private static void checkNewMBeanServerPermission() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { Permission perm = new MBeanServerPermission("newMBeanServer"); sm.checkPermission(perm); } }
/** * Test for the method equals(java.lang.Object) * * @see javax.management.MBeanServerPermission#equals(java.lang.Object) */ public final void testEquals() { assertTrue(new MBeanServerPermission("createMBeanServer") .equals(new MBeanServerPermission("createMBeanServer"))); assertFalse(new MBeanServerPermission("createMBeanServer") .equals(new MBeanServerPermission("findMBeanServer"))); }
/** * Test for the method hashCode() * * @see javax.management.MBeanServerPermission#hashCode() */ public final void testHashCode() { MBeanServerPermission p1 = new MBeanServerPermission( "createMBeanServer"); MBeanServerPermission p2 = new MBeanServerPermission( "createMBeanServer"); assertEquals("The hashCode() method must return the same integer " + "when it is invoked on the same object more than once!", p1 .hashCode(), p1.hashCode()); assertEquals("If two objects are equal according to the equals(Object)" + " method, then hashCode method on each of them must" + " produce the same integer. ", p1.hashCode(), p2.hashCode()); }
/** * Test for the method implies(java.security.Permission) * * @see javax.management.MBeanServerPermission#implies(java.security.Permission) */ public final void testImplies() { MBeanServerPermission p1 = new MBeanServerPermission( "createMBeanServer , findMBeanServer , " + "newMBeanServer , releaseMBeanServer"); MBeanServerPermission p2 = new MBeanServerPermission( "createMBeanServer"); MBeanServerPermission p3 = new MBeanServerPermission("newMBeanServer"); MBeanServerPermission p4 = new MBeanServerPermission("*"); MBeanServerPermission p5 = new MBeanServerPermission("findMBeanServer"); MBeanServerPermission p6 = new MBeanServerPermission("releaseMBeanServer"); assertTrue(new MBeanServerPermission("*").implies(p2)); assertTrue(p1.implies(p2)); assertFalse(p2.implies(p1)); assertTrue(p2.implies(p3)); assertFalse(p3.implies(p2)); assertTrue(p4.implies(p3)); assertFalse(p3.implies(p4)); assertTrue(p4.implies(p1)); assertTrue(p1.implies(p4)); assertTrue(p1.implies(p5)); assertTrue(p1.implies(p6)); assertFalse(p5.implies(p1)); assertFalse(p6.implies(p1)); assertFalse(p6.implies(p5)); assertFalse(p6.implies(p4)); assertFalse(p6.implies(p3)); assertFalse(p6.implies(p2)); }
/** * Returns the platform {@link javax.management.MBeanServer MBeanServer}. * On the first call to this method, it first creates the platform * {@code MBeanServer} by calling the * {@link javax.management.MBeanServerFactory#createMBeanServer * MBeanServerFactory.createMBeanServer} * method and registers each platform MXBean in this platform * {@code MBeanServer} with its * {@link PlatformManagedObject#getObjectName ObjectName}. * This method, in subsequent calls, will simply return the * initially created platform {@code MBeanServer}. * <p> * MXBeans that get created and destroyed dynamically, for example, * memory {@link MemoryPoolMXBean pools} and * {@link MemoryManagerMXBean managers}, * will automatically be registered and deregistered into the platform * {@code MBeanServer}. * <p> * If the system property {@code javax.management.builder.initial} * is set, the platform {@code MBeanServer} creation will be done * by the specified {@link javax.management.MBeanServerBuilder}. * <p> * It is recommended that this platform MBeanServer also be used * to register other application managed beans * besides the platform MXBeans. * This will allow all MBeans to be published through the same * {@code MBeanServer} and hence allow for easier network publishing * and discovery. * Name conflicts with the platform MXBeans should be avoided. * * @return the platform {@code MBeanServer}; the platform * MXBeans are registered into the platform {@code MBeanServer} * at the first time this method is called. * * @exception SecurityException if there is a security manager * and the caller does not have the permission required by * {@link javax.management.MBeanServerFactory#createMBeanServer}. * * @see javax.management.MBeanServerFactory * @see javax.management.MBeanServerFactory#createMBeanServer */ public static synchronized MBeanServer getPlatformMBeanServer() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { Permission perm = new MBeanServerPermission("createMBeanServer"); sm.checkPermission(perm); } if (platformMBeanServer == null) { platformMBeanServer = MBeanServerFactory.createMBeanServer(); platformComponents() .stream() .filter(PlatformComponent::shouldRegister) .flatMap(pc -> pc.nameToMBeanMap().entrySet().stream()) .forEach(entry -> addMXBean(platformMBeanServer, entry.getKey(), entry.getValue())); } return platformMBeanServer; }
