|
Java example source code file (MBeanServerAccessController.java)
The MBeanServerAccessController.java Java example source code/* * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package com.sun.jmx.remote.security; import com.sun.jmx.mbeanserver.GetPropertyAction; import java.io.ObjectInputStream; import java.security.AccessController; import java.util.Set; import javax.management.Attribute; import javax.management.AttributeList; import javax.management.AttributeNotFoundException; import javax.management.InstanceNotFoundException; import javax.management.InstanceAlreadyExistsException; import javax.management.IntrospectionException; import javax.management.InvalidAttributeValueException; import javax.management.ListenerNotFoundException; import javax.management.MBeanException; import javax.management.MBeanInfo; import javax.management.MBeanRegistrationException; import javax.management.MBeanServer; import javax.management.NotCompliantMBeanException; import javax.management.NotificationFilter; import javax.management.NotificationListener; import javax.management.ObjectInstance; import javax.management.ObjectName; import javax.management.OperationsException; import javax.management.QueryExp; import javax.management.ReflectionException; import javax.management.loading.ClassLoaderRepository; import javax.management.remote.MBeanServerForwarder; /** * <p>An object of this class implements the MBeanServer interface * and, for each of its methods, calls an appropriate checking method * and then forwards the request to a wrapped MBeanServer object. The * checking method may throw a RuntimeException if the operation is * not allowed; in this case the request is not forwarded to the * wrapped object.</p> * * <p>A typical use of this class is to insert it between a connector server * such as the RMI connector and the MBeanServer with which the connector * is associated. Requests from the connector client can then be filtered * and those operations that are not allowed, or not allowed in a particular * context, can be rejected by throwing a <code>SecurityException * in the corresponding <code>check* method. * * <p>This is an abstract class, because in its implementation none of * the checking methods does anything. To be useful, it must be * subclassed and at least one of the checking methods overridden to * do some checking. Some or all of the MBeanServer methods may also * be overridden, for instance if the default checking behavior is * inappropriate.</p> * * <p>If there is no SecurityManager, then the access controller will refuse * to create an MBean that is a ClassLoader, which includes MLets, or to * execute the method addURL on an MBean that is an MLet. This prevents * people from opening security holes unintentionally. Otherwise, it * would not be obvious that granting write access grants the ability to * download and execute arbitrary code in the target MBean server. Advanced * users who do want the ability to use MLets are presumably advanced enough * to handle policy files and security managers.</p> */ public abstract class MBeanServerAccessController implements MBeanServerForwarder { public MBeanServer getMBeanServer() { return mbs; } public void setMBeanServer(MBeanServer mbs) { if (mbs == null) throw new IllegalArgumentException("Null MBeanServer"); if (this.mbs != null) throw new IllegalArgumentException("MBeanServer object already " + "initialized"); this.mbs = mbs; } /** * Check if the caller can do read operations. This method does * nothing if so, otherwise throws SecurityException. */ protected abstract void checkRead(); /** * Check if the caller can do write operations. This method does * nothing if so, otherwise throws SecurityException. */ protected abstract void checkWrite(); /** * Check if the caller can create the named class. The default * implementation of this method calls {@link #checkWrite()}. */ protected void checkCreate(String className) { checkWrite(); } /** * Check if the caller can unregister the named MBean. The default * implementation of this method calls {@link #checkWrite()}. */ protected void checkUnregister(ObjectName name) { checkWrite(); } //-------------------------------------------- //-------------------------------------------- // // Implementation of the MBeanServer interface // //-------------------------------------------- //-------------------------------------------- /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void addNotificationListener(ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException { checkRead(); getMBeanServer().addNotificationListener(name, listener, filter, handback); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void addNotificationListener(ObjectName name, ObjectName listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException { checkRead(); getMBeanServer().addNotificationListener(name, listener, filter, handback); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name); } } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name, Object params[], String signature[]) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, params, signature); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, params, signature); } } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, InstanceNotFoundException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, loaderName); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, loaderName); } } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName, Object params[], String signature[]) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, InstanceNotFoundException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, loaderName, params, signature); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, loaderName, params, signature); } } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ @Deprecated public ObjectInputStream deserialize(ObjectName name, byte[] data) throws InstanceNotFoundException, OperationsException { checkRead(); return getMBeanServer().deserialize(name, data); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ @Deprecated public ObjectInputStream deserialize(String className, byte[] data) throws OperationsException, ReflectionException { checkRead(); return getMBeanServer().deserialize(className, data); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ @Deprecated public ObjectInputStream deserialize(String className, ObjectName loaderName, byte[] data) throws InstanceNotFoundException, OperationsException, ReflectionException { checkRead(); return getMBeanServer().deserialize(className, loaderName, data); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Object getAttribute(ObjectName name, String attribute) throws MBeanException, AttributeNotFoundException, InstanceNotFoundException, ReflectionException { checkRead(); return getMBeanServer().getAttribute(name, attribute); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public AttributeList getAttributes(ObjectName name, String[] attributes) throws InstanceNotFoundException, ReflectionException { checkRead(); return