Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Hi Paul, I will create the Jira (thanks for the reminder). Regards JB On 02/24/2014 05:13 PM, Paul Spencer wrote: I do not see a JIRA entry for this bug. 1) Has this bug been resolved? 2) What is the JIRA Entry? Paul Spencer On Jan 16, 2014, at 8:34 PM, Paul Spencer wrote: David, 1) I see JB will file a bug for this issue. 2) The workaround is working for me. Paul Spencer On Jan 16, 2014, at 3:43 AM, David Bosschaert wrote: Hi Paul, This could be an omission on my part. When I worked on the command security I didn't really focus at the client command, but mainly worked with the bin/karaf command and SSH access. I can look into this. Would you like to file a bug for it? In the mean time, if you need the bin/client command to access Karaf, you can use it with the shell commands RBAC disabled. You can disable it by commenting out the following line in etc/system.properties: karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*)) Cheers, David On 15 January 2014 12:54, Paul Spencer wrote: JB, I have seen the error with other commands while developing a bundle, although I focused on the bundle:uninstall. In addition to connecting to Karaf with ssh, the use case succeeds when connection with bin/karaf. Paul Spencer On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré wrote: Let me try to reproduce the issue using bin/client. It's weird as bin/client is a ssh client, so it's basically the same as ssh. Did you see the issue with other commands ? I think that the ACL can be enhanced: instead of checking the -f option, it should check the bundle level. It's not so easy as bundle:uninstall accept bundle ID, bundle name, etc. Regards JB On 01/15/2014 12:45 PM, Paul Spencer wrote: JB, If is connect to Karaf vis SSH, the use case works, but if I connect via bin/client the use case fails. Why does the command uninstall without -f generate the log message “Current user does not have required roles ([manager]) for service” when connected to Karaf via bin/client? *** * Role definition in etc/system.properties *** sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties # Roles to use when logging into a local Karaf console. karaf.local.roles = admin,manager,viewer sparrow-2:apache-karaf-3.0.0 paul$ *** * Log of connecting to Karaf via SSH then bin/client *** sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 Authenticated with partial success. Authenticated with partial success. Password authentication Password: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> uninstall 80 karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 81 karaf@root()> uninstall 81 karaf@root()> logout Connection to 127.0.0.1 closed. sparrow-2:apache-karaf-3.0.0 paul$ bin/client Logging in as karaf 566 [pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at /0.0.0.0:8101 presented unverified key: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 82 karaf@root()> uninstall 82 Error executing command: Insufficient credentials. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> logout sparrow-2:apache-karaf-3.0.0 paul$ *** * From data/log/karaf.log *** 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shel
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
I do not see a JIRA entry for this bug. 1) Has this bug been resolved? 2) What is the JIRA Entry? Paul Spencer On Jan 16, 2014, at 8:34 PM, Paul Spencer wrote: > David, > > 1) I see JB will file a bug for this issue. > > 2) The workaround is working for me. > > Paul Spencer > > On Jan 16, 2014, at 3:43 AM, David Bosschaert > wrote: > >> Hi Paul, >> >> This could be an omission on my part. When I worked on the command >> security I didn't really focus at the client command, but mainly >> worked with the bin/karaf command and SSH access. >> >> I can look into this. Would you like to file a bug for it? >> >> In the mean time, if you need the bin/client command to access Karaf, >> you can use it with the shell commands RBAC disabled. You can disable >> it by commenting out the following line in etc/system.properties: >> karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*)) >> >> Cheers, >> >> David >> >> On 15 January 2014 12:54, Paul Spencer wrote: >>> JB, >>> I have seen the error with other commands while developing a bundle, >>> although I focused on the bundle:uninstall. >>> >>> In addition to connecting to Karaf with ssh, the use case succeeds when >>> connection with bin/karaf. >>> >>> Paul Spencer >>> On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré wrote: >>> Let me try to reproduce the issue using bin/client. It's weird as bin/client is a ssh client, so it's basically the same as ssh. Did you see the issue with other commands ? I think that the ACL can be enhanced: instead of checking the -f option, it should check the bundle level. It's not so