Thanks for the update Guillaume and great job !
I gonna experiment (in combination with sub-shell) and extend to JMX,
but it looks very good.
Thanks again,
Regards
JB
On 10/30/2012 12:20 PM, Guillaume Nodet wrote:
I've worked last week on a solution for KARAF-979, i.e. providing a way to
secure shell commands.
What I came up with is the following.
A new simple authentication service, exposed as an OSGi service with the
following interface
public interface AuthorizationService {
void checkPermission(Subject subject, String permission);
boolean isPermitted(Subject subject, String permission);
}
This service would be used transparently by karaf commands by modifying the
BlueprintCommand class and calling checkPermission with the current Subject
and a permission which is
"command:" + [scope] + ":" + [command]
Permissions can be set through ConfigAdmin using a single property which
contains an xml which looks like:
<entries>
<entry permission="[xxx]" roles="[xxx]" type="add|set|modify" />
[ more entries ]
</entries>
The matching is done by checking the permission given in the call to the
AuthorizationService with the entries in the configuration. Matching
entries are used to compute the list of authorized roles and those roles
are checked against the roles of the authenticated Subject.
This mechanism is the same we had in ServiceMix 3.x.
This allows to define permissions for a subshell or a single command. It
does not provide a very easy way to split read operations from write
operations and this would have to be done in an example configuration maybe
to ease the user task.
That said, the mechanism is easily extensible and we can later add
permissions for JMX access or any other part of Karaf that would benefit
from that.
Thoughts welcomed, as usual.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
