1 /* 2 * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6261831 27 * @summary Tests the use of the subject delegation feature on the authenticated 28 * principals within the RMI connector server's creator codebase with 29 * subject delegation. 30 * @author Luis-Miguel Alventosa 31 * @modules java.management.rmi 32 * java.management/com.sun.jmx.remote.security 33 * @run clean SubjectDelegation3Test SimpleStandard SimpleStandardMBean 34 * @run build SubjectDelegation3Test SimpleStandard SimpleStandardMBean 35 * @run main SubjectDelegation3Test policy31 ok 36 * @run main SubjectDelegation3Test policy32 ko 37 * @run main SubjectDelegation3Test policy33 ko 38 * @run main SubjectDelegation3Test policy34 ok 39 * @run main SubjectDelegation3Test policy35 ko 40 */ 41 42 import com.sun.jmx.remote.security.JMXPluggableAuthenticator; 43 import java.io.File; 44 import java.lang.management.ManagementFactory; 45 import java.rmi.RemoteException; 46 import java.rmi.registry.LocateRegistry; 47 import java.rmi.registry.Registry; 48 import java.util.Collections; 49 import java.util.HashMap; 50 import java.util.Properties; 51 import javax.management.Attribute; 52 import javax.management.MBeanServer; 53 import javax.management.MBeanServerConnection; 54 import javax.management.Notification; 55 import javax.management.NotificationListener; 56 import javax.management.ObjectName; 57 import javax.management.remote.JMXConnector; 58 import javax.management.remote.JMXConnectorFactory; 59 import javax.management.remote.JMXConnectorServer; 60 import javax.management.remote.JMXConnectorServerFactory; 61 import javax.management.remote.JMXPrincipal; 62 import javax.management.remote.JMXServiceURL; 63 import javax.security.auth.Subject; 64 65 public class SubjectDelegation3Test { 66 67 public static void main(String[] args) throws Exception { 68 // Check for supported operating systems: Solaris 69 // 70 // This test runs only on Solaris due to CR 6285916 71 // 72 String osName = System.getProperty("os.name"); 73 System.out.println("os.name = " + osName); 74 if (!osName.equals("SunOS")) { 75 System.out.println("This test runs on Solaris only."); 76 System.out.println("Bye! Bye!"); 77 return; 78 } 79 String policyFile = args[0]; 80 String testResult = args[1]; 81 System.out.println("Policy file = " + policyFile); 82 System.out.println("Expected test result = " + testResult); 83 JMXConnectorServer jmxcs = null; 84 JMXConnector jmxc = null; 85 try { 86 // Create an RMI registry 87 // 88 System.out.println("Start RMI registry..."); 89 Registry reg = null; 90 int port = 5800; 91 while (port++ < 6000) { 92 try { 93 reg = LocateRegistry.createRegistry(port); 94 System.out.println("RMI registry running on port " + port); 95 break; 96 } catch (RemoteException e) { 97 // Failed to create RMI registry... 98 System.out.println("Failed to create RMI registry " + 99 "on port " + port); 100 } 101 } 102 if (reg == null) { 103 System.exit(1); 104 } 105 // Set the default password file 106 // 107 final String passwordFile = System.getProperty("test.src") + 108 File.separator + "jmxremote.password"; 109 System.out.println("Password file = " + passwordFile); 110 // Set policy file 111 // 112 final String policy = System.getProperty("test.src") + 113 File.separator + policyFile; 114 System.out.println("PolicyFile = " + policy); 115 System.setProperty("java.security.policy", policy); 116 // Instantiate the MBean server 117 // 118 System.out.println("Create the MBean server"); 119 MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); 120 // Register the SimpleStandardMBean 121 // 122 System.out.println("Create SimpleStandard MBean"); 123 SimpleStandard s = new SimpleStandard("delegate"); 124 mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard")); 125 // Create