subject:"\"Getting a java.lang.SecurityException\\\: Insufficient credentials.” error when executing various commands in Karaf 3.0.0\""

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-02-24 Thread Jean-Baptiste Onofré


Hi Paul,

I will create the Jira (thanks for the reminder).

Regards
JB

On 02/24/2014 05:13 PM, Paul Spencer wrote:

I do not see a JIRA entry for this bug.
1) Has this bug been resolved?
2) What is the JIRA Entry?

Paul Spencer

On Jan 16, 2014, at 8:34 PM, Paul Spencer  wrote:


David,

1) I see JB will file a bug for this issue.

2) The workaround is working for me.

Paul Spencer

On Jan 16, 2014, at 3:43 AM, David Bosschaert  
wrote:


Hi Paul,

This could be an omission on my part. When I worked on the command
security I didn't really focus at the client command, but mainly
worked with the bin/karaf command and SSH access.

I can look into this. Would you like to file a bug for it?

In the mean time, if you need the bin/client command to access Karaf,
you can use it with the shell commands RBAC disabled. You can disable
it by commenting out the following line in etc/system.properties:
karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*))

Cheers,

David

On 15 January 2014 12:54, Paul Spencer  wrote:

JB,
I have seen the error with other commands while developing a bundle, although I 
focused on the bundle:uninstall.

In addition to connecting to Karaf with ssh, the use case succeeds when 
connection  with bin/karaf.

Paul Spencer
On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré  wrote:


Let me try to reproduce the issue using bin/client. It's weird as bin/client is 
a ssh client, so it's basically the same as ssh.

Did you see the issue with other commands ?

I think that the ACL can be enhanced: instead of checking the -f option, it 
should check the bundle level. It's not so easy as bundle:uninstall accept 
bundle ID, bundle name, etc.

Regards
JB

On 01/15/2014 12:45 PM, Paul Spencer wrote:

JB,
If is connect to Karaf vis SSH, the use case works, but if I connect via 
bin/client the use case fails.

Why does the command uninstall without -f generate the log message “Current 
user does not have required roles ([manager]) for service” when connected to 
Karaf via bin/client?


***
* Role definition in etc/system.properties
***
sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
# Roles to use when logging into a local Karaf console.
karaf.local.roles = admin,manager,viewer
sparrow-2:apache-karaf-3.0.0 paul$

***
* Log of connecting to Karaf via SSH then bin/client
***
sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
Authenticated with partial success.
Authenticated with partial success.
Password authentication
Password:
  __ __  
 / //_/ __ _/ __/
/ ,<  / __ `/ ___/ __ `/ /_
   / /| |/ /_/ / /  / /_/ / __/
  /_/ |_|\__,_/_/   \__,_/_/

Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name
--
80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> uninstall 80
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 81
karaf@root()> uninstall 81
karaf@root()> logout
Connection to 127.0.0.1 closed.
sparrow-2:apache-karaf-3.0.0 paul$ bin/client
Logging in as karaf
566 [pool-2-thread-2] WARN 
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
/0.0.0.0:8101 presented unverified key:
  __ __  
 / //_/ __ _/ __/
/ ,<  / __ `/ ___/ __ `/ /_
   / /| |/ /_/ / /  / /_/ / __/
  /_/ |_|\__,_/_/   \__,_/_/

Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 82
karaf@root()> uninstall 82
Error executing command: Insufficient credentials.
karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name
--
82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> logout
sparrow-2:apache-karaf-3.0.0 paul$

***
* From data/log/karaf.log
***
2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shel

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-02-24 Thread Paul Spencer

I do not see a JIRA entry for this bug.  
1) Has this bug been resolved?
2) What is the JIRA Entry?

Paul Spencer

On Jan 16, 2014, at 8:34 PM, Paul Spencer  wrote:

> David,
> 
> 1) I see JB will file a bug for this issue.
> 
> 2) The workaround is working for me.
> 
> Paul Spencer
> 
> On Jan 16, 2014, at 3:43 AM, David Bosschaert  
> wrote:
> 
>> Hi Paul,
>> 
>> This could be an omission on my part. When I worked on the command
>> security I didn't really focus at the client command, but mainly
>> worked with the bin/karaf command and SSH access.
>> 
>> I can look into this. Would you like to file a bug for it?
>> 
>> In the mean time, if you need the bin/client command to access Karaf,
>> you can use it with the shell commands RBAC disabled. You can disable
>> it by commenting out the following line in etc/system.properties:
>> karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*))
>> 
>> Cheers,
>> 
>> David
>> 
>> On 15 January 2014 12:54, Paul Spencer  wrote:
>>> JB,
>>> I have seen the error with other commands while developing a bundle, 
>>> although I focused on the bundle:uninstall.
>>> 
>>> In addition to connecting to Karaf with ssh, the use case succeeds when 
>>> connection  with bin/karaf.
>>> 
>>> Paul Spencer
>>> On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré  wrote:
>>> 
 Let me try to reproduce the issue using bin/client. It's weird as 
 bin/client is a ssh client, so it's basically the same as ssh.
 
 Did you see the issue with other commands ?
 
