use of org.apache.geode.internal.security.shiro.JMXShiroAuthenticator in project geode by apache.
the class ManagementAgent method configureAndStart.
/**
* http://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html #gdfvq
* https://blogs.oracle.com/jmxetc/entry/java_5_premain_rmi_connectors
* https://blogs.oracle.com/jmxetc/entry/building_a_remotely_stoppable_connector
* https://blogs.oracle.com/jmxetc/entry/jmx_connecting_through_firewalls_using
* https://blogs.oracle.com/jmxetc/entry/java_5_premain_rmi_connectors
*/
private void configureAndStart() throws IOException {
// get the port for RMI Registry and RMI Connector Server
final int port = this.config.getJmxManagerPort();
final String hostname;
final InetAddress bindAddr;
if (StringUtils.isBlank(this.config.getJmxManagerBindAddress())) {
hostname = SocketCreator.getLocalHost().getHostName();
bindAddr = null;
} else {
hostname = this.config.getJmxManagerBindAddress();
bindAddr = InetAddress.getByName(hostname);
}
String jmxManagerHostnameForClients = this.config.getJmxManagerHostnameForClients();
if (StringUtils.isNotBlank(jmxManagerHostnameForClients)) {
System.setProperty("java.rmi.server.hostname", jmxManagerHostnameForClients);
}
final SocketCreator socketCreator = SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX);
final boolean ssl = socketCreator.useSSL();
if (logger.isDebugEnabled()) {
logger.debug("Starting jmx manager agent on port {}{}", port, (bindAddr != null ? (" bound to " + bindAddr) : "") + (ssl ? " using SSL" : ""));
}
// RMISocketFactory.getDefaultSocketFactory();
RMIClientSocketFactory rmiClientSocketFactory = ssl ? new SslRMIClientSocketFactory() : null;
RMIServerSocketFactory rmiServerSocketFactory = new GemFireRMIServerSocketFactory(socketCreator, bindAddr);
// Following is done to prevent rmi causing stop the world gcs
System.setProperty("sun.rmi.dgc.server.gcInterval", Long.toString(Long.MAX_VALUE - 1));
// Create the RMI Registry using the SSL socket factories above.
// In order to use a single port, we must use these factories
// everywhere, or nowhere. Since we want to use them in the JMX
// RMI Connector server, we must also use them in the RMI Registry.
// Otherwise, we wouldn't be able to use a single port.
// Start an RMI registry on port <port>.
registry = LocateRegistry.createRegistry(port, rmiClientSocketFactory, rmiServerSocketFactory);
// Retrieve the PlatformMBeanServer.
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Environment map. why is this declared as HashMap?
final HashMap<String, Object> env = new HashMap<String, Object>();
// Manually creates and binds a JMX RMI Connector Server stub with the
// registry created above: the port we pass here is the port that can
// be specified in "service:jmx:rmi://"+hostname+":"+port - where the
// RMI server stub and connection objects will be exported.
// Here we choose to use the same port as was specified for the
// RMI Registry. We can do so because we're using \*the same\* client
// and server socket factories, for the registry itself \*and\* for this
// object.
final RMIServerImpl stub = new RMIJRMPServerImpl(port, rmiClientSocketFactory, rmiServerSocketFactory, env);
// Create an RMI connector server.
//
// As specified in the JMXServiceURL the RMIServer stub will be
// registered in the RMI registry running in the local host on
// port <port> with the name "jmxrmi". This is the same name the
// out-of-the-box management agent uses to register the RMIServer
// stub too.
//
// The port specified in "service:jmx:rmi://"+hostname+":"+port
// is the second port, where RMI connection objects will be exported.
// Here we use the same port as that we choose for the RMI registry.
// The port for the RMI registry is specified in the second part
// of the URL, in "rmi://"+hostname+":"+port
//
// We construct a JMXServiceURL corresponding to what we have done
// for our stub...
final JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://" + hostname + ":" + port + "/jndi/rmi://" + hostname + ":" + port + "/jmxrmi");
// Create an RMI connector server with the JMXServiceURL
//
// JDK 1.5 cannot use JMXConnectorServerFactory because of
// http://bugs.sun.com/view_bug.do?bug_id=5107423
// but we're using JDK 1.6
jmxConnectorServer = new RMIConnectorServer(new JMXServiceURL("rmi", hostname, port), env, stub, mbs) {
@Override
public JMXServiceURL getAddress() {
return url;
}
@Override
public synchronized void start() throws IOException {
try {
registry.bind("jmxrmi", stub);
} catch (AlreadyBoundException x) {
final IOException io = new IOException(x.getMessage());
io.initCause(x);
throw io;
}
super.start();
}
};
if (securityService.isIntegratedSecurity()) {
shiroAuthenticator = new JMXShiroAuthenticator();
env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
jmxConnectorServer.addNotificationListener(shiroAuthenticator, null, jmxConnectorServer.getAttributes());
// always going to assume authorization is needed as well, if no custom AccessControl, then
// the CustomAuthRealm
// should take care of that
MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper();
jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper);
registerAccessControlMBean();
} else {
/* Disable the old authenticator mechanism */
String pwFile = this.config.getJmxManagerPasswordFile();
if (pwFile != null && pwFile.length() > 0) {
env.put("jmx.remote.x.password.file", pwFile);
}
String accessFile = this.config.getJmxManagerAccessFile();
if (accessFile != null && accessFile.length() > 0) {
// Lets not use default connector based authorization
// env.put("jmx.remote.x.access.file", accessFile);
// Rewire the mbs hierarchy to set accessController
ReadOpFileAccessController controller = new ReadOpFileAccessController(accessFile);
controller.setMBeanServer(mbs);
mbs = controller;
}
}
jmxConnectorServer.start();
if (logger.isDebugEnabled()) {
logger.debug("Finished starting jmx manager agent.");
}
}
Aggregations