Example 1 with JMXPrincipal
use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.
the class SubjectDelegation3Test method main.
public static void main(String[] args) throws Exception {
// Check for supported operating systems: Solaris
//
// This test runs only on Solaris due to CR 6285916
//
String osName = System.getProperty("os.name");
System.out.println("os.name = " + osName);
if (!osName.equals("SunOS")) {
System.out.println("This test runs on Solaris only.");
System.out.println("Bye! Bye!");
return;
}
String policyFile = args[0];
String testResult = args[1];
System.out.println("Policy file = " + policyFile);
System.out.println("Expected test result = " + testResult);
JMXConnectorServer jmxcs = null;
JMXConnector jmxc = null;
try {
// Create an RMI registry
//
System.out.println("Start RMI registry...");
Registry reg = null;
int port = 5800;
while (port++ < 6000) {
try {
reg = LocateRegistry.createRegistry(port);
System.out.println("RMI registry running on port " + port);
break;
} catch (RemoteException e) {
// Failed to create RMI registry...
System.out.println("Failed to create RMI registry " + "on port " + port);
}
}
if (reg == null) {
System.exit(1);
}
// Set the default password file
//
final String passwordFile = System.getProperty("test.src") + File.separator + "jmxremote.password";
System.out.println("Password file = " + passwordFile);
// Set policy file
//
final String policy = System.getProperty("test.src") + File.separator + policyFile;
System.out.println("PolicyFile = " + policy);
System.setProperty("java.security.policy", policy);
// Instantiate the MBean server
//
System.out.println("Create the MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Register the SimpleStandardMBean
//
System.out.println("Create SimpleStandard MBean");
SimpleStandard s = new SimpleStandard("delegate");
mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
// Create Properties containing the username/password entries
//
Properties props = new Properties();
props.setProperty("jmx.remote.x.password.file", passwordFile);
// Initialize environment map to be passed to the connector server
//
System.out.println("Initialize environment map");
HashMap env = new HashMap();
env.put("jmx.remote.authenticator", new JMXPluggableAuthenticator(props));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
JMXServiceURL url = new JMXServiceURL("rmi", null, 0, "/jndi/rmi://:" + port + "/server" + port);
jmxcs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
jmxcs.start();
// Create an RMI connector client
//
System.out.println("Create an RMI connector client");
HashMap cli_env = new HashMap();
// These credentials must match those in the default password file
//
String[] credentials = new String[] { "monitorRole", "QED" };
cli_env.put("jmx.remote.credentials", credentials);
jmxc = JMXConnectorFactory.connect(url, cli_env);
Subject delegationSubject = new Subject(true, Collections.singleton(new JMXPrincipal("delegate")), Collections.EMPTY_SET, Collections.EMPTY_SET);
MBeanServerConnection mbsc = jmxc.getMBeanServerConnection(delegationSubject);
// Get domains from MBeanServer
//
System.out.println("Domains:");
String[] domains = mbsc.getDomains();
for (int i = 0; i < domains.length; i++) {
System.out.println("\tDomain[" + i + "] = " + domains[i]);
}
// Get MBean count
//
System.out.println("MBean count = " + mbsc.getMBeanCount());
// Get State attribute
//
String oldState = (String) mbsc.getAttribute(new ObjectName("MBeans:type=SimpleStandard"), "State");
System.out.println("Old State = \"" + oldState + "\"");
// Set State attribute
//
System.out.println("Set State to \"changed state\"");
mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"), new Attribute("State", "changed state"));
// Get State attribute
//
String newState = (String) mbsc.getAttribute(new ObjectName("MBeans:type=SimpleStandard"), "State");
System.out.println("New State = \"" + newState + "\"");
if (!newState.equals("changed state")) {
System.out.println("Invalid State = \"" + newState + "\"");
System.exit(1);
}
// Add notification listener on SimpleStandard MBean
//
System.out.println("Add notification listener...");
mbsc.addNotificationListener(new ObjectName("MBeans:type=SimpleStandard"), new NotificationListener() {
public void handleNotification(Notification notification, Object handback) {
System.out.println("Received notification: " + notification);
}
}, null, null);
// Unregister SimpleStandard MBean
//
System.out.println("Unregister SimpleStandard MBean...");
mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard"));
} catch (SecurityException e) {
if (testResult.equals("ko")) {
System.out.println("Got expected security exception = " + e);
} else {
System.out.println("Got unexpected security exception = " + e);
e.printStackTrace();
throw e;
}
} catch (Exception e) {
System.out.println("Unexpected exception caught = " + e);
e.printStackTrace();
throw e;
} finally {
//
if (jmxc != null)
jmxc.close();
//
if (jmxcs != null)
jmxcs.stop();
// Say goodbye
//
System.out.println("Bye! Bye!");
}
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
JMXPluggableAuthenticator(com.sun.jmx.remote.security.JMXPluggableAuthenticator)
HashMap(java.util.HashMap)
Attribute(javax.management.Attribute)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Registry(java.rmi.registry.Registry)
LocateRegistry(java.rmi.registry.LocateRegistry)
Properties(java.util.Properties)
Subject(javax.security.auth.Subject)
Notification(javax.management.Notification)
RemoteException(java.rmi.RemoteException)
JMXConnectorServer(javax.management.remote.JMXConnectorServer)
ObjectName(javax.management.ObjectName)
JMXConnector(javax.management.remote.JMXConnector)
RemoteException(java.rmi.RemoteException)
MBeanServerConnection(javax.management.MBeanServerConnection)
MBeanServer(javax.management.MBeanServer)
NotificationListener(javax.management.NotificationListener)
Example 2 with JMXPrincipal
use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.