 I think that the ACL can be enhanced: instead of checking the -f option, 
 it should check the bundle level. It's not so easy as bundle:uninstall 
 accept bundle ID, bundle name, etc.
 
 Regards
 JB
 
 On 01/15/2014 12:45 PM, Paul Spencer wrote:
> JB,
> If is connect to Karaf vis SSH, the use case works, but if I connect via 
> bin/client the use case fails.
> 
> Why does the command uninstall without -f generate the log message 
> “Current user does not have required roles ([manager]) for service” when 
> connected to Karaf via bin/client?
> 
> 
> ***
> * Role definition in etc/system.properties
> ***
> sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
> # Roles to use when logging into a local Karaf console.
> karaf.local.roles = admin,manager,viewer
> sparrow-2:apache-karaf-3.0.0 paul$
> 
> ***
> * Log of connecting to Karaf via SSH then bin/client
> ***
> sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
> Authenticated with partial success.
> Authenticated with partial success.
> Password authentication
> Password:
>  __ __  
> / //_/ __ _/ __/
>/ ,<  / __ `/ ___/ __ `/ /_
>   / /| |/ /_/ / /  / /_/ / __/
>  /_/ |_|\__,_/_/   \__,_/_/
> 
> Apache Karaf (3.0.0)
> 
> Hit '' for a list of available commands
> and '[cmd] --help' for help on a specific command.
> Hit 'system:shutdown' to shutdown Karaf.
> Hit '' or type 'logout' to disconnect shell from current session.
> 
> karaf@root()> list
> START LEVEL 100 , List Threshold: 50
> ID | State | Lvl | Version| Name
> --
> 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
> karaf@root()> uninstall 80
> karaf@root()> install 
> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
> Bundle ID: 81
> karaf@root()> uninstall 81
> karaf@root()> logout
> Connection to 127.0.0.1 closed.
> sparrow-2:apache-karaf-3.0.0 paul$ bin/client
> Logging in as karaf
> 566 [pool-2-thread-2] WARN 
> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
> /0.0.0.0:8101 presented unverified key:
>  __ __  
> / //_/ __ _/ __/
>/ ,<  / __ `/ ___/ __ `/ /_
>   / /| |/ /_/ / /  / /_/ / __/
>  /_/ |_|\__,_/_/   \__,_/_/
> 
> Apache Karaf (3.0.0)
> 
> Hit '' for a list of available commands
> and '[cmd] --help' for help on a specific command.
> Hit 'system:shutdown' to shutdown Karaf.
> Hit '' or type 'logout' to disconnect shell from current session.
> 
> karaf@root()> install 
> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
> Bundle ID: 82
> karaf@root()> uninstall 82
> Error executing command: Insufficient credentials.
> karaf@root()> list
> START LEVEL 100 , List Threshold: 50
> ID | State | Lvl | Version| Name
> --
> 82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
> karaf@root()> logout
> sparrow-2:apache-karaf-3.0.0 paul$
> 
> ***
> * Fr

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-16 Thread Paul Spencer

David,

1) I see JB will file a bug for this issue.

2) The workaround is working for me.

Paul Spencer

On Jan 16, 2014, at 3:43 AM, David Bosschaert  
wrote:

> Hi Paul,
> 
> This could be an omission on my part. When I worked on the command
> security I didn't really focus at the client command, but mainly
> worked with the bin/karaf command and SSH access.
> 
> I can look into this. Would you like to file a bug for it?
> 
> In the mean time, if you need the bin/client command to access Karaf,
> you can use it with the shell commands RBAC disabled. You can disable
> it by commenting out the following line in etc/system.properties:
>  karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*))
> 
> Cheers,
> 
> David
> 
> On 15 January 2014 12:54, Paul Spencer  wrote:
>> JB,
>> I have seen the error with other commands while developing a bundle, 
>> although I focused on the bundle:uninstall.
>> 
>> In addition to connecting to Karaf with ssh, the use case succeeds when 
>> connection  with bin/karaf.
>> 
>> Paul Spencer
>> On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré  wrote:
>> 
>>> Let me try to reproduce the issue using bin/client. It's weird as 
>>> bin/client is a ssh client, so it's basically the same as ssh.
>>> 
>>> Did you see the issue with other commands ?
>>> 
>>> I think that the ACL can be enhanced: instead of checking the -f option, it 
>>> should check the bundle level. It's not so easy as bundle:uninstall accept 
>>> bundle ID, bundle name, etc.
>>> 
>>> Regards
>>> JB
>>> 
>>> On 01/15/2014 12:45 PM, Paul Spencer wrote:
 JB,
 If is connect to Karaf vis SSH, the use case works, but if I connect via 
 bin/client the use case fails.
 
 Why does the command uninstall without -f generate the log message 
 “Current user does not have required roles ([manager]) for service” when 
 connected to Karaf via bin/client?
 
