static AccessAuditContext currentAccessAuditContext() { return createAccessAuditContextActions().currentContext(); }
static Caller createCaller() { AccessControlContext acc = AccessController.getContext(); return createCallerActions().createCaller(acc); }
private void resetClassLoader(ClassLoader cl) { SecurityActions.resetThreadContextClassLoader(cl); } }
@Override public Void run() throws IOException { SecurityActions.currentAccessAuditContext().setAccessMechanism(AccessMechanism.JMX); event.run(); return null; } });
boolean authorizeSuperUserOrAdministrator(String methodName) throws MBeanException { if (authorizer != null) { //TODO populate the 'environment' variable AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(), null, new JmxAction(methodName, JmxAction.Impact.EXTRA_SENSITIVE)); if (authorizationResult.getDecision() != Decision.PERMIT) { throw JmxMessages.MESSAGES.unauthorized(); } } return true; }
private ClassLoader pushClassLoader(ObjectName name) throws InstanceNotFoundException { ClassLoader mbeanCl = delegate.getClassLoaderFor(name); return SecurityActions.setThreadContextClassLoader(mbeanCl); }
@Override public Void run() throws IOException { SecurityActions.currentAccessAuditContext().setAccessMechanism(AccessMechanism.JMX); event.run(); return null; } });
boolean authorizeSensitiveOperation(String methodName, boolean readOnly, boolean exception) throws MBeanException { if (authorizer != null) { final JmxAction target = new JmxAction(methodName, readOnly ? JmxAction.Impact.READ_ONLY : JmxAction.Impact.WRITE); //TODO populate the 'environment' variable AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(), null, target); if (authorizationResult.getDecision() != Decision.PERMIT) { if (exception) { throw JmxMessages.MESSAGES.unauthorized(); } else { return false; } } } return true; }
private ClassLoader pushClassLoaderByName(ObjectName loaderName) throws InstanceNotFoundException { ClassLoader mbeanCl = delegate.getClassLoader(loaderName); return SecurityActions.setThreadContextClassLoader(mbeanCl); }
static void doLog(String userId, ManagedAuditLogger auditLogger, boolean readOnly, Throwable error, String methodName, String[] methodSignature, Object...methodParams) { if (auditLogger != null) { AccessAuditContext auditContext = SecurityActions.currentAccessAuditContext(); auditLogger.logJmxMethodAccess( readOnly, userId, auditContext == null ? null : auditContext.getDomainUuid(), auditContext == null ? null : auditContext.getAccessMechanism(), auditContext == null ? null : auditContext.getRemoteAddress(), methodName, methodSignature, methodParams, error); } } }
private void authorizeClassloadingOperation(MBeanServerPlugin delegate, ObjectName objectName, String methodName) throws MBeanException { if (authorizer != null && delegate.shouldAuthorize()) { JmxTarget target = new JmxTarget(methodName, objectName, isNonFacadeMBeansSensitive(), jmxEffect, jmxEffect); JmxAction action = new JmxAction(methodName, JmxAction.Impact.CLASSLOADING); //TODO populate the 'environment' variable SecurityIdentity securityIdentity = securityIdentitySupplier != null ? securityIdentitySupplier.get() : null; AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(securityIdentity), null, action, target); if (authorizationResult.getDecision() != Decision.PERMIT) { throw JmxLogger.ROOT_LOGGER.unauthorized(); } } }
static Caller createCaller(SecurityIdentity securityIdentity) { return createCallerActions().createCaller(securityIdentity); }
static AccessAuditContext currentAccessAuditContext() { return createAccessAuditContextActions().currentContext(); }
static void doLog(AccessControlContext acc, ManagedAuditLogger auditLogger, boolean readOnly, Throwable error, String methodName, String[] methodSignature, Object...methodParams) { if (auditLogger != null) { Subject subject = Subject.getSubject(acc); AccessAuditContext auditContext = SecurityActions.currentAccessAuditContext(); auditLogger.logJmxMethodAccess( readOnly, getCallerUserId(subject), auditContext == null ? null : auditContext.getDomainUuid(), auditContext == null ? null : auditContext.getAccessMechanism(), getSubjectInetAddress(subject), methodName, methodSignature, methodParams, error); } }
private boolean authorizeMBeanOperation(MBeanServerPlugin delegate, ObjectName name, String methodName, String attributeName, JmxAction.Impact impact, boolean exception) throws MBeanException { if (authorizer != null && delegate.shouldAuthorize()) { JmxTarget target = new JmxTarget(methodName, name, isNonFacadeMBeansSensitive(), jmxEffect, jmxEffect); JmxAction action = new JmxAction(methodName, impact, attributeName); //TODO populate the 'environment' variable SecurityIdentity securityIdentity = securityIdentitySupplier != null ? securityIdentitySupplier.get() : null; AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(securityIdentity), null, action, target); if (authorizationResult.getDecision() != Decision.PERMIT) { if (exception) { throw JmxLogger.ROOT_LOGGER.unauthorized(); } else { return false; } } } return true; }