Java > Open Source Codes > net > sf > jguard > ext > java5 > authentication > jmx > JMXHelper


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name: $
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.ext.java5.authentication.jmx;
29
30 import java.io.IOException ;
31 import java.net.MalformedURLException ;
32 import java.rmi.RemoteException ;
33 import java.rmi.registry.LocateRegistry ;
34 import java.util.ArrayList ;
35 import java.util.Arrays ;
36 import java.util.HashMap ;
37 import java.util.List ;
38 import java.util.Map ;
39 import java.util.logging.Logger ;
40
41 import javax.management.MBeanServer ;
42 import javax.management.MBeanServerFactory ;
43 import javax.management.remote.JMXConnectorServer ;
44 import javax.management.remote.JMXConnectorServerFactory ;
45 import javax.management.remote.JMXServiceURL ;
46 import javax.management.remote.MBeanServerForwarder ;
47 import javax.management.remote.rmi.RMIConnectorServer ;
48 import javax.security.auth.login.Configuration ;
49
50 import net.sf.jguard.core.authorization.policy.AccessControllerUtils;
51 import net.sf.jguard.ext.SecurityConstants;
52
53 /**
54  * utility class used to securize JMX.
55  * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
56  */
57 public class JMXHelper {
58     
59     private static final String COM_SUN_JNDI_RMI_REGISTRY_REGISTRY_CONTEXT_FACTORY = "com.sun.jndi.rmi.registry.RegistryContextFactory";
60     private static final Logger logger = Logger.getLogger(JMXHelper.class.getName());
61     private static final String JAVA_NAMING_FACTORY_INITIAL = "java.naming.factory.initial";
62     
63     public static void enableJMXSecurity(String applicationName,Map opts,Configuration configuration,AccessControllerUtils authorizationUtils) {
64         // JMX MBeanServer creation
65 String mbeanServerForConnector = (String )opts.get(SecurityConstants.MBEAN_SERVER_FOR_CONNECTOR);
66         
67             MBeanServer mbs = null;
68             if(mbeanServerForConnector==null ||mbeanServerForConnector==""||"new".equals(mbeanServerForConnector)){
69                 mbs = MBeanServerFactory.createMBeanServer(applicationName);
70                 logger.info("Starting JMX Server ...");
71             }else if(mbeanServerForConnector.startsWith("position#")){
72                 //user provides position#$position
73 //for example 'position#2'
74 mbeanServerForConnector = mbeanServerForConnector.substring(0, 9);
75                 int position = Integer.parseInt(mbeanServerForConnector);
76                 //does each webapp create its own MBeanServer
77 //or do webapps share their MBeans on the same MBeanServer ?
78 ArrayList mbeanServers = MBeanServerFactory.findMBeanServer(null);
79                 mbs = (MBeanServer )mbeanServers.get(position);
80             
81             }else{
82                 //user provides serverName#$position
83 //for example 'myPrettyServer#3'
84 //if user provides 'myPrettyServer#' or 'myPrettyServer',
85 //we will get the first MBeanServer => like 'myPrettyServer#0'
86 List tokens = Arrays.asList(mbeanServerForConnector.split("#"));
87                 String mbeanServerName = (String )tokens.get(0);
88                 String position = null;
89                 if(tokens.size()>=2){
90                     position = (String )tokens.get(1);
91                 }else{
92                     position ="0";
93                 }
94                 ArrayList mbeanServers = MBeanServerFactory.findMBeanServer(mbeanServerName);
95                 
96                 mbs = (MBeanServer )mbeanServers.get(Integer.parseInt(position));
97                 
98             }
99             String rmiRegistryHost=SecurityConstants.DEFAULT_RMI_REGISTRY_HOST;
100             if(opts.get(SecurityConstants.RMI_REGISTRY_HOST)!=null){
101                 rmiRegistryHost=(String )opts.get(SecurityConstants.RMI_REGISTRY_HOST);
102             }
103
104             int rmiRegistryPort=SecurityConstants.DEFAULT_RMI_REGISTRY_PORT;
105             if(opts.get(SecurityConstants.RMI_REGISTRY_PORT)!=null){
106                 try{
107                 rmiRegistryPort=Integer.parseInt((String )opts.get(SecurityConstants.RMI_REGISTRY_PORT));
108                 }catch(NumberFormatException e){
109                     logger.warning("RmiRegistry port in web.xml is not a number. Using default.");
110                 }
111             }
112
113             try{
114                 // TODO handle custom rmiRegistryHost
115 LocateRegistry.createRegistry(rmiRegistryPort);
116 // LocateRegistry.getRegistry(rmiRegistryHost,rmiRegistryPort);
117
118             }catch(RemoteException e){
119                 logger.severe("Could not found rmiRegistry : "+e.getMessage());
120             }
121
122             String serviceURL = "service:jmx:rmi://localhost/jndi/rmi://"+rmiRegistryHost+":"+rmiRegistryPort+"/"+applicationName;
123             JMXServiceURL url=null;
124             try {
125                 url=new JMXServiceURL (serviceURL);
126             } catch (MalformedURLException e) {
127                 logger.severe("MalformedURLException : "+e);
128             }
129             logger.info("JMX Server URL : "+url.toString());
130             
131             JGuardJMXAuthenticator jmxAuthenticator= null;
132             
133             //we use the COnfiguration from the JVM
134 if(configuration==null){
135                 jmxAuthenticator=new JGuardJMXAuthenticator(applicationName,Thread.currentThread().getContextClassLoader());
136             }else{
137                 jmxAuthenticator=new JGuardJMXAuthenticator(applicationName,Thread.currentThread().getContextClassLoader(),configuration);
138             }
139
140             Map options=new HashMap ();
141             options.put(JMXConnectorServer.AUTHENTICATOR,jmxAuthenticator);
142             options.put(JAVA_NAMING_FACTORY_INITIAL,JMXHelper.COM_SUN_JNDI_RMI_REGISTRY_REGISTRY_CONTEXT_FACTORY);
143             options.put(RMIConnectorServer.JNDI_REBIND_ATTRIBUTE,"true");
144             try {
145                 JMXConnectorServer connectorServer= JMXConnectorServerFactory.newJMXConnectorServer(url,options,mbs);
146                 
147                 //we are in 'local' mode
148 if(authorizationUtils.getAccessController()!=null){
149 // MBeanServerForwarder msf = MBSFInvocationHandler.newProxyInstance(authorizationUtils.getAccessController());
150 MBeanServerForwarder msf = new MBeanServerGuard(authorizationUtils.getAccessController());
151                     connectorServer.setMBeanServerForwarder(msf);
152                 }
153                 connectorServer.start();
154             } catch (IOException e) {
155                 logger.severe("IOException : "+e);
156             }
157
158     }
159
160 }
161

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags