1 /* 2 * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 5025141 27 * @summary Tests that MBeanServerFileAccessController supports 28 * principals other than JMXPrincipal. 29 * @author Luis-Miguel Alventosa 30 * @run clean NonJMXPrincipalsTest SimpleStandard SimpleStandardMBean 31 * @run build NonJMXPrincipalsTest SimpleStandard SimpleStandardMBean 32 * @run main NonJMXPrincipalsTest 33 */ 34 35 import java.io.File; 36 import java.io.Serializable; 37 import java.security.Principal; 38 import java.util.HashMap; 39 import javax.management.Attribute; 40 import javax.management.MBeanServer; 41 import javax.management.MBeanServerConnection; 42 import javax.management.MBeanServerFactory; 43 import javax.management.MBeanServerInvocationHandler; 44 import javax.management.Notification; 45 import javax.management.NotificationListener; 46 import javax.management.ObjectName; 47 import javax.management.remote.JMXAuthenticator; 48 import javax.management.remote.JMXConnector; 49 import javax.management.remote.JMXConnectorFactory; 50 import javax.management.remote.JMXConnectorServer; 51 import javax.management.remote.JMXConnectorServerFactory; 52 import javax.management.remote.JMXPrincipal; 53 import javax.management.remote.JMXServiceURL; 54 import javax.security.auth.Subject; 55 56 public class NonJMXPrincipalsTest { 57 58 private static class OtherPrincipal implements Principal, Serializable { 59 60 private String name; 61 62 public OtherPrincipal(String name) { 63 if (name == null) 64 throw new NullPointerException("illegal null input"); 65 this.name = name; 66 } 67 68 public String getName() { 69 return name; 70 } 71 72 public String toString() { 73 return("OtherPrincipal: " + name); 74 } 75 76 public boolean equals(Object o) { 77 if (o == null) 78 return false; 79 if (this == o) 80 return true; 81 if (!(o instanceof OtherPrincipal)) 82 return false; 83 OtherPrincipal that = (OtherPrincipal)o; 84 return (this.getName().equals(that.getName())); 85 } 86 87 public int hashCode() { 88 return name.hashCode(); 89 } 90 } 91 92 private static class OtherPrincipalAuthenticator 93 implements JMXAuthenticator { 94 public Subject authenticate(Object credentials) { 95 final String[] aCredentials = (String[]) credentials; 96 final String username = (String) aCredentials[0]; 97 final Subject subject = new Subject(); 98 subject.getPrincipals().add(new JMXPrincipal("dummy")); 99 subject.getPrincipals().add(new OtherPrincipal(username)); 100 return subject; 101 } 102 } 103 104 private static class NoPrincipalAuthenticator 105 implements JMXAuthenticator { 106 public Subject authenticate(Object credentials) { 107 return new Subject(); 108 } 109 } 110 111 public static void runTest(JMXAuthenticator authenticator) 112 throws Exception { 113 //------------------------------------------------------------------ 114 // SERVER 115 //------------------------------------------------------------------ 116 117 // Instantiate the MBean server 118 // 119 System.out.println("Create the MBean server"); 120 MBeanServer mbs = MBeanServerFactory.createMBeanServer(); 121 122 // Create SimpleStandard MBean 123 // 124 ObjectName mbeanName = new ObjectName("MBeans:type=SimpleStandard"); 125 System.out.println("Create SimpleStandard MBean..."); 126 mbs.createMBean("SimpleStandard", mbeanName, null, null); 127 128 // Server's environment map 129 // 130 System.out.println(">>> Initialize the server's environment map"); 131 HashMap sEnv = new HashMap(); 132 133 // Provide a JMX Authenticator 134 // 135 sEnv.put("jmx.remote.authenticator", authenticator); 136 137 // Provide the access level file used by the connector server to 138 // perform user authorization. The access level file is a properties 139 // based text file specifying username/access level pairs where 140 // access level is either "readonly" or "readwrite" access to the 141 // MBeanServer operations. This properties based access control 142 // checker has been implemented using the MBeanServerForwarder 143 // interface which wraps the real MBean server inside an access 144 // controller MBean server which performs the access control checks 145 // before forwarding the requests to the real MBean server. 146 // 147 // This property is implementation-dependent and might not be 148 // supported by all implementations of the JMX Remote API. 149 // 150 sEnv.put("jmx.remote.x.access.file", 151 System.getProperty("test.src") + 152 File.separator + 153 "access.properties"); 154 155 // Create an RMI connector server 156 // 157 System.out.println("Create an RMI connector server"); 158 JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://"); 159 JMXConnectorServer cs = 160 JMXConnectorServerFactory.newJMXConnectorServer(url, sEnv, mbs); 161 162 // Start the RMI connector server 163 // 164 System.out.println("Start the RMI connector server"); 165 cs.start(); 166 System.out.println("RMI connector server successfully started"); 167 System.out.println("Waiting for incoming connections..."); 168 169 //------------------------------------------------------------------ 170 // CLIENT (admin) 171 //------------------------------------------------------------------ 172 173 // Admin client environment map 174 // 175 String[] adminCreds = new String[] { "admin" , "adminPassword" }; 