 
 ***
 * Role definition in etc/system.properties
 ***
 sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
 # Roles to use when logging into a local Karaf console.
 karaf.local.roles = admin,manager,viewer
 sparrow-2:apache-karaf-3.0.0 paul$
 
 ***
 * Log of connecting to Karaf via SSH then bin/client
 ***
 sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
 Authenticated with partial success.
 Authenticated with partial success.
 Password authentication
 Password:
__ __  
   / //_/ __ _/ __/
  / ,<  / __ `/ ___/ __ `/ /_
 / /| |/ /_/ / /  / /_/ / __/
/_/ |_|\__,_/_/   \__,_/_/
 
  Apache Karaf (3.0.0)
 
 Hit '' for a list of available commands
 and '[cmd] --help' for help on a specific command.
 Hit 'system:shutdown' to shutdown Karaf.
 Hit '' or type 'logout' to disconnect shell from current session.
 
 karaf@root()> list
 START LEVEL 100 , List Threshold: 50
 ID | State | Lvl | Version| Name
 --
 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
 karaf@root()> uninstall 80
 karaf@root()> install 
 mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
 Bundle ID: 81
 karaf@root()> uninstall 81
 karaf@root()> logout
 Connection to 127.0.0.1 closed.
 sparrow-2:apache-karaf-3.0.0 paul$ bin/client
 Logging in as karaf
 566 [pool-2-thread-2] WARN 
 org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
 /0.0.0.0:8101 presented unverified key:
__ __  
   / //_/ __ _/ __/
  / ,<  / __ `/ ___/ __ `/ /_
 / /| |/ /_/ / /  / /_/ / __/
/_/ |_|\__,_/_/   \__,_/_/
 
  Apache Karaf (3.0.0)
 
 Hit '' for a list of available commands
 and '[cmd] --help' for help on a specific command.
 Hit 'system:shutdown' to shutdown Karaf.
 Hit '' or type 'logout' to disconnect shell from current session.
 
 karaf@root()> install 
 mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
 Bundle ID: 82
 karaf@root()> uninstall 82
 Error executing command: Insufficient credentials.
 karaf@root()> list
 START LEVEL 100 , List Threshold: 50
 ID | State | Lvl | Version| Name
 --
 82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
 karaf@root()> logout
 sparrow-2:apache-karaf-3.0.0 paul$
 
 ***
 * From data/log/karaf.log
 ***
 2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog 
| 42 - org.apache.karaf.service.guard - 3.0.0 | Current user 
 does not have required roles ([manager]) for service 
 [org.apache.karaf.shell.console.Com

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-16 Thread Jean-Baptiste Onofré


Hi David,

I started to fix the client (it's not a big deal as it's likely a SSH 
client).


I gonna create the Jira and attach my current patch.

Regards
JB

On 01/16/2014 09:43 AM, David Bosschaert wrote:

Hi Paul,

This could be an omission on my part. When I worked on the command
security I didn't really focus at the client command, but mainly
worked with the bin/karaf command and SSH access.

I can look into this. Would you like to file a bug for it?LOGGER David,

In the mean time, if you need the bin/client command to access Karaf,
you can use it with the shell commands RBAC disabled. You can disable
it by commenting out the following line in etc/system.properties:
   karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*))

Cheers,

David

On 15 January 2014 12:54, Paul Spencer  wrote:

JB,
I have seen the error with other commands while developing a bundle, although I 
focused on the bundle:uninstall.

In addition to connecting to Karaf with ssh, the use case succeeds when 
connection  with bin/karaf.

Paul Spencer
On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré  wrote:


Let me try to reproduce the issue using bin/client. It's weird as bin/client is 
a ssh client, so it's basically the same as ssh.

Did you see the issue with other commands ?

I think that the ACL can be enhanced: instead of checking the -f option, it 
should check the bundle level. It's not so easy as bundle:uninstall accept 
bundle ID, bundle name, etc.

Regards
JB

On 01/15/2014 12:45 PM, Paul Spencer wrote:

JB,
If is connect to Karaf vis SSH, the use case works, but if I connect via 
bin/client the use case fails.

Why does the command uninstall without -f generate the log message “Current 
user does not have required roles ([manager]) for service” when connected to 
Karaf via bin/client?


***
* Role definition in etc/system.properties
***
sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
# Roles to use when logging into a local Karaf console.
karaf.local.roles = admin,manager,viewer
sparrow-2:apache-karaf-3.0.0 paul$

***
* Log of connecting to Karaf via SSH then bin/client
***
sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
Authenticated with partial success.
Authenticated with partial success.
Password authentication
Password:
 __ __  
/ //_/ __ _/ __/
   / ,<  / __ `/ ___/ __ `/ /_
  / /| |/ /_/ / /  / /_/ / __/
 /_/ |_|\__,_/_/   \__,_/_/

   Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name
--
80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> uninstall 80
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 81
karaf@root()> uninstall 81
karaf@root()> logout
Connection to 127.0.0.1 closed.
sparrow-2:apache-karaf-3.0.0 paul$ bin/client
Logging in as karaf
566 [pool-2-thread-2] WARN 
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
/0.0.0.0:8101 presented unverified key:
 __ __  
/ //_/ __ _/ __/
   / ,<  / __ `/ ___/ __ `/ /_
  / /| |/ /_/ / /  / /_/ / __/
 /_/ |_|\__,_/_/   \__,_/_/

   Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 82
karaf@root()> uninstall 82
Error executing command: Insufficient credentials.
karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name
--
82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> logout
sparrow-2:apache-karaf-3.0.0 paul$

***
* From data/log/karaf.log
***
2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
 throws java.lang.Exception and/or arguments
2014-01-15 06:34:25,902 | ERROR | e

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-16 Thread David Bosschaert

Hi Paul,

This could be an omission on my part. When I worked on the command
security I didn't really focus at the client command, but mainly
worked with the bin/karaf command and SSH access.

