0001: /*
0002: * Copyright (C) The MX4J Contributors.
0003: * All rights reserved.
0004: *
0005: * This software is distributed under the terms of the MX4J License version 1.0.
0006: * See the terms of the MX4J License in the documentation provided with this software.
0007: */
0008:
0009: package test.javax.management.remote;
0010:
0011: import java.net.MalformedURLException;
0012: import java.net.SocketPermission;
0013: import java.security.AccessController;
0014: import java.security.AllPermission;
0015: import java.security.CodeSource;
0016: import java.security.Permission;
0017: import java.security.PermissionCollection;
0018: import java.security.Permissions;
0019: import java.security.Policy;
0020: import java.security.Principal;
0021: import java.security.ProtectionDomain;
0022: import java.security.SecurityPermission;
0023: import java.util.Collections;
0024: import java.util.Enumeration;
0025: import java.util.HashMap;
0026: import java.util.HashSet;
0027: import java.util.Map;
0028: import java.util.Set;
0029: import javax.management.MBeanPermission;
0030: import javax.management.MBeanServer;
0031: import javax.management.MBeanServerConnection;
0032: import javax.management.MBeanServerFactory;
0033: import javax.management.MBeanServerPermission;
0034: import javax.management.MBeanTrustPermission;
0035: import javax.management.ObjectName;
0036: import javax.management.remote.JMXAuthenticator;
0037: import javax.management.remote.JMXConnector;
0038: import javax.management.remote.JMXConnectorFactory;
0039: import javax.management.remote.JMXConnectorServer;
0040: import javax.management.remote.JMXConnectorServerFactory;
0041: import javax.management.remote.JMXPrincipal;
0042: import javax.management.remote.JMXServiceURL;
0043: import javax.management.remote.SubjectDelegationPermission;
0044: import javax.security.auth.AuthPermission;
0045: import javax.security.auth.Subject;
0046:
0047: import junit.framework.TestCase;
0048: import mx4j.remote.MX4JRemoteUtils;
0049: import mx4j.server.MX4JMBeanServer;
0050: import test.javax.management.SecurityManagerTestCase;
0051:
0052: /**
0053: * @version $Revision: 1.4 $
0054: */
0055: public abstract class RemoteSecurityManagerTestCase extends
0056: SecurityManagerTestCase {
0057: public RemoteSecurityManagerTestCase(String s) {
0058: super (s);
0059: }
0060:
0061: protected void setUp() throws Exception {
0062: // Be sure we have a security manager and the right policy
0063: SecurityManager sm = System.getSecurityManager();
0064: if (sm == null)
0065: fail();
0066: Policy policy = Policy.getPolicy();
0067: if (!(policy instanceof RemoteModifiablePolicy))
0068: fail();
0069: ((RemoteModifiablePolicy) policy).initialize();
0070: }
0071:
0072: protected void tearDown() throws Exception {
0073: // Allow the sockets to shut down
0074: sleep(2000);
0075: }
0076:
0077: protected void addPermission(Permission p) {
0078: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0079: .getPolicy();
0080: policy.addServerPermission(p);
0081: }
0082:
0083: protected void resetPermissions() {
0084: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0085: .getPolicy();
0086: policy.initialize();
0087: }
0088:
0089: /**
0090: * Creates and returns a suitable JMXServiceURL for the specific JMXConnectorServer
0091: * used in the tests. Subclasses implements it to return specific JMXServiceURL.
0092: */
0093: protected abstract JMXServiceURL createJMXConnectorServerAddress()
0094: throws MalformedURLException;
0095:
0096: /**
0097: * Creates and returns a new environment map to be used for the server side
0098: *
0099: * @see #createClientEnvironment
0100: */
0101: protected Map createServerEnvironment() {
0102: return new HashMap();
0103: }
0104:
0105: /**
0106: * Creates and returns a new environment map to be used for the client side
0107: *
0108: * @see #createServerEnvironment
0109: */
0110: protected Map createClientEnvironment() {
0111: return new HashMap();
0112: }
0113:
0114: public void testNewJMXConnectorServer() throws Exception {
0115: addPermission(new MBeanServerPermission("newMBeanServer"));
0116:
0117: JMXServiceURL url = createJMXConnectorServerAddress();
0118: JMXConnectorServer cntorServer = JMXConnectorServerFactory
0119: .newJMXConnectorServer(url, createServerEnvironment(),
0120: newMBeanServer());
0121:
0122: try {
0123: cntorServer.start();
0124: fail();
0125: } catch (SecurityException x) {
0126: }
0127: }
0128:
0129: public void testStartJMXConnectorServer() throws Exception {
0130: addPermission(new MBeanServerPermission("newMBeanServer"));
0131:
0132: JMXServiceURL url = createJMXConnectorServerAddress();
0133: JMXConnectorServer cntorServer = JMXConnectorServerFactory
0134: .newJMXConnectorServer(url, createServerEnvironment(),
0135: newMBeanServer());
0136:
0137: addPermission(new SocketPermission(
0138: "localhost:" + url.getPort(), "listen"));
0139: try {
0140: cntorServer.start();
0141: } finally {
0142: cntorServer.stop();
0143: }
0144: }
0145:
0146: public void testConnect() throws Exception {
0147: addPermission(new MBeanServerPermission("newMBeanServer"));
0148:
0149: JMXServiceURL url = createJMXConnectorServerAddress();
0150: JMXConnectorServer cntorServer = JMXConnectorServerFactory
0151: .newJMXConnectorServer(url, createServerEnvironment(),
0152: newMBeanServer());
0153:
0154: // Required by the server
0155: addPermission(new SocketPermission(
0156: "localhost:" + url.getPort(), "listen"));
0157:
0158: JMXConnector cntor = null;
0159: try {
0160: cntorServer.start();
0161:
0162: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0163: .getPolicy();
0164: policy.setSeparateClientServerPermissions(true);
0165:
0166: try {
0167: JMXConnectorFactory.connect(cntorServer.getAddress());
0168: fail();
0169: } catch (SecurityException x) {
0170: }
0171:
0172: // Allow any client to connect to the server
0173: addPermission(new SocketPermission("*:1024-"
0174: + url.getPort(), "accept"));
0175: // Allow this client to open a socket to connect to the server
0176: policy.addClientPermission(new SocketPermission(
0177: "localhost:" + url.getPort(), "connect"));
0178: cntor = JMXConnectorFactory.connect(cntorServer
0179: .getAddress());
0180: } finally {
0181: if (cntor != null)
0182: cntor.close();
0183: if (cntorServer != null)
0184: cntorServer.stop();
0185: }
0186: }
0187:
0188: public void testAuthenticatedConnect() throws Exception {
0189: addPermission(new MBeanServerPermission("newMBeanServer"));
0190:
0191: JMXServiceURL url = createJMXConnectorServerAddress();
0192: Map serverEnv = createServerEnvironment();
0193: serverEnv.put(JMXConnectorServer.AUTHENTICATOR,
0194: new JMXAuthenticator() {
0195: public Subject authenticate(Object credentials)
