[jboss-svn-commits] JBL Code SVN: r25975 - in labs/jbosstm/trunk/atsintegration: classes/com/arjuna/ats/internal/jbossatx/jta and 1 other directory.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Mon Apr 6 11:19:08 EDT 2009
Author: jhalliday
Date: 2009-04-06 11:19:08 -0400 (Mon, 06 Apr 2009)
New Revision: 25975
Modified:
labs/jbosstm/trunk/atsintegration/build.xml
labs/jbosstm/trunk/atsintegration/classes/com/arjuna/ats/internal/jbossatx/jta/AppServerJDBCXARecovery.java
Log:
Add support for secured JMX invokers to AppServerJDBCXARecovery. JBTM-432
Modified: labs/jbosstm/trunk/atsintegration/build.xml
===================================================================
--- labs/jbosstm/trunk/atsintegration/build.xml 2009-04-06 13:12:02 UTC (rev 25974)
+++ labs/jbosstm/trunk/atsintegration/build.xml 2009-04-06 15:19:08 UTC (rev 25975)
@@ -132,8 +132,8 @@
<!-- jboss-common-core.jar has UnexpectedThrowable, jboss-logging-spi.jar has Logger, jboss-main.jar has ServerConfig -->
<property name="jboss.libs" value="jboss-common-core.jar jboss-logging-spi.jar jboss-bootstrap.jar"/>
- <!-- jboss-integration.jar has the transactions SPI, jmx-adaptor-plugin.jar has RMIAdaptor -->
- <property name="jboss.common.shared.jta.libs" value="jboss-integration.jar jmx-adaptor-plugin.jar"/>
+ <!-- jboss-integration.jar has the transactions SPI, jmx-adaptor-plugin.jar has RMIAdaptor, jbosssx has security -->
+ <property name="jboss.common.shared.jta.libs" value="jboss-integration.jar jmx-adaptor-plugin.jar jbosssx.jar"/>
<property name="jboss.common.shared.jts.libs" value="jboss-iiop.jar"/>
<property name="jboss.server.all.jts.libs" value="jacorb.jar"/>
Modified: labs/jbosstm/trunk/atsintegration/classes/com/arjuna/ats/internal/jbossatx/jta/AppServerJDBCXARecovery.java
===================================================================
--- labs/jbosstm/trunk/atsintegration/classes/com/arjuna/ats/internal/jbossatx/jta/AppServerJDBCXARecovery.java 2009-04-06 13:12:02 UTC (rev 25974)
+++ labs/jbosstm/trunk/atsintegration/classes/com/arjuna/ats/internal/jbossatx/jta/AppServerJDBCXARecovery.java 2009-04-06 15:19:08 UTC (rev 25975)
@@ -36,16 +36,19 @@
import java.sql.Connection;
import java.util.Properties;
import java.util.Iterator;
+import java.util.StringTokenizer;
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.lang.reflect.Method;
import java.beans.PropertyEditor;
import java.beans.PropertyEditorManager;
+import org.jboss.security.SecurityAssociation;
+import org.jboss.security.SimplePrincipal;
import org.jboss.logging.Logger;
/**
- * This provides recovery for compliant JDBC drivers accessed via datasources deployed in JBossAS 4.2
+ * This provides recovery for compliant JDBC drivers accessed via datasources deployed in JBossAS 5
* It is not meant to be db driver specific.
*
* This code is based on JDBCXARecovery, which expects JNDI to contain an XADataSource implementation.
@@ -55,8 +58,19 @@
* which it can then create an XAConnection.
*
* To use this class, add an XAResourceRecovery entry in the jta section of jbossjta-properties.xml
- * for each datasource for which you need recovery, ensuring the value ends with ;<datasource-name>
+ * for each database for which you need recovery, ensuring the value ends with ;jndiname=<datasource-name>
* i.e. the same value as is in the -ds.xml jndi-name element.
+ *
+ * Note for users with secured JMX invokers, use the extended format:
+ * ;jndiname=MyExampleDbName,username=foo,password=bar
+ * The username and password refer to the JMX invoker, NOT the datasource.
+ *
+ * It's not possible to override the jdbc username and password given in the -ds.xml file at present.
+ * Since the recovery system sometimes needs greater db user privs than the app code, it may be preferable to
+ * set up a -ds.xml file only for recovery usage. This approach works for databases which allow users to
+ * recover one another's transactions, which is most of them. But consult
+ * your db docs or friendly neighbourhood DBA to be sure, then test it anyhow.