easy as bundle:uninstall accept bundle ID, bundle name, etc. Regards JB On 01/15/2014 12:45 PM, Paul Spencer wrote: > JB, > If is connect to Karaf vis SSH, the use case works, but if I connect via > bin/client the use case fails. > > Why does the command uninstall without -f generate the log message > “Current user does not have required roles ([manager]) for service” when > connected to Karaf via bin/client? > > > *** > * Role definition in etc/system.properties > *** > sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties > # Roles to use when logging into a local Karaf console. > karaf.local.roles = admin,manager,viewer > sparrow-2:apache-karaf-3.0.0 paul$ > > *** > * Log of connecting to Karaf via SSH then bin/client > *** > sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 > Authenticated with partial success. > Authenticated with partial success. > Password authentication > Password: > __ __ > / //_/ __ _/ __/ >/ ,< / __ `/ ___/ __ `/ /_ > / /| |/ /_/ / / / /_/ / __/ > /_/ |_|\__,_/_/ \__,_/_/ > > Apache Karaf (3.0.0) > > Hit '' for a list of available commands > and '[cmd] --help' for help on a specific command. > Hit 'system:shutdown' to shutdown Karaf. > Hit '' or type 'logout' to disconnect shell from current session. > > karaf@root()> list > START LEVEL 100 , List Threshold: 50 > ID | State | Lvl | Version| Name > -- > 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution > karaf@root()> uninstall 80 > karaf@root()> install > mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT > Bundle ID: 81 > karaf@root()> uninstall 81 > karaf@root()> logout > Connection to 127.0.0.1 closed. > sparrow-2:apache-karaf-3.0.0 paul$ bin/client > Logging in as karaf > 566 [pool-2-thread-2] WARN > org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at > /0.0.0.0:8101 presented unverified key: > __ __ > / //_/ __ _/ __/ >/ ,< / __ `/ ___/ __ `/ /_ > / /| |/ /_/ / / / /_/ / __/ > /_/ |_|\__,_/_/ \__,_/_/ > > Apache Karaf (3.0.0) > > Hit '' for a list of available commands > and '[cmd] --help' for help on a specific command. > Hit 'system:shutdown' to shutdown Karaf. > Hit '' or type 'logout' to disconnect shell from current session. > > karaf@root()> install > mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT > Bundle ID: 82 > karaf@root()> uninstall 82 > Error executing command: Insufficient credentials. > karaf@root()> list > START LEVEL 100 , List Threshold: 50 > ID | State | Lvl | Version| Name > -- > 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution > karaf@root()> logout > sparrow-2:apache-karaf-3.0.0 paul$ > > *** > * Fr
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
David, 1) I see JB will file a bug for this issue. 2) The workaround is working for me. Paul Spencer On Jan 16, 2014, at 3:43 AM, David Bosschaert wrote: > Hi Paul, > > This could be an omission on my part. When I worked on the command > security I didn't really focus at the client command, but mainly > worked with the bin/karaf command and SSH access. > > I can look into this. Would you like to file a bug for it? > > In the mean time, if you need the bin/client command to access Karaf, > you can use it with the shell commands RBAC disabled. You can disable > it by commenting out the following line in etc/system.properties: > karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*)) > > Cheers, > > David > > On 15 January 2014 12:54, Paul Spencer wrote: >> JB, >> I have seen the error with other commands while developing a bundle, >> although I focused on the bundle:uninstall. >> >> In addition to connecting to Karaf with ssh, the use case succeeds when >> connection with bin/karaf. >> >> Paul Spencer >> On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré wrote: >> >>> Let me try to reproduce the issue using bin/client. It's weird as >>> bin/client is a ssh client, so it's basically the same as ssh. >>> >>> Did you see the issue with other commands ? >>> >>> I think that the ACL can be enhanced: instead of checking the -f option, it >>> should check the bundle level. It's not so easy as bundle:uninstall accept >>> bundle ID, bundle name, etc. >>> >>> Regards >>> JB >>> >>> On 01/15/2014 12:45 PM, Paul Spencer wrote: JB, If is connect to Karaf vis SSH, the use case works, but if I connect via bin/client the use case fails. Why does the command uninstall without -f generate the log message “Current user does not have required roles ([manager]) for service” when connected to Karaf via bin/client? *** * Role definition in etc/system.properties *** sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties # Roles to use when logging into a local Karaf console. karaf.local.roles = admin,manager,viewer sparrow-2:apache-karaf-3.0.0 paul$ *** * Log of connecting to Karaf via SSH then bin/client *** sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 Authenticated with partial success. Authenticated with partial success. Password authentication Password: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> uninstall 80 karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 81 karaf@root()> uninstall 81 karaf@root()> logout Connection to 127.0.0.1 closed. sparrow-2:apache-karaf-3.0.0 paul$ bin/client Logging in as karaf 566 [pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at /0.0.0.0:8101 presented unverified key: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 82 karaf@root()> uninstall 82 Error executing command: Insufficient credentials. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> logout sparrow-2:apache-karaf-3.0.0 paul$ *** * From data/log/karaf.log *** 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.Com
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Hi David, I started to fix the client (it's not a big deal as it's likely a SSH client). I gonna create the Jira and attach my current patch. Regards JB On 01/16/2014 09:43 AM, David Bosschaert wrote: Hi Paul, This could be an omission on my part. When I worked on the command security I didn't really focus at the client command, but mainly worked with the bin/karaf command and SSH access. I can look into this. Would you like to file a bug for it?LOGGER David, In the mean time, if you need the bin/client command to access Karaf, you can use it with the shell commands RBAC disabled. You can disable it by commenting out the following line in etc/system.properties: karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*)) Cheers, David On 15 January 2014 12:54, Paul Spencer wrote: JB, I have seen the error with other commands while developing a bundle, although I focused on the bundle:uninstall. In addition to connecting to Karaf with ssh, the use case succeeds when connection with bin/karaf. Paul Spencer On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré wrote: Let me try to reproduce the issue using bin/client. It's weird as bin/client is a ssh client, so it's basically the same as ssh. Did you see the issue with other commands ? I think that the ACL can be enhanced: instead of checking the -f option, it should check the bundle level. It's not so easy as bundle:uninstall accept bundle ID, bundle name, etc. Regards JB On 01/15/2014 12:45 PM, Paul Spencer wrote: JB, If is connect to Karaf vis SSH, the use case works, but if I connect via bin/client the use case fails. Why does the command uninstall without -f generate the log message “Current user does not have required roles ([manager]) for service” when connected to Karaf via bin/client? *** * Role definition in etc/system.properties *** sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties # Roles to use when logging into a local Karaf console. karaf.local.roles = admin,manager,viewer sparrow-2:apache-karaf-3.0.0 paul$ *** * Log of connecting to Karaf via SSH then bin/client *** sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 Authenticated with partial success. Authenticated with partial success. Password authentication Password: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> uninstall 80 karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 81 karaf@root()> uninstall 81 karaf@root()> logout Connection to 127.0.0.1 closed. sparrow-2:apache-karaf-3.0.0 paul$ bin/client Logging in as karaf 566 [pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at /0.0.0.0:8101 presented unverified key: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 82 karaf@root()> uninstall 82 Error executing command: Insufficient credentials. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> logout sparrow-2:apache-karaf-3.0.0 paul$ *** * From data/log/karaf.log *** 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) throws java.lang.Exception and/or arguments 2014-01-15 06:34:25,902 | ERROR | e
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Hi Paul, This could be an omission on my part. When I worked on the command security I didn't really focus at the client command, but mainly worked with the bin/karaf command and SSH access. I can look into this. Would you like to file a bug for it? In the mean time, if you need the bin/client command to access Karaf, you can use it with the shell commands RBAC disabled. You can disable it by commenting out the following line in etc/system.properties: karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*)) Cheers, David On 15 January 2014 12:54, Paul Spencer wrote: > JB, > I have seen the error with other commands while developing a bundle, although > I focused on the bundle:uninstall. > > In addition to connecting to Karaf with ssh, the use case succeeds when > connection with bin/karaf. > > Paul Spencer > On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré wrote: > >> Let me try to reproduce the issue using