private Main installSecurityPolicy() throws Exception { Config config = readConfig(); List<Permission> permissions = new ArrayList<>(); // Need access to the network interface/port to which we listen PortInfo listen = PortInfo.parseUrl(config.getString("listen.url", "http://localhost:8000")); permissions.add(new SocketPermission("*:" + listen.port(), "listen,resolve")); // Configurable list of servers to which we can connect String csv = config.getString("connect.outbound"); if (csv != null) { for (String s : csv.split(",")) { permissions.add(new SocketPermission(s, "connect,resolve")); } } // For fake security we need to act as a client to our own embedded authentication if (config.getBooleanOrFalse("insecure.fake.security")) { permissions.add(new SocketPermission("localhost:" + listen.port(), "connect,resolve")); } // Connecting to centralized authentication server PortInfo authServer = PortInfo.parseUrl(config.getString("auth.server.base.uri")); if (authServer != null) { permissions.add(new SocketPermission(authServer.host() + ":" + authServer.port(), "connect,resolve")); } // These two are for hsqldb to store its database files permissions.add(new FilePermission(workDir() + "/.hsql", "read,write,delete")); permissions.add(new FilePermission(workDir() + "/.hsql/-", "read,write,delete")); // In case we are terminating SSL/TLS on the server permissions.add(new FilePermission(workDir() + "/local.ssl.jks", "read")); // Vert.x default directory for handling file uploads permissions.add(new FilePermission(workDir() + "/file-uploads", "read,write")); // The SAML implementation needs these four (xml parsing; write metadata into conf) permissions.add(new FilePermission(workDir() + "/conf", "read,write")); permissions.add(new FilePermission(workDir() + "/conf/-", "read,write")); permissions.add(new SecurityPermission("org.apache.xml.security.register")); permissions.add(new PropertyPermission("org.apache.xml.security.ignoreLineBreaks", "write")); // Oracle JDBC driver requires these Flavor flavor = Flavor.fromJdbcUrl(config.getString("database.url", "jdbc:postgresql:")); if (flavor == Flavor.oracle) { permissions.add(new MBeanServerPermission("createMBeanServer")); permissions.add(new ManagementPermission("control")); permissions.add(new MBeanPermission("*", "registerMBean")); permissions.add(new MBeanTrustPermission("register")); } setSecurityPolicy(permissions.toArray(new Permission[0])); return this; }
protected boolean checkMBeanServerPermission(MBeanServerPermission perm) { return true; }
/** * Returns a reference to the virtual machine's platform * <code>MBeanServer</code>. This <code>MBeanServer</code> will have * all of the platform <code>MXBean</code> s registered with it including * any dynamic <code>MXBean</code> s (e.g. instances of * {@link GarbageCollectorMXBean}that may be unregistered and destroyed at * a later time. * <p> * In order to simplify the process of distribution and discovery of managed * beans it is good practice to register all managed beans (in addition to * the platform <code>MXBean</code>s) with this server. * </p> * <p> * A custom <code>MBeanServer</code> can be created by this method if the * System property <code>javax.management.builder.initial</code> has been * set with the fully qualified name of a subclass of * {@link javax.management.MBeanServerBuilder}. * </p> * * @return the platform <code>MBeanServer</code>. * @throws SecurityException * if there is a Java security manager in operation and the * caller of this method does not have * "createMBeanServer" * <code>MBeanServerPermission</code>. * @see MBeanServer * @see javax.management.MBeanServerPermission */ public static MBeanServer getPlatformMBeanServer() { SecurityManager security = System.getSecurityManager(); if (security != null) { security.checkPermission(new MBeanServerPermission( "createMBeanServer")); } synchronized (ManagementFactory.class) { if (platformServer == null) { platformServer = MBeanServerFactory.createMBeanServer(); AccessController.doPrivileged(new PrivilegedAction<Object>() { public Object run() { registerPlatformBeans(platformServer); return null; }// end method run }); } }// end synchronized return platformServer; }