0196: throws SecurityException {
0197: if (!(credentials instanceof String[]))
0198: throw new SecurityException(
0199: "No credentials provided");
0200: String[] creds = (String[]) credentials;
0201: if (creds.length != 2)
0202: throw new SecurityException(
0203: "Bad credentials");
0204: String user = creds[0];
0205: String password = creds[1];
0206: if (!"test".equals(user))
0207: throw new SecurityException("Unknown user");
0208: if (!"test".equals(password))
0209: throw new SecurityException(
0210: "Wrong password");
0211: Principal principal = new JMXPrincipal(user);
0212: Set principals = new HashSet();
0213: principals.add(principal);
0214: Subject subject = new Subject(true, principals,
0215: Collections.EMPTY_SET,
0216: Collections.EMPTY_SET);
0217: return subject;
0218: }
0219: });
0220:
0221: JMXConnectorServer cntorServer = null;
0222: JMXConnector cntor = null;
0223: try {
0224: cntorServer = JMXConnectorServerFactory
0225: .newJMXConnectorServer(url, serverEnv,
0226: newMBeanServer());
0227:
0228: // Required by the server
0229: addPermission(new SocketPermission("localhost:"
0230: + url.getPort(), "listen"));
0231: cntorServer.start();
0232:
0233: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0234: .getPolicy();
0235: policy.setSeparateClientServerPermissions(true);
0236:
0237: Map clientEnv = createClientEnvironment();
0238: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0239: "test", "test" });
0240: // Allow this client to open a socket to connect to the server
0241: policy.addClientPermission(new SocketPermission(
0242: "localhost:" + url.getPort(), "connect"));
0243: // Allow the authenticated subject to listen and accept a connection
0244: policy.addServerPermission(new JMXPrincipal("test"),
0245: new SocketPermission("localhost:" + url.getPort(),
0246: "listen"));
0247: policy.addServerPermission(new JMXPrincipal("test"),
0248: new SocketPermission("*:1024-" + url.getPort(),
0249: "accept"));
0250:
0251: // No credentials
0252: try {
0253: JMXConnectorFactory.connect(cntorServer.getAddress());
0254: fail();
0255: } catch (SecurityException x) {
0256: }
0257:
0258: // Bad credentials
0259: clientEnv = createClientEnvironment();
0260: clientEnv.put(JMXConnector.CREDENTIALS, null);
0261: try {
0262: JMXConnectorFactory.connect(cntorServer.getAddress(),
0263: clientEnv);
0264: fail();
0265: } catch (SecurityException x) {
0266: }
0267:
0268: // Bad credentials
0269: clientEnv = createClientEnvironment();
0270: clientEnv.put(JMXConnector.CREDENTIALS, new StringBuffer());
0271: try {
0272: JMXConnectorFactory.connect(cntorServer.getAddress(),
0273: clientEnv);
0274: fail();
0275: } catch (SecurityException x) {
0276: }
0277:
0278: // Bad credentials
0279: clientEnv = createClientEnvironment();
0280: clientEnv.put(JMXConnector.CREDENTIALS, new String[0]);
0281: try {
0282: JMXConnectorFactory.connect(cntorServer.getAddress(),
0283: clientEnv);
0284: fail();
0285: } catch (SecurityException x) {
0286: }
0287:
0288: // Bad credentials
0289: clientEnv = createClientEnvironment();
0290: clientEnv.put(JMXConnector.CREDENTIALS,
0291: new String[] { "dummy" });
0292: try {
0293: JMXConnectorFactory.connect(cntorServer.getAddress(),
0294: clientEnv);
0295: fail();
0296: } catch (SecurityException x) {
0297: }
0298:
0299: // Bad credentials
0300: clientEnv = createClientEnvironment();
0301: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0302: "dummy", "dummy" });
0303: try {
0304: JMXConnectorFactory.connect(cntorServer.getAddress(),
0305: clientEnv);
0306: fail();
0307: } catch (SecurityException x) {
0308: }
0309:
0310: // Bad credentials
0311: clientEnv = createClientEnvironment();
0312: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0313: "dummy", "dummy", "dummy" });
0314: try {
0315: JMXConnectorFactory.connect(cntorServer.getAddress(),
0316: clientEnv);
0317: fail();
0318: } catch (SecurityException x) {
0319: }
0320:
0321: // Bad credentials
0322: clientEnv = createClientEnvironment();
0323: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0324: "test", "wrong" });
0325: try {
0326: JMXConnectorFactory.connect(cntorServer.getAddress(),
0327: clientEnv);
0328: fail();
0329: } catch (SecurityException x) {
0330: }
0331:
0332: clientEnv = createClientEnvironment();
0333: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0334: "test", "test" });
0335: cntor = JMXConnectorFactory.connect(cntorServer
0336: .getAddress(), clientEnv);
0337: } finally {
0338: if (cntor != null)
0339: cntor.close();
0340: if (cntorServer != null)
0341: cntorServer.stop();
0342: }
0343: }
0344:
0345: public void testAuthenticatedSubjectOnServerSide() throws Exception {
0346: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0347: .getPolicy();
0348: addPermission(new MBeanServerPermission("newMBeanServer"));
0349:
0350: JMXServiceURL url = createJMXConnectorServerAddress();
0351: Map serverEnv = createServerEnvironment();
0352: serverEnv.put(JMXConnectorServer.AUTHENTICATOR,
0353: new JMXAuthenticator() {
0354: public Subject authenticate(Object credentials)
0355: throws SecurityException {
0356: if (!(credentials instanceof String[]))
0357: throw new SecurityException(
0358: "No credentials provided");
0359: String[] creds = (String[]) credentials;
0360: if (creds.length != 2)
0361: throw new SecurityException(
0362: "Bad credentials");
0363: String user = creds[0];
0364: String password = creds[1];
0365: if (!"test".equals(user))
0366: throw new SecurityException("Unknown user");
0367: if (!"test".equals(password))
0368: throw new SecurityException(
0369: "Wrong password");
0370: Principal principal = new JMXPrincipal(user);
0371: Set principals = new HashSet();
0372: principals.add(principal);
0373: Subject subject = new Subject(true, principals,
0374: Collections.EMPTY_SET,
0375: Collections.EMPTY_SET);
0376: return subject;
0377: }
0378: });
0379:
0380: JMXConnectorServer cntorServer = null;
0381: JMXConnector cntor = null;
0382: try {
0383: cntorServer = JMXConnectorServerFactory
0384: .newJMXConnectorServer(url, serverEnv,
0385: newMBeanServer());
0386:
0387: // Required by the server
0388: addPermission(new SocketPermission("localhost:"
0389: + url.getPort(), "listen"));
0390: cntorServer.start();
0391:
0392: policy.setSeparateClientServerPermissions(true);
0393:
0394: Map clientEnv = createClientEnvironment();
0395: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0396: "test", "test" });
0397: policy.addClientPermission(new SocketPermission(
0398: "localhost:" + url.getPort(), "connect"));
0399: policy.addServerPermission(new JMXPrincipal("test"),
0400: new AuthPermission("doAsPrivileged"));
0401: policy.addServerPermission(new JMXPrincipal("test"),