bin/client. It's weird as bin/client >> is a ssh client, so it's basically the same as ssh. >> >> Did you see the issue with other commands ? >> >> I think that the ACL can be enhanced: instead of checking the -f option, it >> should check the bundle level. It's not so easy as bundle:uninstall accept >> bundle ID, bundle name, etc. >> >> Regards >> JB >> >> On 01/15/2014 12:45 PM, Paul Spencer wrote: >>> JB, >>> If is connect to Karaf vis SSH, the use case works, but if I connect via >>> bin/client the use case fails. >>> >>> Why does the command uninstall without -f generate the log message “Current >>> user does not have required roles ([manager]) for service” when connected >>> to Karaf via bin/client? >>> >>> >>> *** >>> * Role definition in etc/system.properties >>> *** >>> sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties >>> # Roles to use when logging into a local Karaf console. >>> karaf.local.roles = admin,manager,viewer >>> sparrow-2:apache-karaf-3.0.0 paul$ >>> >>> *** >>> * Log of connecting to Karaf via SSH then bin/client >>> *** >>> sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 >>> Authenticated with partial success. >>> Authenticated with partial success. >>> Password authentication >>> Password: >>> __ __ >>>/ //_/ __ _/ __/ >>> / ,< / __ `/ ___/ __ `/ /_ >>> / /| |/ /_/ / / / /_/ / __/ >>> /_/ |_|\__,_/_/ \__,_/_/ >>> >>> Apache Karaf (3.0.0) >>> >>> Hit '' for a list of available commands >>> and '[cmd] --help' for help on a specific command. >>> Hit 'system:shutdown' to shutdown Karaf. >>> Hit '' or type 'logout' to disconnect shell from current session. >>> >>> karaf@root()> list >>> START LEVEL 100 , List Threshold: 50 >>> ID | State | Lvl | Version| Name >>> -- >>> 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution >>> karaf@root()> uninstall 80 >>> karaf@root()> install >>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT >>> Bundle ID: 81 >>> karaf@root()> uninstall 81 >>> karaf@root()> logout >>> Connection to 127.0.0.1 closed. >>> sparrow-2:apache-karaf-3.0.0 paul$ bin/client >>> Logging in as karaf >>> 566 [pool-2-thread-2] WARN >>> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at >>> /0.0.0.0:8101 presented unverified key: >>> __ __ >>>/ //_/ __ _/ __/ >>> / ,< / __ `/ ___/ __ `/ /_ >>> / /| |/ /_/ / / / /_/ / __/ >>> /_/ |_|\__,_/_/ \__,_/_/ >>> >>> Apache Karaf (3.0.0) >>> >>> Hit '' for a list of available commands >>> and '[cmd] --help' for help on a specific command. >>> Hit 'system:shutdown' to shutdown Karaf. >>> Hit '' or type 'logout' to disconnect shell from current session. >>> >>> karaf@root()> install >>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT >>> Bundle ID: 82 >>> karaf@root()> uninstall 82 >>> Error executing command: Insufficient credentials. >>> karaf@root()> list >>> START LEVEL 100 , List Threshold: 50 >>> ID | State | Lvl | Version| Name >>> -- >>> 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution >>> karaf@root()> logout >>> sparrow-2:apache-karaf-3.0.0 paul$ >>> >>> *** >>> * From data/log/karaf.log >>> *** >>> 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog >>> | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does >>> not have required roles ([manager]) for service >>> [org.apache.karaf.shell.console.CompletableFunction, >>> org.apache.karaf.shell.console.commands.BlueprintCommand, >>> org.apache.karaf.shell.commands.CommandWithAction, >>> org.apache.felix.service.command.Function, >>> org.apache.karaf.shell.commands.basic.AbstractCommand] method public >>> java.lang.Object >>> org.apache.karaf.shell.comm
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
JB, I have seen the error with other commands while developing a bundle, although I focused on the bundle:uninstall. In addition to connecting to Karaf with ssh, the use case succeeds when connection with bin/karaf. Paul Spencer On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré wrote: > Let me try to reproduce the issue using bin/client. It's weird as bin/client > is a ssh client, so it's basically the same as ssh. > > Did you see the issue with other commands ? > > I think that the ACL can be enhanced: instead of checking the -f option, it > should check the bundle level. It's not so easy as bundle:uninstall accept > bundle ID, bundle name, etc. > > Regards > JB > > On 01/15/2014 12:45 PM, Paul Spencer wrote: >> JB, >> If is connect to Karaf vis SSH, the use case works, but if I connect via >> bin/client the use case fails. >> >> Why does the command uninstall without -f generate the log message “Current >> user does not have required roles ([manager]) for service” when connected to >> Karaf via bin/client? >> >> >> *** >> * Role definition in etc/system.properties >> *** >> sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties >> # Roles to use when logging into a local Karaf