/*
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.jmx.remote.security;
import com.sun.jmx.mbeanserver.GetPropertyAction;
import java.io.ObjectInputStream;
import java.security.AccessController;
import java.util.Set;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.AttributeNotFoundException;
import javax.management.InstanceNotFoundException;
import javax.management.InstanceAlreadyExistsException;
import javax.management.IntrospectionException;
import javax.management.InvalidAttributeValueException;
import javax.management.ListenerNotFoundException;
import javax.management.MBeanException;
import javax.management.MBeanInfo;
import javax.management.MBeanRegistrationException;
import javax.management.MBeanServer;
import javax.management.NotCompliantMBeanException;
import javax.management.NotificationFilter;
import javax.management.NotificationListener;
import javax.management.ObjectInstance;
import javax.management.ObjectName;
import javax.management.OperationsException;
import javax.management.QueryExp;
import javax.management.ReflectionException;
import javax.management.loading.ClassLoaderRepository;
import javax.management.remote.MBeanServerForwarder;
/**
* <p>An object of this class implements the MBeanServer interface
* and, for each of its methods, calls an appropriate checking method
* and then forwards the request to a wrapped MBeanServer object. The
* checking method may throw a RuntimeException if the operation is
* not allowed; in this case the request is not forwarded to the
* wrapped object.</p>
*
* <p>A typical use of this class is to insert it between a connector server
* such as the RMI connector and the MBeanServer with which the connector
* is associated. Requests from the connector client can then be filtered
* and those operations that are not allowed, or not allowed in a particular
* context, can be rejected by throwing a <code>SecurityException</code>
* in the corresponding <code>check*</code> method.</p>
*
* <p>This is an abstract class, because in its implementation none of
* the checking methods does anything. To be useful, it must be
* subclassed and at least one of the checking methods overridden to
* do some checking. Some or all of the MBeanServer methods may also
* be overridden, for instance if the default checking behavior is
* inappropriate.</p>
*
* <p>If there is no SecurityManager, then the access controller will refuse
* to create an MBean that is a ClassLoader, which includes MLets, or to
* execute the method addURL on an MBean that is an MLet. This prevents
* people from opening security holes unintentionally. Otherwise, it
* would not be obvious that granting write access grants the ability to
* download and execute arbitrary code in the target MBean server. Advanced
* users who do want the ability to use MLets are presumably advanced enough
* to handle policy files and security managers.</p>
*/
public abstract class MBeanServerAccessController
implements MBeanServerForwarder {
public MBeanServer getMBeanServer() {
return mbs;
}
public void setMBeanServer(MBeanServer mbs) {
if (mbs == null)
throw new IllegalArgumentException("Null MBeanServer");
if (this.mbs != null)
throw new IllegalArgumentException("MBeanServer object already " +
"initialized");
this.mbs = mbs;
}
/**
* Check if the caller can do read operations. This method does
* nothing if so, otherwise throws SecurityException.
*/
protected abstract void checkRead();
/**
* Check if the caller can do write operations. This method does
* nothing if so, otherwise throws SecurityException.
*/
protected abstract void checkWrite();
/**
* Check if the caller can create the named class. The default
* implementation of this method calls {@link #checkWrite()}.
*/
protected void checkCreate(String className) {
checkWrite();
}
/**
* Check if the caller can unregister the named MBean. The default
* implementation of this method calls {@link #checkWrite()}.
*/
protected void checkUnregister(ObjectName name) {
checkWrite();
}
//--------------------------------------------
//--------------------------------------------
//
// Implementation of the MBeanServer interface
//
//--------------------------------------------
//--------------------------------------------
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public void addNotificationListener(ObjectName name,
NotificationListener listener,
NotificationFilter filter,
Object handback)
throws InstanceNotFoundException {
checkRead();
getMBeanServer().addNotificationListener(name, listener,
filter, handback);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public void addNotificationListener(ObjectName name,
ObjectName listener,
NotificationFilter filter,
Object handback)
throws InstanceNotFoundException {
checkRead();
getMBeanServer().addNotificationListener(name, listener,
filter, handback);
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public ObjectInstance createMBean(String className, ObjectName name)
throws
ReflectionException,
InstanceAlreadyExistsException,
MBeanRegistrationException,
MBeanException,
NotCompliantMBeanException {
checkCreate(className);
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
Object object = getMBeanServer().instantiate(className);
checkClassLoader(object);
return getMBeanServer().registerMBean(object, name);
} else {
return getMBeanServer().createMBean(className, name);
}
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public ObjectInstance createMBean(String className, ObjectName name,
Object params[], String signature[])
throws
ReflectionException,
InstanceAlreadyExistsException,
MBeanRegistrationException,
MBeanException,
NotCompliantMBeanException {
checkCreate(className);
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
Object object = getMBeanServer().instantiate(className,
params,
signature);
checkClassLoader(object);
return getMBeanServer().registerMBean(object, name);
} else {
return getMBeanServer().createMBean(className, name,
params, signature);
}
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public ObjectInstance createMBean(String className,
ObjectName name,
ObjectName loaderName)
throws
ReflectionException,
InstanceAlreadyExistsException,
MBeanRegistrationException,
MBeanException,
NotCompliantMBeanException,
InstanceNotFoundException {
checkCreate(className);
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
Object object = getMBeanServer().instantiate(className,
loaderName);
checkClassLoader(object);
return getMBeanServer().registerMBean(object, name);
} else {
return getMBeanServer().createMBean(className, name, loaderName);
}
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public ObjectInstance createMBean(String className,
ObjectName name,
ObjectName loaderName,
Object params[],
String signature[])
throws
ReflectionException,
InstanceAlreadyExistsException,
MBeanRegistrationException,
MBeanException,
NotCompliantMBeanException,
InstanceNotFoundException {
checkCreate(className);
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
Object object = getMBeanServer().instantiate(className,
loaderName,
params,
signature);
checkClassLoader(object);
return getMBeanServer().registerMBean(object, name);
} else {
return getMBeanServer().createMBean(className, name, loaderName,
params, signature);
}
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
@Deprecated
public ObjectInputStream deserialize(ObjectName name, byte[] data)
throws InstanceNotFoundException, OperationsException {
checkRead();
return getMBeanServer().deserialize(name, data);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
@Deprecated
public ObjectInputStream deserialize(String className, byte[] data)
throws OperationsException, ReflectionException {
checkRead();
return getMBeanServer().deserialize(className, data);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
@Deprecated
public ObjectInputStream deserialize(String className,
ObjectName loaderName,
byte[] data)
throws
InstanceNotFoundException,
OperationsException,
ReflectionException {
checkRead();
return getMBeanServer().deserialize(className, loaderName, data);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public Object getAttribute(ObjectName name, String attribute)
throws
MBeanException,
AttributeNotFoundException,
InstanceNotFoundException,
ReflectionException {
checkRead();
return getMBeanServer().getAttribute(name, attribute);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public AttributeList getAttributes(ObjectName name, String[] attributes)
throws InstanceNotFoundException, ReflectionException {
checkRead();
return getMBeanServer().getAttributes(name, attributes);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public ClassLoader getClassLoader(ObjectName loaderName)
throws InstanceNotFoundException {
checkRead();
return getMBeanServer().getClassLoader(loaderName);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public ClassLoader getClassLoaderFor(ObjectName mbeanName)
throws InstanceNotFoundException {
checkRead();
return getMBeanServer().getClassLoaderFor(mbeanName);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public ClassLoaderRepository getClassLoaderRepository() {
checkRead();
return getMBeanServer().getClassLoaderRepository();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public String getDefaultDomain() {
checkRead();
return getMBeanServer().getDefaultDomain();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public String[] getDomains() {
checkRead();
return getMBeanServer().getDomains();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public Integer getMBeanCount() {
checkRead();
return getMBeanServer().getMBeanCount();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public MBeanInfo getMBeanInfo(ObjectName name)
throws
InstanceNotFoundException,
IntrospectionException,
ReflectionException {
checkRead();
return getMBeanServer().getMBeanInfo(name);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public ObjectInstance getObjectInstance(ObjectName name)
throws InstanceNotFoundException {
checkRead();
return getMBeanServer().getObjectInstance(name);
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public Object instantiate(String className)
throws ReflectionException, MBeanException {
checkCreate(className);
return getMBeanServer().instantiate(className);
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public Object instantiate(String className,
Object params[],
String signature[])
throws ReflectionException, MBeanException {
checkCreate(className);
return getMBeanServer().instantiate(className, params, signature);
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public Object instantiate(String className, ObjectName loaderName)
throws ReflectionException, MBeanException, InstanceNotFoundException {
checkCreate(className);
return getMBeanServer().instantiate(className, loaderName);
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
public Object instantiate(String className, ObjectName loaderName,
Object params[], String signature[])
throws ReflectionException, MBeanException, InstanceNotFoundException {
checkCreate(className);
return getMBeanServer().instantiate(className, loaderName,
params, signature);
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
public Object invoke(ObjectName name, String operationName,
Object params[], String signature[])
throws
InstanceNotFoundException,
MBeanException,
ReflectionException {
checkWrite();
checkMLetMethods(name, operationName);
return getMBeanServer().invoke(name, operationName, params, signature);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public boolean isInstanceOf(ObjectName name, String className)
throws InstanceNotFoundException {
checkRead();
return getMBeanServer().isInstanceOf(name, className);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public boolean isRegistered(ObjectName name) {
checkRead();
return getMBeanServer().isRegistered(name);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public Set<ObjectInstance> queryMBeans(ObjectName name, QueryExp query) {
checkRead();
return getMBeanServer().queryMBeans(name, query);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public Set<ObjectName> queryNames(ObjectName name, QueryExp query) {
checkRead();
return getMBeanServer().queryNames(name, query);
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
public ObjectInstance registerMBean(Object object, ObjectName name)
throws
InstanceAlreadyExistsException,
MBeanRegistrationException,
NotCompliantMBeanException {
checkWrite();
return getMBeanServer().registerMBean(object, name);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public void removeNotificationListener(ObjectName name,
NotificationListener listener)
throws InstanceNotFoundException, ListenerNotFoundException {
checkRead();
getMBeanServer().removeNotificationListener(name, listener);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public void removeNotificationListener(ObjectName name,
NotificationListener listener,
NotificationFilter filter,
Object handback)
throws InstanceNotFoundException, ListenerNotFoundException {
checkRead();
getMBeanServer().removeNotificationListener(name, listener,
filter, handback);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public void removeNotificationListener(ObjectName name,
ObjectName listener)
throws InstanceNotFoundException, ListenerNotFoundException {
checkRead();
getMBeanServer().removeNotificationListener(name, listener);
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
public void removeNotificationListener(ObjectName name,
ObjectName listener,
NotificationFilter filter,
Object handback)
throws InstanceNotFoundException, ListenerNotFoundException {
checkRead();
getMBeanServer().removeNotificationListener(name, listener,
filter, handback);
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
public void setAttribute(ObjectName name, Attribute attribute)
throws
InstanceNotFoundException,
AttributeNotFoundException,
InvalidAttributeValueException,
MBeanException,
ReflectionException {
checkWrite();
getMBeanServer().setAttribute(name, attribute);
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
public AttributeList setAttributes(ObjectName name,
AttributeList attributes)
throws InstanceNotFoundException, ReflectionException {
checkWrite();
return getMBeanServer().setAttributes(name, attributes);
}
/**
* Call <code>checkUnregister()</code>, then forward this method to the
* wrapped object.
*/
public void unregisterMBean(ObjectName name)
throws InstanceNotFoundException, MBeanRegistrationException {
checkUnregister(name);
getMBeanServer().unregisterMBean(name);
}
//----------------
// PRIVATE METHODS
//----------------
private void checkClassLoader(Object object) {
if (object instanceof ClassLoader)
throw new SecurityException("Access denied! Creating an " +
"MBean that is a ClassLoader " +
"is forbidden unless a security " +
"manager is installed.");
}
private void checkMLetMethods(ObjectName name, String operation)
throws InstanceNotFoundException {
// Check if security manager installed
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
return;
}
// Check for addURL and getMBeansFromURL methods
if (!operation.equals("addURL") &&
!operation.equals("getMBeansFromURL")) {
return;
}
// Check if MBean is instance of MLet
if (!getMBeanServer().isInstanceOf(name,
"javax.management.loading.MLet")) {
return;
}
// Throw security exception
if (operation.equals("addURL")) { // addURL
throw new SecurityException("Access denied! MLet method addURL " +
"cannot be invoked unless a security manager is installed.");
} else { // getMBeansFromURL
// Whether or not calling getMBeansFromURL is allowed is controlled
// by the value of the "jmx.remote.x.mlet.allow.getMBeansFromURL"
// system property. If the value of this property is true, calling
// the MLet's getMBeansFromURL method is allowed. The default value
// for this property is false.
final String propName = "jmx.remote.x.mlet.allow.getMBeansFromURL";
GetPropertyAction propAction = new GetPropertyAction(propName);
String propValue = AccessController.doPrivileged(propAction);
boolean allowGetMBeansFromURL = "true".equalsIgnoreCase(propValue);
if (!allowGetMBeansFromURL) {
throw new SecurityException("Access denied! MLet method " +
"getMBeansFromURL cannot be invoked unless a " +
"security manager is installed or the system property " +
"-Djmx.remote.x.mlet.allow.getMBeansFromURL=true " +
"is specified.");
}
}
}
//------------------
// PRIVATE VARIABLES
//------------------
private MBeanServer mbs;
}