Hi, To improve operation and support we want to enable developers of our applications to access the OSGI webconsole of the production environment. With the current way I haven't found a way to restrict them from changing anything. What we need is a kind of "read-only" mode, which allows them just to read settings and data, without a chance to perform any changes.
For example we would like to have them * to read JMX beans and do not allow to invoke operations on MBeans * to check bundles and configuration, but without deploying new bundles or creating/deleting/changing configuration of components and services. * (etc) Is there a way to implement that? It seems that the WebconsoleSecurityProvider cares only about authentication, but individual actions are not checked. That means: If I am authenticated, I am free to do whatever I want. Has anyone faced the same challenge and solved it? I don't want to implement functionality to read all the required information and dump it into a file, which then must be delivered somehow to the developers/support. -- Cheers, Jörg Hoh, http://cqdump.wordpress.com Twitter: @joerghoh
