[Jboss-cvs] JBossAS SVN: r55395 - trunk/server/src/main/org/jboss/jmx/connector/invoker
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Aug 8 00:04:15 EDT 2006
Author: anil.saldhana at jboss.com
Date: 2006-08-08 00:04:13 -0400 (Tue, 08 Aug 2006)
New Revision: 55395
Added:
trunk/server/src/main/org/jboss/jmx/connector/invoker/ExternalizableRolesAuthorization.java
Modified:
trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java
Log:
JBAS-3203: Make authorization delegate to have roles configurable \n JBAS-3431:Ignore requests for MBeanCount and MBeanInfo etc as we have authenticated the caller
Modified: trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java 2006-08-08 00:29:45 UTC (rev 55394)
+++ trunk/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java 2006-08-08 04:04:13 UTC (rev 55395)
@@ -103,25 +103,29 @@
Principal caller = inv.getPrincipal();
//Get the Method Name
Object[] obj = inv.getArguments();
- ObjectName objname = (ObjectName) obj[0];
- String opname = (String) obj[1];
+ //Ignore calls like MBeanCount or getMBeanInfo
+ if(obj != null && obj.length > 1)
+ {
+ ObjectName objname = (ObjectName) obj[0];
+ String opname = (String) obj[1];
- try
- {
- checkAuthorization(caller, objname.getCanonicalName(), opname);
+ try
+ {
+ checkAuthorization(caller, objname.getCanonicalName(), opname);
+ }
+ catch(SecurityException e)
+ {
+ throw e;
+ }
+ catch(Exception e)
+ {
+ String msg = "Failed to authorize principal=" + caller
+ + ",MBean=" + objname + ", Operation=" + opname;
+ SecurityException ex = new SecurityException(msg);
+ ex.initCause(e);
+ throw ex;
+ }
}
- catch(SecurityException e)
- {
- throw e;
- }
- catch(Exception e)
- {
- String msg = "Failed to authorize principal=" + caller
- + ",MBean=" + objname + ", Operation=" + opname;
- SecurityException ex = new SecurityException(msg);
- ex.initCause(e);
- throw ex;
- }
}
}
Added: trunk/server/src/main/org/jboss/jmx/connector/invoker/ExternalizableRolesAuthorization.java
===================================================================
--- trunk/server/src/main/org/jboss/jmx/connector/invoker/ExternalizableRolesAuthorization.java 2006-08-08 00:29:45 UTC (rev 55394)
+++ trunk/server/src/main/org/jboss/jmx/connector/invoker/ExternalizableRolesAuthorization.java 2006-08-08 04:04:13 UTC (rev 55395)
@@ -0,0 +1,88 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.jmx.connector.invoker;
+
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.StringTokenizer;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.SimplePrincipal;
+
+//$Id: ExternalizableRolesAuthorization.java 44771 2006-05-10 20:35:14Z asaldhana $
+
+/**
+ * JBAS-3203: Delegate for Authorization Interceptor for RMIAdaptor should have roles configurable
+ * Authorization Delegate used by the AuthorizationInterceptor
+ * that gets its predefined roles from a properties file
+ * @see org.jboss.jmx.connector.invoker.AuthorizationInterceptor
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @since May 10, 2006
+ * @version $Revision: 44771 $
+ */
+public class ExternalizableRolesAuthorization extends RolesAuthorization
+{
+ private static Logger log = Logger.getLogger(ExternalizableRolesAuthorization.class);
+ private boolean trace = log.isTraceEnabled();
+
+ public ExternalizableRolesAuthorization()
+ {
+ //Load the roles from a properties file
+ Properties props = new Properties();
+ try
+ {
+ props.load(getTCL().getResourceAsStream("jmxinvoker-roles.properties"));
+ this.setRequiredRoles(getSetOfRoles(props.getProperty("roles")));
+ }
+ catch (Exception e)
+ {
+ log.error("Error reading roles from jmxinvoker-roles.properties:",e);
+ }
+ }
+
+ /**
+ * Get a HashSet of roles as SimplePrincipal
+ *
+ * @param assignedRoles a comma seperated list of roles
+ * @return
+ */
+ private HashSet getSetOfRoles(String assignedRoles)
+ {
+ if(trace)
+ log.trace("AssignedRolesString="+assignedRoles);
+ HashSet set = new HashSet();
+ StringTokenizer st = new StringTokenizer(assignedRoles,",");
+ while(st.hasMoreTokens())
+ {
+ String aRole = st.nextToken();
+ set.add(new SimplePrincipal(aRole));
+ }
+ if(trace)
+ log.trace("roles set="+set);
+ return set;
+ }
+
+ private ClassLoader getTCL()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+}
More information about the jboss-cvs-commits
mailing list