[jboss-cvs] JBossAS SVN: r109767 - branches/JBPAPP_4_3_0_GA_CP08_JBPAPP-5513/server/src/main/org/jboss/jmx/connector/invoker.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Tue Dec 7 17:08:26 EST 2010


Author: loleary
Date: 2010-12-07 17:08:25 -0500 (Tue, 07 Dec 2010)
New Revision: 109767

Modified:
   branches/JBPAPP_4_3_0_GA_CP08_JBPAPP-5513/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java
Log:
JBPAPP-5513: AuthorizationInterceptor blocks incorrect invocations
    
Backport of JBPAPP-4225 from 4.3 CP09 to 4.3 CP08. AuthorizationInterceptor now only blocks invoke operations that don't pass authorization check and let go other invocations.


Modified: branches/JBPAPP_4_3_0_GA_CP08_JBPAPP-5513/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java
===================================================================
--- branches/JBPAPP_4_3_0_GA_CP08_JBPAPP-5513/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java	2010-12-07 21:15:39 UTC (rev 109766)
+++ branches/JBPAPP_4_3_0_GA_CP08_JBPAPP-5513/server/src/main/org/jboss/jmx/connector/invoker/AuthorizationInterceptor.java	2010-12-07 22:08:25 UTC (rev 109767)
@@ -29,7 +29,7 @@
 import javax.management.Attribute;
 import javax.management.ObjectName;
 import javax.security.auth.Subject;
- 
+
 import org.jboss.mx.interceptor.AbstractInterceptor;
 import org.jboss.mx.interceptor.Interceptor;
 import org.jboss.mx.server.Invocation;
@@ -118,24 +118,26 @@
                   opname = (String)ob;
                else if(ob instanceof Attribute)
                   opname = ATTRIBUTE_SET;
-               else throw new IllegalArgumentException("Opname type not recognized"); 
 
-               try
-               {
-                  checkAuthorization(caller, objname.getCanonicalName(), opname);
+               if (opname != null)
+               {  
+                  try
+                  {
+                     checkAuthorization(caller, objname.getCanonicalName(), opname);
+                  }
+                  catch(SecurityException e)
+                  {
+                     throw e;
+                  }
+                  catch(Exception e)
+                  {
+                     String msg = "Failed to authorize principal=" + caller
+                     + ",MBean=" + objname + ", Operation=" + opname;
+                     SecurityException ex = new SecurityException(msg);
+                     ex.initCause(e);
+                     throw ex;
+                  }
                }
-               catch(SecurityException e)
-               {
-                  throw e;
-               }
-               catch(Exception e)
-               {
-                  String msg = "Failed to authorize principal=" + caller
-                  + ",MBean=" + objname + ", Operation=" + opname;
-                  SecurityException ex = new SecurityException(msg);
-                  ex.initCause(e);
-                  throw ex;
-               }
             }
          }
       }



More information about the jboss-cvs-commits mailing list