8326666: Remove the Java Management Extension (JMX) Subject Delegation feature

Reviewed-by: mchung, dfuchs
This commit is contained in:
Kevin Walls 2024-04-04 16:54:11 +00:00
parent d90e5b5b9f
commit 6382a1290f
35 changed files with 394 additions and 1812 deletions

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -81,6 +81,11 @@ import javax.security.auth.Subject;
* of a method is not specified here, it is the same as in the
* corresponding <code>MBeanServerConnection</code> method.
*
* <p>JMX Subject Delegation has been removed. All methods that take a
* {@code delegationSubject} parameter will throw {@code UnsupportedOperationException}
* if it is non-null. This parameter is kept for interoperability with older
* remote clients.
*
* @since 1.5
*/
/*
@ -123,9 +128,7 @@ public interface RMIConnection extends Closeable, Remote {
*
* @param className The class name of the MBean to be instantiated.
* @param name The object name of the MBean. May be null.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return An <code>ObjectInstance</code>, containing the
* <code>ObjectName</code> and the Java class name of the newly
@ -152,9 +155,10 @@ public interface RMIConnection extends Closeable, Remote {
* passed in parameter is null, the <code>ObjectName</code> passed
* in parameter contains a pattern or no <code>ObjectName</code>
* is specified for the MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public ObjectInstance createMBean(String className,
ObjectName name,
@ -175,9 +179,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param className The class name of the MBean to be instantiated.
* @param name The object name of the MBean. May be null.
* @param loaderName The object name of the class loader to be used.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return An <code>ObjectInstance</code>, containing the
* <code>ObjectName</code> and the Java class name of the newly
@ -206,9 +208,10 @@ public interface RMIConnection extends Closeable, Remote {
* passed in parameter is null, the <code>ObjectName</code> passed
* in parameter contains a pattern or no <code>ObjectName</code>
* is specified for the MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public ObjectInstance createMBean(String className,
ObjectName name,
@ -238,9 +241,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param signature An array containing the signature of the
* constructor to be invoked. Can be null, equivalent to an empty
* array.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return An <code>ObjectInstance</code>, containing the
* <code>ObjectName</code> and the Java class name of the newly
@ -267,9 +268,10 @@ public interface RMIConnection extends Closeable, Remote {
* passed in parameter is null, the <code>ObjectName</code> passed
* in parameter contains a pattern, or no <code>ObjectName</code>
* is specified for the MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public ObjectInstance createMBean(String className,
ObjectName name,
@ -301,9 +303,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param signature An array containing the signature of the
* constructor to be invoked. Can be null, equivalent to an empty
* array.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return An <code>ObjectInstance</code>, containing the
* <code>ObjectName</code> and the Java class name of the newly
@ -332,9 +332,10 @@ public interface RMIConnection extends Closeable, Remote {
* passed in parameter is null, the <code>ObjectName</code> passed
* in parameter contains a pattern, or no <code>ObjectName</code>
* is specified for the MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public ObjectInstance createMBean(String className,
ObjectName name,
@ -356,9 +357,7 @@ public interface RMIConnection extends Closeable, Remote {
* {@link javax.management.MBeanServerConnection#unregisterMBean(ObjectName)}.
*
* @param name The object name of the MBean to be unregistered.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @throws InstanceNotFoundException The MBean specified is not
* registered in the MBean server.
@ -370,9 +369,10 @@ public interface RMIConnection extends Closeable, Remote {
* name in parameter is null or the MBean you are when trying to
* unregister is the {@link javax.management.MBeanServerDelegate
* MBeanServerDelegate} MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public void unregisterMBean(ObjectName name, Subject delegationSubject)
throws
@ -385,9 +385,7 @@ public interface RMIConnection extends Closeable, Remote {
* {@link javax.management.MBeanServerConnection#getObjectInstance(ObjectName)}.
*
* @param name The object name of the MBean.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return The <code>ObjectInstance</code> associated with the MBean
* specified by <var>name</var>. The contained <code>ObjectName</code>
@ -399,9 +397,11 @@ public interface RMIConnection extends Closeable, Remote {
* @throws RuntimeOperationsException Wraps a
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null.
* @throws SecurityException if the client, or the delegated Subject
* @throws SecurityException if the client does not have permission
* to perform this operation.
* if any, does not have permission to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public ObjectInstance getObjectInstance(ObjectName name,
Subject delegationSubject)
@ -420,17 +420,16 @@ public interface RMIConnection extends Closeable, Remote {
* MBeans, encapsulated into a <code>MarshalledObject</code>. If
* the <code>MarshalledObject</code> encapsulates a null value no
* query expression will be applied for selecting MBeans.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return A set containing the <code>ObjectInstance</code>
* objects for the selected MBeans. If no MBean satisfies the
* query an empty list is returned.
*
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public Set<ObjectInstance>
queryMBeans(ObjectName name,
@ -451,17 +450,16 @@ public interface RMIConnection extends Closeable, Remote {
* MBeans, encapsulated into a <code>MarshalledObject</code>. If
* the <code>MarshalledObject</code> encapsulates a null value no
* query expression will be applied for selecting MBeans.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return A set containing the ObjectNames for the MBeans
* selected. If no MBean satisfies the query, an empty list is
* returned.
*
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public Set<ObjectName>
queryNames(ObjectName name,
@ -474,9 +472,7 @@ public interface RMIConnection extends Closeable, Remote {
* {@link javax.management.MBeanServerConnection#isRegistered(ObjectName)}.
*
* @param name The object name of the MBean to be checked.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return True if the MBean is already registered in the MBean
* server, false otherwise.
@ -484,9 +480,10 @@ public interface RMIConnection extends Closeable, Remote {
* @throws RuntimeOperationsException Wraps a
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public boolean isRegistered(ObjectName name, Subject delegationSubject)
throws IOException;
@ -495,15 +492,14 @@ public interface RMIConnection extends Closeable, Remote {
* Handles the method
* {@link javax.management.MBeanServerConnection#getMBeanCount()}.
*
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return the number of MBeans registered.
*
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public Integer getMBeanCount(Subject delegationSubject)
throws IOException;
@ -517,9 +513,7 @@ public interface RMIConnection extends Closeable, Remote {
* attribute is to be retrieved.
* @param attribute A String specifying the name of the attribute
* to be retrieved.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return The value of the retrieved attribute.
*
@ -538,9 +532,10 @@ public interface RMIConnection extends Closeable, Remote {
* null.
* @throws RuntimeMBeanException Wraps a runtime exception thrown
* by the MBean's getter.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #setAttribute
*/
@ -562,9 +557,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param name The object name of the MBean from which the
* attributes are retrieved.
* @param attributes A list of the attributes to be retrieved.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return The list of the retrieved attributes.
*
@ -575,9 +568,10 @@ public interface RMIConnection extends Closeable, Remote {
* @throws RuntimeOperationsException Wrap a
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null or attributes in parameter is null.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #setAttributes
*/
@ -600,9 +594,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param attribute The identification of the attribute to be set
* and the value it is to be set to, encapsulated into a
* <code>MarshalledObject</code>.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @throws InstanceNotFoundException The MBean specified is not
* registered in the MBean server.
@ -619,9 +611,10 @@ public interface RMIConnection extends Closeable, Remote {
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null or the attribute in parameter is
* null.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #getAttribute