+ *
* You also need the XARecoveryModule enabled and appropriate values for nodeIdentifier and xaRecoveryNode set.
* See the JBossTS recovery guide if you are unclear on how the recovery system works.
*
@@ -64,9 +78,11 @@
* if you configure the recovery manager to run as a separate process. (JMX can be accessed remotely,
* but it would need code changes to the lookup function and some classpath additions).
*
+ *
* <properties depends="arjuna" name="jta">
* ...
- * <property name="com.arjuna.ats.jta.recovery.XAResourceRecovery1" value= "com.arjuna.ats.internal.jbossatx.jta.AppServerJDBCXARecovery;MyExampleDbName"/>
+ * <property name="com.arjuna.ats.jta.recovery.XAResourceRecovery1"
+ * value= "com.arjuna.ats.internal.jbossatx.jta.AppServerJDBCXARecovery;jndiname=MyExampleDbName[,username=foo,password=bar]"/>
* <!-- xaRecoveryNode should match value in nodeIdentifier or be * -->
* <property name="com.arjuna.ats.jta.xaRecoveryNode" value="1"/>
*
@@ -102,10 +118,9 @@
if (parameter == null)
return false;
+
+ retrieveData(parameter, _DELIMITER);
- // don't create the datasource yet, we'll do it lazily. Just keep its id.
- _dataSourceId = parameter;
-
return true;
}
@@ -164,8 +179,22 @@
InitialContext context = new InitialContext();
MBeanServerConnection server = (MBeanServerConnection)context.lookup("jmx/invoker/RMIAdaptor");
ObjectName objectName = new ObjectName("jboss.jca:name="+_dataSourceId+",service=ManagedConnectionFactory");
+
+ if(_username !=null && _password !=null)
+ {
+ SecurityAssociation.setPrincipal(new SimplePrincipal(_username));
+ SecurityAssociation.setCredential(_password);
+ }
+
String className = (String)server.invoke(objectName, "getManagedConnectionFactoryAttribute", new Object[] {"XADataSourceClass"}, new String[] {"java.lang.String"});
log.debug("AppServerJDBCXARecovery datasource classname = "+className);
+
+ if(_username !=null && _password !=null)
+ {
+ SecurityAssociation.setPrincipal(new SimplePrincipal(_username));
+ SecurityAssociation.setCredential(_password);
+ }
+
String properties = (String)server.invoke(objectName, "getManagedConnectionFactoryAttribute", new Object[] {"XADataSourceProperties"}, new String[] {"java.lang.String"});
// debug disabled due to security paranoia - it may log datasource password in cleartext.
// log.debug("AppServerJDBCXARecovery.result="+properties);
@@ -343,7 +372,36 @@
}
return xads;
}
-
+
+ public void retrieveData(String parameter,String delimiter)
+ {
+ StringTokenizer st = new StringTokenizer(parameter,delimiter);
+ while (st.hasMoreTokens())
+ {
+ String data = st.nextToken();
+ if(data.length()>9)
+ {
+ if(_USERNAME.equalsIgnoreCase(data.substring(0,8)))
+ {
+ _username =data.substring(9);
+ }
+ if(_PASSWORD.equalsIgnoreCase(data.substring(0,8)))
+ {
+ _password =data.substring(9);
+ }
+ if(_JNDINAME.equalsIgnoreCase(data.substring(0,8)))
+ {
+ _dataSourceId=data.substring(9);
+ }
+ }
+ }
+
+ if(_dataSourceId == null && parameter != null && !parameter.contains("=")) {
+ // try to fallback to old parameter format where only the dataSourceId is given, without jndiname= prefix
+ _dataSourceId = parameter;
+ }
+ }
+
private boolean _supportsIsValidMethod;
private XAConnection _connection;
private XADataSource _dataSource;
@@ -351,5 +409,13 @@
private boolean _hasMoreResources;
private String _dataSourceId;
+ private String _username;
+ private String _password;
+
+ private final String _JNDINAME = "jndiname";
+ private final String _USERNAME = "username";
+ private final String _PASSWORD = "password";
+ private final String _DELIMITER = ",";
+
private Logger log = org.jboss.logging.Logger.getLogger(AppServerJDBCXARecovery.class);
}
More information about the jboss-svn-commits
mailing list