Permission requiredPermission = getRequiredPermission(methodName); if (null == requiredPermission) return false; Set<JMXResource> permittedResources = getPermittedResources(role, requiredPermission); ? checkPattern(targetBean, permittedResources) : checkExact(targetBean, permittedResources);
/** * Authorize execution of a method on the MBeanServer which does not take an MBean ObjectName * as its first argument. The whitelisted methods that match this criteria are generally * descriptive methods concerned with the MBeanServer itself, rather than with any particular * set of MBeans managed by the server and so we check the DESCRIBE permission on the root * JMXResource (representing the MBeanServer) * * @param subject * @param methodName * @return the result of the method invocation, if authorized * @throws Throwable * @throws SecurityException if authorization fails */ private boolean authorizeMBeanServerMethod(RoleResource subject, String methodName) { logger.trace("JMX invocation of {} on MBeanServer requires permission {}", methodName, Permission.DESCRIBE); return (MBEAN_SERVER_METHOD_WHITELIST.contains(methodName) && hasPermission(subject, Permission.DESCRIBE, JMXResource.root())); }
@Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { String methodName = method.getName(); if ("getMBeanServer".equals(methodName)) throw new SecurityException("Access denied"); // Retrieve Subject from current AccessControlContext AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); // Allow setMBeanServer iff performed on behalf of the connector server itself if (("setMBeanServer").equals(methodName)) { if (subject != null) throw new SecurityException("Access denied"); if (args[0] == null) throw new IllegalArgumentException("Null MBeanServer"); if (mbs != null) throw new IllegalArgumentException("MBeanServer already initialized"); mbs = (MBeanServer) args[0]; return null; } if (authorize(subject, methodName, args)) return invoke(method, args); throw new SecurityException("Access Denied"); }
return authorizeMBeanMethod(userResource, methodName, args); else return authorizeMBeanServerMethod(userResource, methodName);
if (configEntry != null) env.put(JMXConnectorServer.AUTHENTICATOR, new AuthenticationProxy(configEntry));
JMXCallbackHandler callbackHandler = new JMXCallbackHandler(credentials); try
Permission requiredPermission = getRequiredPermission(methodName); if (null == requiredPermission) return false; Set<JMXResource> permittedResources = getPermittedResources(role, requiredPermission); ? checkPattern(targetBean, permittedResources) : checkExact(targetBean, permittedResources);
@Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { String methodName = method.getName(); if ("getMBeanServer".equals(methodName)) throw new SecurityException("Access denied"); // Retrieve Subject from current AccessControlContext AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); // Allow setMBeanServer iff performed on behalf of the connector server itself if (("setMBeanServer").equals(methodName)) { if (subject != null) throw new SecurityException("Access denied"); if (args[0] == null) throw new IllegalArgumentException("Null MBeanServer"); if (mbs != null) throw new IllegalArgumentException("MBeanServer already initialized"); mbs = (MBeanServer) args[0]; return null; } if (authorize(subject, methodName, args)) return invoke(method, args); throw new SecurityException("Access Denied"); }
return authorizeMBeanMethod(userResource, methodName, args); else return authorizeMBeanServerMethod(userResource, methodName);
/** * Authorize execution of a method on the MBeanServer which does not take an MBean ObjectName * as its first argument. The whitelisted methods that match this criteria are generally * descriptive methods concerned with the MBeanServer itself, rather than with any particular * set of MBeans managed by the server and so we check the DESCRIBE permission on the root * JMXResource (representing the MBeanServer) * * @param subject * @param methodName * @return the result of the method invocation, if authorized * @throws Throwable * @throws SecurityException if authorization fails */ private boolean authorizeMBeanServerMethod(RoleResource subject, String methodName) { logger.trace("JMX invocation of {} on MBeanServer requires permission {}", methodName, Permission.DESCRIBE); return (MBEAN_SERVER_METHOD_WHITELIST.contains(methodName) && hasPermission(subject, Permission.DESCRIBE, JMXResource.root())); }
if (configEntry != null) env.put(JMXConnectorServer.AUTHENTICATOR, new AuthenticationProxy(configEntry));
JMXCallbackHandler callbackHandler = new JMXCallbackHandler(credentials); try
Permission requiredPermission = getRequiredPermission(methodName); if (null == requiredPermission) return false; Set<JMXResource> permittedResources = getPermittedResources(role, requiredPermission); ? checkPattern(targetBean, permittedResources) : checkExact(targetBean, permittedResources);
@Override public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { String methodName = method.getName(); if ("getMBeanServer".equals(methodName)) throw new SecurityException("Access denied"); // Retrieve Subject from current AccessControlContext AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); // Allow setMBeanServer iff performed on behalf of the connector server itself if (("setMBeanServer").equals(methodName)) { if (subject != null) throw new SecurityException("Access denied"); if (args[0] == null) throw new IllegalArgumentException("Null MBeanServer"); if (mbs != null) throw new IllegalArgumentException("MBeanServer already initialized"); mbs = (MBeanServer) args[0]; return null; } if (authorize(subject, methodName, args)) return invoke(method, args); throw new SecurityException("Access Denied"); }
return authorizeMBeanMethod(userResource, methodName, args); else return authorizeMBeanServerMethod(userResource, methodName);
/** * Authorize execution of a method on the MBeanServer which does not take an MBean ObjectName * as its first argument. The whitelisted methods that match this criteria are generally * descriptive methods concerned with the MBeanServer itself, rather than with any particular * set of MBeans managed by the server and so we check the DESCRIBE permission on the root * JMXResource (representing the MBeanServer) * * @param subject * @param methodName * @return the result of the method invocation, if authorized * @throws Throwable * @throws SecurityException if authorization fails */ private boolean authorizeMBeanServerMethod(RoleResource subject, String methodName) { logger.trace("JMX invocation of {} on MBeanServer requires permission {}", methodName, Permission.DESCRIBE); return (MBEAN_SERVER_METHOD_WHITELIST.contains(methodName) && hasPermission(subject, Permission.DESCRIBE, JMXResource.root())); }
if (configEntry != null) env.put(JMXConnectorServer.AUTHENTICATOR, new AuthenticationProxy(configEntry));
JMXCallbackHandler callbackHandler = new JMXCallbackHandler(credentials); try