1 28 package net.sf.jguard.ext.java5.authentication.jmx; 29 30 import java.io.ObjectInputStream ; 31 import java.lang.reflect.Constructor ; 32 import java.lang.reflect.InvocationTargetException ; 33 import java.security.AccessControlException ; 34 import java.util.Arrays ; 35 import java.util.HashSet ; 36 import java.util.List ; 37 import java.util.Set ; 38 import java.util.logging.Logger ; 39 40 import javax.management.Attribute ; 41 import javax.management.AttributeList ; 42 import javax.management.AttributeNotFoundException ; 43 import javax.management.InstanceAlreadyExistsException ; 44 import javax.management.InstanceNotFoundException ; 45 import javax.management.IntrospectionException ; 46 import javax.management.InvalidAttributeValueException ; 47 import javax.management.ListenerNotFoundException ; 48 import javax.management.MBeanException ; 49 import javax.management.MBeanInfo ; 50 import javax.management.MBeanPermission ; 51 import javax.management.MBeanRegistration ; 52 import javax.management.MBeanRegistrationException ; 53 import javax.management.MBeanServer ; 54 import javax.management.MBeanTrustPermission ; 55 import javax.management.MalformedObjectNameException ; 56 import javax.management.NotCompliantMBeanException ; 57 import javax.management.NotificationFilter ; 58 import javax.management.NotificationListener ; 59 import javax.management.ObjectInstance ; 60 import javax.management.ObjectName ; 61 import javax.management.OperationsException ; 62 import javax.management.QueryExp ; 63 import javax.management.ReflectionException ; 64 import javax.management.loading.ClassLoaderRepository ; 65 import javax.management.remote.MBeanServerForwarder ; 66 67 import net.sf.jguard.core.authorization.policy.LocalAccessController; 68 69 74 public class MBeanServerGuard implements MBeanServerForwarder { 75 private static final Logger logger = Logger.getLogger(MBeanServerGuard.class.getName()); 76 private MBeanServer mbs = null; 77 private LocalAccessController accessController = null; 78 79 public MBeanServerGuard(LocalAccessController lac){ 80 accessController = lac; 81 } 82 83 public MBeanServer getMBeanServer() { 84 return mbs; 85 } 86 87 public void setMBeanServer(MBeanServer mBeanServer) { 88 mbs = mBeanServer; 89 } 90 91 public void addNotificationListener(ObjectName name, 92 NotificationListener listener, NotificationFilter filter, 93 Object handback) throws InstanceNotFoundException { 94 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"addNotificationListener")); 95 mbs.addNotificationListener(name, listener, filter, handback); 96 97 } 98 99 public void addNotificationListener(ObjectName name, ObjectName listener, 100 NotificationFilter filter, Object handback) 101 throws InstanceNotFoundException { 102 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"addNotificationListener")); 103 mbs.addNotificationListener(name, listener, filter, handback); 104 } 105 106 public ObjectInstance createMBean(String className, ObjectName name) 107 throws ReflectionException , InstanceAlreadyExistsException , 108 MBeanRegistrationException , MBeanException , 109 NotCompliantMBeanException { 110 111 return createMBean(className, name, (Object []) null, (String []) null); 112 113 } 114 115 public ObjectInstance createMBean(String className, ObjectName name, 116 ObjectName loaderName) throws ReflectionException , 117 InstanceAlreadyExistsException , MBeanRegistrationException , 118 MBeanException , NotCompliantMBeanException , 119 InstanceNotFoundException { 120 return createMBean(className, name, loaderName, (Object []) null, (String []) null); 121 } 122 123 public ObjectInstance createMBean(String className, ObjectName name, 124 Object [] params, String [] signature) throws ReflectionException , 125 InstanceAlreadyExistsException , MBeanRegistrationException , 126 MBeanException , NotCompliantMBeanException { 127 ObjectInstance oi = null; 128 129 try { 130 return createMBean(className, name, (ObjectName )null, (Object []) null, (String []) null); 131 } catch (InstanceNotFoundException e) { 132 logger.severe(e.getMessage()); 133 } 134 return oi; 135 136 } 137 138 public ObjectInstance createMBean(String className, ObjectName name, 139 ObjectName loaderName, Object [] params, String [] signature) 140 throws ReflectionException , InstanceAlreadyExistsException , 141 MBeanRegistrationException , MBeanException , 142 NotCompliantMBeanException , InstanceNotFoundException { 143 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate")); 145 146 accessController.checkPermission(new MBeanPermission (className,null,name,"registerMBean")); 148 Class clazz = null; 149 try { 150 clazz = Thread.currentThread().getContextClassLoader().loadClass(className); 151 } catch (ClassNotFoundException e) { 152 logger.severe(e.getMessage()); 153 } 154 if(!clazz.getProtectionDomain().implies(new MBeanTrustPermission ("register"))){ 155 throw new AccessControlException ("registration denied"); 156 } 157 158 if(name==null){ 159 Class [] classes = new Class [signature.length]; 160 for (int i =0;i<signature.length;i++) { 161 String element = signature[i]; 162 try { 163 classes[i] = Thread.currentThread().getContextClassLoader().loadClass(element); 164 } catch (ClassNotFoundException e) { 165 logger.severe(e.getMessage()); 166 } 167 } 168 Constructor constructor; 169 Object obj = null; 170 try { 171 constructor = clazz.getDeclaredConstructor(classes); 172 obj = constructor.newInstance(params); 173 } catch (SecurityException e) { 174 logger.severe(e.getMessage()); 175 } catch (NoSuchMethodException e) { 176 logger.severe(e.getMessage()); 177 } catch (IllegalArgumentException e) { 178 logger.severe(e.getMessage()); 179 } catch (InstantiationException e) { 180 logger.severe(e.getMessage()); 181 } catch (IllegalAccessException e) { 182 logger.severe(e.getMessage()); 183 } catch (InvocationTargetException e) { 184 logger.severe(e.getMessage()); 185 } 186 187 MBeanRegistration mbeanReg = (MBeanRegistration )obj; 188 try { 189 name = (ObjectName )mbeanReg.preRegister(mbs, null); 190 } catch (Exception e) { 191 logger.severe(e.getMessage()); 192 } 193 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"registerMBean")); 194 } 195 196 197 ObjectInstance oi = mbs.createMBean(className, name); 198 return oi; 199 } 200 201 public ObjectInputStream deserialize(ObjectName name, byte[] data) 202 throws InstanceNotFoundException , OperationsException { 203 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getClassLoaderFor")); 204 return mbs.deserialize(name, data); 205 } 206 207 public ObjectInputStream deserialize(String className, byte[] data) 208 throws OperationsException , ReflectionException { 209 accessController.checkPermission(new MBeanPermission (null,null,null,"getClassLoaderRepository")); 210 return mbs.deserialize(className, data); 211 } 212 213 public ObjectInputStream deserialize(String className, 214 ObjectName loaderName, byte[] data) 215 throws InstanceNotFoundException , OperationsException , 216 ReflectionException { 217 accessController.checkPermission(new MBeanPermission (getClassName(loaderName),null,loaderName,"getClassLoader")); 218 return mbs.deserialize(className, loaderName, data); 219 } 220 221 public Object getAttribute(ObjectName name, String attribute) 222 throws MBeanException , AttributeNotFoundException , 223 InstanceNotFoundException , ReflectionException { 224 accessController.checkPermission(new MBeanPermission (getClassName(name),attribute,name,"getAttribute")); 225 return mbs.getAttribute(name, attribute); 226 } 227 228 public AttributeList getAttributes(ObjectName name, String [] attributes) 229 throws InstanceNotFoundException , ReflectionException { 230 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getAttribute")); 231 AttributeList attList = mbs.getAttributes(name, attributes); 232 for(int i = 0;i<attList.size();i++){ 233 Attribute att = (Attribute )attList.get(i); 234 try{ 235 accessController.checkPermission(new MBeanPermission (getClassName(name), att.getName(), name, "getAttribute")); 236 }catch(AccessControlException ace){ 237 attList.remove(att); 238 i--; 239 } 240 } 241 return attList; 242 } 243 244 public ClassLoader getClassLoader(ObjectName loaderName) 245 throws InstanceNotFoundException { 246 accessController.checkPermission(new MBeanPermission (getClassName(loaderName),null,loaderName,"getClassLoader")); 247 return mbs.getClassLoader(loaderName); 248 } 249 250 public ClassLoader getClassLoaderFor(ObjectName mbeanName) 251 throws InstanceNotFoundException { 252 accessController.checkPermission(new MBeanPermission (getClassName(mbeanName),null,mbeanName,"getClassLoaderFor")); 253 return mbs.getClassLoaderFor(mbeanName); 254 } 255 256 public ClassLoaderRepository getClassLoaderRepository() { 257 accessController.checkPermission(new MBeanPermission (null,null,null,"getClassLoaderRepository")); 258 return mbs.getClassLoaderRepository(); 259 } 260 261 public String getDefaultDomain() { 262 return mbs.getDefaultDomain(); 263 } 264 265 public String [] getDomains() { 266 MBeanPermission perm = null; 267 try { 268 perm = new MBeanPermission (null,null,new ObjectName ("*"),"getDomains"); 269 } catch (MalformedObjectNameException e) { 270 logger.severe(e.getMessage()); 271 } catch (NullPointerException e) { 272 logger.severe(e.getMessage()); 273 } 274 accessController.checkPermission(perm); 275 List <String > domainsList = Arrays.asList(mbs.getDomains()); 276 for(int i = 0;i<domainsList.size();i++){ 277 String domain = domainsList.get(i); 278 try{ 279 accessController.checkPermission(new MBeanPermission (null,null, new ObjectName (domain+":x=x"), "getDomains")); 280 }catch(AccessControlException ace){ 281 domainsList.remove(domain); 282 i--; 283 } catch (MalformedObjectNameException e) { 284 logger.severe(e.getMessage()); 285 } catch (NullPointerException e) { 286 logger.severe(e.getMessage()); 287 } 288 } 289 return domainsList.toArray(new String [domainsList.size()]); 290 } 291 292 public Integer getMBeanCount() { 293 return mbs.getMBeanCount(); 294 } 295 296 public MBeanInfo getMBeanInfo(ObjectName name) 297 throws InstanceNotFoundException , IntrospectionException , 298 ReflectionException { 299 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getMBeanInfo")); 300 return mbs.getMBeanInfo(name); 301 } 302 303 public ObjectInstance getObjectInstance(ObjectName name) 304 throws InstanceNotFoundException { 305 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"getObjectInstance")); 306 return mbs.getObjectInstance(name); 307 } 308 309 public Object instantiate(String className) throws ReflectionException , 310 MBeanException { 311 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate")); 312 return mbs.instantiate(className); 313 } 314 315 public Object instantiate(String className, ObjectName loaderName) 316 throws ReflectionException , MBeanException , 317 InstanceNotFoundException { 318 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate")); 319 return mbs.instantiate(className,loaderName); 320 } 321 322 public Object instantiate(String className, Object [] params, 323 String [] signature) throws ReflectionException , MBeanException { 324 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate")); 325 return mbs.instantiate(className, params, signature); 326 } 327 328 public Object instantiate(String className, ObjectName loaderName, 329 Object [] params, String [] signature) throws ReflectionException , 330 MBeanException , InstanceNotFoundException { 331 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate")); 332 return mbs.instantiate(className, loaderName, params, signature); 333 } 334 335 public Object invoke(ObjectName name, String operationName, 336 Object [] params, String [] signature) 337 throws InstanceNotFoundException , MBeanException , 338 ReflectionException { 339 accessController.checkPermission(new MBeanPermission (getClassName(name),operationName,name,"invoke")); 340 return mbs.invoke(name, operationName, params, signature); 341 } 342 343 public boolean isInstanceOf(ObjectName name, String className) 344 throws InstanceNotFoundException { 345 accessController.checkPermission(new MBeanPermission (className,null,name,"isInstanceOf")); 346 return mbs.isInstanceOf(name, className); 347 } 348 349 public boolean isRegistered(ObjectName name) { 350 return mbs.isRegistered(name); 351 } 352 353 public Set queryMBeans(ObjectName name, QueryExp query) { 354 accessController.checkPermission(new MBeanPermission (null,null,name,"queryMBeans")); 355 Set <ObjectInstance > mbeans = mbs.queryMBeans(name, query); 356 357 Set <ObjectInstance > mbeansToRemove = new HashSet <ObjectInstance >(); 358 for(ObjectInstance oi:mbeans){ 359 try{ 360 accessController.checkPermission(new MBeanPermission (oi.getClassName(),null,oi.getObjectName(),"queryMBeans")); 361 }catch(AccessControlException ace){ 362 mbeansToRemove.add(oi); 363 } 364 } 365 boolean success = mbeans.removeAll(mbeansToRemove); 366 if(!success){ 367 throw new AccessControlException ("mbeans cannot be removed from the returned Set when access is denied to them with the queryMbeans operation "); 368 } 369 return mbeans; 370 } 371 372 public Set queryNames(ObjectName name, QueryExp query) { 373 accessController.checkPermission(new MBeanPermission (null,null,name,"queryNames")); 374 Set <ObjectName > mbeans = mbs.queryNames(name, query); 375 Set <ObjectName > mbeansToRemove = new HashSet <ObjectName >(); 376 for(ObjectName on:mbeans){ 377 try{ 378 accessController.checkPermission(new MBeanPermission (getClassName(on),null,on,"queryNames")); 379 }catch(AccessControlException ace){ 380 mbeansToRemove.add(on); 381 } 382 } 383 boolean success = mbeans.removeAll(mbeansToRemove); 384 385 return mbeans; 386 } 387 388 public ObjectInstance registerMBean(Object object, ObjectName name) 389 throws InstanceAlreadyExistsException , MBeanRegistrationException , 390 NotCompliantMBeanException { 391 String className = null; 392 try { 393 className = mbs.getMBeanInfo(name).getClassName(); 394 } catch (InstanceNotFoundException e) { 395 logger.severe(e.getMessage()); 396 } catch (IntrospectionException e) { 397 logger.severe(e.getMessage()); 398 } catch (ReflectionException e) { 399 logger.severe(e.getMessage()); 400 } 401 accessController.checkPermission(new MBeanPermission (className,null,null,"instantiate")); 403 404 if(name!=null){ 406 accessController.checkPermission(new MBeanPermission (className,null,name,"registerMBean")); 407 }else{ 408 MBeanRegistration mbeanReg = (MBeanRegistration )object; 409 try { 410 name = (ObjectName )mbeanReg.preRegister(mbs, null); 411 } catch (Exception e) { 412 logger.severe(e.getMessage()); 413 } 414 accessController.checkPermission(new MBeanPermission (className,null,name,"registerMBean")); 415 } 416 Class clazz = null; 417 try { 418 clazz = Thread.currentThread().getContextClassLoader().loadClass(className); 419 } catch (ClassNotFoundException e) { 420 logger.severe(e.getMessage()); 421 } 422 if(!clazz.getProtectionDomain().implies(new MBeanTrustPermission ("register"))){ 423 throw new AccessControlException ("registration denied"); 424 } 425 return mbs.registerMBean(object, name); 426 } 427 428 public void removeNotificationListener(ObjectName name, ObjectName listener) 429 throws InstanceNotFoundException , ListenerNotFoundException { 430 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener")); 431 mbs.removeNotificationListener(name, listener); 432 433 } 434 435 public void removeNotificationListener(ObjectName name, 436 NotificationListener listener) throws InstanceNotFoundException , 437 ListenerNotFoundException { 438 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener")); 439 mbs.removeNotificationListener(name, listener); 440 441 } 442 443 public void removeNotificationListener(ObjectName name, 444 ObjectName listener, NotificationFilter filter, Object handback) 445 throws InstanceNotFoundException , ListenerNotFoundException { 446 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener")); 447 mbs.removeNotificationListener(name, listener,filter,handback); 448 449 } 450 451 public void removeNotificationListener(ObjectName name, 452 NotificationListener listener, NotificationFilter filter, 453 Object handback) throws InstanceNotFoundException , 454 ListenerNotFoundException { 455 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"removeNotificationListener")); 456 mbs.removeNotificationListener(name, listener,filter,handback); 457 458 } 459 460 public void setAttribute(ObjectName name, Attribute attribute) 461 throws InstanceNotFoundException , AttributeNotFoundException , 462 InvalidAttributeValueException , MBeanException , ReflectionException { 463 accessController.checkPermission(new MBeanPermission (getClassName(name),attribute.getName(),name,"setAttribute")); 464 465 } 466 467 public AttributeList setAttributes(ObjectName name, AttributeList attributes) 468 throws InstanceNotFoundException , ReflectionException { 469 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"setAttribute")); 470 AttributeList attList = mbs.setAttributes(name, attributes); 471 for(int i = 0;i<attList.size();i++){ 472 Attribute att = (Attribute )attList.get(i); 473 try{ 474 accessController.checkPermission(new MBeanPermission (getClassName(name), att.getName(), name, "setAttribute")); 475 }catch(AccessControlException ace){ 476 attList.remove(att); 477 i--; 478 } 479 } 480 return null; 481 } 482 483 public void unregisterMBean(ObjectName name) 484 throws InstanceNotFoundException , MBeanRegistrationException { 485 accessController.checkPermission(new MBeanPermission (getClassName(name),null,name,"unregisterMBean")); 486 mbs.unregisterMBean(name); 487 488 } 489 490 private String getClassName(ObjectName name){ 491 String className = null; 492 try { 493 className = mbs.getMBeanInfo(name).getClassName(); 494 } catch (InstanceNotFoundException e) { 495 logger.severe(e.getMessage()); 496 } catch (IntrospectionException e) { 497 logger.severe(e.getMessage()); 498 } catch (ReflectionException e) { 499 logger.severe(e.getMessage()); 500 } 501 return className; 502 } 503 } 504 | Popular Tags |