Search in sources :

Example 6 with JMXPrincipal

use of javax.management.remote.JMXPrincipal in project activemq-artemis by apache.

the class TextFileCertificateLoginModuleTest method getJaasCertificateCallbackHandler.

private JaasCallbackHandler getJaasCertificateCallbackHandler(String user) {
    JMXPrincipal principal = new JMXPrincipal(user);
    X509Certificate cert = new StubX509Certificate(principal);
    return new JaasCallbackHandler(null, null, null) {

        @Override
        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbacks) {
                if (callback instanceof CertificateCallback) {
                    CertificateCallback certCallback = (CertificateCallback) callback;
                    certCallback.setCertificates(new X509Certificate[] { cert });
                } else {
                    throw new UnsupportedCallbackException(callback);
                }
            }
        }
    };
}
Also used : CertificateCallback(org.apache.activemq.artemis.spi.core.security.jaas.CertificateCallback) Callback(javax.security.auth.callback.Callback) JMXPrincipal(javax.management.remote.JMXPrincipal) CertificateCallback(org.apache.activemq.artemis.spi.core.security.jaas.CertificateCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) X509Certificate(javax.security.cert.X509Certificate) JaasCallbackHandler(org.apache.activemq.artemis.spi.core.security.jaas.JaasCallbackHandler)

Example 7 with JMXPrincipal

use of javax.management.remote.JMXPrincipal in project geode by apache.

the class JMXShiroAuthenticator method authenticate.

@Override
public Subject authenticate(Object credentials) {
    String username = null;
    Properties credProps = new Properties();
    if (credentials instanceof Properties) {
        credProps = (Properties) credentials;
        username = credProps.getProperty(ResourceConstants.USER_NAME);
    } else if (credentials instanceof String[]) {
        final String[] aCredentials = (String[]) credentials;
        username = aCredentials[0];
        credProps.setProperty(ResourceConstants.USER_NAME, aCredentials[0]);
        credProps.setProperty(ResourceConstants.PASSWORD, aCredentials[1]);
    } else {
        throw new AuthenticationFailedException(MISSING_CREDENTIALS_MESSAGE);
    }
    org.apache.shiro.subject.Subject shiroSubject = this.securityService.login(credProps);
    Principal principal;
    if (shiroSubject == null) {
        principal = new JMXPrincipal(username);
    } else {
        principal = new ShiroPrincipal(shiroSubject);
    }
    return new Subject(true, Collections.singleton(principal), Collections.EMPTY_SET, Collections.EMPTY_SET);
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) JMXPrincipal(javax.management.remote.JMXPrincipal) Properties(java.util.Properties) Principal(java.security.Principal) JMXPrincipal(javax.management.remote.JMXPrincipal) Subject(javax.security.auth.Subject)

Example 8 with JMXPrincipal

use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.

the class SimpleStandard method checkSubject.

/*
     * ---------------
     * PRIVATE METHODS
     * ---------------
     */
/**
     * Check that the principal contained in the Subject is of
     * type JMXPrincipal and refers to the "monitorRole" identity.
     */
private void checkSubject() {
    AccessControlContext acc = AccessController.getContext();
    Subject subject = Subject.getSubject(acc);
    Set principals = subject.getPrincipals();
    Principal principal = (Principal) principals.iterator().next();
    if (!(principal instanceof JMXPrincipal))
        throw new SecurityException("Authenticated subject contains " + "invalid principal type = " + principal.getClass().getName());
    String identity = principal.getName();
    if (!identity.equals("monitorRole"))
        throw new SecurityException("Authenticated subject contains " + "invalid principal name = " + identity);
}
Also used : Set(java.util.Set) AccessControlContext(java.security.AccessControlContext) JMXPrincipal(javax.management.remote.JMXPrincipal) Subject(javax.security.auth.Subject) Principal(java.security.Principal) JMXPrincipal(javax.management.remote.JMXPrincipal)

Example 9 with JMXPrincipal

use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.

the class SubjectDelegation1Test method main.

