JB, - The use case is successful in 2.3.x, to this sounds like a regression issue.
- Per etc/system.properties, the local user has admin and manage roles. karaf@root()> jaas:realm-manage --index 1 karaf@root()> jaas:user-list User Name | Group | Role -------------------------------- karaf | admingroup | admin karaf | admingroup | manager karaf | admingroup | viewer karaf@root()> - The way I am reading etc/org.apache.karaf.command.acl.bundle.cfg, a user in the admin group can “install” a bundle and needs to be in the manager group to “uninstall” without the “-f” option. karaf@root()> bundle:uninstall 79 Error executing command: Insufficient credentials. karaf@root()> bundle:uninstall -f 79 karaf@root()> So why is the “bundle:uninstall” command failing when the local user has the manager role? Paul Spencer On Jan 14, 2014, at 2:29 PM, Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Hi Paul, > > take a look in the documentation: > > http://karaf.apache.org/manual/latest/users-guide/security.html > > in the console section. > > You will the explanations about etc/org.apache.karaf.command.acl.<scope>.cfg > files. > > Regards > JB > > On 01/14/2014 07:14 PM, Paul Spencer wrote: >> Karaf 3.0.0 running on Apple OSX Maverick (10.9.1) >> >> I am getting a "java.lang.SecurityException: Insufficient credentials.” >> error when executing various commands on a newly installed Karaf 3.0.0. The >> use case below is for uninstalling a bundle. >> >> Is there a configuration change I need to make? >> >> *** >> * Use case >> *** >> 1) unzipped the distribution >> 2) Start the Karaf server with bin/start >> 3) Tail the log file until the JMX OSGi Agent is finished registering >> objects (about 30 seconds) >> 4) Start the Karaf client with bin/client >> 5) Install a bundle >> 6) Uninstall the newly installed bundle >> >> >> *** >> * Command output >> *** >> karaf@root()> install >> mvn:com.intekon.customer.kc.ewm.web-service/ewm-sap-dist/1.0-SNAPSHOT >> Bundle ID: 79 >> karaf@root()> uninstall 79 >> Error executing command: Insufficient credentials. >> karaf@root()> >> >> >> *** >> * From karaf.log (I can post the full 28K log if necessary) >> *** >> 2014-01-14 12:50:07,960 | INFO | e ssh user karaf | GuardProxyCatalog >> | 42 - org.apache.karaf.service.guard - 3.0.0 | Current user does >> not have required roles ([manager]) for service >> [org.apache.karaf.shell.console.CompletableFunction, >> org.apache.karaf.shell.console.commands.BlueprintCommand, >> org.apache.karaf.shell.commands.CommandWithAction, >> org.apache.felix.service.command.Function, >> org.apache.karaf.shell.commands.basic.AbstractCommand] method public >> java.lang.Object >> org.apache.karaf.shell.commands.basic.AbstractCommand.execute(org.apache.felix.service.command.CommandSession,java.util.List) >> throws java.lang.Exception and/or arguments >> 2014-01-14 12:50:07,960 | ERROR | e ssh user karaf | ShellUtil >> | 47 - org.apache.karaf.shell.console - 3.0.0 | Exception caught >> while executing command >> java.lang.SecurityException: Insufficient credentials. >> at >> org.apache.karaf.service.guard.impl.GuardProxyCatalog$ProxyInvocationListener.preInvoke(GuardProxyCatalog.java:527) >> at >> org.apache.aries.proxy.impl.ProxyHandler$1.invoke(ProxyHandler.java:52) >> at >> org.apache.aries.proxy.impl.ProxyHandler.invoke(ProxyHandler.java:119) >> at >> org.apache.karaf.shell.console.commands.$BlueprintCommand474733692.execute(Unknown >> Source)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.CommandProxy.execute(CommandProxy.java:78)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:477)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:403)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Pipe.run(Pipe.java:108)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:183)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:120)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.felix.gogo.runtime.CommandSessionImpl.execute(CommandSessionImpl.java:89) >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleImpl$DelegateSession.execute(ConsoleImpl.java:497) >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleImpl.run(ConsoleImpl.java:198) >> at java.lang.Thread.run(Thread.java:724)[:1.7.0_25] >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.doRun(ConsoleFactoryService.java:118)[47:org.apache.karaf.shell.console:3.0.0] >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3$1.run(ConsoleFactoryService.java:109) >> at java.security.AccessController.doPrivileged(Native Method)[:1.7.0_25] >> at >> org.apache.karaf.jaas.modules.JaasHelper.doAs(JaasHelper.java:47)[48:org.apache.karaf.jaas.modules:3.0.0] >> at >> org.apache.karaf.shell.console.impl.jline.ConsoleFactoryService$3.run(ConsoleFactoryService.java:107)[47:org.apache.karaf.shell.console:3.0.0] >> >> Paul Spencer >> >> > > -- > Jean-Baptiste Onofré > jbono...@apache.org > http://blog.nanthrax.net > Talend - http://www.talend.com
