Example 1 with JMXAuthenticator
use of javax.management.remote.JMXAuthenticator in project Openfire by igniterealtime.
the class JMXManager method start.
private void start() {
setContainer(new MBeanContainer(ManagementFactory.getPlatformMBeanServer()));
int jmxPort = JMXManager.getPort();
String jmxUrl = "/jndi/rmi://localhost:" + jmxPort + "/jmxrmi";
Map<String, Object> env = new HashMap<>();
if (JMXManager.isSecure()) {
env.put("jmx.remote.authenticator", new JMXAuthenticator() {
@Override
public Subject authenticate(Object credentials) {
if (!(credentials instanceof String[])) {
if (credentials == null) {
throw new SecurityException("Credentials required");
}
throw new SecurityException("Credentials should be String[]");
}
final String[] aCredentials = (String[]) credentials;
if (aCredentials.length < 2) {
throw new SecurityException("Credentials should have at least two elements");
}
String username = aCredentials[0];
String password = aCredentials[1];
try {
AuthFactory.authenticate(username, password);
} catch (Exception ex) {
Log.error("Authentication failed for " + username);
throw new SecurityException();
}
if (AdminManager.getInstance().isUserAdmin(username, true)) {
return new Subject(true, Collections.singleton(new JMXPrincipal(username)), Collections.EMPTY_SET, Collections.EMPTY_SET);
} else {
Log.error("Authorization failed for " + username);
throw new SecurityException();
}
}
});
}
try {
jmxServer = new ConnectorServer(new JMXServiceURL("rmi", null, jmxPort, jmxUrl), env, "org.eclipse.jetty.jmx:name=rmiconnectorserver");
jmxServer.start();
} catch (Exception e) {
Log.error("Failed to start JMX connector", e);
}
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
HashMap(java.util.HashMap)
JMXAuthenticator(javax.management.remote.JMXAuthenticator)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Subject(javax.security.auth.Subject)
MBeanContainer(org.eclipse.jetty.jmx.MBeanContainer)
ConnectorServer(org.eclipse.jetty.jmx.ConnectorServer)
Example 2 with JMXAuthenticator
use of javax.management.remote.JMXAuthenticator in project jdk8u_jdk by JetBrains.
the class RMIServerImpl method doNewClient.
/**
* This method could be overridden by subclasses defined in this package
* to perform additional operations specific to the underlying transport
* before creating the new client connection.
*/
RMIConnection doNewClient(Object credentials) throws IOException {
final boolean tracing = logger.traceOn();
if (tracing)
logger.trace("newClient", "making new client");
if (getMBeanServer() == null)
throw new IllegalStateException("Not attached to an MBean server");
Subject subject = null;
JMXAuthenticator authenticator = (JMXAuthenticator) env.get(JMXConnectorServer.AUTHENTICATOR);
if (authenticator == null) {
/*
* Create the JAAS-based authenticator only if authentication
* has been enabled
*/
if (env.get("jmx.remote.x.password.file") != null || env.get("jmx.remote.x.login.config") != null) {
authenticator = new JMXPluggableAuthenticator(env);
}
}
if (authenticator != null) {
if (tracing)
logger.trace("newClient", "got authenticator: " + authenticator.getClass().getName());
try {
subject = authenticator.authenticate(credentials);
} catch (SecurityException e) {
logger.trace("newClient", "Authentication failed: " + e);
throw e;
}
}
if (tracing) {
if (subject != null)
logger.trace("newClient", "subject is not null");
else
logger.trace("newClient", "no subject");
}
final String connectionId = makeConnectionId(getProtocol(), subject);
if (tracing)
logger.trace("newClient", "making new connection: " + connectionId);
RMIConnection client = makeClient(connectionId, subject);
dropDeadReferences();
WeakReference<RMIConnection> wr = new WeakReference<RMIConnection>(client);
synchronized (clientList) {
clientList.add(wr);
}
connServer.connectionOpened(connectionId, "Connection opened", null);
synchronized (clientList) {
if (!clientList.contains(wr)) {
// can be removed only by a JMXConnectionNotification listener
throw new IOException("The connection is refused.");
}
}
if (tracing)
logger.trace("newClient", "new connection done: " + connectionId);
return client;
}
Also used :
JMXPluggableAuthenticator(com.sun.jmx.remote.security.JMXPluggableAuthenticator)
WeakReference(java.lang.ref.WeakReference)
JMXAuthenticator(javax.management.remote.JMXAuthenticator)
IOException(java.io.IOException)
Subject(javax.security.auth.Subject)
Example 3 with JMXAuthenticator
use of javax.management.remote.JMXAuthenticator in project jdk8u_jdk by JetBrains.
the class ConnectionTest method test.
