(karaf) branch karaf-4.4.x updated: [KARAF-7856] Improve support for JAAS roles that extend Karaf's RolePrincipal

Wed, 02 Jul 2025 22:07:16 -0700 

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch karaf-4.4.x
in repository https://gitbox.apache.org/repos/asf/karaf.git


The following commit(s) were added to refs/heads/karaf-4.4.x by this push:
     new 99552f6ea2 [KARAF-7856] Improve support for JAAS roles that extend 
Karaf's RolePrincipal
99552f6ea2 is described below

commit 99552f6ea2be1e4b1185c3dfd18abb6ddad340e3
Author: Matt Pavlovich <[email protected]>
AuthorDate: Wed May 7 10:09:52 2025 -0500

    [KARAF-7856] Improve support for JAAS roles that extend Karaf's 
RolePrincipal
    
    (cherry picked from commit 41b428e0cef6775d3d9f1c06ffec43b2c1497e96)
---
 .../osgi/secured/SecuredSessionFactoryImpl.java    | 13 +++++++--
 .../karaf/shell/ssh/ExtendedRolePrincipal.java     | 31 ++++++++++++++++++++++
 .../shell/ssh/KarafJaasAuthenticatorTest.java      | 10 ++++++-
 3 files changed, 51 insertions(+), 3 deletions(-)

diff --git 
a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
 
b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
index 5de937131c..e9544265ea 100644
--- 
a/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
+++ 
b/shell/core/src/main/java/org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.java
@@ -266,9 +266,12 @@ public class SecuredSessionFactoryImpl extends 
SessionFactoryImpl implements Con
     static boolean currentUserHasRole(String requestedRole) {
         String clazz;
         String role;
+        boolean customClazz = false;
+
         int index = requestedRole.indexOf(':');
         if (index > 0) {
             clazz = requestedRole.substring(0, index);
+            customClazz = true;
             role = requestedRole.substring(index + 1);
         } else {
             clazz = RolePrincipal.class.getName();
@@ -286,8 +289,14 @@ public class SecuredSessionFactoryImpl extends 
SessionFactoryImpl implements Con
         }
 
         for (Principal p : subject.getPrincipals()) {
-            if (clazz.equals(p.getClass().getName()) && 
role.equals(p.getName())) {
-                return true;
+            if (customClazz) {
+               if(clazz.equals(p.getClass().getName()) && 
role.equals(p.getName())) {
+                       return true;
+               }
+            } else {
+               if(RolePrincipal.class.isAssignableFrom(p.getClass()) && 
role.equals(p.getName())) {
+                       return true;
+               }
             }
         }
 
diff --git 
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ExtendedRolePrincipal.java 
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ExtendedRolePrincipal.java
new file mode 100644
index 0000000000..a67e32efd7
--- /dev/null
+++ 
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/ExtendedRolePrincipal.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.karaf.shell.ssh;
+
+import org.apache.karaf.jaas.boot.principal.RolePrincipal;
+
+public class ExtendedRolePrincipal extends RolePrincipal {
+
+       private static final long serialVersionUID = 1L;
+
+       public ExtendedRolePrincipal(String name) {
+               super(name);
+       }
+
+}
diff --git 
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticatorTest.java
 
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticatorTest.java
index 577d697105..fe88588a31 100644
--- 
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticatorTest.java
+++ 
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/KarafJaasAuthenticatorTest.java
@@ -175,7 +175,12 @@ public class KarafJaasAuthenticatorTest {
                 new Class<?>[]{UserPrincipal.class});
         assertTrue(authenticator.authenticate("customRole", "test", session));
     }
-
+    @Test
+    public void extendedRole() {
+        final KarafJaasAuthenticator authenticator = new 
KarafJaasAuthenticator("karaf", "test",
+                       new Class<?>[]{RolePrincipal.class});
+        assertTrue(authenticator.authenticate("extendedRole", "test", 
session));
+    }
     public static class SayYes implements LoginModule {
         private String name;
         private Subject subject;
@@ -208,6 +213,9 @@ public class KarafJaasAuthenticatorTest {
                 case "customRole":
                     subject.getPrincipals().add(new UserPrincipal("test"));
                     break;
+                case "extendedRole":
+                    subject.getPrincipals().add(new 
ExtendedRolePrincipal("test"));
+                    break;
                 case "test":
                     subject.getPrincipals().add(new RolePrincipal("test"));
                     break;

Reply via email to