Attached a patch (secure-felix-shell.trunk.patch) to introduce an asadmin CLI bridge for accessing the Gogo/Felix shell (works with both).
This patch essentially does the following:
- introduce a remote command ("felix") to access the OSGi shell on a specific server instance (in "appserver/osgi-platforms/felix-cli-remote")
- introduce a local command ("felix-shell") to access the OSGi shell with an interactive/multimode frontend (in "appserver/osgi-platforms/felix-cli-interactive")
- modify "nucleus/packager/nucleus-osgi" to drop the old remote shell artifact inclusion
- modify "appserver/packager/glassfish-osgi" to include the new artifacts
- modify "osgi.properties" in "nucleus/osgi-platforms/felix" to replace standard remote shell with new remote command and advance default final startlevel to 3
As this approach does inherit all the security attributes from the asadmin infrastructure it should be safe to assume that the requirements are fulfilled. Also, this command allows to access a specific remote system (DAS being the default) and hence should still keep up with developer needs.
Also nice for system integrators is to know that with this approach there is one port less to secure.
Copyright on this contribution is granted as per the OCA and source files should all comply to this.