Java > Open Source Codes > net > sf > jguard > ext > java5 > authentication > jmx > MBeanServerGuard


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name$
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.ext.java5.authentication.jmx;
29
30 import java.io.ObjectInputStream ;
31 import java.lang.reflect.Constructor ;
32 import java.lang.reflect.InvocationTargetException ;
33 import java.security.AccessControlException ;
34 import java.util.Arrays ;
35 import java.util.HashSet ;
36 import java.util.List ;
37 import java.util.Set ;
38 import java.util.logging.Logger ;
39
40 import javax.management.Attribute ;
41 import javax.management.AttributeList ;
42 import javax.management.AttributeNotFoundException ;
43 import javax.management.InstanceAlreadyExistsException ;
44 import javax.management.InstanceNotFoundException ;
45 import javax.management.IntrospectionException ;
46 import javax.management.InvalidAttributeValueException ;
47 import javax.management.ListenerNotFoundException ;
48 import javax.management.MBeanException ;
49 import javax.management.MBeanInfo ;
50 import javax.management.MBeanPermission ;
51 import javax.management.MBeanRegistration ;
52 import javax.management.MBeanRegistrationException ;
53 import javax.management.MBeanServer ;
54 import javax.management.MBeanTrustPermission ;
55 import javax.management.MalformedObjectNameException ;
56 import javax.management.NotCompliantMBeanException ;
57 import javax.management.NotificationFilter ;
58 import javax.management.NotificationListener ;
59 import javax.management.ObjectInstance ;
60 import javax.management.ObjectName ;
61 import javax.management.OperationsException ;
62 import javax.management.QueryExp ;
63 import javax.management.ReflectionException ;
64 import javax.management.loading.ClassLoaderRepository ;
65 import javax.management.remote.MBeanServerForwarder ;
66
67 import net.sf.jguard.core.authorization.policy.LocalAccessController;
68
69 /**
70  *
71  * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
72  *
73  */
74 public class MBeanServerGuard implements MBeanServerForwarder {
75     private static final Logger logger = Logger.getLogger(MBeanServerGuard.class.getName());
76     private MBeanServer mbs = null;
77     private LocalAccessController accessController = null;
78     
79     public MBeanServerGuard(LocalAccessController lac){
80         accessController = lac;
81     }
82     
83     public MBeanServer getMBeanServer() {
84         return mbs;
85     }
86
87     public void setMBeanServer(MBeanServer mBeanServer) {
88         mbs = mBeanServer;
89     }
90
91     public void addNotificationListener(ObjectName name,
92             NotificationListener listener, NotificationFilter filter,
93             Object handback) throws InstanceNotFoundException {
94         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"addNotificationListener"));
95         mbs.addNotificationListener(name, listener, filter, handback);
96
97     }
98
99     public void addNotificationListener(ObjectName name, ObjectName listener,
100             NotificationFilter filter, Object handback)
101             throws InstanceNotFoundException {
102         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"addNotificationListener"));
103         mbs.addNotificationListener(name, listener, filter, handback);
104     }
105
106     public ObjectInstance createMBean(String className, ObjectName name)
107             throws ReflectionException , InstanceAlreadyExistsException ,
108             MBeanRegistrationException , MBeanException ,
109             NotCompliantMBeanException {
110         
111         return createMBean(className, name, (Object []) null, (String []) null);
112         
113     }
114
115     public ObjectInstance createMBean(String className, ObjectName name,
116             ObjectName loaderName) throws ReflectionException ,
117             InstanceAlreadyExistsException , MBeanRegistrationException ,
118             MBeanException , NotCompliantMBeanException ,
119             InstanceNotFoundException {
120         return createMBean(className, name, loaderName, (Object []) null, (String []) null);
121     }
122
123     public ObjectInstance createMBean(String className, ObjectName name,
124             Object [] params, String [] signature) throws ReflectionException ,
125             InstanceAlreadyExistsException , MBeanRegistrationException ,
126             MBeanException , NotCompliantMBeanException {
127         ObjectInstance oi = null;
128         
129         try {
130             return createMBean(className, name, (ObjectName )null, (Object []) null, (String []) null);
131         } catch (InstanceNotFoundException e) {
132             logger.severe(e.getMessage());
133         }
134         return oi;
135         
136     }
137
138     public ObjectInstance createMBean(String className, ObjectName name,
139             ObjectName loaderName, Object [] params, String [] signature)
140             throws ReflectionException , InstanceAlreadyExistsException ,
141             MBeanRegistrationException , MBeanException ,
142             NotCompliantMBeanException , InstanceNotFoundException {
143         //instantiate permission check
144 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate"));
145         
146         //register permission check
147 accessController.checkPermission(new MBeanPermission (className,null,name,"registerMBean"));
148         Class clazz = null;
149         try {
150             clazz = Thread.currentThread().getContextClassLoader().loadClass(className);
151         } catch (ClassNotFoundException e) {
152             logger.severe(e.getMessage());
153         }
154          if(!clazz.getProtectionDomain().implies(new MBeanTrustPermission ("register"))){
155              throw new AccessControlException ("registration denied");
156          }
157         
158         if(name==null){
159             Class [] classes = new Class [signature.length];
160             for (int i =0;i<signature.length;i++) {
161                 String element = signature[i];
162                 try {
163                     classes[i] = Thread.currentThread().getContextClassLoader().loadClass(element);
164                 } catch (ClassNotFoundException e) {
165                     logger.severe(e.getMessage());
166                 }
167             }
168             Constructor constructor;
169             Object obj = null;
170             try {
171                 constructor = clazz.getDeclaredConstructor(classes);
172                 obj = constructor.newInstance(params);
173             } catch (SecurityException e) {
174                 logger.severe(e.getMessage());
175             } catch (NoSuchMethodException e) {
176                 logger.severe(e.getMessage());
177             } catch (IllegalArgumentException e) {
178                 logger.severe(e.getMessage());
179             } catch (InstantiationException e) {
180                 logger.severe(e.getMessage());
181             } catch (IllegalAccessException e) {
182                 logger.severe(e.getMessage());
183             } catch (InvocationTargetException e) {
184                 logger.severe(e.getMessage());
185             }
186             
187             MBeanRegistration mbeanReg = (MBeanRegistration )obj;
188             try {
189                 name = (ObjectName )mbeanReg.preRegister(mbs, null);
190             } catch (Exception e) {
191                 logger.severe(e.getMessage());
192             }
193             accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"registerMBean"));
194         }
195         
196          
197         ObjectInstance oi = mbs.createMBean(className, name);
198         return oi;
199     }
200
201     public ObjectInputStream deserialize(ObjectName name, byte[] data)
202             throws InstanceNotFoundException , OperationsException {
203         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getClassLoaderFor"));
204         return mbs.deserialize(name, data);
205     }
206
207     public ObjectInputStream deserialize(String className, byte[] data)
208             throws OperationsException , ReflectionException {
209         accessController.checkPermission(new MBeanPermission (null,null,null,"getClassLoaderRepository"));
210         return mbs.deserialize(className, data);
211     }
212
213     public ObjectInputStream deserialize(String className,
214             ObjectName loaderName, byte[] data)
215             throws InstanceNotFoundException , OperationsException ,
216             ReflectionException {
217         accessController.checkPermission(new MBeanPermission (getClassName(loaderName),null,loaderName,"getClassLoader"));
218         return mbs.deserialize(className, loaderName, data);
219     }
220
221     public Object getAttribute(ObjectName name, String attribute)
222             throws MBeanException , AttributeNotFoundException ,
223             InstanceNotFoundException , ReflectionException {
224         accessController.checkPermission(new MBeanPermission (getClassName(name),attribute,name,"getAttribute"));
225         return mbs.getAttribute(name, attribute);
226     }
227
228     public AttributeList getAttributes(ObjectName name, String [] attributes)
229             throws InstanceNotFoundException , ReflectionException {
230         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getAttribute"));
231         AttributeList attList = mbs.getAttributes(name, attributes);
232         for(int i = 0;i<attList.size();i++){
233             Attribute att = (Attribute )attList.get(i);
234             try{
235                 accessController.checkPermission(new MBeanPermission (getClassName(name), att.getName(), name, "getAttribute"));
236             }catch(AccessControlException ace){
237                 attList.remove(att);
238                 i--;
239             }
240         }
241         return attList;
242     }
243
244     public ClassLoader getClassLoader(ObjectName loaderName)
245             throws InstanceNotFoundException {
246             accessController.checkPermission(new MBeanPermission (getClassName(loaderName),null,loaderName,"getClassLoader"));
247         return mbs.getClassLoader(loaderName);
248     }
249
250     public ClassLoader getClassLoaderFor(ObjectName mbeanName)
251             throws InstanceNotFoundException {
252             accessController.checkPermission(new MBeanPermission (getClassName(mbeanName),null,mbeanName,"getClassLoaderFor"));
253         return mbs.getClassLoaderFor(mbeanName);
254     }
255
256     public ClassLoaderRepository getClassLoaderRepository() {
257             accessController.checkPermission(new MBeanPermission (null,null,null,"getClassLoaderRepository"));
258         return mbs.getClassLoaderRepository();
259     }
260
261     public String getDefaultDomain() {
262         return mbs.getDefaultDomain();
263     }
264
265     public String [] getDomains() {
