Example 1 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project tomcat by apache.
the class JmxRemoteLifecycleListener method lifecycleEvent.
@Override
public void lifecycleEvent(LifecycleEvent event) {
// When the server starts, configure JMX/RMI
if (Lifecycle.START_EVENT.equals(event.getType())) {
// Configure using standard jmx system properties
init();
// Prevent an attacker guessing the RMI object ID
System.setProperty("java.rmi.server.randomIDs", "true");
// Create the environment
HashMap<String, Object> env = new HashMap<>();
RMIClientSocketFactory registryCsf = null;
RMIServerSocketFactory registrySsf = null;
RMIClientSocketFactory serverCsf = null;
RMIServerSocketFactory serverSsf = null;
// Configure registry socket factories
if (rmiRegistrySSL) {
registryCsf = new SslRMIClientSocketFactory();
if (rmiBindAddress == null) {
registrySsf = new SslRMIServerSocketFactory(ciphers, protocols, clientAuth);
} else {
registrySsf = new SslRmiServerBindSocketFactory(ciphers, protocols, clientAuth, rmiBindAddress);
}
} else {
if (rmiBindAddress != null) {
registrySsf = new RmiServerBindSocketFactory(rmiBindAddress);
}
}
// Configure server socket factories
if (rmiServerSSL) {
serverCsf = new SslRMIClientSocketFactory();
if (rmiBindAddress == null) {
serverSsf = new SslRMIServerSocketFactory(ciphers, protocols, clientAuth);
} else {
serverSsf = new SslRmiServerBindSocketFactory(ciphers, protocols, clientAuth, rmiBindAddress);
}
} else {
if (rmiBindAddress != null) {
serverSsf = new RmiServerBindSocketFactory(rmiBindAddress);
}
}
// the configured address.
if (rmiBindAddress != null) {
System.setProperty("java.rmi.server.hostname", rmiBindAddress);
}
// Force the use of local ports if required
if (useLocalPorts) {
registryCsf = new RmiClientLocalhostSocketFactory(registryCsf);
serverCsf = new RmiClientLocalhostSocketFactory(serverCsf);
}
env.put("jmx.remote.rmi.server.credential.types", new String[] { String[].class.getName(), String.class.getName() });
// Populate the env properties used to create the server
if (serverCsf != null) {
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, serverCsf);
env.put("com.sun.jndi.rmi.factory.socket", registryCsf);
}
if (serverSsf != null) {
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, serverSsf);
}
// Configure authentication
if (authenticate) {
env.put("jmx.remote.x.password.file", passwordFile);
env.put("jmx.remote.x.access.file", accessFile);
env.put("jmx.remote.x.login.config", loginModuleName);
}
// Create the Platform server
csPlatform = createServer("Platform", rmiBindAddress, rmiRegistryPortPlatform, rmiServerPortPlatform, env, registryCsf, registrySsf, serverCsf, serverSsf);
} else if (Lifecycle.STOP_EVENT.equals(event.getType())) {
destroyServer("Platform", csPlatform);
}
}
Also used :
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
HashMap(java.util.HashMap)
SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory)
RMIServerSocketFactory(java.rmi.server.RMIServerSocketFactory)
SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory)
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
RMIClientSocketFactory(java.rmi.server.RMIClientSocketFactory)
Example 2 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project neo4j by neo4j.
the class HotspotManagementSupport method createServer.
private JMXConnectorServer createServer(int port, boolean useSSL, Log log) {
MBeanServer server = getMBeanServer();
final JMXServiceURL url;
try {
url = new JMXServiceURL("rmi", null, port);
} catch (MalformedURLException e) {
log.warn("Failed to start JMX Server", e);
return null;
}
Map<String, Object> env = new HashMap<>();
if (useSSL) {
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, new SslRMIClientSocketFactory());
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, new SslRMIServerSocketFactory());
}
try {
return JMXConnectorServerFactory.newJMXConnectorServer(url, env, server);
} catch (IOException e) {
log.warn("Failed to start JMX Server", e);
return null;
}
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
MalformedURLException(java.net.MalformedURLException)
HashMap(java.util.HashMap)
SslRMIServerSocketFactory(javax.rmi.ssl.SslRMIServerSocketFactory)
IOException(java.io.IOException)
MBeanServer(javax.management.MBeanServer)
Example 3 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project geode by apache.
the class JMXDataUpdater method connect.
/**
* Get the jmx connection
*/
public JMXConnector connect(String username, String password) {
// Reference to repository
Repository repository = Repository.get();
try {
String jmxSerURL = "";
logger.info("{}:{}", resourceBundle.getString("LOG_MSG_USE_LOCATOR_VALUE"), repository.getJmxUseLocator());
if (repository.getJmxUseLocator()) {
JmxManagerInfo jmxManagerInfo = getManagerInfoFromLocator(repository);
if (jmxManagerInfo.port == 0) {
logger.info(resourceBundle.getString("LOG_MSG_LOCATOR_COULD_NOT_FIND_MANAGER"));
} else {
logger.info("{}: {}={} & {}={}, {}", resourceBundle.getString("LOG_MSG_LOCATOR_FOUND_MANAGER"), resourceBundle.getString("LOG_MSG_HOST"), jmxManagerInfo.host, resourceBundle.getString("LOG_MSG_PORT"), jmxManagerInfo.port, (jmxManagerInfo.ssl ? resourceBundle.getString("LOG_MSG_WITH_SSL") : resourceBundle.getString("LOG_MSG_WITHOUT_SSL")));
jmxSerURL = formJMXServiceURLString(jmxManagerInfo.host, String.valueOf(jmxManagerInfo.port));
}
} else {
logger.info("{}={} & {}={}", resourceBundle.getString("LOG_MSG_HOST"), this.serverName, resourceBundle.getString("LOG_MSG_PORT"), this.port);
jmxSerURL = formJMXServiceURLString(this.serverName, this.port);
}
if (StringUtils.isNotBlank(jmxSerURL)) {
JMXServiceURL url = new JMXServiceURL(jmxSerURL);
String[] creds = { username, password };
Map<String, Object> env = new HashMap<String, Object>();
env.put(JMXConnector.CREDENTIALS, creds);
if (repository.isUseSSLManager()) {
// use ssl to connect
env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
}
logger.info("Connecting to jmxURL : {}", jmxSerURL);
this.conn = JMXConnectorFactory.connect(url, env);
this.mbs = this.conn.getMBeanServerConnection();
cluster.setConnectedFlag(true);
}
} catch (Exception e) {
cluster.setConnectedFlag(false);
cluster.setConnectionErrorMsg(e.getMessage());
logger.fatal(e.getMessage(), e);
if (this.conn != null) {
try {
this.conn.close();
} catch (Exception e1) {
logger.fatal(e1.getMessage(), e1);
}
this.conn = null;
}
}
return this.conn;
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
JmxManagerInfo(org.apache.geode.tools.pulse.internal.data.JmxManagerFinder.JmxManagerInfo)
HashMap(java.util.HashMap)
AttributeNotFoundException(javax.management.AttributeNotFoundException)
IntrospectionException(javax.management.IntrospectionException)
InstanceNotFoundException(javax.management.InstanceNotFoundException)
ReflectionException(javax.management.ReflectionException)
IOException(java.io.IOException)
UnknownHostException(java.net.UnknownHostException)
MalformedObjectNameException(javax.management.MalformedObjectNameException)
MBeanException(javax.management.MBeanException)
Example 4 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project geode by apache.
the class JMXMBeanDUnitTest method getClientEnvironment.
private Map<String, Object> getClientEnvironment(boolean withAlias) {
System.setProperty("javax.net.ssl.keyStore", withAlias ? multiKeystore : singleKeystore);
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", withAlias ? multiKeyTruststore : singleKeystore);
System.setProperty("javax.net.ssl.trustStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
Map<String, Object> environment = new HashMap<>();
environment.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
return environment;
}
Also used :
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
HashMap(java.util.HashMap)
Example 5 with SslRMIClientSocketFactory
use of javax.rmi.ssl.SslRMIClientSocketFactory in project jdk8u_jdk by JetBrains.
the class ScanDirClient method main.
/**
* Connects to a secured JMX <i>scandir</i> application.
* @param args The {@code main} method takes two parameters:
* <ul>
* <li>args[0] must be the server's host</li>
* <li>args[1] must be the rmi port number at which the
* JMX <i>scandir</i> daemon is listening for connections
* - that is, the port number of its JMX RMI Connector which
* was configured in {@code management.properties}
* </li>
* <ul>
**/
public static void main(String[] args) {
try {
//
if (args == null || args.length != 2) {
System.err.println("Bad number of arguments: usage is: \n\t" + USAGE);
System.exit(1);
}
try {
InetAddress.getByName(args[0]);
} catch (UnknownHostException x) {
System.err.println("No such host: " + args[0] + "\n usage is: \n\t" + USAGE);
System.exit(2);
} catch (Exception x) {
System.err.println("Bad address: " + args[0] + "\n usage is: \n\t" + USAGE);
System.exit(2);
}
try {
if (Integer.parseInt(args[1]) <= 0) {
System.err.println("Bad port value: " + args[1] + "\n usage is: \n\t" + USAGE);
System.exit(2);
}
} catch (Exception x) {
System.err.println("Bad argument: " + args[1] + "\n usage is: \n\t" + USAGE);
System.exit(2);
}
// Create an environment map to hold connection properties
// like credentials etc... We will later pass this map
// to the JMX Connector.
