git commit: Itests for the system command shell security ACL

Updated Branches: refs/heads/master bf6705f1e -> 8fbcb873f Itests for the system command shell security ACL Also renamed the test names in the Kar and Shell command tests as they were wrongly named. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.o

git commit: Itests for the shell command shell security ACL

Updated Branches: refs/heads/master 1a0dafcf9 -> bf6705f1e Itests for the shell command shell security ACL Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/bf6705f1 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/bf

git commit: Itests for the kar shell security ACL

Updated Branches: refs/heads/master 05521f5c3 -> 1a0dafcf9 Itests for the kar shell security ACL Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/1a0dafcf Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/1a0dafcf Dif

git commit: Re-enable itests for feature shell command security ACL

Updated Branches: refs/heads/master 7564c4dd4 -> 056fef39b Re-enable itests for feature shell command security ACL Changed slightly to address spurious failure Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/056fef39 Tree

git commit: Itests for the jaas shell command security ACL

Updated Branches: refs/heads/master e807ffcf2 -> a8780e05d Itests for the jaas shell command security ACL I've also temporarily disabled FeatureSshCommandSecurityTest as it sometimes fails. Will re-enable once I figured out why Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commi

git commit: Itests for the feature shell commands security ACL

Updated Branches: refs/heads/master e473d9a9b -> 90c14c2fb Itests for the feature shell commands security ACL Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/90c14c2f Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree

git commit: Some comments in the SSH Command itests.

Updated Branches: refs/heads/master f7356e71e -> e2e59666f Some comments in the SSH Command itests. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/e2e59666 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/e2e59666

git commit: Reorganize the SSH command security itests a little.

Updated Branches: refs/heads/master ff2eb3bc9 -> f7356e71e Reorganize the SSH command security itests a little. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/f7356e71 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tr

git commit: Additional itests for the bundle commands.

Updated Branches: refs/heads/master 37266e036 -> ff2eb3bc9 Additional itests for the bundle commands. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/ff2eb3bc Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/ff2eb3b

git commit: Even more itests for the config commands.

Updated Branches: refs/heads/master 169e91774 -> 37266e036 Even more itests for the config commands. Also includes a bugfix to a typo in the org.apache.karaf.command.acl.config.cfg which was identified by the new itests. Hurray to testing! Project: http://git-wip-us.apache.org/repos/asf/kar

git commit: More itest changes for config commands.

Updated Branches: refs/heads/master 891c43b7e -> 169e91774 More itest changes for config commands. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/169e9177 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/169e9177 D

git commit: Additional itests for command security.

Updated Branches: refs/heads/master 5335f674d -> 891c43b7e Additional itests for command security. These cover the config: commands. Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/891c43b7 Tree: http://git-wip-us.apache.

svn commit: r1548174 - in /karaf/trunk/itests/src/test/java/org/apache/karaf/itests: KarafTestSupport.java SshCommandSecurityTest.java

Author: davidb Date: Thu Dec 5 15:47:21 2013 New Revision: 1548174 URL: http://svn.apache.org/r1548174 Log: Added an SSH-client based itest to test some of the command ACLs Currently it only tests the ones for the bundle scope, will add more later. Added: karaf/trunk/itests/src/test/java

svn commit: r1546320 - /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg

Author: davidb Date: Thu Nov 28 09:09:58 2013 New Revision: 1546320 URL: http://svn.apache.org/r1546320 Log: Further improvements to the shell commands ACLs Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.shell.cfg Modified

svn commit: r1546107 - in /karaf/trunk/itests/src/test/java/org/apache/karaf/itests: FeatureTest.java JMXSecurityTest.java

Author: davidb Date: Wed Nov 27 16:54:50 2013 New Revision: 1546107 URL: http://svn.apache.org/r1546107 Log: Fixes to itests so that they run with the new command ACLs Modified: karaf/trunk/itests/src/test/java/org/apache/karaf/itests/FeatureTest.java karaf/trunk/itests/src/test/java

svn commit: r1546093 - /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/

Author: davidb Date: Wed Nov 27 16:30:36 2013 New Revision: 1546093 URL: http://svn.apache.org/r1546093 Log: More shell command ACLs. Added: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.feature.cfg karaf/trunk/assemblies

svn commit: r1546088 - /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg

Author: davidb Date: Wed Nov 27 16:15:10 2013 New Revision: 1546088 URL: http://svn.apache.org/r1546088 Log: ACLs for the bundle commands. Added: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.bundle.cfg Added: karaf/trunk

svn commit: r1546054 - in /karaf/trunk: assemblies/features/framework/src/main/resources/resources/etc/ itests/src/test/java/org/apache/karaf/itests/

Author: davidb Date: Wed Nov 27 14:50:25 2013 New Revision: 1546054 URL: http://svn.apache.org/r1546054 Log: Re-enabling system command ACLs itests have been updated to properly deal with the requirements on roles for the affected commands. Modified: karaf/trunk/assemblies/features

svn commit: r1546037 - /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg

Author: davidb Date: Wed Nov 27 14:03:39 2013 New Revision: 1546037 URL: http://svn.apache.org/r1546037 Log: Commenting out 2 system command ACLs as they cause itest failures. Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc

svn commit: r1546025 - in /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc: org.apache.karaf.command.acl.config.cfg org.apache.karaf.command.acl.shell.cfg org.apache.karaf.c

