KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > mx4j > server > interceptor > SecurityMBeanServerInterceptor


1 /*
2  * Copyright (C) MX4J.
3  * All rights reserved.
4  *
5  * This software is distributed under the terms of the MX4J License version 1.0.
6  * See the terms of the MX4J License in the documentation provided with this software.
7  */

8
9 package mx4j.server.interceptor;
10
11 import java.security.AccessControlException JavaDoc;
12 import java.security.AccessController JavaDoc;
13 import java.security.PrivilegedAction JavaDoc;
14 import java.security.ProtectionDomain JavaDoc;
15 import java.util.ArrayList JavaDoc;
16
17 import javax.management.Attribute JavaDoc;
18 import javax.management.AttributeList JavaDoc;
19 import javax.management.AttributeNotFoundException JavaDoc;
20 import javax.management.InvalidAttributeValueException JavaDoc;
21 import javax.management.ListenerNotFoundException JavaDoc;
22 import javax.management.MBeanException JavaDoc;
23 import javax.management.MBeanInfo JavaDoc;
24 import javax.management.MBeanRegistrationException JavaDoc;
25 import javax.management.NotificationFilter JavaDoc;
26 import javax.management.NotificationListener JavaDoc;
27 import javax.management.ObjectName JavaDoc;
28 import javax.management.ReflectionException JavaDoc;
29 import javax.management.MBeanPermission JavaDoc;
30
31 import mx4j.server.MBeanMetaData;
32 import javax.management.MBeanTrustPermission JavaDoc;
33
34 /**
35  * Interceptor that takes care of performing security checks (in case the SecurityManager is installed) for
36  * MBeanServer to MBean calls.
37  *
38  * @author <a HREF="mailto:biorn_steedom@users.sourceforge.net">Simone Bordet</a>
39  * @version $Revision: 1.12 $
40  */

