karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Pieber <anpie...@gmail.com>
Subject Re: Securing shell commands
Date Tue, 30 Oct 2012 12:38:00 GMT
Well, since there is no standardized approach for securing applications
within OSGi, I think your approach is as good as any other. Playing with
your ideas a little bit in my head I would say that it should basically
works for all our (Karaf) requirements. Therefore --> good work and +1 :-)

Kind regards,
Andreas

On Tue, Oct 30, 2012 at 1:28 PM, Jean-Baptiste Onofré <jb@nanthrax.net>wrote:

> OK, no worries. Your introduction looks good to me.
>
> Regards
> JB
>
>
> On 10/30/2012 01:06 PM, Guillaume Nodet wrote:
>
>> It's just on my laptop for now, but I can commit anywhere, either github
>> for other people to have a look or any karaf branch.
>>
>> On Tue, Oct 30, 2012 at 1:04 PM, Jean-Baptiste Onofré <jb@nanthrax.net
>> >wrote:
>>
>>  You don't put it on your github fork (it's what I understood) ?
>>>
>>> Regards
>>> JB
>>>
>>>
>>> On 10/30/2012 01:01 PM, Guillaume Nodet wrote:
>>>
>>>  Well, I haven't committed anything yet, I was looking for feedback
>>>> before
>>>> ...
>>>>
>>>> On Tue, Oct 30, 2012 at 12:25 PM, Jean-Baptiste Onofré <jb@nanthrax.net
>>>>
>>>>> wrote:
>>>>>
>>>>
>>>>   Thanks for the update Guillaume and great job !
>>>>
>>>>>
>>>>> I gonna experiment (in combination with sub-shell) and extend to JMX,
>>>>> but
>>>>> it looks very good.
>>>>>
>>>>> Thanks again,
>>>>> Regards
>>>>> JB
>>>>>
>>>>>
>>>>> On 10/30/2012 12:20 PM, Guillaume Nodet wrote:
>>>>>
>>>>>   I've worked last week on a solution for KARAF-979, i.e. providing a
>>>>> way
>>>>>
>>>>>> to
>>>>>> secure shell commands.
>>>>>> What I came up with is the following.
>>>>>>
>>>>>> A new simple authentication service, exposed as an OSGi service with
>>>>>> the
>>>>>> following interface
>>>>>>
>>>>>> public interface AuthorizationService {
>>>>>>
>>>>>>        void checkPermission(Subject subject, String permission);
>>>>>>
>>>>>>        boolean isPermitted(Subject subject, String permission);
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>> This service would be used transparently by karaf commands by
>>>>>> modifying
>>>>>> the
>>>>>> BlueprintCommand class and calling checkPermission with the current
>>>>>> Subject
>>>>>> and a permission which is
>>>>>>       "command:" + [scope] + ":" + [command]
>>>>>>
>>>>>> Permissions can be set through ConfigAdmin using a single property
>>>>>> which
>>>>>> contains an xml which looks like:
>>>>>>        <entries>
>>>>>>           <entry permission="[xxx]" roles="[xxx]"
>>>>>> type="add|set|modify"
>>>>>> />
>>>>>>           [ more entries ]
>>>>>>        </entries>
>>>>>>
>>>>>> The matching is done by checking the permission given in the call
to
>>>>>> the
>>>>>> AuthorizationService with the entries in the configuration.  Matching
>>>>>> entries are used to compute the list of authorized roles and those
>>>>>> roles
>>>>>> are checked against the roles of the authenticated Subject.
>>>>>> This mechanism is the same we had in ServiceMix 3.x.
>>>>>>
>>>>>> This allows to define permissions for a subshell or a single command.
>>>>>>   It
>>>>>> does not provide a very easy way to split read operations from write
>>>>>> operations and this would have to be done in an example configuration
>>>>>> maybe
>>>>>> to ease the user task.
>>>>>> That said, the mechanism is easily extensible and we can later add
>>>>>> permissions for JMX access or any other part of Karaf that would
>>>>>> benefit
>>>>>> from that.
>>>>>>
>>>>>> Thoughts welcomed, as usual.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>   --
>>>>>>
>>>>> Jean-Baptiste Onofré
>>>>> jbonofre@apache.org
>>>>> http://blog.nanthrax.net
>>>>> Talend - http://www.talend.com
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>  --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>>>
>>>
>>
>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message