Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-20839

[Karaf] JMX ACL MBean authentification problem

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Blocker
    • fuse-7.12-GA
    • fuse-7.12-GA
    • Karaf
    • None
    • Very Likely

    Description

      Tested with AR2.

      There is such configuration in jmx.acl.org.apache.karaf.bundle.cfg:

      setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
setStartLevel = admin, manager

      We check if we can call this method with viewer, manager and admin role. The parameters may be wrong, we check if we can call the method at all. In fuse-karaf-7.12.0.fuse-7_12_0-00007-redhat-00001 there seems to be a bug for manager role where only admin is allowed:

      [INFO ] [RbacJmxTest:330]  user: viewer
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:346]  result: SecurityException

!!! SecurityException expected !!!
[INFO ] [RbacJmxTest:330]  user: manager
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException


[INFO ] [RbacJmxTest:330]  user: admin
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException

[INFO ] [RbacJmxTest:330]  user: viewer
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel = admin, manager
[INFO ] [RbacJmxTest:346]  result: SecurityException

[INFO ] [RbacJmxTest:330]  user: manager
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel = admin, manager
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException

[INFO ] [RbacJmxTest:330]  user: admin
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel = admin, manager
[INFO ] [RbacJmxTest:339]  result: MBeanException or RuntimeMBeanException

      SecurityException is expected if the role is not sufficient. The exception here actually is

      javax.management.RuntimeMBeanException: java.lang.IllegalArgumentException: argument type mismatch

      When the valid parameters are sent

      [INFO ] [RbacJmxTest:330]  user: manager
[INFO ] [RbacJmxTest:331]  instance: org.apache.karaf:type=bundle,name=root
[INFO ] [RbacJmxTest:332]  method: setStartLevel(java.lang.String, int)[/([1-4])?[0-9]/,/.*/] = admin
[INFO ] [RbacJmxTest:359]  result: success

       

      Worked fine with fuse-karaf-7.11.1.fuse-7_11_1-00013-redhat-00003. All other methods tested seems also fine.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. ENTESB-10379 manager role can execute setStartLevel with start level below 50

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              ggrzybek Grzegorz Grzybek
              rhn-support-ppinkas Petr Pinkas
              Petr Pinkas Petr Pinkas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: