1 /*
2 * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 6261831
27 * @summary Tests the use of the subject delegation feature on the authenticated
28 * principals within the RMI connector server's creator codebase with
29 * subject delegation.
30 * @author Luis-Miguel Alventosa
31 * @modules java.management.rmi
32 * java.management/com.sun.jmx.remote.security
33 * @run clean SubjectDelegation3Test SimpleStandard SimpleStandardMBean
34 * @run build SubjectDelegation3Test SimpleStandard SimpleStandardMBean
35 * @run main SubjectDelegation3Test policy31 ok
36 * @run main SubjectDelegation3Test policy32 ko
37 * @run main SubjectDelegation3Test policy33 ko
38 * @run main SubjectDelegation3Test policy34 ok
39 * @run main SubjectDelegation3Test policy35 ko
40 */
41
42 import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
43 import java.io.File;
44 import java.lang.management.ManagementFactory;
45 import java.rmi.RemoteException;
46 import java.rmi.registry.LocateRegistry;
47 import java.rmi.registry.Registry;
48 import java.util.Collections;
49 import java.util.HashMap;
50 import java.util.Properties;
51 import javax.management.Attribute;
52 import javax.management.MBeanServer;
53 import javax.management.MBeanServerConnection;
54 import javax.management.Notification;
55 import javax.management.NotificationListener;
56 import javax.management.ObjectName;
57 import javax.management.remote.JMXConnector;
58 import javax.management.remote.JMXConnectorFactory;
59 import javax.management.remote.JMXConnectorServer;
60 import javax.management.remote.JMXConnectorServerFactory;
61 import javax.management.remote.JMXPrincipal;
62 import javax.management.remote.JMXServiceURL;
63 import javax.security.auth.Subject;
64
65 public class SubjectDelegation3Test {
66
67 public static void main(String[] args) throws Exception {
68 // Check for supported operating systems: Solaris
69 //
70 // This test runs only on Solaris due to CR 6285916
71 //
72 String osName = System.getProperty("os.name");
73 System.out.println("os.name = " + osName);
74 if (!osName.equals("SunOS")) {
75 System.out.println("This test runs on Solaris only.");
76 System.out.println("Bye! Bye!");
77 return;
78 }
79 String policyFile = args[0];
80 String testResult = args[1];
81 System.out.println("Policy file = " + policyFile);
82 System.out.println("Expected test result = " + testResult);
83 JMXConnectorServer jmxcs = null;
84 JMXConnector jmxc = null;
85 try {
86 // Create an RMI registry
87 //
88 System.out.println("Start RMI registry...");
89 Registry reg = null;
90 int port = 5800;
91 while (port++ < 6000) {
92 try {
93 reg = LocateRegistry.createRegistry(port);
94 System.out.println("RMI registry running on port " + port);
95 break;
96 } catch (RemoteException e) {
97 // Failed to create RMI registry...
98 System.out.println("Failed to create RMI registry " +
99 "on port " + port);
100 }
101 }
102 if (reg == null) {
103 System.exit(1);
104 }
105 // Set the default password file
106 //
107 final String passwordFile = System.getProperty("test.src") +
108 File.separator + "jmxremote.password";
109 System.out.println("Password file = " + passwordFile);
110 // Set policy file
111 //
112 final String policy = System.getProperty("test.src") +
113 File.separator + policyFile;
114 System.out.println("PolicyFile = " + policy);
115 System.setProperty("java.security.policy", policy);
116 // Instantiate the MBean server
117 //
118 System.out.println("Create the MBean server");
119 MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
120 // Register the SimpleStandardMBean
121 //
122 System.out.println("Create SimpleStandard MBean");
123 SimpleStandard s = new SimpleStandard("delegate");
124 mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
125 // Create Properties containing the username/password entries
126 //
127 Properties props = new Properties();
128 props.setProperty("jmx.remote.x.password.file", passwordFile);
129 // Initialize environment map to be passed to the connector server
130 //
131 System.out.println("Initialize environment map");
132 HashMap env = new HashMap();
133 env.put("jmx.remote.authenticator",
134 new JMXPluggableAuthenticator(props));
135 // Set Security Manager
136 //
137 System.setSecurityManager(new SecurityManager());
138 // Create an RMI connector server
139 //
140 System.out.println("Create an RMI connector server");
141 JMXServiceURL url =
142 new JMXServiceURL("rmi", null, 0,
143 "/jndi/rmi://:" + port + "/server" + port);
144 jmxcs =
145 JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
146 jmxcs.start();
147 // Create an RMI connector client
148 //
149 System.out.println("Create an RMI connector client");
150 HashMap cli_env = new HashMap();
151 // These credentials must match those in the default password file
152 //
153 String[] credentials = new String[] { "monitorRole" , "QED" };
154 cli_env.put("jmx.remote.credentials", credentials);
155 jmxc = JMXConnectorFactory.connect(url, cli_env);
156 Subject delegationSubject =
157 new Subject(true,
158 Collections.singleton(new JMXPrincipal("delegate")),
159 Collections.EMPTY_SET,
160 Collections.EMPTY_SET);
161 MBeanServerConnection mbsc =
162 jmxc.getMBeanServerConnection(delegationSubject);
163 // Get domains from MBeanServer
164 //
165 System.out.println("Domains:");
166 String domains[] = mbsc.getDomains();
167 for (int i = 0; i < domains.length; i++) {
168 System.out.println("\tDomain[" + i + "] = " + domains[i]);
169 }
170 // Get MBean count
171 //
172 System.out.println("MBean count = " + mbsc.getMBeanCount());
173 // Get State attribute
174 //
175 String oldState =
176 (String) mbsc.getAttribute(
177 new ObjectName("MBeans:type=SimpleStandard"),
178 "State");
179 System.out.println("Old State = \"" + oldState + "\"");
180 // Set State attribute
181 //
182 System.out.println("Set State to \"changed state\"");
183 mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"),
184 new Attribute("State", "changed state"));
185 // Get State attribute
186 //
187 String newState =
188 (String) mbsc.getAttribute(
189 new ObjectName("MBeans:type=SimpleStandard"),
190 "State");
191 System.out.println("New State = \"" + newState + "\"");
192 if (!newState.equals("changed state")) {
193 System.out.println("Invalid State = \"" + newState + "\"");
194 System.exit(1);
195 }
196 // Add notification listener on SimpleStandard MBean
197 //
198 System.out.println("Add notification listener...");
199 mbsc.addNotificationListener(
200 new ObjectName("MBeans:type=SimpleStandard"),
201 new NotificationListener() {
202 public void handleNotification(Notification notification,
203 Object handback) {
204 System.out.println("Received notification: " +
205 notification);
206 }
207 },
208 null,
209 null);
210 // Unregister SimpleStandard MBean
211 //
212 System.out.println("Unregister SimpleStandard MBean...");
213 mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard"));
214 } catch (SecurityException e) {
215 if (testResult.equals("ko")) {
216 System.out.println("Got expected security exception = " + e);
217 } else {
218 System.out.println("Got unexpected security exception = " + e);
219 e.printStackTrace();
220 throw e;
221 }
222 } catch (Exception e) {
223 System.out.println("Unexpected exception caught = " + e);
224 e.printStackTrace();
225 throw e;
226 } finally {
227 // Close connector client
228 //
229 if (jmxc != null)
230 jmxc.close();
231 // Stop connector server
232 //
233 if (jmxcs != null)
234 jmxcs.stop();
235 // Say goodbye
236 //
237 System.out.println("Bye! Bye!");
238 }
239 }
240 }