0402: new SocketPermission("localhost:" + url.getPort(),
0403: "listen"));
0404: policy.addServerPermission(new JMXPrincipal("test"),
0405: new SocketPermission("*:1024-" + url.getPort(),
0406: "accept"));
0407: cntor = JMXConnectorFactory.connect(cntorServer
0408: .getAddress(), clientEnv);
0409:
0410: addPermission(new MBeanTrustPermission("*"));
0411: policy
0412: .addServerPermission(
0413: new JMXPrincipal("test"),
0414: new MBeanPermission("*",
0415: "instantiate, registerMBean, getAttribute"));
0416: MBeanServerConnection cntion = cntor
0417: .getMBeanServerConnection();
0418: ObjectName name = ObjectName.getInstance(":name=subject");
0419: cntion
0420: .createMBean(SubjectCheck.class.getName(), name,
0421: null);
0422: policy.addServerPermission(new JMXPrincipal("test"),
0423: new AuthPermission("getSubject"));
0424: Subject subject = (Subject) cntion.getAttribute(name,
0425: "Subject");
0426:
0427: Set principals = subject.getPrincipals();
0428: assertNotNull(principals);
0429: assertEquals(principals.size(), 1);
0430: Principal principal = (Principal) principals.iterator()
0431: .next();
0432: assertTrue(principal instanceof JMXPrincipal);
0433: assertEquals(principal.getName(), "test");
0434: } finally {
0435: if (cntor != null)
0436: cntor.close();
0437: if (cntorServer != null)
0438: cntorServer.stop();
0439: }
0440: }
0441:
0442: public void testDelegateSubjectOnServerSide() throws Exception {
0443: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0444: .getPolicy();
0445: addPermission(new MBeanServerPermission("newMBeanServer"));
0446:
0447: JMXServiceURL url = createJMXConnectorServerAddress();
0448: Map serverEnv = createServerEnvironment();
0449: serverEnv.put(JMXConnectorServer.AUTHENTICATOR,
0450: new JMXAuthenticator() {
0451: public Subject authenticate(Object credentials)
0452: throws SecurityException {
0453: if (!(credentials instanceof String[]))
0454: throw new SecurityException(
0455: "No credentials provided");
0456: String[] creds = (String[]) credentials;
0457: if (creds.length != 2)
0458: throw new SecurityException(
0459: "Bad credentials");
0460: String user = creds[0];
0461: String password = creds[1];
0462: if (!"test".equals(user))
0463: throw new SecurityException("Unknown user");
0464: if (!"test".equals(password))
0465: throw new SecurityException(
0466: "Wrong password");
0467: Principal principal = new JMXPrincipal(user);
0468: Set principals = new HashSet();
0469: principals.add(principal);
0470: Subject subject = new Subject(true, principals,
0471: Collections.EMPTY_SET,
0472: Collections.EMPTY_SET);
0473: return subject;
0474: }
0475: });
0476:
0477: JMXConnectorServer cntorServer = null;
0478: JMXConnector cntor = null;
0479: try {
0480: cntorServer = JMXConnectorServerFactory
0481: .newJMXConnectorServer(url, serverEnv,
0482: newMBeanServer());
0483: // Required by the server
0484: addPermission(new SocketPermission("localhost:"
0485: + url.getPort(), "listen"));
0486: cntorServer.start();
0487:
0488: policy.setSeparateClientServerPermissions(true);
0489:
0490: Map clientEnv = createClientEnvironment();
0491: clientEnv.put(JMXConnector.CREDENTIALS, new String[] {
0492: "test", "test" });
0493: policy.addClientPermission(new SocketPermission(
0494: "localhost:" + url.getPort(), "connect"));
0495: policy.addServerPermission(new JMXPrincipal("test"),
0496: new AuthPermission("doAsPrivileged"));
0497: policy.addServerPermission(new JMXPrincipal("test"),
0498: new SocketPermission("localhost:" + url.getPort(),
0499: "listen"));
0500: policy.addServerPermission(new JMXPrincipal("test"),
0501: new SocketPermission("*:1024-" + url.getPort(),
0502: "accept"));
0503: cntor = JMXConnectorFactory.connect(cntorServer
0504: .getAddress(), clientEnv);
0505:
0506: addPermission(new MBeanTrustPermission("*"));
0507: policy
0508: .addServerPermission(
0509: new JMXPrincipal("delegate"),
0510: new MBeanPermission("*",
0511: "instantiate, registerMBean, getAttribute"));
0512: policy.addServerPermission(new JMXPrincipal("test"),
0513: new SubjectDelegationPermission(JMXPrincipal.class
0514: .getName()
0515: + ".delegate"));
0516:
0517: Set delegates = new HashSet();
0518: delegates.add(new JMXPrincipal("delegate"));
0519: Subject delegate = new Subject(true, delegates,
0520: Collections.EMPTY_SET, Collections.EMPTY_SET);
0521: MBeanServerConnection cntion = cntor
0522: .getMBeanServerConnection(delegate);
0523: ObjectName name = ObjectName.getInstance(":name=subject");
0524: cntion
0525: .createMBean(SubjectCheck.class.getName(), name,
0526: null);
0527: policy.addServerPermission(new JMXPrincipal("delegate"),
0528: new AuthPermission("getSubject"));
0529: Subject subject = (Subject) cntion.getAttribute(name,
0530: "Subject");
0531:
0532: Set principals = subject.getPrincipals();
0533: assertNotNull(principals);
0534: assertEquals(principals.size(), 1);
0535: Principal principal = (Principal) principals.iterator()
0536: .next();
0537: assertTrue(principal instanceof JMXPrincipal);
0538: assertEquals(principal.getName(), "delegate");
0539: } finally {
0540: if (cntor != null)
0541: cntor.close();
0542: if (cntorServer != null)
0543: cntorServer.stop();
0544: }
0545: }
0546:
0547: public void testAddRemoveNotificationListener() throws Exception {
0548: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0549: .getPolicy();
0550: addPermission(new MBeanServerPermission("newMBeanServer"));
0551:
0552: JMXServiceURL url = createJMXConnectorServerAddress();
0553: JMXConnectorServer cntorServer = null;
0554: JMXConnector cntor = null;
0555: try {
0556: cntorServer = JMXConnectorServerFactory
0557: .newJMXConnectorServer(url,
0558: createServerEnvironment(), newMBeanServer());
0559: // Required by the server
0560: addPermission(new SocketPermission("localhost:"
0561: + url.getPort(), "listen"));
0562: cntorServer.start();
0563:
0564: policy.setSeparateClientServerPermissions(true);
0565:
0566: policy.addClientPermission(new SocketPermission(
0567: "localhost:" + url.getPort(), "connect"));
0568: addPermission(new SocketPermission("localhost:"
0569: + url.getPort(), "listen"));
0570: addPermission(new SocketPermission("*:1024-"
0571: + url.getPort(), "accept"));
0572: cntor = JMXConnectorFactory.connect(cntorServer
0573: .getAddress(), createClientEnvironment());
0574:
0575: MBeanServerConnection cntion = cntor
0576: .getMBeanServerConnection();
0577:
0578: testAddRemoveNotificationListener(cntion);
0579: } finally {
0580: if (cntor != null)
0581: cntor.close();
0582: if (cntorServer != null)
0583: cntorServer.stop();
0584: }
0585: }
0586:
0587: public void testCreateMBean4Params() throws Exception {
0588: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0589: .getPolicy();