*/
@ -647,9 +640,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param attributes A list of attributes: The identification of
* the attributes to be set and the values they are to be set to,
* encapsulated into a <code>MarshalledObject</code>.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return The list of attributes that were set, with their new
* values.
@ -661,9 +652,10 @@ public interface RMIConnection extends Closeable, Remote {
* @throws RuntimeOperationsException Wraps a
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null or attributes in parameter is null.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #getAttributes
*/
@ -693,9 +685,7 @@ public interface RMIConnection extends Closeable, Remote {
* class loader as the one used for loading the MBean on which the
* operation was invoked. Can be null, equivalent to an empty
* array.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return The object returned by the operation, which represents
* the result of invoking the operation on the MBean specified.
@ -707,12 +697,13 @@ public interface RMIConnection extends Closeable, Remote {
* @throws ReflectionException Wraps a
* <code>java.lang.Exception</code> thrown while trying to invoke
* the method.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws RuntimeOperationsException Wraps an {@link
* IllegalArgumentException} when <code>name</code> or
* <code>operationName</code> is null.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public Object invoke(ObjectName name,
String operationName,
@ -729,15 +720,14 @@ public interface RMIConnection extends Closeable, Remote {
* Handles the method
* {@link javax.management.MBeanServerConnection#getDefaultDomain()}.
*
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return the default domain.
*
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public String getDefaultDomain(Subject delegationSubject)
throws IOException;
@ -746,15 +736,14 @@ public interface RMIConnection extends Closeable, Remote {
* Handles the method
* {@link javax.management.MBeanServerConnection#getDomains()}.
*
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return the list of domains.
*
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public String[] getDomains(Subject delegationSubject)
throws IOException;
@ -764,9 +753,7 @@ public interface RMIConnection extends Closeable, Remote {
* {@link javax.management.MBeanServerConnection#getMBeanInfo(ObjectName)}.
*
* @param name The name of the MBean to analyze
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return An instance of <code>MBeanInfo</code> allowing the
* retrieval of all attributes and operations of this MBean.
@ -777,12 +764,13 @@ public interface RMIConnection extends Closeable, Remote {
* not found.
* @throws ReflectionException An exception occurred when
* trying to invoke the getMBeanInfo of a Dynamic MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws RuntimeOperationsException Wraps a
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public MBeanInfo getMBeanInfo(ObjectName name, Subject delegationSubject)
throws
@ -798,21 +786,20 @@ public interface RMIConnection extends Closeable, Remote {
*
* @param name The <code>ObjectName</code> of the MBean.
* @param className The name of the class.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @return true if the MBean specified is an instance of the
* specified class according to the rules above, false otherwise.
*
* @throws InstanceNotFoundException The MBean specified is not
* registered in the MBean server.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws RuntimeOperationsException Wraps a
* <code>java.lang.IllegalArgumentException</code>: The object
* name in parameter is null.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public boolean isInstanceOf(ObjectName name,
String className,
@ -839,9 +826,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param handback The context to be sent to the listener when a
* notification is emitted, encapsulated into a
* <code>MarshalledObject</code>.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @throws InstanceNotFoundException The MBean name of the
* notification listener or of the notification broadcaster does
@ -851,9 +836,10 @@ public interface RMIConnection extends Closeable, Remote {
* <code>listener</code> exists but does not implement the
* {@link javax.management.NotificationListener} interface,
* or <code>name</code> or <code>listener</code> is null.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #removeNotificationListener(ObjectName, ObjectName, Subject)
* @see #removeNotificationListener(ObjectName, ObjectName,
@ -874,20 +860,19 @@ public interface RMIConnection extends Closeable, Remote {
* @param name The name of the MBean on which the listener should
* be removed.
* @param listener The object name of the listener to be removed.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @throws InstanceNotFoundException The MBean name provided
* does not match any of the registered MBeans.
* @throws ListenerNotFoundException The listener is not
* registered in the MBean.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws RuntimeOperationsException Wraps an {@link
* IllegalArgumentException} when <code>name</code> or
* <code>listener</code> is null.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #addNotificationListener
*/
@ -915,21 +900,20 @@ public interface RMIConnection extends Closeable, Remote {
* was added, encapsulated into a <code>MarshalledObject</code>.
* @param handback The handback that was specified when the
* listener was added, encapsulated into a <code>MarshalledObject</code>.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @throws InstanceNotFoundException The MBean name provided
* does not match any of the registered MBeans.
* @throws ListenerNotFoundException The listener is not
* registered in the MBean, or it is not registered with the given
* filter and handback.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to perform this operation.
* @throws SecurityException if the client does not have permission
* to perform this operation.
* @throws IOException if a general communication exception occurred.
* @throws RuntimeOperationsException Wraps an {@link
* IllegalArgumentException} when <code>name</code> or
* <code>listener</code> is null.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @see #addNotificationListener
*/
@ -972,12 +956,7 @@ public interface RMIConnection extends Closeable, Remote {
* @param filters an array of marshalled representations of the
* <code>NotificationFilters</code>. Elements of this array can
* be null.
* @param delegationSubjects the <code>Subjects</code> on behalf
* of which the listeners are being added. Elements of this array
* can be null. Also, the <code>delegationSubjects</code>
* parameter itself can be null, which is equivalent to an array
* of null values with the same size as the <code>names</code> and
* <code>filters</code> arrays.
* @param delegationSubjects must be {@code null}.
*
* @return an array of <code>listenerIDs</code> identifying the
* local listeners. This array has the same number of elements as
@ -993,9 +972,9 @@ public interface RMIConnection extends Closeable, Remote {
* @throws InstanceNotFoundException if one of the
* <code>names</code> does not correspond to any registered MBean.
* @throws SecurityException if, for one of the MBeans, the
* client, or the delegated Subject if any, does not have
* permission to add a listener.
* client does not have permission to add a listener.
* @throws IOException if a general communication exception occurred.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public Integer[] addNotificationListeners(ObjectName[] names,
MarshalledObject[] filters,
@ -1022,9 +1001,7 @@ public interface RMIConnection extends Closeable, Remote {
* emitting the Notifications.
* @param listenerIDs the list of the IDs corresponding to the
* listeners to remove.
* @param delegationSubject The <code>Subject</code> containing the
* delegation principals or <code>null</code> if the authentication
* principal is used instead.
* @param delegationSubject must be {@code null}.
*
* @throws InstanceNotFoundException if the given
* <code>name</code> does not correspond to any registered MBean.
@ -1032,12 +1009,13 @@ public interface RMIConnection extends Closeable, Remote {
* not found on the server side. This exception can happen if the
* MBean discarded a listener for some reason other than a call to
* <code>MBeanServer.removeNotificationListener</code>.
* @throws SecurityException if the client, or the delegated Subject
* if any, does not have permission to remove the listeners.
* @throws SecurityException if the client does not have permission
* to remove the listeners.
* @throws IOException if a general communication exception occurred.
* @throws IllegalArgumentException if <code>ObjectName</code> or
* <code>listenerIds</code> is null or if <code>listenerIds</code>
* contains a null element.
* @throws UnsupportedOperationException if {@code delegationSubject} is non-null.
*/
public void removeNotificationListeners(ObjectName name,
Integer[] listenerIDs,

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -52,7 +52,6 @@ import static javax.management.remote.rmi.RMIConnector.Util.cast;
import com.sun.jmx.remote.internal.ServerCommunicatorAdmin;
import com.sun.jmx.remote.internal.ServerNotifForwarder;
import com.sun.jmx.remote.security.JMXSubjectDomainCombiner;
import com.sun.jmx.remote.security.SubjectDelegator;
import com.sun.jmx.remote.util.ClassLoaderWithRepository;
import com.sun.jmx.remote.util.ClassLogger;
import com.sun.jmx.remote.util.EnvHelp;
@ -110,21 +109,13 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
this.connectionId = connectionId;
this.defaultClassLoader = defaultClassLoader;
this.subjectDelegator = new SubjectDelegator();
this.subject = subject;
if (subject == null) {
this.acc = null;
this.removeCallerContext = false;
} else {
this.removeCallerContext =
SubjectDelegator.checkRemoveCallerContext(subject);
if (this.removeCallerContext) {
this.acc =
JMXSubjectDomainCombiner.getDomainCombinerContext(subject);
} else {
this.acc =
JMXSubjectDomainCombiner.getContext(subject);
}
// An authenticated Subject was provided.
// Subject Delegation has been removed.
this.acc = JMXSubjectDomainCombiner.getContext(subject);
}
this.mbeanServer = rmiServer.getMBeanServer();
@ -236,6 +227,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
// MBeanServerConnection Wrapper
//-------------------------------------------------------------------------
/** @throws UnsupportedOperationException {@inheritDoc} */
public ObjectInstance createMBean(String className,
ObjectName name,
Subject delegationSubject)
@ -278,6 +270,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public ObjectInstance createMBean(String className,
ObjectName name,
ObjectName loaderName,
@ -326,6 +319,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public ObjectInstance createMBean(String className,
ObjectName name,
@ -386,6 +380,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public ObjectInstance createMBean(String className,
ObjectName name,
@ -453,6 +448,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public void unregisterMBean(ObjectName name, Subject delegationSubject)
throws
InstanceNotFoundException,
@ -481,6 +477,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public ObjectInstance getObjectInstance(ObjectName name,
Subject delegationSubject)
throws
@ -511,6 +508,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public Set<ObjectInstance>
queryMBeans(ObjectName name,
@ -546,6 +544,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public Set<ObjectName>
queryNames(ObjectName name,
@ -581,6 +580,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public boolean isRegistered(ObjectName name,
Subject delegationSubject) throws IOException {
try {
@ -598,6 +598,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public Integer getMBeanCount(Subject delegationSubject)
throws IOException {
try {
@ -619,6 +620,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public Object getAttribute(ObjectName name,
String attribute,
Subject delegationSubject)
@ -656,6 +658,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public AttributeList getAttributes(ObjectName name,
String[] attributes,
Subject delegationSubject)
@ -688,6 +691,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public void setAttribute(ObjectName name,
MarshalledObject attribute,
@ -741,6 +745,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public AttributeList setAttributes(ObjectName name,
MarshalledObject attributes,
@ -787,6 +792,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public Object invoke(ObjectName name,
String operationName,
@ -844,6 +850,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public String getDefaultDomain(Subject delegationSubject)
throws IOException {
try {
@ -865,6 +872,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public String[] getDomains(Subject delegationSubject) throws IOException {
try {
final Object params[] = new Object[] { };
@ -885,6 +893,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public MBeanInfo getMBeanInfo(ObjectName name, Subject delegationSubject)
throws
InstanceNotFoundException,
@ -920,6 +929,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public boolean isInstanceOf(ObjectName name,
String className,
Subject delegationSubject)
@ -950,6 +960,8 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public Integer[] addNotificationListeners(ObjectName[] names,
MarshalledObject[] filters,
@ -959,9 +971,10 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
if (names == null || filters == null) {
throw new IllegalArgumentException("Got null arguments.");
}
Subject[] sbjs = (delegationSubjects != null) ? delegationSubjects :
new Subject[names.length];
if (delegationSubjects != null) {
throw new UnsupportedOperationException("Subject Delegation has been removed.");
}
Subject[] sbjs = new Subject[names.length];
if (names.length != filters.length || filters.length != sbjs.length) {
final String msg =
"The value lengths of 3 parameters are not same.";
@ -1037,6 +1050,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public void addNotificationListener(ObjectName name,
ObjectName listener,
@ -1096,6 +1110,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public void removeNotificationListeners(ObjectName name,
Integer[] listenerIDs,
Subject delegationSubject)
@ -1137,6 +1152,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
public void removeNotificationListener(ObjectName name,
ObjectName listener,
Subject delegationSubject)
@ -1173,6 +1189,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("rawtypes") // MarshalledObject
public void removeNotificationListener(ObjectName name,
ObjectName listener,
@ -1375,32 +1392,22 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
}
}
/** @throws UnsupportedOperationException {@inheritDoc} */
@SuppressWarnings("removal")
private Object doPrivilegedOperation(final int operation,
final Object[] params,
final Subject delegationSubject)
throws PrivilegedActionException, IOException {
// Subject Delegation is removed: locally this is caught earlier, in getMBeanServerConnection,
// but remote connections call into RMIConnectionImpl over RMI, so deny them here:
if (delegationSubject != null) {
throw new UnsupportedOperationException("Subject Delegation has been removed.");
}
serverCommunicatorAdmin.reqIncoming();
try {
final AccessControlContext reqACC;
if (delegationSubject == null)
reqACC = acc;
else {
if (subject == null) {
final String msg =
"Subject delegation cannot be enabled unless " +
"an authenticated subject is put in place";
throw new SecurityException(msg);
}
reqACC = subjectDelegator.delegatedContext(
acc, delegationSubject, removeCallerContext);
}
PrivilegedOperation op =
new PrivilegedOperation(operation, params);
if (reqACC == null) {
PrivilegedOperation op = new PrivilegedOperation(operation, params);
if (acc == null) {
try {
return op.run();
} catch (Exception e) {
@ -1409,7 +1416,7 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
throw new PrivilegedActionException(e);
}
} else {
return AccessController.doPrivileged(op, reqACC);
return AccessController.doPrivileged(op, acc);
}
} catch (Error e) {
throw new JMXServerErrorException(e.toString(),e);
@ -1563,29 +1570,22 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
final Class<T> wrappedClass,
Subject delegationSubject)
throws IOException {
// Subject Delegation is removed: locally this is caught earlier, in getMBeanServerConnection,
// but remote connections call into RMIConnectionImpl over RMI, so deny them here:
if (delegationSubject != null) {
throw new UnsupportedOperationException("Subject Delegation has been removed.");
}
if (mo == null) {
return null;
}
try {
final ClassLoader old = AccessController.doPrivileged(new SetCcl(cl));
try{
final AccessControlContext reqACC;
if (delegationSubject == null)
reqACC = acc;
else {
if (subject == null) {
final String msg =
"Subject delegation cannot be enabled unless " +
"an authenticated subject is put in place";
throw new SecurityException(msg);
}
reqACC = subjectDelegator.delegatedContext(
acc, delegationSubject, removeCallerContext);
}
if(reqACC != null){
if (acc != null) {
return AccessController.doPrivileged(
(PrivilegedExceptionAction<T>) () ->
wrappedClass.cast(mo.get()), reqACC);
wrappedClass.cast(mo.get()), acc);
}else{
return wrappedClass.cast(mo.get());
}
@ -1704,10 +1704,6 @@ public class RMIConnectionImpl implements RMIConnection, Unreferenced {
private final Subject subject;
private final SubjectDelegator subjectDelegator;
private final boolean removeCallerContext;
@SuppressWarnings("removal")
private final AccessControlContext acc;

