Repository: karaf Updated Branches: refs/heads/master d100637fb -> 3b336bb29
[KARAF-2995]RBAC - the shell command acl configuration modification can't take effect unless we restart the Karaf server (cherry picked from commit 9483f0caaf0aa5258f07e7ba95f36b008c4c5adc) (cherry picked from commit bb89479c05e3ba6a9d4db923fd1764fefbea823e) Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f5c42629 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/f5c42629 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/f5c42629 Branch: refs/heads/master Commit: f5c426297c5a9090c40d606af4852ae0b45bebb3 Parents: d100637 Author: Freeman Fang <[email protected]> Authored: Tue May 27 14:11:13 2014 +0800 Committer: Freeman Fang <[email protected]> Committed: Tue May 27 16:04:53 2014 +0800 ---------------------------------------------------------------------- ...rg.apache.karaf.command.acl.scope_bundle.cfg | 9 +++ .../impl/SecuredCommandConfigTransformer.java | 80 ++++++++++++++++++++ .../SecuredCommandConfigTransformerTest.java | 2 + 3 files changed, 91 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/f5c42629/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg ---------------------------------------------------------------------- diff --git a/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg new file mode 100644 index 0000000..62c8d57 --- /dev/null +++ b/assemblies/apache-karaf/src/main/distribution/text/etc/org.apache.karaf.command.acl.scope_bundle.cfg @@ -0,0 +1,9 @@ +features=org.apache.karaf.features.command +jaas=org.apache.karaf.jaas.command +admin=org.apache.karaf.admin.command +osgi=org.apache.karaf.shell.osgi +log=org.apache.karaf.shell.log +packages=org.apache.karaf.shell.packages +config=org.apache.karaf.shell.config +ssh=org.apache.karaf.shell.ssh +shell=org.apache.karaf.shell.commands http://git-wip-us.apache.org/repos/asf/karaf/blob/f5c42629/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java ---------------------------------------------------------------------- diff --git a/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java b/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java index d69efd6..5ab160c 100644 --- a/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java +++ b/shell/console/src/main/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformer.java @@ -17,17 +17,22 @@ package org.apache.karaf.shell.security.impl; import org.apache.felix.service.command.CommandProcessor; +import org.osgi.framework.Bundle; +import org.osgi.framework.BundleContext; import org.osgi.framework.Constants; import org.osgi.framework.InvalidSyntaxException; +import org.osgi.framework.ServiceReference; import org.osgi.service.cm.Configuration; import org.osgi.service.cm.ConfigurationAdmin; import org.osgi.service.cm.ConfigurationEvent; import org.osgi.service.cm.ConfigurationListener; +import org.osgi.service.packageadmin.PackageAdmin; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.IOException; import java.util.*; +import java.util.Map.Entry; @Deprecated public class SecuredCommandConfigTransformer implements ConfigurationListener { @@ -38,8 +43,10 @@ public class SecuredCommandConfigTransformer implements ConfigurationListener { private static final Logger LOGGER = LoggerFactory.getLogger(SecuredCommandConfigTransformer.class); private static final String CONFIGURATION_FILTER = "(" + Constants.SERVICE_PID + "=" + PROXY_COMMAND_ACL_PID_PREFIX + "*)"; + private static final String ACL_SCOPE_BUNDLE_MAP = "org.apache.karaf.command.acl.scope_bundle"; private ConfigurationAdmin configAdmin; + public void setConfigAdmin(ConfigurationAdmin configAdmin) { this.configAdmin = configAdmin; @@ -155,6 +162,7 @@ public class SecuredCommandConfigTransformer implements ConfigurationListener { break; case ConfigurationEvent.CM_UPDATED: generateServiceGuardConfig(configAdmin.getConfiguration(event.getPid())); + refreshTheAffectedShellCommandBundle(event, configAdmin.getConfiguration(event.getPid())); break; } } catch (Exception e) { @@ -162,4 +170,76 @@ public class SecuredCommandConfigTransformer implements ConfigurationListener { } } + private void refreshTheAffectedShellCommandBundle(ConfigurationEvent event, Configuration config) { + if (!config.getPid().startsWith(PROXY_COMMAND_ACL_PID_PREFIX)) { + // not a command scope configuration file + return; + } + String filter = ""; + String scopeName = config.getPid().substring(PROXY_COMMAND_ACL_PID_PREFIX.length()); + if (scopeName.indexOf('.') >= 0) { + // scopes don't contains dots, not a command scope + return; + } + scopeName = scopeName.trim(); + for (Entry<String, String> entry : loadScopeBundleMaps().entrySet()) { + if (entry.getKey().equals(scopeName)) { + filter = "(" + + "osgi.blueprint.container.symbolicname" + "=" + entry.getValue() + ")"; + break; + } + } + + + + BundleContext bundleContext = event.getReference().getBundle().getBundleContext(); + + try { + ServiceReference<?>[] sr = bundleContext.getServiceReferences("org.osgi.service.blueprint.container.BlueprintContainer", filter); + if (sr == null) { + LOGGER.error("can't find the command bundle for scope " + scopeName); + return; + } + LOGGER.debug("the refreshed bundle is " + sr[0].getBundle().getSymbolicName()); + + ServiceReference ref = bundleContext.getServiceReference(PackageAdmin.class.getName()); + if (ref == null) { + LOGGER.error("PackageAdmin service is unavailable."); + return; + } + try { + PackageAdmin pa = (PackageAdmin) bundleContext.getService(ref); + if (pa == null) { + LOGGER.error("PackageAdmin service is unavailable."); + return; + } + pa.refreshPackages(new Bundle[]{sr[0].getBundle()}); + } + finally { + bundleContext.ungetService(ref); + } + } catch (InvalidSyntaxException ex) { + LOGGER.error("Problem refresh the affected shell command bundle", ex); + } + + + } + + private Map<String, String> loadScopeBundleMaps() { + Map<String, String> scopeBundleMaps = new HashMap<String, String>(); + try { + for (Configuration config : configAdmin.listConfigurations("(service.pid=" + ACL_SCOPE_BUNDLE_MAP + ")")) { + Enumeration<String> keys = config.getProperties().keys(); + while (keys.hasMoreElements()) { + String key = keys.nextElement(); + scopeBundleMaps.put(key, (String)config.getProperties().get(key)); + } + } + } catch (Exception ex) { + LOGGER.error("Problem load the scope bundle map", ex); + } + return scopeBundleMaps; + } + } + http://git-wip-us.apache.org/repos/asf/karaf/blob/f5c42629/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java ---------------------------------------------------------------------- diff --git a/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java b/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java index 9fadcd4..28eda60 100644 --- a/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java +++ b/shell/console/src/test/java/org/apache/karaf/shell/security/impl/SecuredCommandConfigTransformerTest.java @@ -163,9 +163,11 @@ public class SecuredCommandConfigTransformerTest { @SuppressWarnings("unchecked") ServiceReference<ConfigurationAdmin> cmRef = EasyMock.createMock(ServiceReference.class); + EasyMock.expect(cmRef.getBundle()).andReturn(null).anyTimes(); EasyMock.replay(cmRef); ConfigurationEvent event = new ConfigurationEvent(cmRef, ConfigurationEvent.CM_UPDATED, null, testPid); + assertEquals("Precondition", 0, generateCalled.size()); scct.configurationEvent(event);