the class TestJMXAuthenticator method authenticate.
public Subject authenticate(Object credentials) {
String credentials_username = "";
String credentials_password = "";
Principal aPrincipal = null;
credentials_username = ((String[]) credentials)[0];
credentials_password = ((String[]) credentials)[1];
String authenticated_username = System.getProperty("susername");
String authenticated_password = System.getProperty("spassword");
String principal = System.getProperty("principal");
System.out.println("TestJMXAuthenticator::authenticate: Start");
System.out.println("TestJMXAuthenticator::authenticate: credentials username = " + credentials_username);
System.out.println("TestJMXAuthenticator::authenticate: credentials password = " + credentials_password);
System.out.println("TestJMXAuthenticator::authenticate: authenticated username = " + authenticated_username);
System.out.println("TestJMXAuthenticator::authenticate: authenticated password = " + authenticated_password);
System.out.println("TestJMXAuthenticator::authenticate: principal used for " + "authorization = " + principal);
if (credentials_username.equals(authenticated_username) && credentials_password.equals(authenticated_password)) {
System.out.println("TestJMXAuthenticator::authenticate: " + "Authenticator should succeed");
} else {
System.out.println("TestJMXAuthenticator::authenticate: " + "Authenticator should reject");
throw new SecurityException("TestJMXAuthenticator throws EXCEPTION");
}
// At this point, authentication has succeeded
// (no SecurityException thrown).
//
// If no authorization is required, the returned subject (empty or not)
// is useless.
// Otherwise, the returned subject must define a principal
// and authorization will be performed against this principal.
//
// Note that this custom JMXAuthenticator is used for test purpose and
// the username used to perform authentication may be different from the
// username used to perform authorization.
//
Subject subject = new Subject();
if (principal != null) {
System.out.println("TestJMXAuthenticator::authenticate: " + "Add " + principal + " principal to the returned subject");
subject.getPrincipals().add(new JMXPrincipal(principal));
}
return subject;
}
Also used :
JMXPrincipal(javax.management.remote.JMXPrincipal)
Principal(java.security.Principal)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Subject(javax.security.auth.Subject)
Example 3 with JMXPrincipal
use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.
the class SimpleStandard method checkSubject.
/*
* ---------------
* PRIVATE METHODS
* ---------------
*/
/**
* Check that the principal contained in the Subject is of
* type JMXPrincipal and refers to the principalName identity.
*/
private void checkSubject(String op) {
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
Set principals = subject.getPrincipals();
Principal principal = (Principal) principals.iterator().next();
if (!(principal instanceof JMXPrincipal))
throw new SecurityException(op + ": Authenticated subject contains " + "invalid principal type = " + principal.getClass().getName());
String identity = principal.getName();
if (!identity.equals(principalName))
throw new SecurityException(op + ": Authenticated subject contains " + "invalid principal name = " + identity);
}
Also used :
Set(java.util.Set)
AccessControlContext(java.security.AccessControlContext)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Subject(javax.security.auth.Subject)
Principal(java.security.Principal)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Example 4 with JMXPrincipal
use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.
the class FileLoginModule method attemptAuthentication.
/**
* Attempt authentication
*
* @param usePasswdFromSharedState a flag to tell this method whether
* to retrieve the password from the sharedState.
