[jira] [Commented] (KARAF-4439) Prevent user authentication (shell & JMX) if he doesn't have role
[ https://issues.apache.org/jira/browse/KARAF-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15773135#comment-15773135 ] Achim Nierbeck commented on KARAF-4439: --- Still I'm not sure how the roles for shell and JMX are supposed to affect any webconsole :) > Prevent user authentication (shell & JMX) if he doesn't have role > - > > Key: KARAF-4439 > URL: https://issues.apache.org/jira/browse/KARAF-4439 > Project: Karaf > Issue Type: Bug > Components: karaf-management, karaf-security, karaf-shell >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré >Priority: Critical > Fix For: 4.1.0, 4.0.9 > > > Right now, if an user doesn't have any role defined, he can logon and perform > "non" critical operations (the "critical" operation). > We should define a minimum role required for login and prevent users access > if they don't have the minimum role (before the ACL). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4439) Prevent user authentication (shell & JMX) if he doesn't have role
[ https://issues.apache.org/jira/browse/KARAF-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15772665#comment-15772665 ] Jean-Baptiste Onofré commented on KARAF-4439: - It's my top priority for next releases. > Prevent user authentication (shell & JMX) if he doesn't have role > - > > Key: KARAF-4439 > URL: https://issues.apache.org/jira/browse/KARAF-4439 > Project: Karaf > Issue Type: Bug > Components: karaf-management, karaf-security, karaf-shell >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré >Priority: Critical > Fix For: 4.1.0, 4.0.9 > > > Right now, if an user doesn't have any role defined, he can logon and perform > "non" critical operations (the "critical" operation). > We should define a minimum role required for login and prevent users access > if they don't have the minimum role (before the ACL). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4439) Prevent user authentication (shell & JMX) if he doesn't have role
[ https://issues.apache.org/jira/browse/KARAF-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15772634#comment-15772634 ] Oliver Wulff commented on KARAF-4439: - This issue has been replanned again and again. It is quite important because usually configuration (viewer can read configuration) can contain username/passwords and the passwords can not always be encrypted (ex. ActiveMQ Webconsole) or other sensitive information. > Prevent user authentication (shell & JMX) if he doesn't have role > - > > Key: KARAF-4439 > URL: https://issues.apache.org/jira/browse/KARAF-4439 > Project: Karaf > Issue Type: Bug > Components: karaf-management, karaf-security, karaf-shell >Reporter: Jean-Baptiste Onofré >Assignee: Jean-Baptiste Onofré >Priority: Critical > Fix For: 4.1.0, 4.0.9 > > > Right now, if an user doesn't have any role defined, he can logon and perform > "non" critical operations (the "critical" operation). > We should define a minimum role required for login and prevent users access > if they don't have the minimum role (before the ACL). -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Comment Edited] (KARAF-4701) Problem installing feature
[ https://issues.apache.org/jira/browse/KARAF-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15772564#comment-15772564 ] Vladimir Konkov edited comment on KARAF-4701 at 12/23/16 11:13 AM: --- Same here. Affected all version after 4.0.6. Already installed bundle is installed again if it included in two different features. One example scenario to reproduce on clean instance (in Karaf console): feature:repo-add cxf 3.1.5 feature:repo-add camel 2.16.3 feature:install cxf-jaxrs cxf-jaxws camel-spring camel-cxf camel-quartz (repeat many times) Most of time logs looks like: 2016-12-21 18:55:30,908 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-spring' version '2.16.3' is already installed 2016-12-21 18:55:30,909 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'cxf-jaxrs' version '3.1.5' is already installed 2016-12-21 18:55:30,910 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-cxf' version '2.16.3' is already installed 2016-12-21 18:55:30,910 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-quartz' version '2.16.3' is already installed 2016-12-21 18:55:30,911 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'cxf-jaxws' version '3.1.5' is already installed 2016-12-21 18:55:30,912 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Adding features: camel-spring/[2.16.3,2.16.3], cxf-jaxrs/[3.1.5,3.1.5], camel-cxf/[2.16.3,2.16.3], camel-quartz/[2.16.3,2.16.3], cxf-jaxws/[3.1.5,3.1.5] 2016-12-21 18:55:32,032 | INFO | pool-8-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | No deployment change. 2016-12-21 18:55:32,047 | INFO | pool-8-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8| Done. But eventually I see this: 2016-12-21 17:16:19,913 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Adding features: camel-spring/[2.16.3,2.16.3], cxf-jaxrs/[3.1.5,3.1.5], camel-cxf/[2.16.3,2.16.3], camel-quartz/[2.16.3,2.16.3], cxf-jaxws/[3.1.5,3.1.5] 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Changes to perform: 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Region: root 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Bundles to install: 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | mvn:org.codehaus.woodstox/stax2-api/3.1.4 2016-12-21 17:16:20,649 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Installing bundles: 2016-12-21 17:16:20,649 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | mvn:org.codehaus.woodstox/stax2-api/3.1.4 2016-12-21 17:16:20,650 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Stopping bundles: 2016-12-21 