1 /* 2 * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6261831 27 * @summary Tests the use of the subject delegation feature on the authenticated 28 * principals within the RMI connector server's creator codebase. 29 * @author Luis-Miguel Alventosa 30 * @modules java.management.rmi 31 * java.management/com.sun.jmx.remote.security 32 * @run clean SubjectDelegation2Test SimpleStandard SimpleStandardMBean 33 * @run build SubjectDelegation2Test SimpleStandard SimpleStandardMBean 34 * @run main SubjectDelegation2Test policy21 ok 35 * @run main SubjectDelegation2Test policy22 ko 36 * @run main SubjectDelegation2Test policy23 ko 37 * @run main SubjectDelegation2Test policy24 ok 38 * @run main SubjectDelegation2Test policy25 ko 39 */ 40 41 import com.sun.jmx.remote.security.JMXPluggableAuthenticator; 42 import java.io.File; 43 import java.lang.management.ManagementFactory; 44 import java.rmi.RemoteException; 45 import java.rmi.registry.LocateRegistry; 46 import java.rmi.registry.Registry; 47 import java.util.Collections; 48 import java.util.HashMap; 49 import java.util.Properties; 50 import javax.management.Attribute; 51 import javax.management.MBeanServer; 52 import javax.management.MBeanServerConnection; 53 import javax.management.Notification; 54 import javax.management.NotificationListener; 55 import javax.management.ObjectName; 56 import javax.management.remote.JMXConnector; 57 import javax.management.remote.JMXConnectorFactory; 58 import javax.management.remote.JMXConnectorServer; 59 import javax.management.remote.JMXConnectorServerFactory; 60 import javax.management.remote.JMXPrincipal; 61 import javax.management.remote.JMXServiceURL; 62 import javax.security.auth.Subject; 63 64 public class SubjectDelegation2Test { 65 66 public static void main(String[] args) throws Exception { 67 // Check for supported operating systems: Solaris 68 // 69 // This test runs only on Solaris due to CR 6285916 70 // 71 String osName = System.getProperty("os.name"); 72 System.out.println("os.name = " + osName); 73 if (!osName.equals("SunOS")) { 74 System.out.println("This test runs on Solaris only."); 75 System.out.println("Bye! Bye!"); 76 return; 77 } 78 String policyFile = args[0]; 79 String testResult = args[1]; 80 System.out.println("Policy file = " + policyFile); 81 System.out.println("Expected test result = " + testResult); 82 JMXConnectorServer jmxcs = null; 83 JMXConnector jmxc = null; 84 try { 85 // Create an RMI registry 86 // 87 System.out.println("Start RMI registry..."); 88 Registry reg = null; 89 int port = 5800; 90 while (port++ < 6000) { 91 try { 92 reg = LocateRegistry.createRegistry(port); 93 System.out.println("RMI registry running on port " + port); 94 break; 95 } catch (RemoteException e) { 96 // Failed to create RMI registry... 97 System.out.println("Failed to create RMI registry " + 98 "on port " + port); 99 } 100 } 101 if (reg == null) { 102 System.exit(1); 103 } 104 // Set the default password file 105 // 106 final String passwordFile = System.getProperty("test.src") + 107 File.separator + "jmxremote.password"; 108 System.out.println("Password file = " + passwordFile); 109 // Set policy file 110 // 111 final String policy = System.getProperty("test.src") + 112 File.separator + policyFile; 113 System.out.println("PolicyFile = " + policy); 114 System.setProperty("java.security.policy", policy); 115 // Instantiate the MBean server 116 // 117 System.out.println("Create the MBean server"); 118 MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); 119 // Register the SimpleStandardMBean 120 // 121 System.out.println("Create SimpleStandard MBean"); 122 SimpleStandard s = new SimpleStandard("monitorRole"); 123 mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard")); 124 // Create Properties containing the username/password entries 125 // 126 Properties props = new Properties(); 127 props.setProperty("jmx.remote.x.password.file", passwordFile); 128 // Initialize environment map to be passed to the connector server 129 // 130 System.out.println("Initialize environment map"); 131 HashMap env = new HashMap(); 132 env.put("jmx.remote.authenticator", 133 new JMXPluggableAuthenticator(props)); 134 // Set Security Manager 135 // 136 System.setSecurityManager(new SecurityManager()); 137 // Create an RMI connector server 138 // 139 System.out.println("Create an RMI connector server"); 140 JMXServiceURL url = 141 new JMXServiceURL("rmi", null, 0, 142 "/jndi/rmi://:" + port + "/server" + port); 143 jmxcs = 144 JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); 145 jmxcs.start(); 146 // Create an RMI connector client 147 // 148 System.out.println("Create an RMI connector client"); 149 HashMap cli_env = new HashMap(); 150 // These credentials must match those in the default password file 151 // 152 String[] credentials = new String[] { "monitorRole" , "QED" }; 153 cli_env.put("jmx.remote.credentials", credentials); 154 jmxc = JMXConnectorFactory.connect(url, cli_env); 155 MBeanServerConnection mbsc = jmxc.getMBeanServerConnection(); 156 // Get domains from MBeanServer 157 // 158 System.out.println("Domains:"); 159 String domains[] = mbsc.getDomains(); 160 for (int i = 0; i < domains.length; i++) { 161 System.out.println("\tDomain[" + i + "] = " + domains[i]); 162 } 163 // Get MBean count 164 // 165 System.out.println("MBean count = " + mbsc.getMBeanCount()); 166 // Get State attribute 167 // 168 String oldState = 169 (String) mbsc.getAttribute( 170 new ObjectName("MBeans:type=SimpleStandard"), 171 "State"); 172 System.out.println("Old State = \"" + oldState + "\""); 173 // Set State attribute 174 // 175 System.out.println("Set State to \"changed state\""); 176 mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"), 177 new Attribute("State", "changed state")); 178 // Get State attribute 179 // 180 String newState = 181 (String) mbsc.getAttribute( 182 new ObjectName("MBeans:type=SimpleStandard"), 183 "State"); 184 System.out.println("New State = \"" + newState + "\""); 185 if (!newState.equals("changed state")) { 186 System.out.println("Invalid State = \"" + newState + "\""); 187 System.exit(1); 188 } 189 // Add notification listener on SimpleStandard MBean 190 // 191 System.out.println("Add notification listener..."); 192 mbsc.addNotificationListener( 193 new ObjectName("MBeans:type=SimpleStandard"), 194 new NotificationListener() { 195 public void handleNotification(Notification notification, 196 Object handback) { 197 System.out.println("Received notification: " + 198 notification); 199 } 200 }, 201 null, 202 null); 203 // Unregister SimpleStandard MBean 204 // 205 System.out.println("Unregister SimpleStandard MBean..."); 206 mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard")); 207 } catch (SecurityException e) { 208 if (testResult.equals("ko")) { 209 System.out.println("Got expected security exception = " + e); 210 } else { 211 System.out.println("Got unexpected security exception = " + e); 212 e.printStackTrace(); 213 throw e; 214 } 215 } catch (Exception e) { 216 System.out.println("Unexpected exception caught = " + e); 217 e.printStackTrace(); 218 throw e; 219 } finally { 220 // Close connector client 221 // 222 if (jmxc != null) 223 jmxc.close(); 224 // Stop connector server 225 // 226 if (jmxcs != null) 227 jmxcs.stop(); 228 // Say goodbye 229 // 230 System.out.println("Bye! Bye!"); 231 } 232 } 233 }