public static JMXResource mbean(String name) { return new JMXResource(name); }
@Override public boolean exists() { if (!hasParent()) return true; MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); try { return !(mbs.queryNames(new ObjectName(name), null).isEmpty()); } catch (MalformedObjectNameException e) { return false; } catch (NullPointerException e) { return false; } }
/** * Parses a role resource name into a RoleResource instance. * * @param name Name of the data resource. * @return RoleResource instance matching the name. */ public static JMXResource fromName(String name) { String[] parts = StringUtils.split(name, '/'); if (!parts[0].equals(ROOT_NAME) || parts.length > 2) throw new IllegalArgumentException(String.format("%s is not a valid JMX resource name", name)); if (parts.length == 1) return root(); return mbean(parts[1]); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
if (permittedResources.contains(JMXResource.root())) return true; if (ObjectName.getInstance(resource.getObjectName()).apply(target)) return true; logger.warn("Permissions for JMX resource contains invalid ObjectName {}", resource.getObjectName());
@Override public IResource getParent() { if (level == Level.MBEAN) return root(); throw new IllegalStateException("Root-level resource can't have a parent"); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
if (permittedResources.contains(JMXResource.root())) return true; if (ObjectName.getInstance(resource.getObjectName()).apply(target)) return true; logger.warn("Permissions for JMX resource contains invalid ObjectName {}", resource.getObjectName());
@Override public IResource getParent() { if (level == Level.MBEAN) return root(); throw new IllegalStateException("Root-level resource can't have a parent"); }
/** * Creates an IResource instance from its external name. * Resource implementation class is inferred by matching against the known IResource * impls' root level resources. * @param name * @return an IResource instance created from the name */ public static IResource fromName(String name) { if (name.startsWith(RoleResource.root().getName())) return RoleResource.fromName(name); else if (name.startsWith(DataResource.root().getName())) return DataResource.fromName(name); else if (name.startsWith(FunctionResource.root().getName())) return FunctionResource.fromName(name); else if (name.startsWith(JMXResource.root().getName())) return JMXResource.fromName(name); else throw new IllegalArgumentException(String.format("Name %s is not valid for any resource type", name)); }
/** * Parses a role resource name into a RoleResource instance. * * @param name Name of the data resource. * @return RoleResource instance matching the name. */ public static JMXResource fromName(String name) { String[] parts = StringUtils.split(name, '/'); if (!parts[0].equals(ROOT_NAME) || parts.length > 2) throw new IllegalArgumentException(String.format("%s is not a valid JMX resource name", name)); if (parts.length == 1) return root(); return mbean(parts[1]); }
if (permittedResources.contains(JMXResource.root())) return true; if (ObjectName.getInstance(resource.getObjectName()).apply(target)) return true; logger.warn("Permissions for JMX resource contains invalid ObjectName {}", resource.getObjectName());
@Override public IResource getParent() { if (level == Level.MBEAN) return root(); throw new IllegalStateException("Root-level resource can't have a parent"); }
public static JMXResource mbean(String name) { return new JMXResource(name); }
@Override public boolean exists() { if (!hasParent()) return true; MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); try { return !(mbs.queryNames(new ObjectName(name), null).isEmpty()); } catch (MalformedObjectNameException e) { return false; } catch (NullPointerException e) { return false; } }
/** * Parses a role resource name into a RoleResource instance. * * @param name Name of the data resource. * @return RoleResource instance matching the name. */ public static JMXResource fromName(String name) { String[] parts = StringUtils.split(name, '/'); if (!parts[0].equals(ROOT_NAME) || parts.length > 2) throw new IllegalArgumentException(String.format("%s is not a valid JMX resource name", name)); if (parts.length == 1) return root(); return mbean(parts[1]); }
if (permittedResources.contains(JMXResource.root())) return true; Set<ObjectName> matchingNames = queryNames.apply(ObjectName.getInstance(resource.getObjectName())); targetNames.removeAll(matchingNames); if (targetNames.isEmpty()) logger.warn("Permissions for JMX resource contains invalid ObjectName {}", resource.getObjectName());
/** * Authorize execution of a method on the MBeanServer which does not take an MBean ObjectName * as its first argument. The whitelisted methods that match this criteria are generally * descriptive methods concerned with the MBeanServer itself, rather than with any particular * set of MBeans managed by the server and so we check the DESCRIBE permission on the root * JMXResource (representing the MBeanServer) * * @param subject * @param methodName * @return the result of the method invocation, if authorized * @throws Throwable * @throws SecurityException if authorization fails */ private boolean authorizeMBeanServerMethod(RoleResource subject, String methodName) { logger.trace("JMX invocation of {} on MBeanServer requires permission {}", methodName, Permission.DESCRIBE); return (MBEAN_SERVER_METHOD_WHITELIST.contains(methodName) && hasPermission(subject, Permission.DESCRIBE, JMXResource.root())); }
public static JMXResource mbean(String name) { return new JMXResource(name); }
@Override public boolean exists() { if (!hasParent()) return true; MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); try { return !(mbs.queryNames(new ObjectName(name), null).isEmpty()); } catch (MalformedObjectNameException e) { return false; } catch (NullPointerException e) { return false; } }