console. >> karaf.local.roles = admin,manager,viewer >> sparrow-2:apache-karaf-3.0.0 paul$ >> >> *** >> * Log of connecting to Karaf via SSH then bin/client >> *** >> sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 >> Authenticated with partial success. >> Authenticated with partial success. >> Password authentication >> Password: >> __ __ >>/ //_/ __ _/ __/ >> / ,< / __ `/ ___/ __ `/ /_ >> / /| |/ /_/ / / / /_/ / __/ >> /_/ |_|\__,_/_/ \__,_/_/ >> >> Apache Karaf (3.0.0) >> >> Hit '' for a list of available commands >> and '[cmd] --help' for help on a specific command. >> Hit 'system:shutdown' to shutdown Karaf. >> Hit '' or type 'logout' to disconnect shell from current session. >> >> karaf@root()> list >> START LEVEL 100 , List Threshold: 50 >> ID | State | Lvl | Version| Name >> -- >> 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution >> karaf@root()> uninstall 80 >> karaf@root()> install >> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT >> Bundle ID: 81 >> karaf@root()> uninstall 81 >> karaf@root()> logout >> Connection to 127.0.0.1 closed. >> sparrow-2:apache-karaf-3.0.0 paul$ bin/client >> Logging in as karaf >> 566 [pool-2-thread-2] WARN >> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at >> /0.0.0.0:8101 presented unverified key: >> __ __ >>/ //_/ __ _/ __/ >> / ,< / __ `/ ___/ __ `/ /_ >> / /| |/ /_/ / / / /_/ / __/ >> /_/ |_|\__,_/_/ \__,_/_/ >> >> Apache Karaf (3.0.0) >> >> Hit '' for a list of available commands >> and '[cmd] --help' for help on a specific command. >> Hit 'system:shutdown' to shutdown Karaf. >> Hit '' or type 'logout' to disconnect shell from current session. >> >> karaf@root()> install >> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT >> Bundle ID: 82 >> karaf@root()> uninstall 82 >> Error executing command: Insufficient credentials. >> karaf@root()> list >> START LEVEL 100 , List Threshold: 50 >> ID | State | Lvl | Version| Name >> -- >> 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution >> karaf@root()> logout >> sparrow-2:apache-karaf-3.0.0 paul$ >> >> *** >> * From data/log/karaf.log >> *** >> 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog >> | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does >> not have required roles ([manager]) for service >> [org.apache.karaf.shell.console.CompletableFunction, >> org.apache.karaf.shell.console.commands.BlueprintCommand, >> org.apache.karaf.shell.commands.CommandWithAction, >> org.apache.felix.service.command.Function, >> org.apache.karaf.shell.commands.basic.AbstractCommand] method public >> java.lang.Object >> org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) >> throws java.lang.Exception and/or arguments >> 2014-01-15 06:34:25,902 | ERROR | e ssh user karaf | ShellUtil >> | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught >> while executing command >> java.lang.SecurityException: Insufficient credentials. >> at >> org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) >> at >> org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) >> at >> org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) >>
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Let me try to reproduce the issue using bin/client. It's weird as bin/client is a ssh client, so it's basically the same as ssh. Did you see the issue with other commands ? I think that the ACL can be enhanced: instead of checking the -f option, it should check the bundle level. It's not so easy as bundle:uninstall accept bundle ID, bundle name, etc. Regards JB On 01/15/2014 12:45 PM, Paul Spencer wrote: JB, If is connect to Karaf vis SSH, the use case works, but if I connect via bin/client the use case fails. Why does the command uninstall without -f generate the log message “Current user does not have required roles ([manager]) for service” when connected to Karaf via bin/client? *** * Role definition in etc/system.properties *** sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties # Roles to use when logging into a local Karaf console. karaf.local.roles = admin,manager,viewer sparrow-2:apache-karaf-3.0.0 paul$ *** * Log of connecting to Karaf via SSH then bin/client *** sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 Authenticated with partial success. Authenticated with partial success. Password authentication Password: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> uninstall 80 karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 81 karaf@root()> uninstall 81 karaf@root()> logout Connection to 127.0.0.1 closed. sparrow-2:apache-karaf-3.0.0 paul$ bin/client Logging in as karaf 566 [pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at /0.0.0.0:8101 presented unverified key: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 82 karaf@root()> uninstall 82 Error executing command: Insufficient credentials. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> logout sparrow-2:apache-karaf-3.0.0 paul$ *** * From data/log/karaf.log *** 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) throws java.lang.Exception and/or arguments 2014-01-15 06:34:25,902 | ERROR | e ssh user karaf | ShellUtil | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while executing command java.lang.SecurityException: Insufficient credentials. at org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) at org.apache.karaf.shell.console.commands.$BlueprintCommand1069614474.execute(Unknown Source)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
