1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
|
/*
* Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 5025141
* @summary Tests that MBeanServerFileAccessController supports
* principals other than JMXPrincipal.
* @author Luis-Miguel Alventosa
*
* @run clean NonJMXPrincipalsTest SimpleStandard SimpleStandardMBean
* @run build NonJMXPrincipalsTest SimpleStandard SimpleStandardMBean
* @run main NonJMXPrincipalsTest
*/
import java.io.File;
import java.io.Serializable;
import java.security.Principal;
import java.util.HashMap;
import javax.management.Attribute;
import javax.management.MBeanServer;
import javax.management.MBeanServerConnection;
import javax.management.MBeanServerFactory;
import javax.management.MBeanServerInvocationHandler;
import javax.management.Notification;
import javax.management.NotificationListener;
import javax.management.ObjectName;
import javax.management.remote.JMXAuthenticator;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.JMXServiceURL;
import javax.security.auth.Subject;
public class NonJMXPrincipalsTest {
private static class OtherPrincipal implements Principal, Serializable {
private String name;
public OtherPrincipal(String name) {
if (name == null)
throw new NullPointerException("illegal null input");
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return("OtherPrincipal: " + name);
}
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof OtherPrincipal))
return false;
OtherPrincipal that = (OtherPrincipal)o;
return (this.getName().equals(that.getName()));
}
public int hashCode() {
return name.hashCode();
}
}
private static class OtherPrincipalAuthenticator
implements JMXAuthenticator {
public Subject authenticate(Object credentials) {
final String[] aCredentials = (String[]) credentials;
final String username = (String) aCredentials[0];
final Subject subject = new Subject();
subject.getPrincipals().add(new JMXPrincipal("dummy"));
subject.getPrincipals().add(new OtherPrincipal(username));
return subject;
}
}
private static class NoPrincipalAuthenticator
implements JMXAuthenticator {
public Subject authenticate(Object credentials) {
return new Subject();
}
}
public static void runTest(JMXAuthenticator authenticator)
throws Exception {
//------------------------------------------------------------------
// SERVER
//------------------------------------------------------------------
// Instantiate the MBean server
//
System.out.println("Create the MBean server");
MBeanServer mbs = MBeanServerFactory.createMBeanServer();
// Create SimpleStandard MBean
//
ObjectName mbeanName = new ObjectName("MBeans:type=SimpleStandard");
System.out.println("Create SimpleStandard MBean...");
mbs.createMBean("SimpleStandard", mbeanName, null, null);
// Server's environment map
//
System.out.println(">>> Initialize the server's environment map");
HashMap sEnv = new HashMap();
// Provide a JMX Authenticator
//
sEnv.put("jmx.remote.authenticator", authenticator);
// Provide the access level file used by the connector server to
// perform user authorization. The access level file is a properties
// based text file specifying username/access level pairs where
// access level is either "readonly" or "readwrite" access to the
// MBeanServer operations. This properties based access control
// checker has been implemented using the MBeanServerForwarder
// interface which wraps the real MBean server inside an access
// controller MBean server which performs the access control checks
// before forwarding the requests to the real MBean server.
//
// This property is implementation-dependent and might not be
// supported by all implementations of the JMX Remote API.