I can look into this. Would you like to file a bug for it?

In the mean time, if you need the bin/client command to access Karaf,
you can use it with the shell commands RBAC disabled. You can disable
it by commenting out the following line in etc/system.properties:
  karaf.secured.services = (&(osgi.command.scope=*)(osgi.command.function=*))

Cheers,

David

On 15 January 2014 12:54, Paul Spencer  wrote:
> JB,
> I have seen the error with other commands while developing a bundle, although 
> I focused on the bundle:uninstall.
>
> In addition to connecting to Karaf with ssh, the use case succeeds when 
> connection  with bin/karaf.
>
> Paul Spencer
> On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré  wrote:
>
>> Let me try to reproduce the issue using bin/client. It's weird as bin/client 
>> is a ssh client, so it's basically the same as ssh.
>>
>> Did you see the issue with other commands ?
>>
>> I think that the ACL can be enhanced: instead of checking the -f option, it 
>> should check the bundle level. It's not so easy as bundle:uninstall accept 
>> bundle ID, bundle name, etc.
>>
>> Regards
>> JB
>>
>> On 01/15/2014 12:45 PM, Paul Spencer wrote:
>>> JB,
>>> If is connect to Karaf vis SSH, the use case works, but if I connect via 
>>> bin/client the use case fails.
>>>
>>> Why does the command uninstall without -f generate the log message “Current 
>>> user does not have required roles ([manager]) for service” when connected 
>>> to Karaf via bin/client?
>>>
>>>
>>> ***
>>> * Role definition in etc/system.properties
>>> ***
>>> sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
>>> # Roles to use when logging into a local Karaf console.
>>> karaf.local.roles = admin,manager,viewer
>>> sparrow-2:apache-karaf-3.0.0 paul$
>>>
>>> ***
>>> * Log of connecting to Karaf via SSH then bin/client
>>> ***
>>> sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
>>> Authenticated with partial success.
>>> Authenticated with partial success.
>>> Password authentication
>>> Password:
>>> __ __  
>>>/ //_/ __ _/ __/
>>>   / ,<  / __ `/ ___/ __ `/ /_
>>>  / /| |/ /_/ / /  / /_/ / __/
>>> /_/ |_|\__,_/_/   \__,_/_/
>>>
>>>   Apache Karaf (3.0.0)
>>>
>>> Hit '' for a list of available commands
>>> and '[cmd] --help' for help on a specific command.
>>> Hit 'system:shutdown' to shutdown Karaf.
>>> Hit '' or type 'logout' to disconnect shell from current session.
>>>
>>> karaf@root()> list
>>> START LEVEL 100 , List Threshold: 50
>>> ID | State | Lvl | Version| Name
>>> --
>>> 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
>>> karaf@root()> uninstall 80
>>> karaf@root()> install 
>>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
>>> Bundle ID: 81
>>> karaf@root()> uninstall 81
>>> karaf@root()> logout
>>> Connection to 127.0.0.1 closed.
>>> sparrow-2:apache-karaf-3.0.0 paul$ bin/client
>>> Logging in as karaf
>>> 566 [pool-2-thread-2] WARN 
>>> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
>>> /0.0.0.0:8101 presented unverified key:
>>> __ __  
>>>/ //_/ __ _/ __/
>>>   / ,<  / __ `/ ___/ __ `/ /_
>>>  / /| |/ /_/ / /  / /_/ / __/
>>> /_/ |_|\__,_/_/   \__,_/_/
>>>
>>>   Apache Karaf (3.0.0)
>>>
>>> Hit '' for a list of available commands
>>> and '[cmd] --help' for help on a specific command.
>>> Hit 'system:shutdown' to shutdown Karaf.
>>> Hit '' or type 'logout' to disconnect shell from current session.
>>>
>>> karaf@root()> install 
>>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
>>> Bundle ID: 82
>>> karaf@root()> uninstall 82
>>> Error executing command: Insufficient credentials.
>>> karaf@root()> list
>>> START LEVEL 100 , List Threshold: 50
>>> ID | State | Lvl | Version| Name
>>> --
>>> 82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
>>> karaf@root()> logout
>>> sparrow-2:apache-karaf-3.0.0 paul$
>>>
>>> ***
>>> * From data/log/karaf.log
>>> ***
>>> 2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog  
>>>   | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does 
>>> not have required roles ([manager]) for service 
>>> [org.apache.karaf.shell.console.CompletableFunction, 
>>> org.apache.karaf.shell.console.commands.BlueprintCommand, 
>>> org.apache.karaf.shell.commands.CommandWithAction, 
>>> org.apache.felix.service.command.Function, 
>>> org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
>>> java.lang.Object 
>>> org.apache.karaf.shell.comm

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-15 Thread Paul Spencer

JB,
I have seen the error with other commands while developing a bundle, although I 
focused on the bundle:uninstall.