0590: addPermission(new MBeanServerPermission("newMBeanServer"));
0591:
0592: JMXServiceURL url = createJMXConnectorServerAddress();
0593: JMXConnectorServer cntorServer = null;
0594: JMXConnector cntor = null;
0595: try {
0596: cntorServer = JMXConnectorServerFactory
0597: .newJMXConnectorServer(url,
0598: createServerEnvironment(), newMBeanServer());
0599: // Required by the server
0600: addPermission(new SocketPermission("localhost:"
0601: + url.getPort(), "listen"));
0602: cntorServer.start();
0603:
0604: policy.setSeparateClientServerPermissions(true);
0605:
0606: policy.addClientPermission(new SocketPermission(
0607: "localhost:" + url.getPort(), "connect"));
0608: addPermission(new SocketPermission("localhost:"
0609: + url.getPort(), "listen"));
0610: addPermission(new SocketPermission("*:1024-"
0611: + url.getPort(), "accept"));
0612: cntor = JMXConnectorFactory.connect(cntorServer
0613: .getAddress(), createClientEnvironment());
0614:
0615: MBeanServerConnection cntion = cntor
0616: .getMBeanServerConnection();
0617:
0618: testCreateMBean4Params(cntion);
0619: } finally {
0620: if (cntor != null)
0621: cntor.close();
0622: if (cntorServer != null)
0623: cntorServer.stop();
0624: }
0625: }
0626:
0627: public void testCreateMBean5Params() throws Exception {
0628: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0629: .getPolicy();
0630: addPermission(new MBeanServerPermission("newMBeanServer"));
0631:
0632: JMXServiceURL url = createJMXConnectorServerAddress();
0633: JMXConnectorServer cntorServer = null;
0634: JMXConnector cntor = null;
0635: try {
0636: cntorServer = JMXConnectorServerFactory
0637: .newJMXConnectorServer(url,
0638: createServerEnvironment(), newMBeanServer());
0639: // Required by the server
0640: addPermission(new SocketPermission("localhost:"
0641: + url.getPort(), "listen"));
0642: cntorServer.start();
0643:
0644: policy.setSeparateClientServerPermissions(true);
0645:
0646: policy.addClientPermission(new SocketPermission(
0647: "localhost:" + url.getPort(), "connect"));
0648: addPermission(new SocketPermission("localhost:"
0649: + url.getPort(), "listen"));
0650: addPermission(new SocketPermission("*:1024-"
0651: + url.getPort(), "accept"));
0652: cntor = JMXConnectorFactory.connect(cntorServer
0653: .getAddress(), createClientEnvironment());
0654:
0655: MBeanServerConnection cntion = cntor
0656: .getMBeanServerConnection();
0657:
0658: testCreateMBean5Params(cntion);
0659: } finally {
0660: if (cntor != null)
0661: cntor.close();
0662: if (cntorServer != null)
0663: cntorServer.stop();
0664: }
0665: }
0666:
0667: public void testGetAttribute() throws Exception {
0668: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0669: .getPolicy();
0670: addPermission(new MBeanServerPermission("newMBeanServer"));
0671:
0672: JMXServiceURL url = createJMXConnectorServerAddress();
0673: JMXConnectorServer cntorServer = null;
0674: JMXConnector cntor = null;
0675: try {
0676: cntorServer = JMXConnectorServerFactory
0677: .newJMXConnectorServer(url,
0678: createServerEnvironment(), newMBeanServer());
0679: // Required by the server
0680: addPermission(new SocketPermission("localhost:"
0681: + url.getPort(), "listen"));
0682: cntorServer.start();
0683:
0684: policy.setSeparateClientServerPermissions(true);
0685:
0686: policy.addClientPermission(new SocketPermission(
0687: "localhost:" + url.getPort(), "connect"));
0688: addPermission(new SocketPermission("localhost:"
0689: + url.getPort(), "listen"));
0690: addPermission(new SocketPermission("*:1024-"
0691: + url.getPort(), "accept"));
0692: cntor = JMXConnectorFactory.connect(cntorServer
0693: .getAddress(), createClientEnvironment());
0694:
0695: MBeanServerConnection cntion = cntor
0696: .getMBeanServerConnection();
0697:
0698: testGetAttribute(cntion);
0699: } finally {
0700: if (cntor != null)
0701: cntor.close();
0702: if (cntorServer != null)
0703: cntorServer.stop();
0704: }
0705: }
0706:
0707: public void testGetAttributes() throws Exception {
0708: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0709: .getPolicy();
0710: addPermission(new MBeanServerPermission("newMBeanServer"));
0711:
0712: JMXServiceURL url = createJMXConnectorServerAddress();
0713: JMXConnectorServer cntorServer = null;
0714: JMXConnector cntor = null;
0715: try {
0716: cntorServer = JMXConnectorServerFactory
0717: .newJMXConnectorServer(url,
0718: createServerEnvironment(), newMBeanServer());
0719: // Required by the server
0720: addPermission(new SocketPermission("localhost:"
0721: + url.getPort(), "listen"));
0722: cntorServer.start();
0723:
0724: policy.setSeparateClientServerPermissions(true);
0725:
0726: policy.addClientPermission(new SocketPermission(
0727: "localhost:" + url.getPort(), "connect"));
0728: addPermission(new SocketPermission("localhost:"
0729: + url.getPort(), "listen"));
0730: addPermission(new SocketPermission("*:1024-"
0731: + url.getPort(), "accept"));
0732: cntor = JMXConnectorFactory.connect(cntorServer
0733: .getAddress(), createClientEnvironment());
0734:
0735: MBeanServerConnection cntion = cntor
0736: .getMBeanServerConnection();
0737:
0738: testGetAttributes(cntion);
0739: } finally {
0740: if (cntor != null)
0741: cntor.close();
0742: if (cntorServer != null)
0743: cntorServer.stop();
0744: }
0745: }
0746:
0747: public void testGetDefaultDomain() throws Exception {
0748: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0749: .getPolicy();
0750: addPermission(new MBeanServerPermission("newMBeanServer"));
0751:
0752: JMXServiceURL url = createJMXConnectorServerAddress();
0753: JMXConnectorServer cntorServer = null;
0754: JMXConnector cntor = null;
0755: try {
0756: String domain = "xxx";
0757: MBeanServer server = MBeanServerFactory
0758: .newMBeanServer(domain);
0759: cntorServer = JMXConnectorServerFactory
0760: .newJMXConnectorServer(url,
0761: createServerEnvironment(), server);
0762: // Required by the server
0763: addPermission(new SocketPermission("localhost:"
0764: + url.getPort(), "listen"));
0765: cntorServer.start();
0766:
0767: policy.setSeparateClientServerPermissions(true);
0768:
0769: policy.addClientPermission(new SocketPermission(
0770: "localhost:" + url.getPort(), "connect"));
0771: addPermission(new SocketPermission("localhost:"
0772: + url.getPort(), "listen"));
0773: addPermission(new SocketPermission("*:1024-"
0774: + url.getPort(), "accept"));
0775: cntor = JMXConnectorFactory.connect(cntorServer
0776: .getAddress(), createClientEnvironment());
0777:
0778: MBeanServerConnection cntion = cntor
0779: .getMBeanServerConnection();
0780:
0781: testGetDefaultDomain(cntion, domain);
0782: } finally {
0783: if (cntor != null)
0784: cntor.close();
0785: if (cntorServer != null)
0786: cntorServer.stop();
0787: }
0788: }
0789:
0790: public void testGetDomains() throws Exception {
0791: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0792: .getPolicy();
0793: addPermission(new MBeanServerPermission("newMBeanServer"));
0794:
0795: JMXServiceURL url = createJMXConnectorServerAddress();
0796: JMXConnectorServer cntorServer = null;
0797: JMXConnector cntor = null;
0798: try {
0799: cntorServer = JMXConnectorServerFactory
0800: .newJMXConnectorServer(url,
0801: createServerEnvironment(), newMBeanServer());
0802: // Required by the server
0803: addPermission(new SocketPermission("localhost:"
0804: + url.getPort(), "listen"));
0805: cntorServer.start();
0806:
0807: policy.setSeparateClientServerPermissions(true);
0808:
0809: policy.addClientPermission(new SocketPermission(
0810: "localhost:" + url.getPort(), "connect"));
0811: addPermission(new SocketPermission("localhost:"
0812: + url.getPort(), "listen"));
0813: addPermission(new SocketPermission("*:1024-"
0814: + url.getPort(), "accept"));
0815: cntor = JMXConnectorFactory.connect(cntorServer
0816: .getAddress(), createClientEnvironment());
0817:
0818: MBeanServerConnection cntion = cntor
0819: .getMBeanServerConnection();
0820:
0821: testGetDomains(cntion);
0822: } finally {
0823: if (cntor != null)
0824: cntor.close();
0825: if (cntorServer != null)
0826: cntorServer.stop();
0827: }
0828: }
0829:
0830: public void testGetMBeanCount() throws Exception {
0831: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0832: .getPolicy();
0833: addPermission(new MBeanServerPermission("newMBeanServer"));
0834:
0835: JMXServiceURL url = createJMXConnectorServerAddress();
0836: JMXConnectorServer cntorServer = null;
0837: JMXConnector cntor = null;
0838: try {
0839: cntorServer = JMXConnectorServerFactory
0840: .newJMXConnectorServer(url,
0841: createServerEnvironment(), newMBeanServer());
0842: // Required by the server
0843: addPermission(new SocketPermission("localhost:"
0844: + url.getPort(), "listen"));
0845: cntorServer.start();
0846:
0847: policy.setSeparateClientServerPermissions(true);
0848:
0849: policy.addClientPermission(new SocketPermission(
0850: "localhost:" + url.getPort(), "connect"));
0851: addPermission(new SocketPermission("localhost:"
0852: + url.getPort(), "listen"));
0853: addPermission(new SocketPermission("*:1024-"
0854: + url.getPort(), "accept"));
0855: cntor = JMXConnectorFactory.connect(cntorServer
0856: .getAddress(), createClientEnvironment());
0857:
0858: MBeanServerConnection cntion = cntor
0859: .getMBeanServerConnection();
0860:
0861: testGetMBeanCount(cntion);
0862: } finally {
0863: if (cntor != null)
0864: cntor.close();
0865: if (cntorServer != null)
0866: cntorServer.stop();
0867: }
0868: }
0869:
0870: public void testGetMBeanInfo() throws Exception {
0871: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0872: .getPolicy();
0873: addPermission(new MBeanServerPermission("newMBeanServer"));
0874:
0875: JMXServiceURL url = createJMXConnectorServerAddress();
0876: JMXConnectorServer cntorServer = null;
0877: JMXConnector cntor = null;
0878: try {
0879: cntorServer = JMXConnectorServerFactory
0880: .newJMXConnectorServer(url,
0881: createServerEnvironment(), newMBeanServer());
0882: // Required by the server
0883: addPermission(new SocketPermission("localhost:"
0884: + url.getPort(), "listen"));
0885: cntorServer.start();
0886:
0887: policy.setSeparateClientServerPermissions(true);
0888:
0889: policy.addClientPermission(new SocketPermission(
0890: "localhost:" + url.getPort(), "connect"));
0891: addPermission(new SocketPermission("localhost:"
0892: + url.getPort(), "listen"));
0893: addPermission(new SocketPermission("*:1024-"
0894: + url.getPort(), "accept"));
0895: cntor = JMXConnectorFactory.connect(cntorServer
0896: .getAddress(), createClientEnvironment());
0897:
0898: MBeanServerConnection cntion = cntor
0899: .getMBeanServerConnection();
0900:
0901: testGetMBeanInfo(cntion);
0902: } finally {
0903: if (cntor != null)
0904: cntor.close();
0905: if (cntorServer != null)
0906: cntorServer.stop();
0907: }
0908: }
0909:
0910: public void testGetObjectInstance() throws Exception {
0911: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0912: .getPolicy();
0913: addPermission(new MBeanServerPermission("newMBeanServer"));
0914:
0915: JMXServiceURL url = createJMXConnectorServerAddress();
0916: JMXConnectorServer cntorServer = null;
0917: JMXConnector cntor = null;
0918: try {
0919: cntorServer = JMXConnectorServerFactory
0920: .newJMXConnectorServer(url,
0921: createServerEnvironment(), newMBeanServer());
0922: // Required by the server
0923: addPermission(new SocketPermission("localhost:"
0924: + url.getPort(), "listen"));
0925: cntorServer.start();
0926:
0927: policy.setSeparateClientServerPermissions(true);
0928:
0929: policy.addClientPermission(new SocketPermission(
0930: "localhost:" + url.getPort(), "connect"));
0931: addPermission(new SocketPermission("localhost:"
0932: + url.getPort(), "listen"));
0933: addPermission(new SocketPermission("*:1024-"
0934: + url.getPort(), "accept"));
0935: cntor = JMXConnectorFactory.connect(cntorServer
0936: .getAddress(), createClientEnvironment());
0937:
0938: MBeanServerConnection cntion = cntor
0939: .getMBeanServerConnection();
0940:
0941: testGetObjectInstance(cntion);
0942: } finally {
0943: if (cntor != null)
0944: cntor.close();
0945: if (cntorServer != null)
0946: cntorServer.stop();
0947: }
0948: }
0949:
0950: public void testInvoke() throws Exception {
0951: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0952: .getPolicy();
0953: addPermission(new MBeanServerPermission("newMBeanServer"));
0954:
0955: JMXServiceURL url = createJMXConnectorServerAddress();
0956: JMXConnectorServer cntorServer = null;
0957: JMXConnector cntor = null;
0958: try {
0959: cntorServer = JMXConnectorServerFactory
0960: .newJMXConnectorServer(url,
0961: createServerEnvironment(), newMBeanServer());
0962: // Required by the server
0963: addPermission(new SocketPermission("localhost:"
0964: + url.getPort(), "listen"));
0965: cntorServer.start();
0966:
0967: policy.setSeparateClientServerPermissions(true);
0968:
0969: policy.addClientPermission(new SocketPermission(
0970: "localhost:" + url.getPort(), "connect"));
0971: addPermission(new SocketPermission("localhost:"
0972: + url.getPort(), "listen"));
0973: addPermission(new SocketPermission("*:1024-"
0974: + url.getPort(), "accept"));
0975: cntor = JMXConnectorFactory.connect(cntorServer
0976: .getAddress(), createClientEnvironment());
0977:
0978: MBeanServerConnection cntion = cntor
0979: .getMBeanServerConnection();
0980:
0981: testInvoke(cntion);
0982: } finally {
0983: if (cntor != null)
0984: cntor.close();
0985: if (cntorServer != null)
0986: cntorServer.stop();
0987: }
0988: }
0989:
0990: public void testIsInstanceOf() throws Exception {
0991: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
0992: .getPolicy();
0993: addPermission(new MBeanServerPermission("newMBeanServer"));
0994:
0995: JMXServiceURL url = createJMXConnectorServerAddress();
0996: JMXConnectorServer cntorServer = null;
0997: JMXConnector cntor = null;
0998: try {
0999: cntorServer = JMXConnectorServerFactory
1000: .newJMXConnectorServer(url,
1001: createServerEnvironment(), newMBeanServer());
1002: // Required by the server
1003: addPermission(new SocketPermission("localhost:"
1004: + url.getPort(), "listen"));
1005: cntorServer.start();
1006:
1007: policy.setSeparateClientServerPermissions(true);
1008:
1009: policy.addClientPermission(new SocketPermission(
1010: "localhost:" + url.getPort(), "connect"));
1011: addPermission(new SocketPermission("localhost:"
1012: + url.getPort(), "listen"));
1013: addPermission(new SocketPermission("*:1024-"
1014: + url.getPort(), "accept"));
1015: cntor = JMXConnectorFactory.connect(cntorServer
1016: .getAddress(), createClientEnvironment());
1017:
1018: MBeanServerConnection cntion = cntor
1019: .getMBeanServerConnection();
1020:
1021: testIsInstanceOf(cntion);
1022: } finally {
1023: if (cntor != null)
1024: cntor.close();
1025: if (cntorServer != null)
1026: cntorServer.stop();
1027: }
1028: }
1029:
1030: public void testIsRegistered() throws Exception {
1031: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
1032: .getPolicy();
1033: addPermission(new MBeanServerPermission("newMBeanServer"));
1034:
1035: JMXServiceURL url = createJMXConnectorServerAddress();
1036: JMXConnectorServer cntorServer = null;
1037: JMXConnector cntor = null;
1038: try {
1039: cntorServer = JMXConnectorServerFactory
1040: .newJMXConnectorServer(url,
1041: createServerEnvironment(), newMBeanServer());
1042: // Required by the server
1043: addPermission(new SocketPermission("localhost:"
1044: + url.getPort(), "listen"));
1045: cntorServer.start();
1046:
1047: policy.setSeparateClientServerPermissions(true);
1048:
1049: policy.addClientPermission(new SocketPermission(
1050: "localhost:" + url.getPort(), "connect"));
1051: addPermission(new SocketPermission("localhost:"
1052: + url.getPort(), "listen"));
1053: addPermission(new SocketPermission("*:1024-"
1054: + url.getPort(), "accept"));
1055: cntor = JMXConnectorFactory.connect(cntorServer
1056: .getAddress(), createClientEnvironment());
1057:
1058: MBeanServerConnection cntion = cntor
1059: .getMBeanServerConnection();
1060:
1061: testIsRegistered(cntion);
1062: } finally {
1063: if (cntor != null)
1064: cntor.close();
1065: if (cntorServer != null)
1066: cntorServer.stop();
1067: }
1068: }
1069:
1070: public void testQueryMBeans() throws Exception {
1071: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
1072: .getPolicy();
1073: addPermission(new MBeanServerPermission("newMBeanServer"));
1074:
1075: JMXServiceURL url = createJMXConnectorServerAddress();
1076: JMXConnectorServer cntorServer = null;
1077: JMXConnector cntor = null;
1078: try {
1079: cntorServer = JMXConnectorServerFactory
1080: .newJMXConnectorServer(url,
1081: createServerEnvironment(), newMBeanServer());
1082: // Required by the server
1083: addPermission(new SocketPermission("localhost:"
1084: + url.getPort(), "listen"));
1085: cntorServer.start();
1086:
1087: policy.setSeparateClientServerPermissions(true);
1088:
1089: policy.addClientPermission(new SocketPermission(
1090: "localhost:" + url.getPort(), "connect"));
1091: addPermission(new SocketPermission("localhost:"
1092: + url.getPort(), "listen"));
1093: addPermission(new SocketPermission("*:1024-"
1094: + url.getPort(), "accept"));
1095: cntor = JMXConnectorFactory.connect(cntorServer
1096: .getAddress(), createClientEnvironment());
1097:
1098: MBeanServerConnection cntion = cntor
1099: .getMBeanServerConnection();
1100:
1101: testQueryMBeans(cntion);
1102: } finally {
1103: if (cntor != null)
1104: cntor.close();
1105: if (cntorServer != null)
1106: cntorServer.stop();
1107: }
1108: }
1109:
1110: public void testQueryNames() throws Exception {
1111: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
1112: .getPolicy();
1113: addPermission(new MBeanServerPermission("newMBeanServer"));
1114:
1115: JMXServiceURL url = createJMXConnectorServerAddress();
1116: JMXConnectorServer cntorServer = null;
1117: JMXConnector cntor = null;
1118: try {
1119: cntorServer = JMXConnectorServerFactory
1120: .newJMXConnectorServer(url,
1121: createServerEnvironment(), newMBeanServer());
1122: // Required by the server
1123: addPermission(new SocketPermission("localhost:"
1124: + url.getPort(), "listen"));
1125: cntorServer.start();
1126:
1127: policy.setSeparateClientServerPermissions(true);
1128:
1129: policy.addClientPermission(new SocketPermission(
1130: "localhost:" + url.getPort(), "connect"));
1131: addPermission(new SocketPermission("localhost:"
1132: + url.getPort(), "listen"));
1133: addPermission(new SocketPermission("*:1024-"
1134: + url.getPort(), "accept"));
1135: cntor = JMXConnectorFactory.connect(cntorServer
1136: .getAddress(), createClientEnvironment());
1137:
1138: MBeanServerConnection cntion = cntor
1139: .getMBeanServerConnection();
1140:
1141: testQueryNames(cntion);
1142: } finally {
1143: if (cntor != null)
1144: cntor.close();
1145: if (cntorServer != null)
1146: cntorServer.stop();
1147: }
1148: }
1149:
1150: public void testSetAttribute() throws Exception {
1151: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
1152: .getPolicy();
1153: addPermission(new MBeanServerPermission("newMBeanServer"));
1154:
1155: JMXServiceURL url = createJMXConnectorServerAddress();
1156: JMXConnectorServer cntorServer = null;
1157: JMXConnector cntor = null;
1158: try {
1159: cntorServer = JMXConnectorServerFactory
1160: .newJMXConnectorServer(url,
1161: createServerEnvironment(), newMBeanServer());
1162: // Required by the server
1163: addPermission(new SocketPermission("localhost:"
1164: + url.getPort(), "listen"));
1165: cntorServer.start();
1166:
1167: policy.setSeparateClientServerPermissions(true);
1168:
1169: policy.addClientPermission(new SocketPermission(
1170: "localhost:" + url.getPort(), "connect"));
1171: addPermission(new SocketPermission("localhost:"
1172: + url.getPort(), "listen"));
1173: addPermission(new SocketPermission("*:1024-"
1174: + url.getPort(), "accept"));
1175: cntor = JMXConnectorFactory.connect(cntorServer
1176: .getAddress(), createClientEnvironment());
1177:
1178: MBeanServerConnection cntion = cntor
1179: .getMBeanServerConnection();
1180:
1181: testSetAttribute(cntion);
1182: } finally {
1183: if (cntor != null)
1184: cntor.close();
1185: if (cntorServer != null)
1186: cntorServer.stop();
1187: }
1188: }
1189:
1190: public void testSetAttributes() throws Exception {
1191: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
1192: .getPolicy();
1193: addPermission(new MBeanServerPermission("newMBeanServer"));
1194:
1195: JMXServiceURL url = createJMXConnectorServerAddress();
1196: JMXConnectorServer cntorServer = null;
1197: JMXConnector cntor = null;
1198: try {
1199: cntorServer = JMXConnectorServerFactory
1200: .newJMXConnectorServer(url,
1201: createServerEnvironment(), newMBeanServer());
1202: // Required by the server
1203: addPermission(new SocketPermission("localhost:"
1204: + url.getPort(), "listen"));
1205: cntorServer.start();
1206:
1207: policy.setSeparateClientServerPermissions(true);
1208:
1209: policy.addClientPermission(new SocketPermission(
1210: "localhost:" + url.getPort(), "connect"));
1211: addPermission(new SocketPermission("localhost:"
1212: + url.getPort(), "listen"));
1213: addPermission(new SocketPermission("*:1024-"
1214: + url.getPort(), "accept"));
1215: cntor = JMXConnectorFactory.connect(cntorServer
1216: .getAddress(), createClientEnvironment());
1217:
1218: MBeanServerConnection cntion = cntor
1219: .getMBeanServerConnection();
1220:
1221: testSetAttributes(cntion);
1222: } finally {
1223: if (cntor != null)
1224: cntor.close();
1225: if (cntorServer != null)
1226: cntorServer.stop();
1227: }
1228: }
1229:
1230: public void testUnregisterMBean() throws Exception {
1231: RemoteModifiablePolicy policy = (RemoteModifiablePolicy) Policy
1232: .getPolicy();
1233: addPermission(new MBeanServerPermission("newMBeanServer"));
1234:
1235: JMXServiceURL url = createJMXConnectorServerAddress();
1236: JMXConnectorServer cntorServer = null;
1237: JMXConnector cntor = null;
1238: try {
1239: cntorServer = JMXConnectorServerFactory
1240: .newJMXConnectorServer(url,
1241: createServerEnvironment(), newMBeanServer());
1242: // Required by the server
1243: addPermission(new SocketPermission("localhost:"
1244: + url.getPort(), "listen"));
1245: cntorServer.start();
1246:
1247: policy.setSeparateClientServerPermissions(true);
1248:
1249: policy.addClientPermission(new SocketPermission(
1250: "localhost:" + url.getPort(), "connect"));
1251: addPermission(new SocketPermission("localhost:"
1252: + url.getPort(), "listen"));
1253: addPermission(new SocketPermission("*:1024-"
1254: + url.getPort(), "accept"));
1255: cntor = JMXConnectorFactory.connect(cntorServer
1256: .getAddress(), createClientEnvironment());
1257:
1258: MBeanServerConnection cntion = cntor
1259: .getMBeanServerConnection();
1260:
1261: testUnregisterMBean(cntion);
1262: } finally {
1263: if (cntor != null)
1264: cntor.close();
1265: if (cntorServer != null)
1266: cntorServer.stop();
1267: }
1268: }
1269:
1270: public interface SubjectCheckMBean {
1271: public Subject getSubject();
1272: }
1273:
1274: public static class SubjectCheck implements SubjectCheckMBean {
1275: public Subject getSubject() {
1276: return Subject.getSubject(AccessController.getContext());
1277: }
1278: }
1279:
1280: /**
1281: * A modifiable policy that allow permissions to be added at runtime, used for tests purposes only.
1282: */
1283: public abstract static class RemoteModifiablePolicy extends Policy {
1284: private final ProtectionDomain testDomain;
1285: private final Map serverPermissions = new HashMap();
1286: private final Map clientPermissions = new HashMap();
1287: private final Map principalPermissions = new HashMap();
1288: private volatile boolean separated;
1289:
1290: public RemoteModifiablePolicy() {
1291: // Here we still have no security manager installed
1292: testDomain = RemoteModifiablePolicy.class
1293: .getProtectionDomain();
1294:
1295: // Add the permissions needed to run the tests
1296: CodeSource junitCodeSource = TestCase.class
1297: .getProtectionDomain().getCodeSource();
1298: serverPermissions.put(junitCodeSource,
1299: createAllPermissions());
1300: clientPermissions.put(junitCodeSource,
1301: createAllPermissions());
1302:
1303: CodeSource mx4jCodeSource = MBeanServerFactory.class
1304: .getProtectionDomain().getCodeSource();
1305: serverPermissions.put(mx4jCodeSource,
1306: createAllPermissions());
1307: clientPermissions.put(mx4jCodeSource,
1308: createAllPermissions());
1309:
1310: CodeSource implCodeSource = MX4JMBeanServer.class
1311: .getProtectionDomain().getCodeSource();
1312: serverPermissions.put(implCodeSource,
1313: createAllPermissions());
1314: clientPermissions.put(implCodeSource,
1315: createAllPermissions());
1316:
1317: CodeSource rmx4jCodeSource = JMXConnector.class
1318: .getProtectionDomain().getCodeSource();
1319: serverPermissions.put(rmx4jCodeSource,
1320: createAllPermissions());
1321: clientPermissions.put(rmx4jCodeSource,
1322: createAllPermissions());
1323:
1324: CodeSource rimplCodeSource = MX4JRemoteUtils.class
1325: .getProtectionDomain().getCodeSource();
1326: serverPermissions.put(rimplCodeSource,
1327: createAllPermissions());
1328: clientPermissions.put(rimplCodeSource,
1329: createAllPermissions());
1330:
1331: ClassLoader loader = getClass().getClassLoader();
1332:
1333: // BCEL
1334: try {
1335: Class cls = loader
1336: .loadClass("org.apache.bcel.generic.Type");
1337: CodeSource bcelCodeSource = cls.getProtectionDomain()
1338: .getCodeSource();
1339: serverPermissions.put(bcelCodeSource,
1340: createAllPermissions());
1341: clientPermissions.put(bcelCodeSource,
1342: createAllPermissions());
1343: } catch (ClassNotFoundException ignored) {
1344: }
1345:
1346: // When we run automated, we need also permissions for Ant jars
1347: try {
1348: Class cls = loader
1349: .loadClass("org.apache.tools.ant.Task");
1350: CodeSource antCodeSource = cls.getProtectionDomain()
1351: .getCodeSource();
1352: serverPermissions.put(antCodeSource,
1353: createAllPermissions());
1354: clientPermissions.put(antCodeSource,
1355: createAllPermissions());
1356: cls = loader
1357: .loadClass("org.apache.tools.ant.taskdefs.optional.junit.JUnitTask");
1358: antCodeSource = cls.getProtectionDomain()
1359: .getCodeSource();
1360: serverPermissions.put(antCodeSource,
1361: createAllPermissions());
1362: clientPermissions.put(antCodeSource,
1363: createAllPermissions());
1364: } catch (ClassNotFoundException ignored) {
1365: }
1366:
1367: mapServerPermissions(serverPermissions);
1368:
1369: initialize();
1370: }
1371:
1372: /**
1373: * Callback for subclasses to add more mappings between a codesource and
1374: * (normally) a Permissions object containing AllPermission.
1375: * This is necessary if the implementation of the JMXConnectorServer needs additional
1376: * jars such as for example commons-logging.jar, whose codesource is normally mapped
1377: * with AllPermission.
1378: *
1379: * @see #createAllPermissions
1380: */
1381: protected void mapServerPermissions(Map permissions) {
1382: // Nothing necessary here
1383: }
1384:
1385: /**
1386: * Creates and returns a Permissions object containing AllPermission.
1387: *
1388: * @see #mapServerPermissions
1389: */
1390: protected Permissions createAllPermissions() {
1391: Permissions allPermissions = new Permissions();
1392: allPermissions.add(new AllPermission());
1393: return allPermissions;
1394: }
1395:
1396: /**
1397: * Returns whether the current thread is a server side thread or
1398: * a client side thread.
1399: * Subclasses implement this method by for example looking at the thread name.
1400: *
1401: * @see #setSeparateClientServerPermissions
1402: * @see #isSeparateClientServerPermissions
1403: */
1404: public abstract boolean isServerSide();
1405:
1406: public PermissionCollection getPermissions(CodeSource codesource) {
1407: return getPermissions(codesource, isServerSide());
1408: }
1409:
1410: private synchronized PermissionCollection getPermissions(
1411: CodeSource codesource, boolean serverside) {
1412: if (serverside) {
1413: PermissionCollection perms = (PermissionCollection) serverPermissions
1414: .get(codesource);
1415: if (perms == null)
1416: perms = new Permissions();
1417: perms = copyIfReadOnly(perms);
1418: serverPermissions.put(codesource, perms);
1419: return perms;
1420: } else {
1421: PermissionCollection perms = (PermissionCollection) clientPermissions
1422: .get(codesource);
1423: if (perms == null)
1424: perms = new Permissions();
1425: perms = copyIfReadOnly(perms);
1426: clientPermissions.put(codesource, perms);
1427: return perms;
1428: }
1429: }
1430:
1431: /**
1432: * For JDK 1.4 overriding this method disables caching of Permissions done by the
1433: * standard Policy implementation.
1434: * This is done because we install this policy *before* installing the security manager.
1435: * By doing so, in JDK 1.4 the permissions granted at the moment of policy installation
1436: * (no security manager == AllPermission) are cached and will invalidate all tests, since
1437: * they will become unmodifiable.
1438: * <p/>
1439: * The stack trace is when checking a permission is:
1440: * <p/>
1441: * SecurityManager.checkPermission()
1442: * AccessController.checkPermission()
1443: * AccessControlContext.checkPermission()
1444: * ProtectionDomain.implies()
1445: * RemoteModifiablePolicy.implies()
1446: */
1447: public boolean implies(ProtectionDomain domain,
1448: Permission permission) {
1449: Principal[] principals = domain.getPrincipals();
1450: boolean injectedDomain = false;
1451: CodeSource cs = domain.getCodeSource();
1452: if (principals != null && principals.length > 0
1453: && cs != null && cs.getLocation() == null
1454: && domain.getClassLoader() == null)
1455: injectedDomain = true;
1456:
1457: if (!injectedDomain) {
1458: PermissionCollection perms = getPermissions(cs);
1459: boolean result = perms.implies(permission);
1460: // System.out.println("Policy.implies, side is " + (isServerSide() ? "server" : "client") + " codesource " + cs + " on " + permission + " over " + perms + ": " + result);
1461: return result;
1462: } else {
1463: for (int i = 0; i < principals.length; ++i) {
1464: Principal principal = principals[i];
1465: PermissionCollection perms = getPrincipalPermissions(principal);
1466: if (perms.implies(permission))
1467: return true;
1468: }
1469: return false;
1470: }
1471: }
1472:
1473: private synchronized PermissionCollection getPrincipalPermissions(
1474: Principal principal) {
1475: PermissionCollection perms = (PermissionCollection) principalPermissions
1476: .get(principal);
1477: if (perms == null)
1478: perms = new Permissions();
1479: perms = copyIfReadOnly(perms);
1480: principalPermissions.put(principal, perms);
1481: return perms;
1482: }
1483:
1484: public void refresh() {
1485: }
1486:
1487: /**
1488: * Adds the given permission to the client (the test in this case) codesource,
1489: * on server side
1490: */
1491: public void addServerPermission(Permission p) {
1492: Permissions permissions = (Permissions) getPermissions(
1493: testDomain.getCodeSource(), true);
1494: permissions.add(p);
1495: }
1496:
1497: /**
1498: * Adds the given permission to the client (the test in this case) codesource,
1499: * on client side
1500: */
1501: public void addClientPermission(Permission p) {
1502: Permissions permissions = (Permissions) getPermissions(
1503: testDomain.getCodeSource(), false);
1504: permissions.add(p);
1505: }
1506:
1507: /**
1508: * Adds the given permission to the JSR 160 injected codesource,
1509: * on server side, for the given principal
1510: */
1511: public void addServerPermission(Principal principal,
1512: Permission p) {
1513: Permissions permissions = (Permissions) getPrincipalPermissions(principal);
1514: permissions.add(p);
1515: addServerPermission(p);
1516: }
1517:
1518: /**
1519: * Initializes the permissions for the client (the test in this case) codesource,
1520: * and marks this policy as working on server side.
1521: *
1522: * @see #setSeparateClientServerPermissions
1523: */
1524: public synchronized void initialize() {
1525: Permissions permissions = new Permissions();
1526: permissions.add(new SecurityPermission("getPolicy"));
1527: serverPermissions.put(testDomain.getCodeSource(),
1528: permissions);
1529: permissions = new Permissions();
1530: permissions.add(new SecurityPermission("getPolicy"));
1531: clientPermissions.put(testDomain.getCodeSource(),
1532: permissions);
1533: principalPermissions.clear();
1534: setSeparateClientServerPermissions(false);
1535: }
1536:
1537: /**
1538: * Tells this policy to distinguish the check of permissions basing on the fact
1539: * that the thread is a server side thread or a client side thread.
1540: *
1541: * @see #isServerSide
1542: * @see #isSeparateClientServerPermissions
1543: */
1544: public synchronized void setSeparateClientServerPermissions(
1545: boolean value) {
1546: separated = value;
1547: }
1548:
1549: /**
1550: * Returns if this policy distinguishes between server side and client side
1551: * permission checking.
1552: *
1553: * @see #setSeparateClientServerPermissions
1554: */
1555: protected synchronized boolean isSeparateClientServerPermissions() {
1556: return separated;
1557: }
1558:
1559: /**
1560: * The RMI marshalling mechanism (and this is only one place I have discovered so far)
1561: * sometimes marks the PermissionCollection as read-only via
1562: * {@link PermissionCollection#setReadOnly}. Since this policy
1563: * adds permissions at runtime, having the Permissions object marked as read-only
1564: * causes an exception that invalidates the test.
1565: * Here I copy the read-only Permissions into a new Permissions object (by copying
1566: * all permissions it contains into the copied object), and return it.
1567: * If the Permissions object is not read-only, it is returned immediately.
1568: */
1569: private PermissionCollection copyIfReadOnly(
1570: PermissionCollection p) {
1571: if (!p.isReadOnly())
1572: return p;
1573: Permissions permissions = new Permissions();
1574: for (Enumeration e = p.elements(); e.hasMoreElements();) {
1575: Permission permission = (Permission) e.nextElement();
1576: permissions.add(permission);
1577: }
1578: return permissions;
1579: }
1580: }
1581: }
|