//
sEnv.put("jmx.remote.x.access.file",
System.getProperty("test.src") +
File.separator +
"access.properties");
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://");
JMXConnectorServer cs =
JMXConnectorServerFactory.newJMXConnectorServer(url, sEnv, mbs);
// Start the RMI connector server
//
System.out.println("Start the RMI connector server");
cs.start();
System.out.println("RMI connector server successfully started");
System.out.println("Waiting for incoming connections...");
//------------------------------------------------------------------
// CLIENT (admin)
//------------------------------------------------------------------
// Admin client environment map
//
String[] adminCreds = new String[] { "admin" , "adminPassword" };
System.out.println(">>> Initialize the client environment map for" +
" user [" + adminCreds[0] + "] with " +
"password [" + adminCreds[1] + "]");
HashMap adminEnv = new HashMap();
adminEnv.put("jmx.remote.credentials", adminCreds);
// Create an RMI connector client and
// connect it to the RMI connector server
//
System.out.println("Create an RMI connector client and " +
"connect it to the RMI connector server");
JMXConnector adminConnector =
JMXConnectorFactory.connect(cs.getAddress(), adminEnv);
// Get an MBeanServerConnection
//
System.out.println("Get an MBeanServerConnection");
MBeanServerConnection adminConnection =
adminConnector.getMBeanServerConnection();
// Get the proxy for the Simple MBean
//
SimpleStandardMBean adminProxy = (SimpleStandardMBean)
MBeanServerInvocationHandler.newProxyInstance(
adminConnection,
mbeanName,
SimpleStandardMBean.class,
false);
// Get State attribute
//
System.out.println("State = " + adminProxy.getState());
// Set State attribute
//
adminProxy.setState("changed state");
// Get State attribute
//
System.out.println("State = " + adminProxy.getState());
// Invoke "reset" in SimpleStandard MBean
//
System.out.println("Invoke reset() in SimpleStandard MBean...");
adminProxy.reset();
// Close MBeanServer connection
//
System.out.println("Close the admin connection to the server");
adminConnector.close();
//------------------------------------------------------------------
// CLIENT (user)
//------------------------------------------------------------------
// User client environment map
//
String[] userCreds = new String[] { "user" , "userPassword" };
System.out.println(">>> Initialize the client environment map for" +
" user [" + userCreds[0] + "] with " +
"password [" + userCreds[1] + "]");
HashMap userEnv = new HashMap();
userEnv.put("jmx.remote.credentials", userCreds);
// Create an RMI connector client and
// connect it to the RMI connector server
//
System.out.println("Create an RMI connector client and " +
"connect it to the RMI connector server");
JMXConnector userConnector =
JMXConnectorFactory.connect(cs.getAddress(), userEnv);
// Get an MBeanServerConnection
//
System.out.println("Get an MBeanServerConnection");
MBeanServerConnection userConnection =
userConnector.getMBeanServerConnection();
// Get the proxy for the Simple MBean
//
SimpleStandardMBean userProxy = (SimpleStandardMBean)
MBeanServerInvocationHandler.newProxyInstance(
userConnection,
mbeanName,
SimpleStandardMBean.class,
false);
// Get State attribute
//
System.out.println("State = " + userProxy.getState());
// Set State attribute
//
try {
userProxy.setState("changed state");
} catch (SecurityException e) {
System.out.println("Got expected security exception: " + e);
} catch (Exception e) {
System.out.println("Got unexpected exception: " + e);
e.printStackTrace(System.out);
}
// Get State attribute
//
System.out.println("State = " + userProxy.getState());
// Invoke "reset" in SimpleStandard MBean
//
try {
System.out.println("Invoke reset() in SimpleStandard MBean...");
userProxy.reset();
} catch (SecurityException e) {
System.out.println("Got expected security exception: " + e);
} catch (Exception e) {
System.out.println("Got unexpected exception: " + e);
e.printStackTrace(System.out);
}
// Close MBeanServer connection
//
System.out.println("Close the user connection to the server");
userConnector.close();
//------------------------------------------------------------------
// SERVER
//------------------------------------------------------------------
// Stop the connector server
//
System.out.println(">>> Stop the connector server");
cs.stop();
}
public static void main(String[] args) {
int errorCount = 0;
// Runt tests
//
System.out.println("\n>>> Run NoPrincipalAuthenticator test...");
try {
NonJMXPrincipalsTest.runTest(new NoPrincipalAuthenticator());
System.out.println("Did not get expected SecurityException");
errorCount++;
} catch (Exception e) {
if (e instanceof SecurityException) {
System.out.println("Got expected exception: " + e);
} else {
System.out.println("Got unexpected exception: " + e);
errorCount++;
}
e.printStackTrace(System.out);
}
System.out.println("\n>>> Run OtherPrincipalAuthenticator test...");
try {
NonJMXPrincipalsTest.runTest(new OtherPrincipalAuthenticator());
} catch (Exception e) {
errorCount++;
System.out.println("Got unexpected exception: " + e);
e.printStackTrace(System.out);
}
if (errorCount > 0) {
System.out.println("\nTEST FAILED! Error count = " + errorCount);
System.exit(1);
}
System.out.println("\nTEST PASSED!");
System.out.println("\nBye! Bye!");
}
}
|