In addition to connecting to Karaf with ssh, the use case succeeds when 
connection  with bin/karaf.
 
Paul Spencer
On Jan 15, 2014, at 7:15 AM, Jean-Baptiste Onofré  wrote:

> Let me try to reproduce the issue using bin/client. It's weird as bin/client 
> is a ssh client, so it's basically the same as ssh.
> 
> Did you see the issue with other commands ?
> 
> I think that the ACL can be enhanced: instead of checking the -f option, it 
> should check the bundle level. It's not so easy as bundle:uninstall accept 
> bundle ID, bundle name, etc.
> 
> Regards
> JB
> 
> On 01/15/2014 12:45 PM, Paul Spencer wrote:
>> JB,
>> If is connect to Karaf vis SSH, the use case works, but if I connect via 
>> bin/client the use case fails.
>> 
>> Why does the command uninstall without -f generate the log message “Current 
>> user does not have required roles ([manager]) for service” when connected to 
>> Karaf via bin/client?
>> 
>> 
>> ***
>> * Role definition in etc/system.properties
>> ***
>> sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
>> # Roles to use when logging into a local Karaf console.
>> karaf.local.roles = admin,manager,viewer
>> sparrow-2:apache-karaf-3.0.0 paul$
>> 
>> ***
>> * Log of connecting to Karaf via SSH then bin/client
>> ***
>> sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
>> Authenticated with partial success.
>> Authenticated with partial success.
>> Password authentication
>> Password:
>> __ __  
>>/ //_/ __ _/ __/
>>   / ,<  / __ `/ ___/ __ `/ /_
>>  / /| |/ /_/ / /  / /_/ / __/
>> /_/ |_|\__,_/_/   \__,_/_/
>> 
>>   Apache Karaf (3.0.0)
>> 
>> Hit '' for a list of available commands
>> and '[cmd] --help' for help on a specific command.
>> Hit 'system:shutdown' to shutdown Karaf.
>> Hit '' or type 'logout' to disconnect shell from current session.
>> 
>> karaf@root()> list
>> START LEVEL 100 , List Threshold: 50
>> ID | State | Lvl | Version| Name
>> --
>> 80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
>> karaf@root()> uninstall 80
>> karaf@root()> install 
>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
>> Bundle ID: 81
>> karaf@root()> uninstall 81
>> karaf@root()> logout
>> Connection to 127.0.0.1 closed.
>> sparrow-2:apache-karaf-3.0.0 paul$ bin/client
>> Logging in as karaf
>> 566 [pool-2-thread-2] WARN 
>> org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
>> /0.0.0.0:8101 presented unverified key:
>> __ __  
>>/ //_/ __ _/ __/
>>   / ,<  / __ `/ ___/ __ `/ /_
>>  / /| |/ /_/ / /  / /_/ / __/
>> /_/ |_|\__,_/_/   \__,_/_/
>> 
>>   Apache Karaf (3.0.0)
>> 
>> Hit '' for a list of available commands
>> and '[cmd] --help' for help on a specific command.
>> Hit 'system:shutdown' to shutdown Karaf.
>> Hit '' or type 'logout' to disconnect shell from current session.
>> 
>> karaf@root()> install 
>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
>> Bundle ID: 82
>> karaf@root()> uninstall 82
>> Error executing command: Insufficient credentials.
>> karaf@root()> list
>> START LEVEL 100 , List Threshold: 50
>> ID | State | Lvl | Version| Name
>> --
>> 82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
>> karaf@root()> logout
>> sparrow-2:apache-karaf-3.0.0 paul$
>> 
>> ***
>> * From data/log/karaf.log
>> ***
>> 2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog   
>>  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does 
>> not have required roles ([manager]) for service 
>> [org.apache.karaf.shell.console.CompletableFunction, 
>> org.apache.karaf.shell.console.commands.BlueprintCommand, 
>> org.apache.karaf.shell.commands.CommandWithAction, 
>> org.apache.felix.service.command.Function, 
>> org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
>> java.lang.Object 
>> org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
>>  throws java.lang.Exception and/or arguments
>> 2014-01-15 06:34:25,902 | ERROR | e ssh user karaf | ShellUtil   
>>  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught 
>> while executing command
>> java.lang.SecurityException: Insufficient credentials.
>> at 
>> org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
>> at 
>> org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
>> at 
>> org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
>>

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-15 Thread Jean-Baptiste Onofré

Let me try to reproduce the issue using bin/client. It's weird as 
bin/client is a ssh client, so it's basically the same as ssh.


Did you see the issue with other commands ?

I think that the ACL can be enhanced: instead of checking the -f option, 
it should check the bundle level. It's not so easy as bundle:uninstall 
accept bundle ID, bundle name, etc.


Regards
JB

On 01/15/2014 12:45 PM, Paul Spencer wrote:

JB,
If is connect to Karaf vis SSH, the use case works, but if I connect via 
bin/client the use case fails.