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -114,6 +114,7 @@ public final class RMIConnectionImpl_Stub
// methods from remote interfaces
// implementation of addNotificationListener(ObjectName, ObjectName, MarshalledObject, MarshalledObject, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public void addNotificationListener(javax.management.ObjectName $param_ObjectName_1, javax.management.ObjectName $param_ObjectName_2, java.rmi.MarshalledObject $param_MarshalledObject_3, java.rmi.MarshalledObject $param_MarshalledObject_4, javax.security.auth.Subject $param_Subject_5)
throws java.io.IOException, javax.management.InstanceNotFoundException {
try {
@ -130,6 +131,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of addNotificationListeners(ObjectName[], MarshalledObject[], Subject[])
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.lang.Integer[] addNotificationListeners(javax.management.ObjectName[] $param_arrayOf_ObjectName_1, java.rmi.MarshalledObject[] $param_arrayOf_MarshalledObject_2, javax.security.auth.Subject[] $param_arrayOf_Subject_3)
throws java.io.IOException, javax.management.InstanceNotFoundException {
try {
@ -161,6 +163,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of createMBean(String, ObjectName, MarshalledObject, String[], Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.ObjectInstance createMBean(java.lang.String $param_String_1, javax.management.ObjectName $param_ObjectName_2, java.rmi.MarshalledObject $param_MarshalledObject_3, java.lang.String[] $param_arrayOf_String_4, javax.security.auth.Subject $param_Subject_5)
throws java.io.IOException, javax.management.InstanceAlreadyExistsException, javax.management.MBeanException, javax.management.MBeanRegistrationException, javax.management.NotCompliantMBeanException, javax.management.ReflectionException {
try {
@ -184,6 +187,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of createMBean(String, ObjectName, ObjectName, MarshalledObject, String[], Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.ObjectInstance createMBean(java.lang.String $param_String_1, javax.management.ObjectName $param_ObjectName_2, javax.management.ObjectName $param_ObjectName_3, java.rmi.MarshalledObject $param_MarshalledObject_4, java.lang.String[] $param_arrayOf_String_5, javax.security.auth.Subject $param_Subject_6)
throws java.io.IOException, javax.management.InstanceAlreadyExistsException, javax.management.InstanceNotFoundException, javax.management.MBeanException, javax.management.MBeanRegistrationException, javax.management.NotCompliantMBeanException, javax.management.ReflectionException {
try {
@ -209,6 +213,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of createMBean(String, ObjectName, ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.ObjectInstance createMBean(java.lang.String $param_String_1, javax.management.ObjectName $param_ObjectName_2, javax.management.ObjectName $param_ObjectName_3, javax.security.auth.Subject $param_Subject_4)
throws java.io.IOException, javax.management.InstanceAlreadyExistsException, javax.management.InstanceNotFoundException, javax.management.MBeanException, javax.management.MBeanRegistrationException, javax.management.NotCompliantMBeanException, javax.management.ReflectionException {
try {
@ -234,6 +239,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of createMBean(String, ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.ObjectInstance createMBean(java.lang.String $param_String_1, javax.management.ObjectName $param_ObjectName_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.InstanceAlreadyExistsException, javax.management.MBeanException, javax.management.MBeanRegistrationException, javax.management.NotCompliantMBeanException, javax.management.ReflectionException {
try {
@ -275,6 +281,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getAttribute(ObjectName, String, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.lang.Object getAttribute(javax.management.ObjectName $param_ObjectName_1, java.lang.String $param_String_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.AttributeNotFoundException, javax.management.InstanceNotFoundException, javax.management.MBeanException, javax.management.ReflectionException {
try {
@ -298,6 +305,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getAttributes(ObjectName, String[], Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.AttributeList getAttributes(javax.management.ObjectName $param_ObjectName_1, java.lang.String[] $param_arrayOf_String_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.ReflectionException {
try {
@ -332,6 +340,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getDefaultDomain(Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.lang.String getDefaultDomain(javax.security.auth.Subject $param_Subject_1)
throws java.io.IOException {
try {
@ -347,6 +356,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getDomains(Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.lang.String[] getDomains(javax.security.auth.Subject $param_Subject_1)
throws java.io.IOException {
try {
@ -362,6 +372,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getMBeanCount(Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.lang.Integer getMBeanCount(javax.security.auth.Subject $param_Subject_1)
throws java.io.IOException {
try {
@ -377,6 +388,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getMBeanInfo(ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.MBeanInfo getMBeanInfo(javax.management.ObjectName $param_ObjectName_1, javax.security.auth.Subject $param_Subject_2)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.IntrospectionException, javax.management.ReflectionException {
try {
@ -398,6 +410,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of getObjectInstance(ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.ObjectInstance getObjectInstance(javax.management.ObjectName $param_ObjectName_1, javax.security.auth.Subject $param_Subject_2)
throws java.io.IOException, javax.management.InstanceNotFoundException {
try {
@ -415,6 +428,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of invoke(ObjectName, String, MarshalledObject, String[], Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.lang.Object invoke(javax.management.ObjectName $param_ObjectName_1, java.lang.String $param_String_2, java.rmi.MarshalledObject $param_MarshalledObject_3, java.lang.String[] $param_arrayOf_String_4, javax.security.auth.Subject $param_Subject_5)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.MBeanException, javax.management.ReflectionException {
try {
@ -436,6 +450,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of isInstanceOf(ObjectName, String, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public boolean isInstanceOf(javax.management.ObjectName $param_ObjectName_1, java.lang.String $param_String_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.InstanceNotFoundException {
try {
@ -453,6 +468,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of isRegistered(ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public boolean isRegistered(javax.management.ObjectName $param_ObjectName_1, javax.security.auth.Subject $param_Subject_2)
throws java.io.IOException {
try {
@ -468,6 +484,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of queryMBeans(ObjectName, MarshalledObject, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.util.Set queryMBeans(javax.management.ObjectName $param_ObjectName_1, java.rmi.MarshalledObject $param_MarshalledObject_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException {
try {
@ -483,6 +500,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of queryNames(ObjectName, MarshalledObject, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public java.util.Set queryNames(javax.management.ObjectName $param_ObjectName_1, java.rmi.MarshalledObject $param_MarshalledObject_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException {
try {
@ -498,6 +516,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of removeNotificationListener(ObjectName, ObjectName, MarshalledObject, MarshalledObject, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public void removeNotificationListener(javax.management.ObjectName $param_ObjectName_1, javax.management.ObjectName $param_ObjectName_2, java.rmi.MarshalledObject $param_MarshalledObject_3, java.rmi.MarshalledObject $param_MarshalledObject_4, javax.security.auth.Subject $param_Subject_5)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.ListenerNotFoundException {
try {
@ -516,6 +535,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of removeNotificationListener(ObjectName, ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public void removeNotificationListener(javax.management.ObjectName $param_ObjectName_1, javax.management.ObjectName $param_ObjectName_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.ListenerNotFoundException {
try {
@ -534,6 +554,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of removeNotificationListeners(ObjectName, Integer[], Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public void removeNotificationListeners(javax.management.ObjectName $param_ObjectName_1, java.lang.Integer[] $param_arrayOf_Integer_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.ListenerNotFoundException {
try {
@ -552,6 +573,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of setAttribute(ObjectName, MarshalledObject, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public void setAttribute(javax.management.ObjectName $param_ObjectName_1, java.rmi.MarshalledObject $param_MarshalledObject_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.AttributeNotFoundException, javax.management.InstanceNotFoundException, javax.management.InvalidAttributeValueException, javax.management.MBeanException, javax.management.ReflectionException {
try {
@ -576,6 +598,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of setAttributes(ObjectName, MarshalledObject, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public javax.management.AttributeList setAttributes(javax.management.ObjectName $param_ObjectName_1, java.rmi.MarshalledObject $param_MarshalledObject_2, javax.security.auth.Subject $param_Subject_3)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.ReflectionException {
try {
@ -595,6 +618,7 @@ public final class RMIConnectionImpl_Stub
}
// implementation of unregisterMBean(ObjectName, Subject)
/** @throws UnsupportedOperationException {@inheritDoc} */
public void unregisterMBean(javax.management.ObjectName $param_ObjectName_1, javax.security.auth.Subject $param_Subject_2)
throws java.io.IOException, javax.management.InstanceNotFoundException, javax.management.MBeanRegistrationException {
try {

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -385,16 +385,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
return connection.getConnectionId();
}
public synchronized MBeanServerConnection getMBeanServerConnection()
throws IOException {
return getMBeanServerConnection(null);
}
@SuppressWarnings("removal")
public synchronized MBeanServerConnection
getMBeanServerConnection(Subject delegationSubject)
throws IOException {
public synchronized MBeanServerConnection getMBeanServerConnection() throws IOException {
if (terminated) {
if (logger.traceOn())
logger.trace("getMBeanServerConnection","[" + this.toString() +
@ -406,8 +397,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
"] is not connected.");
throw new IOException("Not connected");
}
return getConnectionWithSubject(delegationSubject);
return getConnection();
}
public void
@ -516,10 +506,6 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
}
}
// Clean up MBeanServerConnection table
//
rmbscMap.clear();
/* Send notification of closure. We don't do this if the user
* never called connect() on the connector, because there's no
* connection id in that case. */
@ -563,12 +549,9 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ObjectName[] names = new ObjectName[] {name};
final MarshalledObject<NotificationFilter>[] filters =
Util.cast(new MarshalledObject<?>[] {filter});
final Subject[] delegationSubjects = new Subject[] {
delegationSubject
};
final Integer[] listenerIDs =
addListenersWithSubjects(names,filters,delegationSubjects,
addListenersWithSubjects(names,filters,null,
reconnect);
if (debug) logger.debug("addListenerWithSubject","listenerID="
@ -594,7 +577,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
listenerIDs = connection.addNotificationListeners(names,
filters,
delegationSubjects);
null);
} catch (NoSuchObjectException noe) {
// maybe reconnect
if (reconnect) {
@ -602,7 +585,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
listenerIDs = connection.addNotificationListeners(names,
filters,
delegationSubjects);
null);
} else {
throw noe;
}
@ -623,14 +606,8 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
// Implementation of MBeanServerConnection
//--------------------------------------------------------------------
private class RemoteMBeanServerConnection implements MBeanServerConnection {
private Subject delegationSubject;
public RemoteMBeanServerConnection() {
this(null);
}
public RemoteMBeanServerConnection(Subject delegationSubject) {
this.delegationSubject = delegationSubject;
}
public ObjectInstance createMBean(String className,
@ -650,13 +627,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
return connection.createMBean(className,
name,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.createMBean(className,
name,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -684,7 +661,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
return connection.createMBean(className,
name,
loaderName,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -692,7 +669,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
return connection.createMBean(className,
name,
loaderName,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
@ -722,7 +699,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
name,
sParams,
signature,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -730,7 +707,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
name,
sParams,
signature,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -762,7 +739,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
loaderName,
sParams,
signature,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -771,7 +748,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
loaderName,
sParams,
signature,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -786,11 +763,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ClassLoader old = pushDefaultClassLoader();
try {
connection.unregisterMBean(name, delegationSubject);
connection.unregisterMBean(name, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
connection.unregisterMBean(name, delegationSubject);
connection.unregisterMBean(name, null);
} finally {
popDefaultClassLoader(old);
}
@ -804,11 +781,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.getObjectInstance(name, delegationSubject);
return connection.getObjectInstance(name, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getObjectInstance(name, delegationSubject);
return connection.getObjectInstance(name, null);
} finally {
popDefaultClassLoader(old);
}
@ -824,11 +801,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
new MarshalledObject<QueryExp>(query);
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.queryMBeans(name, sQuery, delegationSubject);
return connection.queryMBeans(name, sQuery, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.queryMBeans(name, sQuery, delegationSubject);
return connection.queryMBeans(name, sQuery, null);
} finally {
popDefaultClassLoader(old);
}
@ -844,11 +821,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
new MarshalledObject<QueryExp>(query);
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.queryNames(name, sQuery, delegationSubject);
return connection.queryNames(name, sQuery, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.queryNames(name, sQuery, delegationSubject);
return connection.queryNames(name, sQuery, null);
} finally {
popDefaultClassLoader(old);
}
@ -861,11 +838,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.isRegistered(name, delegationSubject);
return connection.isRegistered(name, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.isRegistered(name, delegationSubject);
return connection.isRegistered(name, null);
} finally {
popDefaultClassLoader(old);
}
@ -877,11 +854,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.getMBeanCount(delegationSubject);
return connection.getMBeanCount(null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getMBeanCount(delegationSubject);
return connection.getMBeanCount(null);
} finally {
popDefaultClassLoader(old);
}
@ -902,13 +879,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
return connection.getAttribute(name,
attribute,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getAttribute(name,
attribute,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -927,14 +904,14 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
return connection.getAttributes(name,
attributes,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getAttributes(name,
attributes,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -958,11 +935,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
new MarshalledObject<Attribute>(attribute);
final ClassLoader old = pushDefaultClassLoader();
try {
connection.setAttribute(name, sAttribute, delegationSubject);
connection.setAttribute(name, sAttribute, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
connection.setAttribute(name, sAttribute, delegationSubject);
connection.setAttribute(name, sAttribute, null);
} finally {
popDefaultClassLoader(old);
}
@ -986,13 +963,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
return connection.setAttributes(name,
sAttributes,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.setAttributes(name,
sAttributes,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1021,7 +998,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
operationName,
sParams,
signature,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -1029,7 +1006,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
operationName,
sParams,
signature,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1042,11 +1019,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.getDefaultDomain(delegationSubject);
return connection.getDefaultDomain(null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getDefaultDomain(delegationSubject);
return connection.getDefaultDomain(null);
} finally {
popDefaultClassLoader(old);
}
@ -1057,11 +1034,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.getDomains(delegationSubject);
return connection.getDomains(null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getDomains(delegationSubject);
return connection.getDomains(null);
} finally {
popDefaultClassLoader(old);
}
@ -1076,11 +1053,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
if (logger.debugOn()) logger.debug("getMBeanInfo", "name=" + name);
final ClassLoader old = pushDefaultClassLoader();
try {
return connection.getMBeanInfo(name, delegationSubject);
return connection.getMBeanInfo(name, null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.getMBeanInfo(name, delegationSubject);
return connection.getMBeanInfo(name, null);
} finally {
popDefaultClassLoader(old);
}
@ -1099,13 +1076,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
return connection.isInstanceOf(name,
className,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
return connection.isInstanceOf(name,
className,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1134,7 +1111,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
listener,
sFilter,
sHandback,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -1142,7 +1119,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
listener,
sFilter,
sHandback,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1163,13 +1140,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
connection.removeNotificationListener(name,
listener,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
connection.removeNotificationListener(name,
listener,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1200,7 +1177,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
listener,
sFilter,
sHandback,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -1208,7 +1185,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
listener,
sFilter,
sHandback,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1237,10 +1214,9 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final Integer listenerID =
addListenerWithSubject(name,
new MarshalledObject<NotificationFilter>(filter),
delegationSubject,true);
null, true);
rmiNotifClient.addNotificationListener(listenerID, name, listener,
filter, handback,
delegationSubject);
filter, handback);
}
public void removeNotificationListener(ObjectName name,
@ -1267,13 +1243,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
connection.removeNotificationListeners(name,
ret,
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
connection.removeNotificationListeners(name,
ret,
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1309,13 +1285,13 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
connection.removeNotificationListeners(name,
new Integer[] {ret},
delegationSubject);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
connection.removeNotificationListeners(name,
new Integer[] {ret},
delegationSubject);
null);
} finally {
popDefaultClassLoader(old);
}
@ -1433,12 +1409,11 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
new ObjectName[] {MBeanServerDelegate.DELEGATE_NAME};
final MarshalledObject<NotificationFilter>[] filters =
Util.cast(new MarshalledObject<?>[] {sFilter});
final Subject[] subjects = new Subject[] {null};
try {
listenerIDs =
connection.addNotificationListeners(names,
filters,
subjects);
null);
} catch (IOException ioe) {
communicatorAdmin.gotIOException(ioe);
@ -1446,7 +1421,7 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
listenerIDs =
connection.addNotificationListeners(names,
filters,
subjects);
null);
}
return listenerIDs[0];
}
@ -1564,7 +1539,6 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
ClientListenerInfo[] clis = new ClientListenerInfo[len];
final Subject[] subjects = new Subject[len];
final ObjectName[] names = new ObjectName[len];
final NotificationListener[] listeners = new NotificationListener[len];
final NotificationFilter[] filters = new NotificationFilter[len];
@ -1573,7 +1547,6 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
final Object[] handbacks = new Object[len];
for (i=0;i<len;i++) {
subjects[i] = old[i].getDelegationSubject();
names[i] = old[i].getObjectName();
listeners[i] = old[i].getListener();
filters[i] = old[i].getNotificationFilter();
@ -1582,15 +1555,14 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
}
try {
Integer[] ids = addListenersWithSubjects(names,mFilters,subjects,false);
Integer[] ids = addListenersWithSubjects(names,mFilters,null,false);
for (i=0;i<len;i++) {
clis[i] = new ClientListenerInfo(ids[i],
names[i],
listeners[i],
filters[i],
handbacks[i],
subjects[i]);
handbacks[i]);
}
rmiNotifClient.postReconnection(clis);
@ -1605,15 +1577,14 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
try {
Integer id = addListenerWithSubject(names[i],
new MarshalledObject<NotificationFilter>(filters[i]),
subjects[i],
null,
false);
clis[j++] = new ClientListenerInfo(id,
names[i],
listeners[i],
filters[i],
handbacks[i],
subjects[i]);
handbacks[i]);
} catch (InstanceNotFoundException infe) {
logger.warning("reconnectNotificationListeners",
"Can't reconnect listener for " +
@ -1745,7 +1716,6 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
// Initialization of transient variables.
private void initTransients() {
rmbscMap = new WeakHashMap<Subject, WeakReference<MBeanServerConnection>>();
connected = false;
terminated = false;
@ -1893,22 +1863,14 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
private final ClassLoader loader;
}
private MBeanServerConnection getConnectionWithSubject(Subject delegationSubject) {
private MBeanServerConnection getConnection() {
MBeanServerConnection conn = null;
if (delegationSubject == null) {
if (nullSubjectConnRef == null
|| (conn = nullSubjectConnRef.get()) == null) {
conn = new RemoteMBeanServerConnection(null);
conn = new RemoteMBeanServerConnection();
nullSubjectConnRef = new WeakReference<MBeanServerConnection>(conn);
}
} else {
WeakReference<MBeanServerConnection> wr = rmbscMap.get(delegationSubject);
if (wr == null || (conn = wr.get()) == null) {
conn = new RemoteMBeanServerConnection(delegationSubject);
rmbscMap.put(delegationSubject, new WeakReference<MBeanServerConnection>(conn));
}
}
return conn;
}
@ -2279,7 +2241,6 @@ public class RMIConnector implements JMXConnector, Serializable, JMXAddressable
private transient long clientNotifSeqNo = 0;
private transient WeakHashMap<Subject, WeakReference<MBeanServerConnection>> rmbscMap;
private transient WeakReference<MBeanServerConnection> nullSubjectConnRef = null;
private transient RMINotifClient rmiNotifClient;

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,9 +29,6 @@ import javax.management.NotificationFilter;
import javax.management.NotificationListener;
import javax.management.ObjectName;
import javax.security.auth.Subject;
/**
* <p>An identified listener. A listener has an Integer id that is
* unique per connector server. It selects notifications based on the
@ -43,14 +40,12 @@ public class ClientListenerInfo {
ObjectName name,
NotificationListener listener,
NotificationFilter filter,
Object handback,
Subject delegationSubject) {
Object handback) {
this.listenerID = listenerID;
this.name = name;
this.listener = listener;
this.filter = filter;
this.handback = handback;
this.delegationSubject = delegationSubject;
}
public ObjectName getObjectName() {
@ -73,11 +68,6 @@ public class ClientListenerInfo {
return handback;
}
public Subject getDelegationSubject() {
return delegationSubject;
}
public boolean sameAs(ObjectName name) {
return (getObjectName().equals(name));
}
@ -102,5 +92,4 @@ public class ClientListenerInfo {
private final NotificationListener listener;
private final Object handback;
private final Subject delegationSubject;
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -167,8 +167,7 @@ public abstract class ClientNotifForwarder {
ObjectName name,
NotificationListener listener,
NotificationFilter filter,
Object handback,
Subject delegationSubject)
Object handback)
throws IOException, InstanceNotFoundException {
if (logger.traceOn()) {
@ -181,9 +180,7 @@ public abstract class ClientNotifForwarder {
name,
listener,
filter,
handback,
delegationSubject));
handback));
init(false);
}