Author: davidb Date: Wed Nov 27 13:20:11 2013 New Revision: 1546025 URL: http://svn.apache.org/r1546025 Log: Inline comments explanation of the command ACL config files. Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc

svn commit: r1546018 - /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/org.apache.karaf.command.acl.system.cfg

Author: davidb Date: Wed Nov 27 12:55:51 2013 New Revision: 1546018 URL: http://svn.apache.org/r1546018 Log: Additional ACLs for the system subshell commands By default the following roles are required with this change: system:property - admin system:shutdown - admin system:start-level

svn commit: r1546012 - in /karaf/trunk/service/guard/src: main/java/org/apache/karaf/service/guard/impl/GuardProxyCatalog.java test/java/org/apache/karaf/service/guard/impl/GuardProxyCatalogTest.java

Author: davidb Date: Wed Nov 27 12:20:57 2013 New Revision: 1546012 URL: http://svn.apache.org/r1546012 Log: Small fix for the "org.apache.karaf.service.guard.roles" property values. The "org.apache.karaf.service.guard.roles" service property is set by the OSGi Service Gu

svn commit: r1545997 - in /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc: org.apache.karaf.command.acl.config.cfg org.apache.karaf.command.acl.shell.cfg

Author: davidb Date: Wed Nov 27 11:17:48 2013 New Revision: 1545997 URL: http://svn.apache.org/r1545997 Log: Additional ACLs for the shell:new and shell:java commands These commands are now limited to the admin role by default because they have the power to execute any piece of Java code

svn commit: r1545607 - in /karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution: unix-shell/bin/karaf windows-text/bin/karaf.bat

Author: davidb Date: Tue Nov 26 10:53:41 2013 New Revision: 1545607 URL: http://svn.apache.org/r1545607 Log: Enable JMX RBAC by default (just like on the 3.x branch) Modified: karaf/branches/karaf-2.x/assemblies/apache-karaf/src/main/distribution/unix-shell/bin/karaf karaf/branches

svn commit: r1545569 - in /karaf/branches/karaf-2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties: PropertiesBackingEngine.java PropertiesLoginModule.java

Author: davidb Date: Tue Nov 26 08:47:29 2013 New Revision: 1545569 URL: http://svn.apache.org/r1545569 Log: Adding back the strangely necessary (but unnecessary) casts that are apparently needed for a JDK 1.7 build... Modified: karaf/branches/karaf-2.x/jaas/modules/src/main/java/org

svn commit: r1545567 - in /karaf/branches/karaf-2.x: assemblies/apache-karaf/src/main/distribution/text/etc/ itests/src/test/java/org/apache/karaf/itests/ jaas/modules/src/main/java/org/apache/karaf/j

Author: davidb Date: Tue Nov 26 08:43:30 2013 New Revision: 1545567 URL: http://svn.apache.org/r1545567 Log: [KARAF-2568] Backport of JMX Security itest to 2.x Also contains fixes to the users.properties file and additional testing to ensure that it is not possible to log in as a group directly

svn commit: r1545300 - /karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java

Author: davidb Date: Mon Nov 25 14:36:32 2013 New Revision: 1545300 URL: http://svn.apache.org/r1545300 Log: Extra system test to ensure that you cannot log in as a groupname directly. Modified: karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java Modified: karaf

svn commit: r1545218 - in /karaf/branches/karaf-2.x: assemblies/apache-karaf/src/main/distribution/text/etc/ assemblies/apache-karaf/src/main/distribution/unix-shell/bin/ assemblies/apache-karaf/src/m

Author: davidb Date: Mon Nov 25 11:01:42 2013 New Revision: 1545218 URL: http://svn.apache.org/r1545218 Log: [KARAF-2568] Backport to 2.x of JMXSecurityMBean The JMXSecurityMBean contains four canInvoke() variants which can inform the client whether a certain JMX operation can be invoked or not

svn commit: r1541215 - in /karaf/branches/karaf-2.x/jaas: boot/src/main/java/org/apache/karaf/jaas/boot/principal/ command/src/main/java/org/apache/karaf/jaas/command/ command/src/main/resources/OSGI-

Author: davidb Date: Tue Nov 12 20:13:07 2013 New Revision: 1541215 URL: http://svn.apache.org/r1541215 Log: Add support for groups in security. A user can be a member of a group or have roles assigned directly. Groups typically have one or more roles assigned. Users that are part of that group

svn commit: r1540655 - in /karaf/trunk/itests/src/test/java/org/apache/karaf/itests: JMXSecurityTest.java KarafTestSupport.java

Author: davidb Date: Mon Nov 11 10:25:59 2013 New Revision: 1540655 URL: http://svn.apache.org/r1540655 Log: itests for JMX role-based access control. Added: karaf/trunk/itests/src/test/java/org/apache/karaf/itests/JMXSecurityTest.java Modified: karaf/trunk/itests/src/test/java/org

svn commit: r1540648 - /karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg

Author: davidb Date: Mon Nov 11 09:48:12 2013 New Revision: 1540648 URL: http://svn.apache.org/r1540648 Log: Fix to Karaf JMX ConfigAdmin ACL Modified: karaf/trunk/assemblies/features/framework/src/main/resources/resources/etc/jmx.acl.org.apache.karaf.config.cfg Modified: karaf/trunk