public static void main(String[] args) throws Exception {
    // Check for supported operating systems: Solaris
    //
    // This test runs only on Solaris due to CR 6285916
    //
    String osName = System.getProperty("os.name");
    System.out.println("os.name = " + osName);
    if (!osName.equals("SunOS")) {
        System.out.println("This test runs on Solaris only.");
        System.out.println("Bye! Bye!");
        return;
    }
    String policyFile = args[0];
    String testResult = args[1];
    System.out.println("Policy file = " + policyFile);
    System.out.println("Expected test result = " + testResult);
    JMXConnectorServer jmxcs = null;
    JMXConnector jmxc = null;
    try {
        // Create an RMI registry
        //
        System.out.println("Start RMI registry...");
        Registry reg = null;
        int port = 5800;
        while (port++ < 6000) {
            try {
                reg = LocateRegistry.createRegistry(port);
                System.out.println("RMI registry running on port " + port);
                break;
            } catch (RemoteException e) {
                // Failed to create RMI registry...
                System.out.println("Failed to create RMI registry " + "on port " + port);
            }
        }
        if (reg == null) {
            System.exit(1);
        }
        // Set the default password file
        //
        final String passwordFile = System.getProperty("test.src") + File.separator + "jmxremote.password";
        System.out.println("Password file = " + passwordFile);
        // Set policy file
        //
        final String policy = System.getProperty("test.src") + File.separator + policyFile;
        System.out.println("PolicyFile = " + policy);
        System.setProperty("java.security.policy", policy);
        // Instantiate the MBean server
        //
        System.out.println("Create the MBean server");
        MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
        // Register the SimpleStandardMBean
        //
        System.out.println("Create SimpleStandard MBean");
        SimpleStandard s = new SimpleStandard("delegate");
        mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
        // Create Properties containing the username/password entries
        //
        Properties props = new Properties();
        props.setProperty("jmx.remote.x.password.file", passwordFile);
        // Initialize environment map to be passed to the connector server
        //
        System.out.println("Initialize environment map");
        HashMap env = new HashMap();
        env.put("jmx.remote.authenticator", new JMXPluggableAuthenticator(props));
        // Create an RMI connector server
        //
        System.out.println("Create an RMI connector server");
        JMXServiceURL url = new JMXServiceURL("rmi", null, 0, "/jndi/rmi://:" + port + "/server" + port);
        jmxcs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
        jmxcs.start();
        // Create an RMI connector client
        //
        System.out.println("Create an RMI connector client");
        HashMap cli_env = new HashMap();
        // These credentials must match those in the default password file
        //
        String[] credentials = new String[] { "monitorRole", "QED" };
        cli_env.put("jmx.remote.credentials", credentials);
        jmxc = JMXConnectorFactory.connect(url, cli_env);
        Subject delegationSubject = new Subject(true, Collections.singleton(new JMXPrincipal("delegate")), Collections.EMPTY_SET, Collections.EMPTY_SET);
        MBeanServerConnection mbsc = jmxc.getMBeanServerConnection(delegationSubject);
        // Get domains from MBeanServer
        //
        System.out.println("Domains:");
        String[] domains = mbsc.getDomains();
        for (int i = 0; i < domains.length; i++) {
            System.out.println("\tDomain[" + i + "] = " + domains[i]);
        }
        // Get MBean count
        //
        System.out.println("MBean count = " + mbsc.getMBeanCount());
        // Get State attribute
        //
        String oldState = (String) mbsc.getAttribute(new ObjectName("MBeans:type=SimpleStandard"), "State");
        System.out.println("Old State = \"" + oldState + "\"");
        // Set State attribute
        //
        System.out.println("Set State to \"changed state\"");
        mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"), new Attribute("State", "changed state"));
        // Get State attribute
        //
        String newState = (String) mbsc.getAttribute(new ObjectName("MBeans:type=SimpleStandard"), "State");
        System.out.println("New State = \"" + newState + "\"");
        if (!newState.equals("changed state")) {
            System.out.println("Invalid State = \"" + newState + "\"");
            System.exit(1);
        }
        // Add notification listener on SimpleStandard MBean
        //
        System.out.println("Add notification listener...");
        mbsc.addNotificationListener(new ObjectName("MBeans:type=SimpleStandard"), new NotificationListener() {

            public void handleNotification(Notification notification, Object handback) {
                System.out.println("Received notification: " + notification);
            }
        }, null, null);
        // Unregister SimpleStandard MBean
        //
        System.out.println("Unregister SimpleStandard MBean...");
        mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard"));
    } catch (SecurityException e) {
        if (testResult.equals("ko")) {
            System.out.println("Got expected security exception = " + e);
        } else {
            System.out.println("Got unexpected security exception = " + e);
            e.printStackTrace();
            throw e;
        }
    } catch (Exception e) {
        System.out.println("Unexpected exception caught = " + e);
        e.printStackTrace();
        throw e;
    } finally {
        //
        if (jmxc != null)
            jmxc.close();
        //
        if (jmxcs != null)
            jmxcs.stop();
        // Say goodbye
        //
        System.out.println("Bye! Bye!");
    }
}
Also used : JMXServiceURL(javax.management.remote.JMXServiceURL) JMXPluggableAuthenticator(com.sun.jmx.remote.security.JMXPluggableAuthenticator) HashMap(java.util.HashMap) Attribute(javax.management.Attribute) JMXPrincipal(javax.management.remote.JMXPrincipal) Registry(java.rmi.registry.Registry) LocateRegistry(java.rmi.registry.LocateRegistry) Properties(java.util.Properties) Subject(javax.security.auth.Subject) Notification(javax.management.Notification) RemoteException(java.rmi.RemoteException) JMXConnectorServer(javax.management.remote.JMXConnectorServer) ObjectName(javax.management.ObjectName) JMXConnector(javax.management.remote.JMXConnector) RemoteException(java.rmi.RemoteException) MBeanServerConnection(javax.management.MBeanServerConnection) MBeanServer(javax.management.MBeanServer) NotificationListener(javax.management.NotificationListener)