JB, If is connect to Karaf vis SSH, the use case works, but if I connect via bin/client the use case fails. Why does the command uninstall without -f generate the log message “Current user does not have required roles ([manager]) for service” when connected to Karaf via bin/client? *** * Role definition in etc/system.properties *** sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties # Roles to use when logging into a local Karaf console. karaf.local.roles = admin,manager,viewer sparrow-2:apache-karaf-3.0.0 paul$ *** * Log of connecting to Karaf via SSH then bin/client *** sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101 Authenticated with partial success. Authenticated with partial success. Password authentication Password: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> uninstall 80 karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 81 karaf@root()> uninstall 81 karaf@root()> logout Connection to 127.0.0.1 closed. sparrow-2:apache-karaf-3.0.0 paul$ bin/client Logging in as karaf 566 [pool-2-thread-2] WARN org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at /0.0.0.0:8101 presented unverified key: __ __ / //_/ __ _/ __/ / ,< / __ `/ ___/ __ `/ /_ / /| |/ /_/ / / / /_/ / __/ /_/ |_|\__,_/_/ \__,_/_/ Apache Karaf (3.0.0) Hit '' for a list of available commands and '[cmd] --help' for help on a specific command. Hit 'system:shutdown' to shutdown Karaf. Hit '' or type 'logout' to disconnect shell from current session. karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 82 karaf@root()> uninstall 82 Error executing command: Insufficient credentials. karaf@root()> list START LEVEL 100 , List Threshold: 50 ID | State | Lvl | Version| Name -- 82 | Installed | 80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution karaf@root()> logout sparrow-2:apache-karaf-3.0.0 paul$ *** * From data/log/karaf.log *** 2014-01-15 06:34:25,902 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) throws java.lang.Exception and/or arguments 2014-01-15 06:34:25,902 | ERROR | e ssh user karaf | ShellUtil | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while executing command java.lang.SecurityException: Insufficient credentials. at org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) at org.apache.karaf.shell.console.commands.$BlueprintCommand1069614474.execute(Unknown Source)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandSessionImpl.exec
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Hi Pauln it's not a regression: command, services, and JMX security don't exist at all in 2.3.x, it's a new feature from 3.0.0. The local roles are define in etc/system.properties: karaf.local.roles = admin,manager,viewer It's the roles used by the "local" console. When you use remote console (via ssh), Karaf use the role of the user. If you take a look on etc/org.apache.karaf.command.acl.bundle.cfg, you can see: uninstall[/.*[-][f].*/] = admin uninstall = manager If you are manager, you can use uninstall for non system bundle (with start level greater than 80, so without requiring the -f option). To uninstall system bundle, you have to be admin (who can use the -f option for system bundle). Regards JB On 01/14/2014 10:34 PM, Paul Spencer wrote: JB, - The use case is successful in 2.3.x, to this sounds like a regression issue. - Per etc/system.properties, the local user has admin and manage roles. karaf@root()> jaas:realm-manage --index 1 karaf@root()> jaas:user-list User Name | Group | Role karaf | admingroup | admin karaf | admingroup | manager karaf | admingroup | viewer karaf@root()> - The way I am reading etc/org.apache.karaf.command.acl.bundle.cfg, a user in the admin group can “install” a bundle and needs to be in the manager group to “uninstall” without the “-f” option. karaf@root()> bundle:uninstall 79 Error executing command: Insufficient credentials. karaf@root()> bundle:uninstall -f 79 karaf@root()> So why is the “bundle:uninstall” command failing when the local user has the manager role? Paul Spencer On Jan 14, 2014, at 2:29 PM, Jean-Baptiste Onofré wrote: Hi Paul, take a look in the documentation: http://karaf.apache.org/manual/latest/users-guide/security.html in the console section. You will the explanations about