private static boolean test(String proto) throws Exception {
ObjectName serverName = ObjectName.getInstance("d:type=server");
MBeanServer mbs = MBeanServerFactory.newMBeanServer();
JMXAuthenticator authenticator = new BogusAuthenticator();
Map env = Collections.singletonMap("jmx.remote.authenticator", authenticator);
JMXServiceURL url = new JMXServiceURL("service:jmx:" + proto + "://");
JMXConnectorServer server;
try {
server = JMXConnectorServerFactory.newJMXConnectorServer(url, env, null);
} catch (MalformedURLException e) {
System.out.println("Protocol " + proto + " not supported, ignoring");
return true;
}
System.out.println("Created connector server");
mbs.registerMBean(server, serverName);
System.out.println("Registered connector server in MBean server");
mbs.addNotificationListener(serverName, logListener, null, null);
mbs.invoke(serverName, "start", null, null);
System.out.println("Started connector server");
JMXServiceURL address = (JMXServiceURL) mbs.getAttribute(serverName, "Address");
System.out.println("Retrieved address: " + address);
if (address.getHost().length() == 0) {
System.out.println("Generated address has empty hostname");
return false;
}
JMXConnector client = JMXConnectorFactory.connect(address);
System.out.println("Client connected");
String clientConnId = client.getConnectionId();
System.out.println("Got connection ID on client: " + clientConnId);
boolean ok = checkConnectionId(proto, clientConnId);
if (!ok)
return false;
System.out.println("Connection ID is OK");
// 4901826: connection ids need some time to be updated using jmxmp
// we don't get the notif immediately either
// this was originally timeout 1ms, which was not enough
Notification notif = waitForNotification(1000);
System.out.println("Server got notification: " + notif);
ok = mustBeConnectionNotification(notif, clientConnId, JMXConnectionNotification.OPENED);
if (!ok)
return false;
client.close();
System.out.println("Closed client");
notif = waitForNotification(1000);
System.out.println("Got notification: " + notif);
ok = mustBeConnectionNotification(notif, clientConnId, JMXConnectionNotification.CLOSED);
if (!ok)
return false;
client = JMXConnectorFactory.connect(address);
System.out.println("Second client connected");
String clientConnId2 = client.getConnectionId();
if (clientConnId.equals(clientConnId2)) {
System.out.println("Same connection ID for two connections: " + clientConnId2);
return false;
}
System.out.println("Second client connection ID is different");
notif = waitForNotification(1);
ok = mustBeConnectionNotification(notif, clientConnId2, JMXConnectionNotification.OPENED);
if (!ok)
return false;
MBeanServerConnection mbsc = client.getMBeanServerConnection();
Map attrs = (Map) mbsc.getAttribute(serverName, "Attributes");
System.out.println("Server attributes received by client: " + attrs);
server.stop();
System.out.println("Server stopped");
notif = waitForNotification(1000);
System.out.println("Server got connection-closed notification: " + notif);
ok = mustBeConnectionNotification(notif, clientConnId2, JMXConnectionNotification.CLOSED);
if (!ok)
return false;
try {
mbsc.getDefaultDomain();
System.out.println("Connection still working but should not be");
return false;
} catch (IOException e) {
System.out.println("Connection correctly got exception: " + e);
}
try {
client = JMXConnectorFactory.connect(address);
System.out.println("Connector server still working but should " + "not be");
return false;
} catch (IOException e) {
System.out.println("New connection correctly got exception: " + e);
}
return true;
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
MalformedURLException(java.net.MalformedURLException)
JMXAuthenticator(javax.management.remote.JMXAuthenticator)
IOException(java.io.IOException)
JMXConnectionNotification(javax.management.remote.JMXConnectionNotification)
Notification(javax.management.Notification)
ObjectName(javax.management.ObjectName)
JMXConnectorServer(javax.management.remote.JMXConnectorServer)
JMXConnector(javax.management.remote.JMXConnector)
HashMap(java.util.HashMap)
Map(java.util.Map)
MBeanServerConnection(javax.management.MBeanServerConnection)
MBeanServer(javax.management.MBeanServer)
Aggregations
JMXAuthenticator (javax.management.remote.JMXAuthenticator)3
IOException (java.io.IOException)2
HashMap (java.util.HashMap)2
JMXServiceURL (javax.management.remote.JMXServiceURL)2
Subject (javax.security.auth.Subject)2
JMXPluggableAuthenticator (com.sun.jmx.remote.security.JMXPluggableAuthenticator)1
WeakReference (java.lang.ref.WeakReference)1
MalformedURLException (java.net.MalformedURLException)1
Map (java.util.Map)1
MBeanServer (javax.management.MBeanServer)1
MBeanServerConnection (javax.management.MBeanServerConnection)1
Notification (javax.management.Notification)1
ObjectName (javax.management.ObjectName)1
JMXConnectionNotification (javax.management.remote.JMXConnectionNotification)1
JMXConnector (javax.management.remote.JMXConnector)1
JMXConnectorServer (javax.management.remote.JMXConnectorServer)1
JMXPrincipal (javax.management.remote.JMXPrincipal)1
ConnectorServer (org.eclipse.jetty.jmx.ConnectorServer)1
MBeanContainer (org.eclipse.jetty.jmx.MBeanContainer)1
