use of org.ow2.proactive.jmx.PermissionChecker in project scheduling by ow2-proactive.
the class RMNodeStarter method registerInRM.
/**
* Tries to join to the Resource Manager with a specified timeout
* at the given URL, logs with provided credentials and adds the local node to
* the Resource Manager. Handles all errors/exceptions.
*/
protected ResourceManager registerInRM(final Credentials credentials, final String rmURL, final String nodeName, final Collection<Node> nodes) {
RMAuthentication auth = joinResourceManager(rmURL);
final ResourceManager rm = loginToResourceManager(credentials, auth);
SigarExposer sigarExposer = null;
if (!disabledMonitoring) {
// initializing JMX server with Sigar beans
sigarExposer = new SigarExposer(nodeName);
final RMAuthentication rmAuth = auth;
sigarExposer.boot(auth, false, new PermissionChecker() {
@Override
public boolean checkPermission(Credentials cred) {
ResourceManager rm = null;
try {
rm = rmAuth.login(cred);
if (NB_OF_ADD_NODE_ATTEMPTS == 0)
return true;
boolean isAdmin = rm.isNodeAdmin(nodes.iterator().next().getNodeInformation().getURL()).getBooleanValue();
if (!isAdmin) {
throw new SecurityException("Permission denied");
}
return true;
} catch (LoginException e) {
throw new SecurityException(e);
} finally {
if (rm != null) {
rm.disconnect();
}
}
}
});
} else {
logger.info("JMX monitoring is disabled.");
}
for (final Node node : nodes) {
nodeSetJmxUrl(sigarExposer, node);
addNodeToResourceManager(rmURL, node, rm);
}
return rm;
}
use of org.ow2.proactive.jmx.PermissionChecker in project scheduling by ow2-proactive.
the class JMXAuthenticatorImpl method authenticate.
/**
* This method is automatically called when a JMX client tries to connect to the MBean Server referred
* by the connector.
* <p>
* The only allowed credentials structure provided by the client is Object[] that contains
* username/password (String/String) or username/{@link org.ow2.proactive.authentication.crypto.Credentials}
*
* @return a subject with the username as JMXPrincipal and the role as pubCredentials {@link javax.security.auth.Subject}
* @param rawCredentials the credentials provided by the client
*/
public Subject authenticate(final Object rawCredentials) {
// If not an array of object do not give any clues just throw exception
if (rawCredentials == null || !(rawCredentials instanceof Object[])) {
throw new SecurityException("Invalid credentials");
}
final Object[] arr = (Object[]) rawCredentials;
if (arr[0] == null || arr[1] == null) {
throw new SecurityException("Invalid credentials");
}
final String username = arr[0].toString();
Credentials internalCredentials = null;
// If username/Credentials
if (arr[1] instanceof Credentials) {
internalCredentials = (Credentials) arr[1];
// If username/password (ex: JConsole)
} else if (arr[1] instanceof String) {
try {
internalCredentials = Credentials.createCredentials(new CredData(CredData.parseLogin(username), CredData.parseDomain(username), (String) arr[1]), authentication.getPublicKey());
} catch (Exception e) {
throw new SecurityException("Invalid credentials", e);
}
} else {
throw new SecurityException("Invalid credentials");
}
try {
Subject s = this.authentication.authenticate(internalCredentials);
if (permissionChecker != null) {
boolean allowed = permissionChecker.checkPermission(internalCredentials);
if (!allowed) {
throw new SecurityException("Permission denied");
}
}
return s;
} catch (LoginException e) {
throw new SecurityException("Unable to authenticate " + username);
}
}
Aggregations