266         MBeanPermission perm = null;
267         try {
268             perm = new MBeanPermission (null,null,new ObjectName ("*"),"getDomains");
269         } catch (MalformedObjectNameException e) {
270             logger.severe(e.getMessage());
271         } catch (NullPointerException e) {
272             logger.severe(e.getMessage());
273         }
274         accessController.checkPermission(perm);
275         List <String > domainsList = Arrays.asList(mbs.getDomains());
276         for(int i = 0;i<domainsList.size();i++){
277             String domain = domainsList.get(i);
278             try{
279                 accessController.checkPermission(new MBeanPermission (null,null, new ObjectName (domain+":x=x"), "getDomains"));
280             }catch(AccessControlException ace){
281                 domainsList.remove(domain);
282                 i--;
283             } catch (MalformedObjectNameException e) {
284                 logger.severe(e.getMessage());
285             } catch (NullPointerException e) {
286                 logger.severe(e.getMessage());
287             }
288         }
289         return domainsList.toArray(new String [domainsList.size()]);
290     }
291
292     public Integer getMBeanCount() {
293         return mbs.getMBeanCount();
294     }
295
296     public MBeanInfo getMBeanInfo(ObjectName name)
297             throws InstanceNotFoundException , IntrospectionException ,
298             ReflectionException {
299         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getMBeanInfo"));
300         return mbs.getMBeanInfo(name);
301     }
302
303     public ObjectInstance getObjectInstance(ObjectName name)
304             throws InstanceNotFoundException {
305         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getObjectInstance"));
306         return mbs.getObjectInstance(name);
307     }
308
309     public Object instantiate(String className) throws ReflectionException ,
310             MBeanException {
311         accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate"));
312         return mbs.instantiate(className);
313     }
314
315     public Object instantiate(String className, ObjectName loaderName)
316             throws ReflectionException , MBeanException ,
317             InstanceNotFoundException {
318         accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate"));
319         return mbs.instantiate(className,loaderName);
320     }
321
322     public Object instantiate(String className, Object [] params,
323             String [] signature) throws ReflectionException , MBeanException {
324         accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate"));
325         return mbs.instantiate(className, params, signature);
326     }
327
328     public Object instantiate(String className, ObjectName loaderName,
329             Object [] params, String [] signature) throws ReflectionException ,
330             MBeanException , InstanceNotFoundException {
331         accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate"));
332         return mbs.instantiate(className, loaderName, params, signature);
333     }
334
335     public Object invoke(ObjectName name, String operationName,
336             Object [] params, String [] signature)
337             throws InstanceNotFoundException , MBeanException ,
338             ReflectionException {
339         accessController.checkPermission(new MBeanPermission (getClassName(name),operationName,name,"invoke"));
340         return mbs.invoke(name, operationName, params, signature);
341     }
342
343     public boolean isInstanceOf(ObjectName name, String className)
344             throws InstanceNotFoundException {
345         accessController.checkPermission(new MBeanPermission (className,null,name,"isInstanceOf"));
346         return mbs.isInstanceOf(name, className);
347     }
348
349     public boolean isRegistered(ObjectName name) {
350         return mbs.isRegistered(name);
351     }
352
353     public Set queryMBeans(ObjectName name, QueryExp query) {
354         accessController.checkPermission(new MBeanPermission (null,null,name,"queryMBeans"));
355         Set <ObjectInstance > mbeans = mbs.queryMBeans(name, query);
356         
357         Set <ObjectInstance > mbeansToRemove = new HashSet <ObjectInstance >();
358         for(ObjectInstance oi:mbeans){
359             try{
360                 accessController.checkPermission(new MBeanPermission (oi.getClassName(),null,oi.getObjectName(),"queryMBeans"));
361             }catch(AccessControlException ace){
362                 mbeansToRemove.add(oi);
363             }
364         }
365         boolean success = mbeans.removeAll(mbeansToRemove);
366         if(!success){
367             throw new AccessControlException ("mbeans cannot be removed from the returned Set when access is denied to them with the queryMbeans operation ");
368         }
369         return mbeans;
370     }
371
372     public Set queryNames(ObjectName name, QueryExp query) {
373         accessController.checkPermission(new MBeanPermission (null,null,name,"queryNames"));
374         Set <ObjectName > mbeans = mbs.queryNames(name, query);
375         Set <ObjectName > mbeansToRemove = new HashSet <ObjectName >();
376         for(ObjectName on:mbeans){
377             try{
378                 accessController.checkPermission(new MBeanPermission (getClassName(on),null,on,"queryNames"));
379             }catch(AccessControlException ace){
380                 mbeansToRemove.add(on);
381             }
382         }
383         boolean success = mbeans.removeAll(mbeansToRemove);
384         
385         return mbeans;
386     }
387
388     public ObjectInstance registerMBean(Object object, ObjectName name)
389             throws InstanceAlreadyExistsException , MBeanRegistrationException ,
390             NotCompliantMBeanException {
391         String className = null;
392         try {
393             className = mbs.getMBeanInfo(name).getClassName();
394         } catch (InstanceNotFoundException e) {
395             logger.severe(e.getMessage());
396         } catch (IntrospectionException e) {
397             logger.severe(e.getMessage());
398         } catch (ReflectionException e) {
399             logger.severe(e.getMessage());
400         }
401         //instantiate permission check
402 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate"));
403         
404         //register permission check
405 if(name!=null){
406             accessController.checkPermission(new MBeanPermission (className,null,name,"registerMBean"));
407         }else{
408             MBeanRegistration mbeanReg = (MBeanRegistration )object;
409             try {
410                 name = (ObjectName )mbeanReg.preRegister(mbs, null);
411             } catch (Exception e) {
412                 logger.severe(e.getMessage());
413             }
414             accessController.checkPermission(new MBeanPermission (className,null,name,"registerMBean"));
415         }
416         Class clazz = null;
417         try {
418             clazz = Thread.currentThread().getContextClassLoader().loadClass(className);
419         } catch (ClassNotFoundException e) {
420             logger.severe(e.getMessage());
421         }
422          if(!clazz.getProtectionDomain().implies(new MBeanTrustPermission ("register"))){
423              throw new AccessControlException ("registration denied");
424          }
425         return mbs.registerMBean(object, name);
426     }
427
428     public void removeNotificationListener(ObjectName name, ObjectName listener)
429             throws InstanceNotFoundException , ListenerNotFoundException {
430         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener"));
431         mbs.removeNotificationListener(name, listener);
432
433     }
434
435     public void removeNotificationListener(ObjectName name,
436             NotificationListener listener) throws InstanceNotFoundException ,
437             ListenerNotFoundException {
438         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener"));
439         mbs.removeNotificationListener(name, listener);
440
441     }
442
443     public void removeNotificationListener(ObjectName name,
444             ObjectName listener, NotificationFilter filter, Object handback)
445             throws InstanceNotFoundException , ListenerNotFoundException {
446         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener"));
447         mbs.removeNotificationListener(name, listener,filter,handback);
448
449     }
450
451     public void removeNotificationListener(ObjectName name,
452             NotificationListener listener, NotificationFilter filter,
453             Object handback) throws InstanceNotFoundException ,
454             ListenerNotFoundException {
455         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener"));
456         mbs.removeNotificationListener(name, listener,filter,handback);
457
458     }
459
460     public void setAttribute(ObjectName name, Attribute attribute)
461             throws InstanceNotFoundException , AttributeNotFoundException ,
462             InvalidAttributeValueException , MBeanException , ReflectionException {
463         accessController.checkPermission(new MBeanPermission (getClassName(name),attribute.getName(),name,"setAttribute"));
464
465     }
466
467     public AttributeList setAttributes(ObjectName name, AttributeList attributes)
468             throws InstanceNotFoundException , ReflectionException {
469         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"setAttribute"));
470         AttributeList attList = mbs.setAttributes(name, attributes);
471         for(int i = 0;i<attList.size();i++){
472             Attribute att = (Attribute )attList.get(i);
473             try{
474                 accessController.checkPermission(new MBeanPermission (getClassName(name), att.getName(), name, "setAttribute"));
475             }catch(AccessControlException ace){
476                 attList.remove(att);
477                 i--;
478             }
479         }
480         return null;
481     }
482
483     public void unregisterMBean(ObjectName name)
484             throws InstanceNotFoundException , MBeanRegistrationException {
485         accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"unregisterMBean"));
486         mbs.unregisterMBean(name);
487
488     }
489
490     private String getClassName(ObjectName name){
491         String className = null;
492         try {
493             className = mbs.getMBeanInfo(name).getClassName();
494         } catch (InstanceNotFoundException e) {
495             logger.severe(e.getMessage());
496         } catch (IntrospectionException e) {
497             logger.severe(e.getMessage());
498         } catch (ReflectionException e) {
499             logger.severe(e.getMessage());
500         }
501         return className;
502     }
503 }
504

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags