> Committed: Wed May 7 13:52:06 2014 +0800 ---------------------------------------------------------------------- .../itests/ConfigSshCommandSecurityTest.java | 2 +- .../itests/JaasSshCommandSecurityTest.java | 48 ++++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/a08c8e1b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java ---------------------------------------------------------------------- diff --git a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java index 6b72241..87fe488 100644 --- a/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java +++ b/itests/src/test/java/org/apache/karaf/itests/ConfigSshCommandSecurityTest.java @@ -24,7 +24,7 @@ import org.ops4j.pax.exam.spi.reactors.PerClass; /** * This test exercises the Shell Command ACL for the config scope commands as defined in - * /framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.config.cfg + * apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.config.cfg */ @RunWith(PaxExam.class) @ExamReactorStrategy(PerClass.class) http://git-wip-us.apache.org/repos/asf/karaf/blob/a08c8e1b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java ---------------------------------------------------------------------- diff --git a/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java new file mode 100644 index 0000000..426de40 --- /dev/null +++ b/itests/src/test/java/org/apache/karaf/itests/JaasSshCommandSecurityTest.java @@ -0,0 +1,48 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.karaf.itests; + +import junit.framework.Assert; + +import org.junit.Test; + +/** + * This test exercises the Shell Command ACL for the jaas scope commands as defined in + * apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.jaas.cfg + */ +public class JaasSshCommandSecurityTest extends SshCommandTestBase { + @Test + public void testJaasCommandSecurityViaSsh() throws Exception { + String vieweruser = "viewer" + System.nanoTime() + "_jaas"; + + addViewer(vieweruser); + + String userName = "XXX" + System.nanoTime(); + assertCommand(vieweruser, "jaas:manage --realm karaf;" + + "jaas:useradd " + userName + " pwd;" + + "jaas:update", Result.NOT_FOUND); + String r = assertCommand(vieweruser, "jaas:manage --realm karaf;" + + "jaas:users", Result.OK); + Assert.assertFalse("The viewer should not have the credentials to add the new user", + r.contains(userName)); + + assertCommand("karaf", "jaas:manage --realm karaf;" + + "jaas:useradd " + userName + " pwd;" + + "jaas:update", Result.OK); + String r2 = assertCommand(vieweruser, "jaas:manage --realm karaf;" + + "jaas:users", Result.OK); + Assert.assertTrue("The admin user should have the rights to add the new user", + r2.contains(userName)); + } +}