176 System.out.println(">>> Initialize the client environment map for" + 177 " user [" + adminCreds[0] + "] with " + 178 "password [" + adminCreds[1] + "]"); 179 HashMap adminEnv = new HashMap(); 180 adminEnv.put("jmx.remote.credentials", adminCreds); 181 182 // Create an RMI connector client and 183 // connect it to the RMI connector server 184 // 185 System.out.println("Create an RMI connector client and " + 186 "connect it to the RMI connector server"); 187 JMXConnector adminConnector = 188 JMXConnectorFactory.connect(cs.getAddress(), adminEnv); 189 190 // Get an MBeanServerConnection 191 // 192 System.out.println("Get an MBeanServerConnection"); 193 MBeanServerConnection adminConnection = 194 adminConnector.getMBeanServerConnection(); 195 196 // Get the proxy for the Simple MBean 197 // 198 SimpleStandardMBean adminProxy = (SimpleStandardMBean) 199 MBeanServerInvocationHandler.newProxyInstance( 200 adminConnection, 201 mbeanName, 202 SimpleStandardMBean.class, 203 false); 204 205 // Get State attribute 206 // 207 System.out.println("State = " + adminProxy.getState()); 208 209 // Set State attribute 210 // 211 adminProxy.setState("changed state"); 212 213 // Get State attribute 214 // 215 System.out.println("State = " + adminProxy.getState()); 216 217 // Invoke "reset" in SimpleStandard MBean 218 // 219 System.out.println("Invoke reset() in SimpleStandard MBean..."); 220 adminProxy.reset(); 221 222 // Close MBeanServer connection 223 // 224 System.out.println("Close the admin connection to the server"); 225 adminConnector.close(); 226 227 //------------------------------------------------------------------ 228 // CLIENT (user) 229 //------------------------------------------------------------------ 230 231 // User client environment map 232 // 233 String[] userCreds = new String[] { "user" , "userPassword" }; 234 System.out.println(">>> Initialize the client environment map for" + 235 " user [" + userCreds[0] + "] with " + 236 "password [" + userCreds[1] + "]"); 237 HashMap userEnv = new HashMap(); 238 userEnv.put("jmx.remote.credentials", userCreds); 239 240 // Create an RMI connector client and 241 // connect it to the RMI connector server 242 // 243 System.out.println("Create an RMI connector client and " + 244 "connect it to the RMI connector server"); 245 JMXConnector userConnector = 246 JMXConnectorFactory.connect(cs.getAddress(), userEnv); 247 248 // Get an MBeanServerConnection 249 // 250 System.out.println("Get an MBeanServerConnection"); 251 MBeanServerConnection userConnection = 252 userConnector.getMBeanServerConnection(); 253 254 // Get the proxy for the Simple MBean 255 // 256 SimpleStandardMBean userProxy = (SimpleStandardMBean) 257 MBeanServerInvocationHandler.newProxyInstance( 258 userConnection, 259 mbeanName, 260 SimpleStandardMBean.class, 261 false); 262 263 // Get State attribute 264 // 265 System.out.println("State = " + userProxy.getState()); 266 267 // Set State attribute 268 // 269 try { 270 userProxy.setState("changed state"); 271 } catch (SecurityException e) { 272 System.out.println("Got expected security exception: " + e); 273 } catch (Exception e) { 274 System.out.println("Got unexpected exception: " + e); 275 e.printStackTrace(System.out); 276 } 277 278 // Get State attribute 279 // 280 System.out.println("State = " + userProxy.getState()); 281 282 // Invoke "reset" in SimpleStandard MBean 283 // 284 try { 285 System.out.println("Invoke reset() in SimpleStandard MBean..."); 286 userProxy.reset(); 287 } catch (SecurityException e) { 288 System.out.println("Got expected security exception: " + e); 289 } catch (Exception e) { 290 System.out.println("Got unexpected exception: " + e); 291 e.printStackTrace(System.out); 292 } 293 294 // Close MBeanServer connection 295 // 296 System.out.println("Close the user connection to the server"); 297 userConnector.close(); 298 299 //------------------------------------------------------------------ 300 // SERVER 301 //------------------------------------------------------------------ 302 303 // Stop the connector server 304 // 305 System.out.println(">>> Stop the connector server"); 306 cs.stop(); 307 } 308 309 public static void main(String[] args) { 310 int errorCount = 0; 311 // Runt tests 312 // 313 System.out.println("\n>>> Run NoPrincipalAuthenticator test..."); 314 try { 315 NonJMXPrincipalsTest.runTest(new NoPrincipalAuthenticator()); 316 System.out.println("Did not get expected SecurityException"); 317 errorCount++; 318 } catch (Exception e) { 319 if (e instanceof SecurityException) { 320 System.out.println("Got expected exception: " + e); 321 } else { 322 System.out.println("Got unexpected exception: " + e); 323 errorCount++; 324 } 325 e.printStackTrace(System.out); 326 } 327 System.out.println("\n>>> Run OtherPrincipalAuthenticator test..."); 328 try { 329 NonJMXPrincipalsTest.runTest(new OtherPrincipalAuthenticator()); 330 } catch (Exception e) { 331 errorCount++; 332 System.out.println("Got unexpected exception: " + e); 333 e.printStackTrace(System.out); 334 } 335 336 if (errorCount > 0) { 337 System.out.println("\nTEST FAILED! Error count = " + errorCount); 338 System.exit(1); 339 } 340 341 System.out.println("\nTEST PASSED!"); 342 System.out.println("\nBye! Bye!"); 343 } 344 }