17:16:20,650 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | org.apache.camel.camel-cxf-transport/2.16.3 ++ many lines of restarting/refreshing tens of bundles was (Author: vladimirfx): Same here. Affected all version after 4.0.6. Already installed bundle is installed again if it included in two different features. One example scenario to reproduce (in Karaf console): feature:repo-add cxf 3.1.5 feature:repo-add camel 2.16.3 feature:install cxf-jaxrs cxf-jaxws camel-spring camel-cxf camel-quartz (repeat many times) Most of time logs looks like: 2016-12-21 18:55:30,908 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-spring' version '2.16.3' is already installed 2016-12-21 18:55:30,909 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'cxf-jaxrs' version '3.1.5' is already installed 2016-12-21 18:55:30,910 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-cxf' version
[jira] [Commented] (KARAF-4701) Problem installing feature
[ https://issues.apache.org/jira/browse/KARAF-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15772576#comment-15772576 ] Vladimir Konkov commented on KARAF-4701: I've trying to fix this by implementing org.osgi.resource.Resource contract on equals()/hashcode() in ResourceImpl . Issue disappear but 4 tests fails in SubsystemTest. Investigating... > Problem installing feature > -- > > Key: KARAF-4701 > URL: https://issues.apache.org/jira/browse/KARAF-4701 > Project: Karaf > Issue Type: Bug > Components: karaf-feature >Affects Versions: 4.0.6 >Reporter: Hannes Bjurek > > Sometimes(roughly every 5) time we deploy a feature karaf thinks it needs to > refresh our org.apache.servicemix.bundles.jaxb-impl bundle even though it > should not. We have debugged the Deployer.computeDeployent method and > discovered that cause of this problem is that the jaxb-impl bundle is > duplicated in the bundlesPerRegions-map and then it gets duplicated in the > toDeploy list. > The "first" jaxb-impl gets removed on line 1219 but the "second" one of > course is still there and then it triggers the unexpected event. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (KARAF-4701) Problem installing feature
[ https://issues.apache.org/jira/browse/KARAF-4701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15772564#comment-15772564 ] Vladimir Konkov commented on KARAF-4701: Same here. Affected all version after 4.0.6. Already installed bundle is installed again if it included in two different features. One example scenario to reproduce (in Karaf console): feature:repo-add cxf 3.1.5 feature:repo-add camel 2.16.3 feature:install cxf-jaxrs cxf-jaxws camel-spring camel-cxf camel-quartz (repeat many times) Most of time logs looks like: 2016-12-21 18:55:30,908 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-spring' version '2.16.3' is already installed 2016-12-21 18:55:30,909 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'cxf-jaxrs' version '3.1.5' is already installed 2016-12-21 18:55:30,910 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-cxf' version '2.16.3' is already installed 2016-12-21 18:55:30,910 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'camel-quartz' version '2.16.3' is already installed 2016-12-21 18:55:30,911 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | The specified feature: 'cxf-jaxws' version '3.1.5' is already installed 2016-12-21 18:55:30,912 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Adding features: camel-spring/[2.16.3,2.16.3], cxf-jaxrs/[3.1.5,3.1.5], camel-cxf/[2.16.3,2.16.3], camel-quartz/[2.16.3,2.16.3], cxf-jaxws/[3.1.5,3.1.5] 2016-12-21 18:55:32,032 | INFO | pool-8-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | No deployment change. 2016-12-21 18:55:32,047 | INFO | pool-8-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8| Done. But eventually I see this: 2016-12-21 17:16:19,913 | INFO | nsole user karaf | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Adding features: camel-spring/[2.16.3,2.16.3], cxf-jaxrs/[3.1.5,3.1.5], camel-cxf/[2.16.3,2.16.3], camel-quartz/[2.16.3,2.16.3], cxf-jaxws/[3.1.5,3.1.5] 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Changes to perform: 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Region: root 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Bundles to install: 2016-12-21 17:16:20,647 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | mvn:org.codehaus.woodstox/stax2-api/3.1.4 2016-12-21 17:16:20,649 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Installing bundles: 2016-12-21 17:16:20,649 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | mvn:org.codehaus.woodstox/stax2-api/3.1.4 2016-12-21 17:16:20,650 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | Stopping bundles: 2016-12-21 17:16:20,650 | INFO | pool-2-thread-1 | FeaturesServiceImpl | 8 - org.apache.karaf.features.core - 4.0.8 | org.apache.camel.camel-cxf-transport/2.16.3 ++ many lines of restarting/refreshing tens of bundles > Problem installing feature > -- > > Key: KARAF-4701 > URL: https://issues.apache.org/jira/browse/KARAF-4701 > Project: Karaf > Issue Type: Bug > Components: karaf-feature >Affects Versions: 4.0.6 >Reporter: Hannes Bjurek > > Sometimes(roughly every 5) time we deploy a feature karaf thinks it needs to > refresh our org.apache.servicemix.bundles.jaxb-impl bundle even though it > should not. We have debugged the Deployer.computeDeployent method and > discovered that cause of this problem is that the jaxb-impl bundle is > duplicated in the bundlesPerRegions-map and then it gets duplicated in the > toDeploy list. > The "first" jaxb-impl gets removed on line 1219 but the "second" one of > course is still there and then it triggers the unexpected event. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