Example 10 with JMXPrincipal

use of javax.management.remote.JMXPrincipal in project jdk8u_jdk by JetBrains.

the class RMIConnectorInternalMapTest method main.

public static void main(String[] args) throws Exception {
    System.out.println("---RMIConnectorInternalMapTest starting...");
    JMXConnectorServer connectorServer = null;
    JMXConnector connectorClient = null;
    try {
        MBeanServer mserver = ManagementFactory.getPlatformMBeanServer();
        JMXServiceURL serverURL = new JMXServiceURL("rmi", "localhost", 0);
        connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(serverURL, null, mserver);
        connectorServer.start();
        JMXServiceURL serverAddr = connectorServer.getAddress();
        connectorClient = JMXConnectorFactory.connect(serverAddr, null);
        connectorClient.connect();
        Field rmbscMapField = RMIConnector.class.getDeclaredField("rmbscMap");
        rmbscMapField.setAccessible(true);
        Map<Subject, WeakReference<MBeanServerConnection>> map = (Map<Subject, WeakReference<MBeanServerConnection>>) rmbscMapField.get(connectorClient);
        if (map != null && !map.isEmpty()) {
            // failed
            throw new RuntimeException("RMIConnector's rmbscMap must be empty at the initial time.");
        }
        Subject delegationSubject = new Subject(true, Collections.singleton(new JMXPrincipal("delegate")), Collections.EMPTY_SET, Collections.EMPTY_SET);
        MBeanServerConnection mbsc1 = connectorClient.getMBeanServerConnection(delegationSubject);
        MBeanServerConnection mbsc2 = connectorClient.getMBeanServerConnection(delegationSubject);
        if (mbsc1 == null) {
            throw new RuntimeException("Got null connection.");
        }
        if (mbsc1 != mbsc2) {
            throw new RuntimeException("Not got same connection with a same subject.");
        }
        map = (Map<Subject, WeakReference<MBeanServerConnection>>) rmbscMapField.get(connectorClient);
        if (map == null || map.isEmpty()) {
            // failed
            throw new RuntimeException("RMIConnector's rmbscMap has wrong size " + "after creating a delegated connection.");
        }
        delegationSubject = null;
        mbsc1 = null;
        mbsc2 = null;
        int i = 0;
        while (!map.isEmpty() && i++ < 60) {
            System.gc();
            Thread.sleep(100);
        }
        System.out.println("---GC times: " + i);
        if (!map.isEmpty()) {
            throw new RuntimeException("Failed to clean RMIConnector's rmbscMap");
        } else {
            System.out.println("---RMIConnectorInternalMapTest: PASSED!");
        }
    } finally {
        try {
            connectorClient.close();
            connectorServer.stop();
        } catch (Exception e) {
        }
    }
}
Also used : JMXServiceURL(javax.management.remote.JMXServiceURL) JMXPrincipal(javax.management.remote.JMXPrincipal) Subject(javax.security.auth.Subject) JMXConnectorServer(javax.management.remote.JMXConnectorServer) Field(java.lang.reflect.Field) JMXConnector(javax.management.remote.JMXConnector) WeakReference(java.lang.ref.WeakReference) Map(java.util.Map) MBeanServerConnection(javax.management.MBeanServerConnection) MBeanServer(javax.management.MBeanServer)

Aggregations

JMXPrincipal (javax.management.remote.JMXPrincipal)15 Subject (javax.security.auth.Subject)10 Principal (java.security.Principal)4 MBeanServer (javax.management.MBeanServer)4 JMXServiceURL (javax.management.remote.JMXServiceURL)4 Properties (java.util.Properties)3 MBeanServerConnection (javax.management.MBeanServerConnection)3 ObjectName (javax.management.ObjectName)3 JMXConnector (javax.management.remote.JMXConnector)3 JMXConnectorServer (javax.management.remote.JMXConnectorServer)3 JMXPluggableAuthenticator (com.sun.jmx.remote.security.JMXPluggableAuthenticator)2 RemoteException (java.rmi.RemoteException)2 LocateRegistry (java.rmi.registry.LocateRegistry)2 Registry (java.rmi.registry.Registry)2 AccessControlContext (java.security.AccessControlContext)2 X509Certificate (java.security.cert.X509Certificate)2 HashMap (java.util.HashMap)2 Set (java.util.Set)2 Attribute (javax.management.Attribute)2 Notification (javax.management.Notification)2