Properties containing the username/password entries 126 // 127 Properties props = new Properties(); 128 props.setProperty("jmx.remote.x.password.file", passwordFile); 129 // Initialize environment map to be passed to the connector server 130 // 131 System.out.println("Initialize environment map"); 132 HashMap env = new HashMap(); 133 env.put("jmx.remote.authenticator", 134 new JMXPluggableAuthenticator(props)); 135 // Set Security Manager 136 // 137 System.setSecurityManager(new SecurityManager()); 138 // Create an RMI connector server 139 // 140 System.out.println("Create an RMI connector server"); 141 JMXServiceURL url = 142 new JMXServiceURL("rmi", null, 0, 143 "/jndi/rmi://:" + port + "/server" + port); 144 jmxcs = 145 JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); 146 jmxcs.start(); 147 // Create an RMI connector client 148 // 149 System.out.println("Create an RMI connector client"); 150 HashMap cli_env = new HashMap(); 151 // These credentials must match those in the default password file 152 // 153 String[] credentials = new String[] { "monitorRole" , "QED" }; 154 cli_env.put("jmx.remote.credentials", credentials); 155 jmxc = JMXConnectorFactory.connect(url, cli_env); 156 Subject delegationSubject = 157 new Subject(true, 158 Collections.singleton(new JMXPrincipal("delegate")), 159 Collections.EMPTY_SET, 160 Collections.EMPTY_SET); 161 MBeanServerConnection mbsc = 162 jmxc.getMBeanServerConnection(delegationSubject); 163 // Get domains from MBeanServer 164 // 165 System.out.println("Domains:"); 166 String domains[] = mbsc.getDomains(); 167 for (int i = 0; i < domains.length; i++) { 168 System.out.println("\tDomain[" + i + "] = " + domains[i]); 169 } 170 // Get MBean count 171 // 172 System.out.println("MBean count = " + mbsc.getMBeanCount()); 173 // Get State attribute 174 // 175 String oldState = 176 (String) mbsc.getAttribute( 177 new ObjectName("MBeans:type=SimpleStandard"), 178 "State"); 179 System.out.println("Old State = \"" + oldState + "\""); 180 // Set State attribute 181 // 182 System.out.println("Set State to \"changed state\""); 183 mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"), 184 new Attribute("State", "changed state")); 185 // Get State attribute 186 // 187 String newState = 188 (String) mbsc.getAttribute( 189 new ObjectName("MBeans:type=SimpleStandard"), 190 "State"); 191 System.out.println("New State = \"" + newState + "\""); 192 if (!newState.equals("changed state")) { 193 System.out.println("Invalid State = \"" + newState + "\""); 194 System.exit(1); 195 } 196 // Add notification listener on SimpleStandard MBean 197 // 198 System.out.println("Add notification listener..."); 199 mbsc.addNotificationListener( 200 new ObjectName("MBeans:type=SimpleStandard"), 201 new NotificationListener() { 202 public void handleNotification(Notification notification, 203 Object handback) { 204 System.out.println("Received notification: " + 205 notification); 206 } 207 }, 208 null, 209 null); 210 // Unregister SimpleStandard MBean 211 // 212 System.out.println("Unregister SimpleStandard MBean..."); 213 mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard")); 214 } catch (SecurityException e) { 215 if (testResult.equals("ko")) { 216 System.out.println("Got expected security exception = " + e); 217 } else { 218 System.out.println("Got unexpected security exception = " + e); 219 e.printStackTrace(); 220 throw e; 221 } 222 } catch (Exception e) { 223 System.out.println("Unexpected exception caught = " + e); 224 e.printStackTrace(); 225 throw e; 226 } finally { 227 // Close connector client 228 // 229 if (jmxc != null) 230 jmxc.close(); 231 // Stop connector server 232 // 233 if (jmxcs != null) 234 jmxcs.stop(); 235 // Say goodbye 236 // 237 System.out.println("Bye! Bye!"); 238 } 239 } 240 }