public void setPermission(String act) { col.add(new MBeanServerPermission(act)); }
/** * Returns the platform {@link javax.management.MBeanServer MBeanServer}. * On the first call to this method, it first creates the platform * <tt>MBeanServer</tt> by calling the * {@link javax.management.MBeanServerFactory#createMBeanServer * MBeanServerFactory.createMBeanServer} * method and registers the platform MXBeans in this platform * <tt>MBeanServer</tt> using the <a href="#MXBeanNames">MXBean names</a> * defined in the class description. * This method, in subsequent calls, will simply return the * initially created platform <tt>MBeanServer</tt>. * <p> * MXBeans that get created and destroyed dynamically, for example, * memory {@link MemoryPoolMXBean pools} and * {@link MemoryManagerMXBean managers}, * will automatically be registered and deregistered into the platform * <tt>MBeanServer</tt>. * <p> * If the system property <tt>javax.management.builder.initial</tt> * is set, the platform <tt>MBeanServer</tt> creation will be done * by the specified {@link javax.management.MBeanServerBuilder}. * <p> * It is recommended that this platform MBeanServer also be used * to register other application managed beans * besides the platform MXBeans. * This will allow all MBeans to be published through the same * <tt>MBeanServer</tt> and hence allow for easier network publishing * and discovery. * Name conflicts with the platform MXBeans should be avoided. * * @return the platform <tt>MBeanServer</tt>; the platform * MXBeans are registered into the platform <tt>MBeanServer</tt> * at the first time this method is called. * * @exception SecurityException if there is a security manager * and the caller does not have the permission required by * {@link javax.management.MBeanServerFactory#createMBeanServer}. * * @see javax.management.MBeanServerFactory * @see javax.management.MBeanServerFactory#createMBeanServer */ public static synchronized MBeanServer getPlatformMBeanServer() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { Permission perm = new MBeanServerPermission("createMBeanServer"); sm.checkPermission(perm); } if (platformMBeanServer == null) { platformMBeanServer = sun.management.ManagementFactory.createPlatformMBeanServer(); } return platformMBeanServer; }
/** * Returns the platform {@link javax.management.MBeanServer MBeanServer}. * On the first call to this method, it first creates the platform * {@code MBeanServer} by calling the * {@link javax.management.MBeanServerFactory#createMBeanServer * MBeanServerFactory.createMBeanServer} * method and registers each platform MXBean in this platform * {@code MBeanServer} with its * {@link PlatformManagedObject#getObjectName ObjectName}. * This method, in subsequent calls, will simply return the * initially created platform {@code MBeanServer}. * <p> * MXBeans that get created and destroyed dynamically, for example, * memory {@link MemoryPoolMXBean pools} and * {@link MemoryManagerMXBean managers}, * will automatically be registered and deregistered into the platform * {@code MBeanServer}. * <p> * If the system property {@code javax.management.builder.initial} * is set, the platform {@code MBeanServer} creation will be done * by the specified {@link javax.management.MBeanServerBuilder}. * <p> * It is recommended that this platform MBeanServer also be used * to register other application managed beans * besides the platform MXBeans. * This will allow all MBeans to be published through the same * {@code MBeanServer} and hence allow for easier network publishing * and discovery. * Name conflicts with the platform MXBeans should be avoided. * * @return the platform {@code MBeanServer}; the platform * MXBeans are registered into the platform {@code MBeanServer} * at the first time this method is called. * * @exception SecurityException if there is a security manager * and the caller does not have the permission required by * {@link