*/
// sharedState used as Map<String,Object>
@SuppressWarnings("unchecked")
private void attemptAuthentication(boolean usePasswdFromSharedState) throws LoginException {
// get the username and password
getUsernamePassword(usePasswdFromSharedState);
String localPassword;
// userCredentials is initialized in login()
if (((localPassword = userCredentials.getProperty(username)) == null) || (!localPassword.equals(new String(password)))) {
// username not found or passwords do not match
if (logger.debugOn()) {
logger.debug("login", "Invalid username or password");
}
throw new FailedLoginException("Invalid username or password");
}
// only if authentication succeeded
if (storePass && !sharedState.containsKey(USERNAME_KEY) && !sharedState.containsKey(PASSWORD_KEY)) {
sharedState.put(USERNAME_KEY, username);
sharedState.put(PASSWORD_KEY, password);
}
// Create a new user principal
user = new JMXPrincipal(username);
if (logger.debugOn()) {
logger.debug("login", "User '" + username + "' successfully validated");
}
}
Also used :
JMXPrincipal(javax.management.remote.JMXPrincipal)
Example 5 with JMXPrincipal
use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.
the class ThreadPoolAccTest method main.
public static void main(String[] args) throws Exception {
ObjectName[] mbeanNames = new ObjectName[6];
ObservedObject[] monitored = new ObservedObject[6];
ObjectName[] monitorNames = new ObjectName[6];
Monitor[] monitor = new Monitor[6];
String[] principals = { "role1", "role2" };
String[] attributes = { "Integer", "Double", "String" };
try {
echo(">>> CREATE MBeanServer");
MBeanServer server = MBeanServerFactory.newMBeanServer();
for (int i = 0; i < 6; i++) {
mbeanNames[i] = new ObjectName(":type=ObservedObject,instance=" + i);
monitored[i] = new ObservedObject();
echo(">>> CREATE ObservedObject = " + mbeanNames[i].toString());
server.registerMBean(monitored[i], mbeanNames[i]);
switch(i) {
case 0:
case 3:
monitorNames[i] = new ObjectName(":type=CounterMonitor,instance=" + i);
monitor[i] = new CounterMonitor();
break;
case 1:
case 4:
monitorNames[i] = new ObjectName(":type=GaugeMonitor,instance=" + i);
monitor[i] = new GaugeMonitor();
break;
case 2:
case 5:
monitorNames[i] = new ObjectName(":type=StringMonitor,instance=" + i);
monitor[i] = new StringMonitor();
break;
}
echo(">>> CREATE Monitor = " + monitorNames[i].toString());
server.registerMBean(monitor[i], monitorNames[i]);
monitor[i].addObservedObject(mbeanNames[i]);
monitor[i].setObservedAttribute(attributes[i % 3]);
monitor[i].setGranularityPeriod(500);
final Monitor m = monitor[i];
Subject subject = new Subject();
echo(">>> RUN Principal = " + principals[i / 3]);
subject.getPrincipals().add(new JMXPrincipal(principals[i / 3]));
PrivilegedAction<Void> action = new PrivilegedAction<Void>() {
public Void run() {
m.start();
return null;
}
};
Subject.doAs(subject, action);
}
while (!testPrincipals(monitored, monitorNames, monitor, principals)) ;
} finally {
for (int i = 0; i < 6; i++) if (monitor[i] != null)
monitor[i].stop();
}
}
Also used :
GaugeMonitor(javax.management.monitor.GaugeMonitor)
JMXPrincipal(javax.management.remote.JMXPrincipal)
Subject(javax.security.auth.Subject)
ObjectName(javax.management.ObjectName)
StringMonitor(javax.management.monitor.StringMonitor)
StringMonitor(javax.management.monitor.StringMonitor)
CounterMonitor(javax.management.monitor.CounterMonitor)
Monitor(javax.management.monitor.Monitor)
GaugeMonitor(javax.management.monitor.GaugeMonitor)
PrivilegedAction(java.security.PrivilegedAction)
CounterMonitor(javax.management.monitor.CounterMonitor)
MBeanServer(javax.management.MBeanServer)
Aggregations
JMXPrincipal (javax.management.remote.JMXPrincipal)15
Subject (javax.security.auth.Subject)10
Principal (java.security.Principal)4
MBeanServer (javax.management.MBeanServer)4
JMXServiceURL (javax.management.remote.JMXServiceURL)4
Properties (java.util.Properties)3
MBeanServerConnection (javax.management.MBeanServerConnection)3
ObjectName (javax.management.ObjectName)3
JMXConnector (javax.management.remote.JMXConnector)3
JMXConnectorServer (javax.management.remote.JMXConnectorServer)3
JMXPluggableAuthenticator (com.sun.jmx.remote.security.JMXPluggableAuthenticator)2
RemoteException (java.rmi.RemoteException)2
LocateRegistry (java.rmi.registry.LocateRegistry)2
Registry (java.rmi.registry.Registry)2
AccessControlContext (java.security.AccessControlContext)2
X509Certificate (java.security.cert.X509Certificate)2
HashMap (java.util.HashMap)2
Set (java.util.Set)2
Attribute (javax.management.Attribute)2
Notification (javax.management.Notification)2