Why does the command uninstall without -f generate the log message “Current 
user does not have required roles ([manager]) for service” when connected to 
Karaf via bin/client?


***
* Role definition in etc/system.properties
***
sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
# Roles to use when logging into a local Karaf console.
karaf.local.roles = admin,manager,viewer
sparrow-2:apache-karaf-3.0.0 paul$

***
* Log of connecting to Karaf via SSH then bin/client
***
sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
Authenticated with partial success.
Authenticated with partial success.
Password authentication
Password:
 __ __  
/ //_/ __ _/ __/
   / ,<  / __ `/ ___/ __ `/ /_
  / /| |/ /_/ / /  / /_/ / __/
 /_/ |_|\__,_/_/   \__,_/_/

   Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name
--
80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> uninstall 80
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 81
karaf@root()> uninstall 81
karaf@root()> logout
Connection to 127.0.0.1 closed.
sparrow-2:apache-karaf-3.0.0 paul$ bin/client
Logging in as karaf
566 [pool-2-thread-2] WARN 
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
/0.0.0.0:8101 presented unverified key:
 __ __  
/ //_/ __ _/ __/
   / ,<  / __ `/ ___/ __ `/ /_
  / /| |/ /_/ / /  / /_/ / __/
 /_/ |_|\__,_/_/   \__,_/_/

   Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 82
karaf@root()> uninstall 82
Error executing command: Insufficient credentials.
karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name
--
82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> logout
sparrow-2:apache-karaf-3.0.0 paul$

***
* From data/log/karaf.log
***
2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
 throws java.lang.Exception and/or arguments
2014-01-15 06:34:25,902 | ERROR | e ssh user karaf | ShellUtil  
  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while 
executing command
java.lang.SecurityException: Insufficient credentials.
 at 
org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
 at 
org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
 at 
org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
 at 
org.apache.karaf.shell.console.commands.$BlueprintCommand1069614474.execute(Unknown
 Source)[47:org.apache.karaf.shell.console:3.0.0]
 at 
org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0]
 at 
org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0]
 at 
org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0]
 at 
org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-15 Thread Paul Spencer

JB,
If is connect to Karaf vis SSH, the use case works, but if I connect via 
bin/client the use case fails. 

Why does the command uninstall without -f generate the log message “Current 
user does not have required roles ([manager]) for service” when connected to 
Karaf via bin/client?


***
* Role definition in etc/system.properties
***
sparrow-2:apache-karaf-3.0.0 paul$ grep local etc/system.properties
# Roles to use when logging into a local Karaf console.
karaf.local.roles = admin,manager,viewer
sparrow-2:apache-karaf-3.0.0 paul$ 

***
* Log of connecting to Karaf via SSH then bin/client
***
sparrow-2:apache-karaf-3.0.0 paul$ ssh karaf@127.0.0.1 -p 8101
Authenticated with partial success.
Authenticated with partial success.
Password authentication
Password: 
__ __    
   / //_/ __ _/ __/  
  / ,<  / __ `/ ___/ __ `/ /_
 / /| |/ /_/ / /  / /_/ / __/
/_/ |_|\__,_/_/   \__,_/_/ 

  Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name  
--
80 | Installed | 100 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> uninstall 80
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 81
karaf@root()> uninstall 81
karaf@root()> logout
Connection to 127.0.0.1 closed.
sparrow-2:apache-karaf-3.0.0 paul$ bin/client
Logging in as karaf
566 [pool-2-thread-2] WARN 
org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier - Server at 
/0.0.0.0:8101 presented unverified key: 
__ __    
   / //_/ __ _/ __/  
  / ,<  / __ `/ ___/ __ `/ /_
 / /| |/ /_/ / /  / /_/ / __/
/_/ |_|\__,_/_/   \__,_/_/ 

  Apache Karaf (3.0.0)

Hit '' for a list of available commands
and '[cmd] --help' for help on a specific command.
Hit 'system:shutdown' to shutdown Karaf.
Hit '' or type 'logout' to disconnect shell from current session.

karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 82
karaf@root()> uninstall 82
Error executing command: Insufficient credentials.
karaf@root()> list
START LEVEL 100 , List Threshold: 50
ID | State | Lvl | Version| Name  
--
82 | Installed |  80 | 1.0.0.SNAPSHOT | APMS/EWM SAP File Distribution
karaf@root()> logout
sparrow-2:apache-karaf-3.0.0 paul$ 

***
* From data/log/karaf.log
***
2014-01-15 06:34:25,902 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
 throws java.lang.Exception and/or arguments
2014-01-15 06:34:25,902 | ERROR | e ssh user karaf | ShellUtil  
  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while 
executing command
java.lang.SecurityException: Insufficient credentials.
at 
org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
at 
org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
at 
org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
at 
org.apache.karaf.shell.console.commands.$BlueprintCommand1069614474.execute(Unknown
 Source)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandSessionImpl.exec

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-14 Thread Jean-Baptiste Onofré


Hi Pauln

it's not a regression: command, services, and JMX security don't exist 
at all in 2.3.x, it's a new feature from 3.0.0.


