alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Java example source code file (MBeanServerAccessController.java)

This example Java source code file (MBeanServerAccessController.java) is included in the alvinalexander.com "Java Source Code Warehouse" project. The intent of this project is to help you "Learn Java by Example" TM.

Learn more about this Java project at its project page.

Java - Java tags/keywords

classloader, instancealreadyexistsexception, instancenotfoundexception, management, mbeanexception, mbeanregistrationexception, mbeanserver, notcompliantmbeanexception, notificationfilter, object, objectinstance, objectname, reflectionexception, security, securitymanager, string, util

The MBeanServerAccessController.java Java example source code

/*
 * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package com.sun.jmx.remote.security;

import com.sun.jmx.mbeanserver.GetPropertyAction;
import java.io.ObjectInputStream;
import java.security.AccessController;
import java.util.Set;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.AttributeNotFoundException;
import javax.management.InstanceNotFoundException;
import javax.management.InstanceAlreadyExistsException;
import javax.management.IntrospectionException;
import javax.management.InvalidAttributeValueException;
import javax.management.ListenerNotFoundException;
import javax.management.MBeanException;
import javax.management.MBeanInfo;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.NotificationListener;
import javax.management.ObjectInstance;
import javax.management.ObjectName;
import javax.management.OperationsException;
import javax.management.QueryExp;
import javax.management.ReflectionException;
import javax.management.loading.ClassLoaderRepository;
import javax.management.remote.MBeanServerForwarder;

/**
 * <p>An object of this class implements the MBeanServer interface
 * and, for each of its methods, calls an appropriate checking method
 * and then forwards the request to a wrapped MBeanServer object.  The
 * checking method may throw a RuntimeException if the operation is
 * not allowed; in this case the request is not forwarded to the
 * wrapped object.</p>
 *
 * <p>A typical use of this class is to insert it between a connector server
 * such as the RMI connector and the MBeanServer with which the connector
 * is associated.  Requests from the connector client can then be filtered
 * and those operations that are not allowed, or not allowed in a particular
 * context, can be rejected by throwing a <code>SecurityException
 * in the corresponding <code>check* method.