41 public class SecurityMBeanServerInterceptor extends DefaultMBeanServerInterceptor implements SecurityMBeanServerInterceptorMBean
42 {
43    public String JavaDoc getType()
44    {
45       return "security";
46    }
47
48    public boolean isEnabled()
49    {
50       return true;
51    }
52
53    public void addNotificationListener(MBeanMetaData metadata, NotificationListener JavaDoc listener, NotificationFilter JavaDoc filter, Object JavaDoc handback)
54    {
55       checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "addNotificationListener");
56       super.addNotificationListener(metadata, listener, filter, handback);
57    }
58
59    public void removeNotificationListener(MBeanMetaData metadata, NotificationListener JavaDoc listener) throws ListenerNotFoundException JavaDoc
60    {
61       checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "removeNotificationListener");
62       super.removeNotificationListener(metadata, listener);
63    }
64
65    public void removeNotificationListener(MBeanMetaData metadata, NotificationListener JavaDoc listener, NotificationFilter JavaDoc filter, Object JavaDoc handback) throws ListenerNotFoundException JavaDoc
66    {
67       checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "removeNotificationListener");
68       super.removeNotificationListener(metadata, listener, filter, handback);
69    }
70
71    public void instantiate(MBeanMetaData metadata, String JavaDoc className, String JavaDoc[] params, Object JavaDoc[] args) throws ReflectionException JavaDoc, MBeanException JavaDoc
72    {
73       checkPermission(className, null, metadata.getObjectName(), "instantiate");
74       super.instantiate(metadata, className, params, args);
75    }
76
77    public MBeanInfo JavaDoc getMBeanInfo(MBeanMetaData metadata)
78    {
79       checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "getMBeanInfo");
80       return super.getMBeanInfo(metadata);
81    }
82
83    public Object JavaDoc invoke(MBeanMetaData metadata, String JavaDoc method, String JavaDoc[] params, Object JavaDoc[] args) throws MBeanException JavaDoc, ReflectionException JavaDoc
84    {
85       checkPermission(metadata.getMBeanInfo().getClassName(), method, metadata.getObjectName(), "invoke");
86       return super.invoke(metadata, method, params, args);
87    }
88
89    public AttributeList JavaDoc getAttributes(MBeanMetaData metadata, String JavaDoc[] attributes)
90    {
91       Object JavaDoc[] secured = filterAttributes(metadata.getMBeanInfo().getClassName(), metadata.getObjectName(), attributes, true);
92       String JavaDoc[] array = new String JavaDoc[secured.length];
93       for (int i = 0; i < array.length; ++i) array[i] = (String JavaDoc)secured[i];
94       return super.getAttributes(metadata, array);
95    }
96
97    public AttributeList JavaDoc setAttributes(MBeanMetaData metadata, AttributeList JavaDoc attributes)
98    {
99       Object JavaDoc[] secured = filterAttributes(metadata.getMBeanInfo().getClassName(), metadata.getObjectName(), attributes.toArray(), false);
100       AttributeList JavaDoc list = new AttributeList JavaDoc();
101       for (int i = 0; i < secured.length; ++i) list.add(secured[i]);
102       return super.setAttributes(metadata, list);
103    }
104
105    public Object JavaDoc getAttribute(MBeanMetaData metadata, String JavaDoc attribute) throws MBeanException JavaDoc, AttributeNotFoundException JavaDoc, ReflectionException JavaDoc
106    {
107       checkPermission(metadata.getMBeanInfo().getClassName(), attribute, metadata.getObjectName(), "getAttribute");
108       return super.getAttribute(metadata, attribute);
109    }
110
111    public void setAttribute(MBeanMetaData metadata, Attribute JavaDoc attribute) throws MBeanException JavaDoc, AttributeNotFoundException JavaDoc, InvalidAttributeValueException JavaDoc, ReflectionException JavaDoc
112    {
113       checkPermission(metadata.getMBeanInfo().getClassName(), attribute.getName(), metadata.getObjectName(), "setAttribute");
114       super.setAttribute(metadata, attribute);
115    }
116
117    public void registration(MBeanMetaData metadata, int operation) throws MBeanRegistrationException JavaDoc
118    {
119       switch (operation)
120       {
121          case PRE_REGISTER:
122             checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "registerMBean");
123             checkTrustRegistration(metadata.getMBean().getClass());
124             break;
125          case POST_REGISTER_TRUE:
126             // The MBean can implement MBeanRegistration and change the ObjectName
127
checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "registerMBean");
128             break;
129          case PRE_DEREGISTER:
130             checkPermission(metadata.getMBeanInfo().getClassName(), null, metadata.getObjectName(), "unregisterMBean");
131             break;
132          default:
133             break;
134       }
135       super.registration(metadata, operation);
136    }
137
138    private void checkPermission(String JavaDoc className, String JavaDoc methodName, ObjectName JavaDoc objectname, String JavaDoc action)
139    {
140       SecurityManager JavaDoc sm = System.getSecurityManager();
141       if (sm != null)
142       {
143          sm.checkPermission(new MBeanPermission JavaDoc(className, methodName, objectname, action));
144       }
145    }
146
147    private void checkTrustRegistration(final Class JavaDoc cls)
148    {
149       SecurityManager JavaDoc sm = System.getSecurityManager();
150       if (sm != null)
151       {
152          ProtectionDomain JavaDoc domain = (ProtectionDomain JavaDoc)AccessController.doPrivileged(new PrivilegedAction JavaDoc()
153          {
154             public Object JavaDoc run()
155             {
156                return cls.getProtectionDomain();
157             }
158          });
159
160          MBeanTrustPermission JavaDoc permission = new MBeanTrustPermission JavaDoc("register");
161          if (!domain.implies(permission))
162          {
163             throw new AccessControlException JavaDoc("Access denied " + permission + ": MBean class " + cls.getName() + " is not trusted for registration");
164          }
165       }
166    }
167
168    private Object JavaDoc[] filterAttributes(String JavaDoc className, ObjectName JavaDoc objectName, Object JavaDoc[] attributes, boolean isGet)
169    {
170       SecurityManager JavaDoc sm = System.getSecurityManager();
171       if (sm == null) return attributes;
172
173       ArrayList JavaDoc list = new ArrayList JavaDoc();
174
175       for (int i = 0; i < attributes.length; ++i)
176       {
177          Object JavaDoc attribute = attributes[i];
178          String JavaDoc name = isGet ? (String JavaDoc)attribute : ((Attribute JavaDoc)attribute).getName();
179
180          try
181          {
182             checkPermission(className, name, objectName, isGet ? "getAttribute" : "setAttribute");
183             list.add(attribute);
184          }
185          catch (SecurityException JavaDoc ignore)
186          {
187             // This is ok. We just don't add this attribute to the list
188
}
189       }
190
191       return list.toArray();
192    }
193 }
194
Popular Tags