The local roles are define in etc/system.properties:

karaf.local.roles = admin,manager,viewer

It's the roles used by the "local" console. When you use remote console 
(via ssh), Karaf use the role of the user.


If you take a look on etc/org.apache.karaf.command.acl.bundle.cfg, you 
can see:


uninstall[/.*[-][f].*/] = admin
uninstall = manager

If you are manager, you can use uninstall for non system bundle (with 
start level greater than 80, so without requiring the -f option). To 
uninstall system bundle, you have to be admin (who can use the -f option 
for system bundle).


Regards
JB

On 01/14/2014 10:34 PM, Paul Spencer wrote:

JB,
- The use case is successful in 2.3.x, to this sounds like a regression issue.

- Per etc/system.properties, the local user has admin and manage roles.

karaf@root()> jaas:realm-manage --index 1
karaf@root()> jaas:user-list
User Name | Group  | Role

karaf | admingroup | admin
karaf | admingroup | manager
karaf | admingroup | viewer
karaf@root()>


- The way I am reading etc/org.apache.karaf.command.acl.bundle.cfg, a user in 
the admin group can “install” a bundle and needs to be in the manager group to 
“uninstall” without the “-f” option.

karaf@root()> bundle:uninstall 79
Error executing command: Insufficient credentials.
karaf@root()> bundle:uninstall -f 79
karaf@root()>

So why is the “bundle:uninstall” command failing when the local user has the 
manager role?

Paul Spencer



On Jan 14, 2014, at 2:29 PM, Jean-Baptiste Onofré  wrote:


Hi Paul,

take a look in the documentation:

http://karaf.apache.org/manual/latest/users-guide/security.html

in the console section.

You will the explanations about etc/org.apache.karaf.command.acl..cfg 
files.

Regards
JB

On 01/14/2014 07:14 PM, Paul Spencer wrote:

Karaf 3.0.0 running on Apple OSX Maverick (10.9.1)

I am getting a "java.lang.SecurityException: Insufficient credentials.” error 
when executing various commands on a newly installed Karaf 3.0.0.  The use case 
below is for uninstalling a bundle.

Is there a configuration change I need to make?

***
* Use case
***
1) unzipped the distribution
2) Start the Karaf server with bin/start
3) Tail the log file until the JMX OSGi Agent is finished registering objects 
(about 30 seconds)
4) Start the Karaf client with bin/client
5) Install a bundle
6) Uninstall the newly installed bundle


***
* Command output
***
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 79
karaf@root()> uninstall 79
Error executing command: Insufficient credentials.
karaf@root()>


***
* From karaf.log (I can post the full 28K log if necessary)
***
2014-01-14 12:50:07,960 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
 throws java.lang.Exception and/or arguments
2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil  
  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while 
executing command
java.lang.SecurityException: Insufficient credentials.
at 
org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
at 
org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
at 
org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
at 
org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown
 Source)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)
a

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-14 Thread Paul Spencer

JB,
- The use case is successful in 2.3.x, to this sounds like a regression issue.

- Per etc/system.properties, the local user has admin and manage roles.

karaf@root()> jaas:realm-manage --index 1
karaf@root()> jaas:user-list 
User Name | Group  | Role   

karaf | admingroup | admin  
karaf | admingroup | manager
karaf | admingroup | viewer 
karaf@root()> 


- The way I am reading etc/org.apache.karaf.command.acl.bundle.cfg, a user in 
the admin group can “install” a bundle and needs to be in the manager group to 
“uninstall” without the “-f” option.  

karaf@root()> bundle:uninstall 79
Error executing command: Insufficient credentials.
karaf@root()> bundle:uninstall -f 79
karaf@root()>

So why is the “bundle:uninstall” command failing when the local user has the 
manager role?

Paul Spencer



On Jan 14, 2014, at 2:29 PM, Jean-Baptiste Onofré  wrote:

> Hi Paul,
> 
> take a look in the documentation:
> 
> http://karaf.apache.org/manual/latest/users-guide/security.html
> 
> in the console section.
> 
> You will the explanations about etc/org.apache.karaf.command.acl..cfg 
> files.
> 
> Regards
> JB
> 
> On 01/14/2014 07:14 PM, Paul Spencer wrote:
>> Karaf 3.0.0 running on Apple OSX Maverick (10.9.1)
>> 
>> I am getting a "java.lang.SecurityException: Insufficient credentials.” 
>> error when executing various commands on a newly installed Karaf 3.0.0.  The 
>> use case below is for uninstalling a bundle.
>> 
>> Is there a configuration change I need to make?
>> 
>> ***
>> * Use case
>> ***
>> 1) unzipped the distribution
>> 2) Start the Karaf server with bin/start
>> 3) Tail the log file until the JMX OSGi Agent is finished registering 
>> objects (about 30 seconds)
>> 4) Start the Karaf client with bin/client
>> 5) Install a bundle
>> 6) Uninstall the newly installed bundle
>> 
>> 
>> ***
>> * Command output
>> ***
>> karaf@root()> install 
>> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
>> Bundle ID: 79
>> karaf@root()> uninstall 79
>> Error executing command: Insufficient credentials.
>> karaf@root()>
>> 
>> 
>> ***
>> * From karaf.log (I can post the full 28K log if necessary)
>> ***
>> 2014-01-14 12:50:07,960 | INFO  | e ssh user karaf | GuardProxyCatalog   
>>  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does 
>> not have required roles ([manager]) for service 
>> [org.apache.karaf.shell.console.CompletableFunction, 
>> org.apache.karaf.shell.console.commands.BlueprintCommand, 
>> org.apache.karaf.shell.commands.CommandWithAction, 
>> org.apache.felix.service.command.Function, 
>> org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
>> java.lang.Object 
>> org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
>>  throws java.lang.Exception and/or arguments
>> 2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil   
>>  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught 
>> while executing command
>> java.lang.SecurityException: Insufficient credentials.
>>  at 
>> org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
>>  at 
>> org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
>>  at 
>> org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
>>  at 
>> org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown
>>  Source)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)
>>  at 
>> org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497)
>>  at 
>> org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198)
>>  at java.lang.Thread.run(Thread.java:724)[:1.7.0_25]
>>  at 
>> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0]
>>  at 
>> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109)
>>  at java.