javax.management.MBeanServerFactory#createMBeanServer}. * * @see javax.management.MBeanServerFactory * @see javax.management.MBeanServerFactory#createMBeanServer */ public static synchronized MBeanServer getPlatformMBeanServer() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { Permission perm = new MBeanServerPermission("createMBeanServer"); sm.checkPermission(perm); } if (platformMBeanServer == null) { platformMBeanServer = MBeanServerFactory.createMBeanServer(); for (PlatformComponent pc : PlatformComponent.values()) { List<? extends PlatformManagedObject> list = pc.getMXBeans(pc.getMXBeanInterface()); for (PlatformManagedObject o : list) { // Each PlatformComponent represents one management // interface. Some MXBean may extend another one. // The MXBean instances for one platform component // (returned by pc.getMXBeans()) might be also // the MXBean instances for another platform component. // e.g. com.sun.management.GarbageCollectorMXBean // // So need to check if an MXBean instance is registered // before registering into the platform MBeanServer if (!platformMBeanServer.isRegistered(o.getObjectName())) { addMXBean(platformMBeanServer, o); } } } } return platformMBeanServer; }
/** * Returns the platform {@link javax.management.MBeanServer MBeanServer}. * On the first call to this method, it first creates the platform * {@code MBeanServer} by calling the * {@link javax.management.MBeanServerFactory#createMBeanServer * MBeanServerFactory.createMBeanServer} * method and registers each platform MXBean in this platform * {@code MBeanServer} with its * {@link PlatformManagedObject#getObjectName ObjectName}. * This method, in subsequent calls, will simply return the * initially created platform {@code MBeanServer}. * <p> * MXBeans that get created and destroyed dynamically, for example, * memory {@link MemoryPoolMXBean pools} and * {@link MemoryManagerMXBean managers}, * will automatically be registered and deregistered into the platform * {@code MBeanServer}. * <p> * If the system property {@code javax.management.builder.initial} * is set, the platform {@code MBeanServer} creation will be done * by the specified {@link javax.management.MBeanServerBuilder}. * <p> * It is recommended that this platform MBeanServer also be used * to register other application managed beans * besides the platform MXBeans. * This will allow all MBeans to be published through the same * {@code MBeanServer} and hence allow for easier network publishing * and discovery. * Name conflicts with the platform MXBeans should be avoided. * * @return the platform {@code MBeanServer}; the platform * MXBeans are registered into the platform {@code MBeanServer} * at the first time this method is called. * * @exception SecurityException if there is a security manager * and the caller does not have the permission required by * {@link javax.management.MBeanServerFactory#createMBeanServer}. * * @see javax.management.MBeanServerFactory * @see javax.management.MBeanServerFactory#createMBeanServer */ public static synchronized MBeanServer getPlatformMBeanServer() { SecurityManager sm = System.getSecurityManager(); if (sm != null) { Permission perm = new MBeanServerPermission("createMBeanServer"); sm.checkPermission(perm); } if (platformMBeanServer == null) { platformMBeanServer = MBeanServerFactory.createMBeanServer(); for (PlatformComponent pc : PlatformComponent.values()) { List<? extends PlatformManagedObject> list = pc.getMXBeans(pc.getMXBeanInterface()); for (PlatformManagedObject o : list) { // Each PlatformComponent represents one management // interface. Some MXBean may extend another one. // The MXBean instances for one platform component // (returned by pc.getMXBeans()) might be also // the MXBean instances for another platform component. // e.g. com.sun.management.GarbageCollectorMXBean // // So need to check if an MXBean instance is registered // before registering into the platform MBeanServer if (!platformMBeanServer.isRegistered(o.getObjectName())) { addMXBean(platformMBeanServer, o); } } } HashMap<ObjectName, DynamicMBean> dynmbeans = ManagementFactoryHelper.getPlatformDynamicMBeans(); for (Map.Entry<ObjectName, DynamicMBean> e : dynmbeans.entrySet()) { addDynamicMBean(platformMBeanServer, e.getValue(), e.getKey()); } } return platformMBeanServer; }