etc/org.apache.karaf.command.acl..cfg files. Regards JB On 01/14/2014 07:14 PM, Paul Spencer wrote: Karaf 3.0.0 running on Apple OSX Maverick (10.9.1) I am getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands on a newly installed Karaf 3.0.0. The use case below is for uninstalling a bundle. Is there a configuration change I need to make? *** * Use case *** 1) unzipped the distribution 2) Start the Karaf server with bin/start 3) Tail the log file until the JMX OSGi Agent is finished registering objects (about 30 seconds) 4) Start the Karaf client with bin/client 5) Install a bundle 6) Uninstall the newly installed bundle *** * Command output *** karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 79 karaf@root()> uninstall 79 Error executing command: Insufficient credentials. karaf@root()> *** * From karaf.log (I can post the full 28K log if necessary) *** 2014-01-14 12:50:07,960 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) throws java.lang.Exception and/or arguments 2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while executing command java.lang.SecurityException: Insufficient credentials. at org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) at org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown Source)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89) a
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
JB, - The use case is successful in 2.3.x, to this sounds like a regression issue. - Per etc/system.properties, the local user has admin and manage roles. karaf@root()> jaas:realm-manage --index 1 karaf@root()> jaas:user-list User Name | Group | Role karaf | admingroup | admin karaf | admingroup | manager karaf | admingroup | viewer karaf@root()> - The way I am reading etc/org.apache.karaf.command.acl.bundle.cfg, a user in the admin group can “install” a bundle and needs to be in the manager group to “uninstall” without the “-f” option. karaf@root()> bundle:uninstall 79 Error executing command: Insufficient credentials. karaf@root()> bundle:uninstall -f 79 karaf@root()> So why is the “bundle:uninstall” command failing when the local user has the manager role? Paul Spencer On Jan 14, 2014, at 2:29 PM, Jean-Baptiste Onofré wrote: > Hi Paul, > > take a look in the documentation: > > http://karaf.apache.org/manual/latest/users-guide/security.html > > in the console section. > > You will the explanations about etc/org.apache.karaf.command.acl..cfg > files. > > Regards > JB > > On 01/14/2014 07:14 PM, Paul Spencer wrote: >> Karaf 3.0.0 running on Apple OSX Maverick (10.9.1) >> >> I am getting a "java.lang.SecurityException: Insufficient credentials.” >> error when executing various commands on a newly installed Karaf 3.0.0. The >> use case below is for uninstalling a bundle. >> >> Is there a configuration change I need to make? >> >> *** >> * Use case >> *** >> 1) unzipped the distribution >> 2) Start the Karaf server with bin/start >> 3) Tail the log file until the JMX OSGi Agent is finished registering >> objects (about 30 seconds) >> 4) Start the Karaf client with bin/client >> 5) Install a bundle >> 6) Uninstall the newly installed bundle >> >> >> *** >> * Command output >> *** >> karaf@root()> install >> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT >> Bundle ID: 79 >> karaf@root()> uninstall 79 >> Error executing command: Insufficient credentials. >> karaf@root()> >> >> >> *** >> * From karaf.log (I can post the full 28K log if necessary) >> *** >> 2014-01-14 12:50:07,960 | INFO | e ssh user karaf | GuardProxyCatalog >> | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does >> not have required roles ([manager]) for service >> [org.apache.karaf.shell.console.CompletableFunction, >> org.apache.karaf.shell.console.commands.BlueprintCommand, >> org.apache.karaf.shell.commands.CommandWithAction, >> org.apache.felix.service.command.Function, >> org.apache.karaf.shell.commands.basic.AbstractCommand] method public >> java.lang.Object >> org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) >> throws java.lang.Exception and/or arguments >> 2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil >> | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught >> while executing command >> java.lang.SecurityException: Insufficient credentials. >> at >> org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) >> at >> org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) >> at >> org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) >> at >> org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown >> Source)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89) >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497) >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198) >> at java.lang.Thread.run(Thread.java:724)[:1.7.0_25] >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109) >> at java.
Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Hi Paul, take a look in the documentation: http://karaf.apache.org/manual/latest/users-guide/security.html in the console section. You will the explanations about etc/org.apache.karaf.command.acl..cfg files. Regards JB On 01/14/2014 07:14 PM, Paul Spencer wrote: Karaf 3.0.0 running on Apple OSX Maverick (10.9.1) I am getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands on a newly installed Karaf 3.0.0. The use case below is for uninstalling a bundle. Is there a configuration change I need to make? *** * Use case *** 1) unzipped the distribution 2) Start the Karaf server with bin/start 3) Tail the log file until the JMX OSGi Agent is finished registering objects (about 30 seconds) 4) Start the Karaf client with bin/client 5) Install a bundle 6) Uninstall the newly installed bundle *** * Command output *** karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 79 karaf@root()> uninstall 79 Error executing command: Insufficient credentials. karaf@root()> *** * From karaf.log (I can post the full 28K log if necessary) *** 2014-01-14 12:50:07,960 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) throws java.lang.Exception and/or arguments 2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while executing command java.lang.SecurityException: Insufficient credentials. at org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) at org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown Source)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89) at org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497) at org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198) at java.lang.Thread.run(Thread.java:724)[:1.7.0_25] at org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109) at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_25] at org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)[48:org.apache.karaf.jaas.modules:3.0.0] at org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.run(ConsoleFactoryService.java:107)[47:org.apache.karaf.shell.console:3.0.0] Paul Spencer -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0
Karaf 3.0.0 running on Apple OSX Maverick (10.9.1) I am getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands on a newly installed Karaf 3.0.0. The use case below is for uninstalling a bundle. Is there a configuration change I need to make? *** * Use case *** 1) unzipped the distribution 2) Start the Karaf server with bin/start 3) Tail the log file until the JMX OSGi Agent is finished registering objects (about 30 seconds) 4) Start the Karaf client with bin/client 5) Install a bundle 6) Uninstall the newly installed bundle *** * Command output *** karaf@root()> install mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT Bundle ID: 79 karaf@root()> uninstall 79 Error executing command: Insufficient credentials. karaf@root()> *** * From karaf.log (I can post the full 28K log if necessary) *** 2014-01-14 12:50:07,960 | INFO | e ssh user karaf | GuardProxyCatalog | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not have required roles ([manager]) for service [org.apache.karaf.shell.console.CompletableFunction, org.apache.karaf.shell.console.commands.BlueprintCommand, org.apache.karaf.shell.commands.CommandWithAction, org.apache.felix.service.command.Function, org.apache.karaf.shell.commands.basic.AbstractCommand] method public java.lang.Object org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) throws java.lang.Exception and/or arguments 2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while executing command java.lang.SecurityException: Insufficient credentials. at org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) at org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) at org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) at org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown Source)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89) at org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497) at org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198) at java.lang.Thread.run(Thread.java:724)[:1.7.0_25] at org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0] at org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109) at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_25] at org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)[48:org.apache.karaf.jaas.modules:3.0.0] at org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.run(ConsoleFactoryService.java:107)[47:org.apache.karaf.shell.console:3.0.0] Paul Spencer