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-14 Thread Jean-Baptiste Onofré


Hi Paul,

take a look in the documentation:

http://karaf.apache.org/manual/latest/users-guide/security.html

in the console section.

You will the explanations about 
etc/org.apache.karaf.command.acl..cfg files.


Regards
JB

On 01/14/2014 07:14 PM, Paul Spencer wrote:

Karaf 3.0.0 running on Apple OSX Maverick (10.9.1)

I am getting a "java.lang.SecurityException: Insufficient credentials.” error 
when executing various commands on a newly installed Karaf 3.0.0.  The use case 
below is for uninstalling a bundle.

Is there a configuration change I need to make?

***
* Use case
***
1) unzipped the distribution
2) Start the Karaf server with bin/start
3) Tail the log file until the JMX OSGi Agent is finished registering objects 
(about 30 seconds)
4) Start the Karaf client with bin/client
5) Install a bundle
6) Uninstall the newly installed bundle


***
* Command output
***
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 79
karaf@root()> uninstall 79
Error executing command: Insufficient credentials.
karaf@root()>


***
* From karaf.log (I can post the full 28K log if necessary)
***
2014-01-14 12:50:07,960 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
 throws java.lang.Exception and/or arguments
2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil  
  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while 
executing command
java.lang.SecurityException: Insufficient credentials.
at 
org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
at 
org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
at 
org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
at 
org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown
 Source)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)
at 
org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497)
at 
org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198)
at java.lang.Thread.run(Thread.java:724)[:1.7.0_25]
at 
org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109)
at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_25]
at 
org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)[48:org.apache.karaf.jaas.modules:3.0.0]
at 
org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.run(ConsoleFactoryService.java:107)[47:org.apache.karaf.shell.console:3.0.0]

Paul Spencer




--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

2014-01-14 Thread Paul Spencer

Karaf 3.0.0 running on Apple OSX Maverick (10.9.1)

I am getting a "java.lang.SecurityException: Insufficient credentials.” error 
when executing various commands on a newly installed Karaf 3.0.0.  The use case 
below is for uninstalling a bundle. 

Is there a configuration change I need to make? 

***
* Use case
***
1) unzipped the distribution
2) Start the Karaf server with bin/start
3) Tail the log file until the JMX OSGi Agent is finished registering objects 
(about 30 seconds)
4) Start the Karaf client with bin/client
5) Install a bundle
6) Uninstall the newly installed bundle


***
* Command output
***
karaf@root()> install 
mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT
Bundle ID: 79
karaf@root()> uninstall 79
Error executing command: Insufficient credentials.
karaf@root()>


***
* From karaf.log (I can post the full 28K log if necessary)
***
2014-01-14 12:50:07,960 | INFO  | e ssh user karaf | GuardProxyCatalog  
  | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does not 
have required roles ([manager]) for service 
[org.apache.karaf.shell.console.CompletableFunction, 
org.apache.karaf.shell.console.commands.BlueprintCommand, 
org.apache.karaf.shell.commands.CommandWithAction, 
org.apache.felix.service.command.Function, 
org.apache.karaf.shell.commands.basic.AbstractCommand] method public 
java.lang.Object 
org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List)
 throws java.lang.Exception and/or arguments
2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil  
  | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught while 
executing command
java.lang.SecurityException: Insufficient credentials.
at 
org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527)
at 
org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52)
at 
org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119)
at 
org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown
 Source)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89)
at 
org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497)
at 
org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198)
at java.lang.Thread.run(Thread.java:724)[:1.7.0_25]
at 
org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0]
at 
org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109)
at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_25]
at 
org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)[48:org.apache.karaf.jaas.modules:3.0.0]
at 
org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.run(ConsoleFactoryService.java:107)[47:org.apache.karaf.shell.console:3.0.0]

Paul Spencer

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Re: Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

Getting a "java.lang.SecurityException: Insufficient credentials.” error when executing various commands in Karaf 3.0.0

12 matches

Site Navigation

Mail list logo

Footer information