Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 4.0
    • Fix Version/s: 4.0_b58
    • Component/s: OSGi
    • Labels:
      None

      Description

      See GLASSFISH-13006 for more details. 3.1.1 release manager wants us to open a new bug closing existing GLASSFISH-13006 as that shows up in their query although that's no longer applicable for 3.1.1.

        Issue Links

          Activity

          Hide
          Sanjeeb Sahoo added a comment -

          Turned it into an RFE since I have disabled the shell in trunk as well in svn rev #48678.

          Show
          Sanjeeb Sahoo added a comment - Turned it into an RFE since I have disabled the shell in trunk as well in svn rev #48678.
          Hide
          Sanjeeb Sahoo added a comment -

          Vijay,

          Could you please look into this next?

          Sahoo

          Show
          Sanjeeb Sahoo added a comment - Vijay, Could you please look into this next? Sahoo
          Hide
          ancoron added a comment -

          Attached a patch (secure-felix-shell.trunk.patch) to introduce an asadmin CLI bridge for accessing the Gogo/Felix shell (works with both).

          This patch essentially does the following:

          1. introduce a remote command ("felix") to access the OSGi shell on a specific server instance (in "appserver/osgi-platforms/felix-cli-remote")
          2. introduce a local command ("felix-shell") to access the OSGi shell with an interactive/multimode frontend (in "appserver/osgi-platforms/felix-cli-interactive")
          3. modify "nucleus/packager/nucleus-osgi" to drop the old remote shell artifact inclusion
          4. modify "appserver/packager/glassfish-osgi" to include the new artifacts
          5. modify "osgi.properties" in "nucleus/osgi-platforms/felix" to replace standard remote shell with new remote command and advance default final startlevel to 3

          As this approach does inherit all the security attributes from the asadmin infrastructure it should be safe to assume that the requirements are fulfilled. Also, this command allows to access a specific remote system (DAS being the default) and hence should still keep up with developer needs.

          Also nice for system integrators is to know that with this approach there is one port less to secure.

          Copyright on this contribution is granted as per the OCA and source files should all comply to this.

          Show
          ancoron added a comment - Attached a patch ( secure-felix-shell.trunk.patch ) to introduce an asadmin CLI bridge for accessing the Gogo/Felix shell (works with both). This patch essentially does the following: introduce a remote command ("felix") to access the OSGi shell on a specific server instance (in "appserver/osgi-platforms/felix-cli-remote") introduce a local command ("felix-shell") to access the OSGi shell with an interactive/multimode frontend (in "appserver/osgi-platforms/felix-cli-interactive") modify "nucleus/packager/nucleus-osgi" to drop the old remote shell artifact inclusion modify "appserver/packager/glassfish-osgi" to include the new artifacts modify "osgi.properties" in "nucleus/osgi-platforms/felix" to replace standard remote shell with new remote command and advance default final startlevel to 3 As this approach does inherit all the security attributes from the asadmin infrastructure it should be safe to assume that the requirements are fulfilled. Also, this command allows to access a specific remote system (DAS being the default) and hence should still keep up with developer needs. Also nice for system integrators is to know that with this approach there is one port less to secure. Copyright on this contribution is granted as per the OCA and source files should all comply to this.
          Hide
          Sanjeeb Sahoo added a comment -

          Ancoron,

          Thank you very much for this great quality patch. In this bug, I am going to incorporate the remote command only. I have opened a new issue called GLASSFISH-19124 to incorporate the local command. Pl see that issue for the exact reason behind this split.

          I will also refactor the command name to osgi and osgi-shell instead of felix and felix-shell respectively. The modules will be added in nucleus instead of appserver distributions.

          Sahoo

          Show
          Sanjeeb Sahoo added a comment - Ancoron, Thank you very much for this great quality patch. In this bug, I am going to incorporate the remote command only. I have opened a new issue called GLASSFISH-19124 to incorporate the local command. Pl see that issue for the exact reason behind this split. I will also refactor the command name to osgi and osgi-shell instead of felix and felix-shell respectively. The modules will be added in nucleus instead of appserver distributions. Sahoo
          Hide
          Sanjeeb Sahoo added a comment -

          As said earlier, I am committing the patch related to the remote command.
          r56267 | ss141213 | 2012-10-05 03:34:23 +0530 (Fri, 05 Oct 2012)

          GLASSFISH-16998: Secure OSGi shell port.
          Adding osgi-remote-cli module which introduces a remote command called osgi that can be used
          to invoke a single osgi shell command.

          Patch contributed by Ancoron, I have just made some refactoring.

          Show
          Sanjeeb Sahoo added a comment - As said earlier, I am committing the patch related to the remote command. r56267 | ss141213 | 2012-10-05 03:34:23 +0530 (Fri, 05 Oct 2012) GLASSFISH-16998 : Secure OSGi shell port. Adding osgi-remote-cli module which introduces a remote command called osgi that can be used to invoke a single osgi shell command. Patch contributed by Ancoron, I have just made some refactoring.

            People

            • Assignee:
              Sanjeeb Sahoo
              Reporter:
              Sanjeeb Sahoo
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: