Examples of com.sun.jmx.remote.security.MBeanServerAccessController

• com.sun.jmx.remote.security.MBeanServerAccessController

  An object of this class implements the MBeanServer interface and, for each of its methods, calls an appropriate checking method and then forwards the request to a wrapped MBeanServer object. The checking method may throw a RuntimeException if the operation is not allowed; in this case the request is not forwarded to the wrapped object.

  A typical use of this class is to insert it between a connector server such as the RMI connector and the MBeanServer with which the connector is associated. Requests from the connector client can then be filtered and those operations that are not allowed, or not allowed in a particular context, can be rejected by throwing a SecurityException in the corresponding check* method.

  This is an abstract class, because in its implementation none of the checking methods does anything. To be useful, it must be subclassed and at least one of the checking methods overridden to do some checking. Some or all of the MBeanServer methods may also be overridden, for instance if the default checking behavior is inappropriate.

  If there is no SecurityManager, then the access controller will refuse to create an MBean that is a ClassLoader, which includes MLets, or to execute the method addURL on an MBean that is an MLet. This prevents people from opening security holes unintentionally. Otherwise, it would not be obvious that granting write access grants the ability to download and execute arbitrary code in the target MBean server. Advanced users who do want the ability to use MLets are presumably advanced enough to handle policy files and security managers.

                }

                // Now try with a real MBSF - should not throw exception
                //
                try {
                    final MBeanServerForwarder fwd = new
                        MBeanServerAccessController() {
                            protected void checkRead() {}
                            protected void checkWrite() {}
                        };
                    cs1.setMBeanServerForwarder(fwd);

                    // Verify that the MBSF was correctly set.
                    //
                    if (cs1.getMBeanServer() != fwd) {
                        System.out.println("MBeanServerForwarder not set "+
                                           "for " + url);
                        System.out.println("\t\t[connected to MBeanServer]");
                        throw new AssertionError("cs1.getMBeanServer()!=fwd");
                    }

                    // Verify that the MBS was correctly forwarded to the MBSF
                    //
                    if (fwd.getMBeanServer() != mbs) {
                        System.out.println("MBeanServer not set in Forwarder"+
                                           " for " + url);
                        System.out.println("\t\t[connected to MBeanServer]");
                        throw new AssertionError("fwd.getMBeanServer()!=mbs");
                    }
                    System.out.println("MBeanServerForwarder successfully "+
                                       "set for " + url);
                    System.out.println("\t\t[connected to MBeanServer]");
                } catch (Throwable x) {
                    errorCount++;
                    System.out.println("Failed to set forwarder for " +
                                       url);
                    System.out.println("\t\t[connected to MBeanServer]");
                    System.out.println("Unexpected exception: " +
                                       x);
                    x.printStackTrace();
                }

                // Test using a JMXConnectorServer not connected to any
                // MBeanServer
                //

                // Set null MBeanServerForwarder - expect exception
                //
                try {
                    cs2.setMBeanServerForwarder(null);
                    errorCount++;
                    System.out.println("Expected IllegalArgumentException "+
                                       " not thrown (null forwarder) for " +
                                       url);
                    System.out.println("\t\t[not connected to MBeanServer]");
                } catch (IllegalArgumentException iae) {
                    System.out.println("Received expected exception: " +
                                       iae);
                }

                // Now try with a real MBSF - should not throw exception
                //
                try {
                    final MBeanServerForwarder fwd = new
                        MBeanServerAccessController() {
                            protected void checkRead() {}
                            protected void checkWrite() {}
                        };
                    cs2.setMBeanServerForwarder(fwd);

                    // Verify that the MBSF was correctly set.
                    //
                    if (cs2.getMBeanServer() != fwd) {
                        System.out.println("MBeanServerForwarder not set "+
                                           "for " + url);
                        System.out.println("\t\t[not connected to MBeanServer]");
                        throw new AssertionError("cs2.getMBeanServer()!=fwd");
                    }

                    // Now register the connector
                    //
                    final ObjectName name =
                        new ObjectName(":type="+cs2.getClass().getName()+
                                       ",url="+ObjectName.quote(urls[i]));
                    mbs.registerMBean(cs2,name);
                    try {

                        // Verify that the MBSF was not disconnected.
                        //
                        if (cs2.getMBeanServer() != fwd) {
                            System.out.
                                println("MBeanServerForwarder changed "+
                                        "for " + url);
                            System.out.
                                println("\t\t[registerMBean]");
                            throw new
                                AssertionError("cs2.getMBeanServer()!=fwd");
                        }

                        // Verify that the MBS was not forwarded to the MBSF
                        //
                        if (fwd.getMBeanServer() != null) {
                            System.out.
                                println("MBeanServer changed in Forwarder"+
                                        " for " + url);
                            System.out.println("\t\t[registerMBean]");
                            throw new