Repository: karaf Updated Branches: refs/heads/karaf-2.x 751549691 -> 7effe2591
[KARAF-2995]RBAC - the shell command acl configuration modification can't take effect unless we restart the Karaf server Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/9483f0ca Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/9483f0ca Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/9483f0ca Branch: refs/heads/karaf-2.x Commit: 9483f0caaf0aa5258f07e7ba95f36b008c4c5adc Parents: 401d196 Author: Freeman Fang <[email protected]> Authored: Tue May 27 14:11:13 2014 +0800 Committer: Freeman Fang <[email protected]> Committed: Tue May 27 14:11:13 2014 +0800 ---------------------------------------------------------------------- ...rg.apache.karaf.command.acl.scope_bundle.cfg | 9 +++ .../impl/SecuredCommandConfigTransformer.java | 80 ++++++++++++++++++++ .../SecuredCommandConfigTransformerTest.java | 2 + 3 files changed, 91 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/9483f0ca/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg ---------------------------------------------------------------------- diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg new file mode 100644 index 0000000..62c8d57 --- /dev/null +++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg @@ -0,0 +1,9 @@ +features=org.apache.karaf.features.command +jaas=org.apache.karaf.jaas.command +admin=org.apache.karaf.admin.command +osgi=org.apache.karaf.shell.osgi +log=org.apache.karaf.shell.log +packages=org.apache.karaf.shell.packages +config=org.apache.karaf.shell.config +ssh=org.apache.karaf.shell.ssh +shell=org.apache.karaf.shell.commands http://git-wip-us.apache.org/repos/asf/karaf/blob/9483f0ca/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java ---------------------------------------------------------------------- diff --git a/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java b/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java index d61911d..2991c48 100644 --- a/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java +++ b/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java @@ -17,17 +17,22 @@ package org.apache.karaf.shell.security.impl; import org.apache.felix.service.command.CommandProcessor; +import org.osgi.framework.Bundle; +import org.osgi.framework.BundleContext; import org.osgi.framework.Constants; import org.osgi.framework.InvalidSyntaxException; +import org.osgi.framework.ServiceReference; import org.osgi.service.cm.Configuration; import org.osgi.service.cm.ConfigurationAdmin; import org.osgi.service.cm.ConfigurationEvent; import org.osgi.service.cm.ConfigurationListener; +import org.osgi.service.packageadmin.PackageAdmin; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; import java.util.*; +import java.util.Map.Entry; public class SecuredCommandConfigTransformer implements ConfigurationListener { @@ -37,8 +42,10 @@ public class SecuredCommandConfigTransformer implements ConfigurationListener { private static final Logger LOGGER = LoggerFactory.getLogger(SecuredCommandConfigTransformer.class); private static final String CONFIGURATION_FILTER = "(" + Constants.SERVICE_PID + "=" + PROXY_COMMAND_ACL_PID_PREFIX + "*)"; + private static final String ACL_SCOPE_BUNDLE_MAP = "org.apache.karaf.command.acl.scope_bundle"; private ConfigurationAdmin configAdmin; + public void setConfigAdmin(ConfigurationAdmin configAdmin) { this.configAdmin = configAdmin; @@ -154,6 +161,7 @@ public class SecuredCommandConfigTransformer implements ConfigurationListener { break; case ConfigurationEvent.CM_UPDATED: generateServiceGuardConfig(configAdmin.getConfiguration(event.getPid())); + refreshTheAffectedShellCommandBundle(event, configAdmin.getConfiguration(event.getPid())); break; } } catch (Exception e) { @@ -161,4 +169,76 @@ public class SecuredCommandConfigTransformer implements ConfigurationListener { } } + private void refreshTheAffectedShellCommandBundle(ConfigurationEvent event, Configuration config) { + if (!config.getPid().startsWith(PROXY_COMMAND_ACL_PID_PREFIX)) { + // not a command scope configuration file + return; + } + String filter = ""; + String scopeName = config.getPid().substring(PROXY_COMMAND_ACL_PID_PREFIX.length()); + if (scopeName.indexOf('.') >= 0) { + // scopes don't contains dots, not a command scope + return; + } + scopeName = scopeName.trim(); + for (Entry<String, String> entry : loadScopeBundleMaps().entrySet()) { + if (entry.getKey().equals(scopeName)) { + filter = "(" + + "osgi.blueprint.container.symbolicname" + "=" + entry.getValue() + ")"; + break; + } + } + + + + BundleContext bundleContext = event.getReference().getBundle().getBundleContext(); + + try { + ServiceReference<?>[] sr = bundleContext.getServiceReferences("org.osgi.service.blueprint.container.BlueprintContainer", filter); + if (sr == null) { + LOGGER.error("can't find the command bundle for scope " + scopeName); + return; + } + LOGGER.debug("the refreshed bundle is " + sr[0].getBundle().getSymbolicName()); + + ServiceReference ref = bundleContext.getServiceReference(PackageAdmin.class.getName()); + if (ref == null) { + LOGGER.error("PackageAdmin service is unavailable."); + return; + } + try { + PackageAdmin pa = (PackageAdmin) bundleContext.getService(ref); + if (pa == null) { + LOGGER.error("PackageAdmin service is unavailable."); + return; + } + pa.refreshPackages(new Bundle[]{sr[0].getBundle()}); + } + finally { + bundleContext.ungetService(ref); + } + } catch (InvalidSyntaxException ex) { + LOGGER.error("Problem refresh the affected shell command bundle", ex); + } + + + } + + private Map<String, String> loadScopeBundleMaps() { + Map<String, String> scopeBundleMaps = new HashMap<String, String>(); + try { + for (Configuration config : configAdmin.listConfigurations("(service.pid=" + ACL_SCOPE_BUNDLE_MAP + ")")) { + Enumeration<String> keys = config.getProperties().keys(); + while (keys.hasMoreElements()) { + String key = keys.nextElement(); + scopeBundleMaps.put(key, (String)config.getProperties().get(key)); + } + } + } catch (Exception ex) { + LOGGER.error("Problem load the scope bundle map", ex); + } + return scopeBundleMaps; + } + } + http://git-wip-us.apache.org/repos/asf/karaf/blob/9483f0ca/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java ---------------------------------------------------------------------- diff --git a/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java b/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java index 9fadcd4..28eda60 100644 --- a/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java +++ b/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java @@ -163,9 +163,11 @@ public class SecuredCommandConfigTransformerTest { @SuppressWarnings("unchecked") ServiceReference<ConfigurationAdmin> cmRef = EasyMock.createMock(ServiceReference.class); + EasyMock.expect(cmRef.getBundle()).andReturn(null).anyTimes(); EasyMock.replay(cmRef); ConfigurationEvent event = new ConfigurationEvent(cmRef, ConfigurationEvent.CM_UPDATED, null, testPid); + assertEquals("Precondition", 0, generateCalled.size()); scct.configurationEvent(event);