getMBeanServer().getAttributes(name, attributes); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ClassLoader getClassLoader(ObjectName loaderName) throws InstanceNotFoundException { checkRead(); return getMBeanServer().getClassLoader(loaderName); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ClassLoader getClassLoaderFor(ObjectName mbeanName) throws InstanceNotFoundException { checkRead(); return getMBeanServer().getClassLoaderFor(mbeanName); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ClassLoaderRepository getClassLoaderRepository() { checkRead(); return getMBeanServer().getClassLoaderRepository(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public String getDefaultDomain() { checkRead(); return getMBeanServer().getDefaultDomain(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public String[] getDomains() { checkRead(); return getMBeanServer().getDomains(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Integer getMBeanCount() { checkRead(); return getMBeanServer().getMBeanCount(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public MBeanInfo getMBeanInfo(ObjectName name) throws InstanceNotFoundException, IntrospectionException, ReflectionException { checkRead(); return getMBeanServer().getMBeanInfo(name); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ObjectInstance getObjectInstance(ObjectName name) throws InstanceNotFoundException { checkRead(); return getMBeanServer().getObjectInstance(name); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className) throws ReflectionException, MBeanException { checkCreate(className); return getMBeanServer().instantiate(className); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className, Object params[], String signature[]) throws ReflectionException, MBeanException { checkCreate(className); return getMBeanServer().instantiate(className, params, signature); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className, ObjectName loaderName) throws ReflectionException, MBeanException, InstanceNotFoundException { checkCreate(className); return getMBeanServer().instantiate(className, loaderName); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className, ObjectName loaderName, Object params[], String signature[]) throws ReflectionException, MBeanException, InstanceNotFoundException { checkCreate(className); return getMBeanServer().instantiate(className, loaderName, params, signature); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public Object invoke(ObjectName name, String operationName, Object params[], String signature[]) throws InstanceNotFoundException, MBeanException, ReflectionException { checkWrite(); checkMLetMethods(name, operationName); return getMBeanServer().invoke(name, operationName, params, signature); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public boolean isInstanceOf(ObjectName name, String className) throws InstanceNotFoundException { checkRead(); return getMBeanServer().isInstanceOf(name, className); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public boolean isRegistered(ObjectName name) { checkRead(); return getMBeanServer().isRegistered(name); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Set<ObjectInstance> queryMBeans(ObjectName name, QueryExp query) { checkRead(); return getMBeanServer().queryMBeans(name, query); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Set<ObjectName> queryNames(ObjectName name, QueryExp query) { checkRead(); return getMBeanServer().queryNames(name, query); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public ObjectInstance registerMBean(Object object, ObjectName name) throws InstanceAlreadyExistsException, MBeanRegistrationException, NotCompliantMBeanException { checkWrite(); return getMBeanServer().registerMBean(object, name); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, NotificationListener listener) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener, filter, handback); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, ObjectName listener) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, ObjectName listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener, filter, handback); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public void setAttribute(ObjectName name, Attribute attribute) throws InstanceNotFoundException, AttributeNotFoundException, InvalidAttributeValueException, MBeanException, ReflectionException { checkWrite(); getMBeanServer().setAttribute(name, attribute); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public AttributeList setAttributes(ObjectName name, AttributeList attributes) throws InstanceNotFoundException, ReflectionException { checkWrite(); return getMBeanServer().setAttributes(name, attributes); } /** * Call <code>checkUnregister(), then forward this method to the * wrapped object. */ public void unregisterMBean(ObjectName name) throws InstanceNotFoundException, MBeanRegistrationException { checkUnregister(name); getMBeanServer().unregisterMBean(name); } //---------------- // PRIVATE METHODS //---------------- private void checkClassLoader(Object object) { if (object instanceof ClassLoader) throw new SecurityException("Access denied! Creating an " + "MBean that is a ClassLoader " + "is forbidden unless a security " + "manager is installed."); } private void checkMLetMethods(ObjectName name, String operation) throws InstanceNotFoundException { // Check if security manager installed SecurityManager sm = System.getSecurityManager(); if (sm != null) { return; } // Check for addURL and getMBeansFromURL methods if (!operation.equals("addURL") && !operation.equals("getMBeansFromURL")) { return; } // Check if MBean is instance of MLet if (!getMBeanServer().isInstanceOf(name, "javax.management.loading.MLet")) { return; } // Throw security exception if (operation.equals("addURL")) { // addURL throw new SecurityException("Access denied! MLet method addURL " + "cannot be invoked unless a security manager is installed."); } else { // getMBeansFromURL // Whether or not calling getMBeansFromURL is allowed is controlled // by the value of the "jmx.remote.x.mlet.allow.getMBeansFromURL" // system property. If the value of this property is true, calling // the MLet's getMBeansFromURL method is allowed. The default value // for this property is false. final String propName = "jmx.remote.x.mlet.allow.getMBeansFromURL"; GetPropertyAction propAction = new GetPropertyAction(propName); String propValue = AccessController.doPrivileged(propAction); boolean allowGetMBeansFromURL = "true".equalsIgnoreCase(propValue); if (!allowGetMBeansFromURL) { throw new SecurityException("Access denied! MLet method " + "getMBeansFromURL cannot be invoked unless a " + "security manager is installed or the system property " + "-Djmx.remote.x.mlet.allow.getMBeansFromURL=true " + "is specified."); } } } //------------------ // PRIVATE VARIABLES //------------------ private MBeanServer mbs; } Other Java examples (source code examples)Here is a short list of links related to this Java MBeanServerAccessController.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.