//
System.out.println("\nInitialize the environment map");
final Map<String, Object> env = new HashMap<String, Object>();
// Provide the credentials required by the server
// to successfully perform user authentication
//
final String[] credentials = new String[] { "guest", "guestpasswd" };
env.put("jmx.remote.credentials", credentials);
// Provide the SSL/TLS-based RMI Client Socket Factory required
// by the JNDI/RMI Registry Service Provider to communicate with
// the SSL/TLS-protected RMI Registry
//
env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
// Create the RMI connector client and
// connect it to the RMI connector server
// args[0] is the server's host - localhost
// args[1] is the secure server port - 4545
//
System.out.println("\nCreate the RMI connector client and " + "connect it to the RMI connector server");
final JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://" + args[0] + ":" + args[1] + "/jmxrmi");
System.out.println("Connecting to: " + url);
final JMXConnector jmxc = JMXConnectorFactory.connect(url, env);
// Get an MBeanServerConnection
//
System.out.println("\nGet the MBeanServerConnection");
final MBeanServerConnection mbsc = jmxc.getMBeanServerConnection();
// Create a proxy for the ScanManager MXBean
//
final ScanManagerMXBean proxy = ScanManager.newSingletonProxy(mbsc);
// Get the ScanDirConfig MXBean from the scan manager
//
System.out.println("\nGet ScanDirConfigMXBean from ScanManagerMXBean");
final ScanDirConfigMXBean configMBean = proxy.getConfigurationMBean();
// Print the scan dir configuration
//
System.out.println("\nGet 'Configuration' attribute on ScanDirConfigMXBean");
System.out.println("\nConfiguration:\n" + configMBean.getConfiguration());
// Try to invoke the "close" method on the ScanManager MXBean.
//
// Should get a SecurityException as the user "guest" doesn't
// have readwrite access.
//
System.out.println("\nInvoke 'close' on ScanManagerMXBean");
try {
proxy.close();
} catch (SecurityException e) {
System.out.println("\nGot expected security exception: " + e);
}
// Close MBeanServer connection
//
System.out.println("\nClose the connection to the server");
jmxc.close();
System.out.println("\nBye! Bye!");
} catch (Exception e) {
System.out.println("\nGot unexpected exception: " + e);
e.printStackTrace();
System.exit(3);
}
}
Also used :
JMXServiceURL(javax.management.remote.JMXServiceURL)
UnknownHostException(java.net.UnknownHostException)
HashMap(java.util.HashMap)
UnknownHostException(java.net.UnknownHostException)
SslRMIClientSocketFactory(javax.rmi.ssl.SslRMIClientSocketFactory)
JMXConnector(javax.management.remote.JMXConnector)
MBeanServerConnection(javax.management.MBeanServerConnection)
Aggregations
SslRMIClientSocketFactory (javax.rmi.ssl.SslRMIClientSocketFactory)22
HashMap (java.util.HashMap)15
JMXServiceURL (javax.management.remote.JMXServiceURL)10
SslRMIServerSocketFactory (javax.rmi.ssl.SslRMIServerSocketFactory)10
IOException (java.io.IOException)8
RMIClientSocketFactory (java.rmi.server.RMIClientSocketFactory)7
RMIServerSocketFactory (java.rmi.server.RMIServerSocketFactory)7
MBeanServer (javax.management.MBeanServer)4
JMXConnector (javax.management.remote.JMXConnector)4
MalformedURLException (java.net.MalformedURLException)3
MBeanServerConnection (javax.management.MBeanServerConnection)3
SSLContext (javax.net.ssl.SSLContext)3
UnknownHostException (java.net.UnknownHostException)2
LocateRegistry (java.rmi.registry.LocateRegistry)2
Registry (java.rmi.registry.Registry)2
UnicastRemoteObject (java.rmi.server.UnicastRemoteObject)2
ObjectName (javax.management.ObjectName)2
SSLServerSocketFactory (javax.net.ssl.SSLServerSocketFactory)2
InetAddress (java.net.InetAddress)1
AlreadyBoundException (java.rmi.AlreadyBoundException)1