* * <p>This is an abstract class, because in its implementation none of * the checking methods does anything. To be useful, it must be * subclassed and at least one of the checking methods overridden to * do some checking. Some or all of the MBeanServer methods may also * be overridden, for instance if the default checking behavior is * inappropriate.</p> * * <p>If there is no SecurityManager, then the access controller will refuse * to create an MBean that is a ClassLoader, which includes MLets, or to * execute the method addURL on an MBean that is an MLet. This prevents * people from opening security holes unintentionally. Otherwise, it * would not be obvious that granting write access grants the ability to * download and execute arbitrary code in the target MBean server. Advanced * users who do want the ability to use MLets are presumably advanced enough * to handle policy files and security managers.</p> */ public abstract class MBeanServerAccessController implements MBeanServerForwarder { public MBeanServer getMBeanServer() { return mbs; } public void setMBeanServer(MBeanServer mbs) { if (mbs == null) throw new IllegalArgumentException("Null MBeanServer"); if (this.mbs != null) throw new IllegalArgumentException("MBeanServer object already " + "initialized"); this.mbs = mbs; } /** * Check if the caller can do read operations. This method does * nothing if so, otherwise throws SecurityException. */ protected abstract void checkRead(); /** * Check if the caller can do write operations. This method does * nothing if so, otherwise throws SecurityException. */ protected abstract void checkWrite(); /** * Check if the caller can create the named class. The default * implementation of this method calls {@link #checkWrite()}. */ protected void checkCreate(String className) { checkWrite(); } /** * Check if the caller can unregister the named MBean. The default * implementation of this method calls {@link #checkWrite()}. */ protected void checkUnregister(ObjectName name) { checkWrite(); } //-------------------------------------------- //-------------------------------------------- // // Implementation of the MBeanServer interface // //-------------------------------------------- //-------------------------------------------- /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void addNotificationListener(ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException { checkRead(); getMBeanServer().addNotificationListener(name, listener, filter, handback); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void addNotificationListener(ObjectName name, ObjectName listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException { checkRead(); getMBeanServer().addNotificationListener(name, listener, filter, handback); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name); } } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name, Object params[], String signature[]) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, params, signature); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, params, signature); } } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, InstanceNotFoundException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, loaderName); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, loaderName); } } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName, Object params[], String signature[]) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, InstanceNotFoundException { checkCreate(className); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, loaderName, params, signature); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, loaderName, params, signature); } } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ @Deprecated public ObjectInputStream deserialize(ObjectName name, byte[] data) throws InstanceNotFoundException, OperationsException { checkRead(); return getMBeanServer().deserialize(name, data); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ @Deprecated public ObjectInputStream deserialize(String className, byte[] data) throws OperationsException, ReflectionException { checkRead(); return getMBeanServer().deserialize(className, data); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ @Deprecated public ObjectInputStream deserialize(String className, ObjectName loaderName, byte[] data) throws InstanceNotFoundException, OperationsException, ReflectionException { checkRead(); return getMBeanServer().deserialize(className, loaderName, data); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Object getAttribute(ObjectName name, String attribute) throws MBeanException, AttributeNotFoundException, InstanceNotFoundException, ReflectionException { checkRead(); return getMBeanServer().getAttribute(name, attribute); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public AttributeList getAttributes(ObjectName name, String[] attributes) throws InstanceNotFoundException, ReflectionException { checkRead(); return getMBeanServer().getAttributes(name, attributes); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ClassLoader getClassLoader(ObjectName loaderName) throws InstanceNotFoundException { checkRead(); return getMBeanServer().getClassLoader(loaderName); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ClassLoader getClassLoaderFor(ObjectName mbeanName) throws InstanceNotFoundException { checkRead(); return getMBeanServer().getClassLoaderFor(mbeanName); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ClassLoaderRepository getClassLoaderRepository() { checkRead(); return getMBeanServer().getClassLoaderRepository(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public String getDefaultDomain() { checkRead(); return getMBeanServer().getDefaultDomain(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public String[] getDomains() { checkRead(); return getMBeanServer().getDomains(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Integer getMBeanCount() { checkRead(); return getMBeanServer().getMBeanCount(); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public MBeanInfo getMBeanInfo(ObjectName name) throws InstanceNotFoundException, IntrospectionException, ReflectionException { checkRead(); return getMBeanServer().getMBeanInfo(name); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public ObjectInstance getObjectInstance(ObjectName name) throws InstanceNotFoundException { checkRead(); return getMBeanServer().getObjectInstance(name); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className) throws ReflectionException, MBeanException { checkCreate(className); return getMBeanServer().instantiate(className); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className, Object params[], String signature[]) throws ReflectionException, MBeanException { checkCreate(className); return getMBeanServer().instantiate(className, params, signature); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className, ObjectName loaderName) throws ReflectionException, MBeanException, InstanceNotFoundException { checkCreate(className); return getMBeanServer().instantiate(className, loaderName); } /** * Call <code>checkCreate(className), then forward this method to the * wrapped object. */ public Object instantiate(String className, ObjectName loaderName, Object params[], String signature[]) throws ReflectionException, MBeanException, InstanceNotFoundException { checkCreate(className); return getMBeanServer().instantiate(className, loaderName, params, signature); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public Object invoke(ObjectName name, String operationName, Object params[], String signature[]) throws InstanceNotFoundException, MBeanException, ReflectionException { checkWrite(); checkMLetMethods(name, operationName); return getMBeanServer().invoke(name, operationName, params, signature); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public boolean isInstanceOf(ObjectName name, String className) throws InstanceNotFoundException { checkRead(); return getMBeanServer().isInstanceOf(name, className); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public boolean isRegistered(ObjectName name) { checkRead(); return getMBeanServer().isRegistered(name); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Set<ObjectInstance> queryMBeans(ObjectName name, QueryExp query) { checkRead(); return getMBeanServer().queryMBeans(name, query); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public Set<ObjectName> queryNames(ObjectName name, QueryExp query) { checkRead(); return getMBeanServer().queryNames(name, query); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public ObjectInstance registerMBean(Object object, ObjectName name) throws InstanceAlreadyExistsException, MBeanRegistrationException, NotCompliantMBeanException { checkWrite(); return getMBeanServer().registerMBean(object, name); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, NotificationListener listener) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener, filter, handback); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, ObjectName listener) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener); } /** * Call <code>checkRead(), then forward this method to the * wrapped object. */ public void removeNotificationListener(ObjectName name, ObjectName listener, NotificationFilter filter, Object handback) throws InstanceNotFoundException, ListenerNotFoundException { checkRead(); getMBeanServer().removeNotificationListener(name, listener, filter, handback); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public void setAttribute(ObjectName name, Attribute attribute) throws InstanceNotFoundException, AttributeNotFoundException, InvalidAttributeValueException, MBeanException, ReflectionException { checkWrite(); getMBeanServer().setAttribute(name, attribute); } /** * Call <code>checkWrite(), then forward this method to the * wrapped object. */ public AttributeList setAttributes(ObjectName name, AttributeList attributes) throws InstanceNotFoundException, ReflectionException { checkWrite(); return getMBeanServer().setAttributes(name, attributes); } /** * Call <code>checkUnregister(), then forward this method to the * wrapped object. */ public void unregisterMBean(ObjectName name) throws InstanceNotFoundException, MBeanRegistrationException { checkUnregister(name); getMBeanServer().unregisterMBean(name); } //---------------- // PRIVATE METHODS //---------------- private void checkClassLoader(Object object) { if (object instanceof ClassLoader) throw new SecurityException("Access denied! Creating an " + "MBean that is a ClassLoader " + "is forbidden unless a security " + "manager is installed."); } private void checkMLetMethods(ObjectName name, String operation) throws InstanceNotFoundException { // Check if security manager installed SecurityManager sm = System.getSecurityManager(); if (sm != null) { return; } // Check for addURL and getMBeansFromURL methods if (!operation.equals("addURL") && !operation.equals("getMBeansFromURL")) { return; } // Check if MBean is instance of MLet if (!getMBeanServer().isInstanceOf(name, "javax.management.loading.MLet")) { return; } // Throw security exception if (operation.equals("addURL")) { // addURL throw new SecurityException("Access denied! MLet method addURL " + "cannot be invoked unless a security manager is installed."); } else { // getMBeansFromURL // Whether or not calling getMBeansFromURL is allowed is controlled // by the value of the "jmx.remote.x.mlet.allow.getMBeansFromURL" // system property. If the value of this property is true, calling // the MLet's getMBeansFromURL method is allowed. The default value // for this property is false. final String propName = "jmx.remote.x.mlet.allow.getMBeansFromURL"; GetPropertyAction propAction = new GetPropertyAction(propName); String propValue = AccessController.doPrivileged(propAction); boolean allowGetMBeansFromURL = "true".equalsIgnoreCase(propValue); if (!allowGetMBeansFromURL) { throw new SecurityException("Access denied! MLet method " + "getMBeansFromURL cannot be invoked unless a " + "security manager is installed or the system property " + "-Djmx.remote.x.mlet.allow.getMBeansFromURL=true " + "is specified."); } } } //------------------ // PRIVATE VARIABLES //------------------ private MBeanServer mbs; }

Other Java examples (source code examples)

Here is a short list of links related to this Java MBeanServerAccessController.java source code file:

... this post is sponsored by my books ...

#1 New Release!

FP Best Seller

 

new blog posts

 

Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.