View File

@ -1,128 +0,0 @@
/*
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.jmx.remote.security;
import java.security.AccessController;
import java.security.AccessControlContext;
import java.security.Permission;
import java.security.Principal;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.management.remote.SubjectDelegationPermission;
import java.util.*;
public class SubjectDelegator {
/* Return the AccessControlContext appropriate to execute an
operation on behalf of the delegatedSubject. If the
authenticatedAccessControlContext does not have permission to
delegate to that subject, throw SecurityException. */
@SuppressWarnings("removal")
public AccessControlContext
delegatedContext(AccessControlContext authenticatedACC,
Subject delegatedSubject,
boolean removeCallerContext)
throws SecurityException {
if (System.getSecurityManager() != null && authenticatedACC == null) {
throw new SecurityException("Illegal AccessControlContext: null");
}
// Check if the subject delegation permission allows the
// authenticated subject to assume the identity of each
// principal in the delegated subject
//
Collection<Principal> ps = getSubjectPrincipals(delegatedSubject);
final Collection<Permission> permissions = new ArrayList<>(ps.size());
for(Principal p : ps) {
final String pname = p.getClass().getName() + "." + p.getName();
permissions.add(new SubjectDelegationPermission(pname));
}
PrivilegedAction<Void> action =
new PrivilegedAction<>() {
public Void run() {
for (Permission sdp : permissions) {
AccessController.checkPermission(sdp);
}
return null;
}
};
AccessController.doPrivileged(action, authenticatedACC);
return getDelegatedAcc(delegatedSubject, removeCallerContext);
}
@SuppressWarnings("removal")
private AccessControlContext getDelegatedAcc(Subject delegatedSubject, boolean removeCallerContext) {
if (removeCallerContext) {
return JMXSubjectDomainCombiner.getDomainCombinerContext(delegatedSubject);
} else {
return JMXSubjectDomainCombiner.getContext(delegatedSubject);
}
}
/**
* Check if the connector server creator can assume the identity of each
* principal in the authenticated subject, i.e. check if the connector
* server creator codebase contains a subject delegation permission for
* each principal present in the authenticated subject.
*
* @return {@code true} if the connector server creator can delegate to all
* the authenticated principals in the subject. Otherwise, {@code false}.
*/
@SuppressWarnings("removal")
public static synchronized boolean
checkRemoveCallerContext(Subject subject) {
try {
for (Principal p : getSubjectPrincipals(subject)) {
final String pname =
p.getClass().getName() + "." + p.getName();
final Permission sdp =
new SubjectDelegationPermission(pname);
AccessController.checkPermission(sdp);
}
} catch (SecurityException e) {
return false;
}
return true;
}
/**
* Retrieves the {@linkplain Subject} principals
* @param subject The subject
* @return If the {@code Subject} is immutable it will return the principals directly.
* If the {@code Subject} is mutable it will create an unmodifiable copy.
*/
private static Collection<Principal> getSubjectPrincipals(Subject subject) {
if (subject.isReadOnly()) {
return subject.getPrincipals();
}
List<Principal> principals = Arrays.asList(subject.getPrincipals().toArray(new Principal[0]));
return Collections.unmodifiableList(principals);
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -115,12 +115,6 @@ public interface JMXConnector extends Closeable {
* {@link JMXServerErrorException}, which is seen by the
* client.</p>
*
* <p>Calling this method is equivalent to calling
* {@link #getMBeanServerConnection(Subject) getMBeanServerConnection(null)}
* meaning that no delegation subject is specified and that all the
* operations called on the <code>MBeanServerConnection</code> must
* use the authenticated subject, if any.</p>
*
* @return an object that implements the
* <code>MBeanServerConnection</code> interface by forwarding its
* methods to the remote MBean server.
@ -135,49 +129,37 @@ public interface JMXConnector extends Closeable {
throws IOException;
/**
* <p>Returns an <code>MBeanServerConnection</code> object representing
* a remote MBean server on which operations are performed on behalf of
* the supplied delegation subject. For a given <code>JMXConnector</code>
* and <code>Subject</code>, two successful calls to this method will
* usually return the same <code>MBeanServerConnection</code> object,
* though this is not required.</p>
* <p>When {@code delegationSubject} is {@code null}, calling his method
* is equivalent to calling {@link #getMBeanServerConnection()}.
*
* <p>For each method in the returned
* <code>MBeanServerConnection</code>, calling the method causes
* the corresponding method to be called in the remote MBean
* server on behalf of the given delegation subject instead of the
* authenticated subject. The value returned by the MBean server
* method is the value returned to the client. If the MBean server
* method produces an <code>Exception</code>, the same
* <code>Exception</code> is seen by the client. If the MBean
* server method, or the attempt to call it, produces an
* <code>Error</code>, the <code>Error</code> is wrapped in a
* {@link JMXServerErrorException}, which is seen by the
* client.</p>
* @implSpec The default implementation of this method throws
* {@code UnsupportedOperationException} if {@code delegationSubject} is
* non-null. Otherwise it calls {@link getMBeanServerConnection()}.
*
* @param delegationSubject the <code>Subject</code> on behalf of
* which requests will be performed. Can be null, in which case
* requests will be performed on behalf of the authenticated
* Subject, if any.
* @param delegationSubject must be {@code null}.
*
* @return an object that implements the <code>MBeanServerConnection</code>
* interface by forwarding its methods to the remote MBean server on behalf
* of a given delegation subject.
* interface by forwarding its methods to the remote MBean server.
*
* @exception IOException if a valid <code>MBeanServerConnection</code>
* cannot be created, for instance because the connection to the remote
* MBean server has not yet been established (with the {@link #connect(Map)
* connect} method), or it has been closed, or it has broken.
*
* @exception UnsupportedOperationException if {@code delegationSubject} is non-null.
*
* @deprecated This method supported the legacy Subject Delegation feature,
* and is only useful in conjunction with other APIs which are deprecated and
* subject to removal in a future release. Consequently, this method is also
* deprecated and subject to removal. There is no replacement.
* which has been removed. There is no replacement.
*/
@Deprecated(since="21", forRemoval=true)
public MBeanServerConnection getMBeanServerConnection(
Subject delegationSubject)
throws IOException;
public default MBeanServerConnection getMBeanServerConnection(Subject delegationSubject)
throws IOException {
if (delegationSubject != null) {
throw new UnsupportedOperationException("Subject Delegation has been removed.");
}
return getMBeanServerConnection();
}
/**
* <p>Closes the client connection to its server. Any ongoing or new

View File

@ -76,5 +76,4 @@ java/util/PluggableLocale/PermissionTest.java 0000000 generic-all
java/util/Properties/StoreReproducibilityTest.java 0000000 generic-all
java/util/Properties/StoreReproducibilityTest.java 0000000 generic-all
javax/management/ImplementationVersion/ImplVersionTest.java 0000000 generic-all
javax/management/remote/mandatory/subjectDelegation/SubjectDelegation1Test.java 0000000 generic-all
javax/management/remote/mandatory/version/ImplVersionTest.java 0000000 generic-all

View File

@ -534,8 +534,6 @@ javax/management/remote/mandatory/connection/RMIConnector_NPETest.java 8267887 g
javax/management/remote/mandatory/connection/BrokenConnectionTest.java 8262312 linux-all
javax/management/remote/mandatory/subjectDelegation/SubjectDelegation1Test.java 8149084 linux-aarch64
############################################################################
# jdk_net

View File

@ -0,0 +1,115 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8326666
* @summary Test that Subject Delegation is removed.
* @modules java.management.rmi
* java.management/com.sun.jmx.remote.security
* @run main/othervm RemovedSubjectDelegation
*/
import java.lang.management.ManagementFactory;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Collections;
import java.util.HashMap;
import java.util.Properties;
import javax.management.MBeanServer;
import javax.management.MBeanServerConnection;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.JMXServiceURL;
import javax.security.auth.Subject;
public class RemovedSubjectDelegation {
public static void main(String[] args) throws Exception {
JMXConnectorServer jmxcs = null;
JMXConnector jmxc = null;
try {
// Create an RMI registry
//
System.out.println("Start RMI registry...");
Registry reg = null;
int port = 5900;
while (port++ < 5920) {
try {
reg = LocateRegistry.createRegistry(port);
System.out.println("RMI registry running on port " + port);
break;
} catch (RemoteException e) {
// Failed to create RMI registry...
System.out.println("Failed to create RMI registry " +
"on port " + port);
}
}
if (reg == null) {
throw new RuntimeException("Failed to create RMI registry.");
}
// Instantiate the MBean server
//
System.out.println("Create the MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
JMXServiceURL url = new JMXServiceURL("rmi", null, 0);
HashMap env = new HashMap();
jmxcs = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
jmxcs.start();
// Create an RMI connector client
//
System.out.println("Create an RMI connector client");
// Not setting env with "jmx.remote.credentials", should not get as far as verifying:
jmxc = JMXConnectorFactory.connect(jmxcs.getAddress());
Subject delegationSubject =
new Subject(true,
Collections.singleton(new JMXPrincipal("delegate")),
Collections.EMPTY_SET,
Collections.EMPTY_SET);
MBeanServerConnection mbsc = null;
try {
mbsc = jmxc.getMBeanServerConnection(delegationSubject);
throw new RuntimeException("FAIL: delegationSubject was accepted. mbsc=" + mbsc);
} catch (UnsupportedOperationException e) {
System.out.println("PASS: " + e);
}
} catch (Exception e) {
System.out.println("Unexpected exception caught = " + e);
e.printStackTrace();
throw e;
} finally {
if (jmxc != null)
jmxc.close();
if (jmxcs != null)
jmxcs.stop();
}
}
}

View File

@ -1,123 +0,0 @@
/*
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.lang.management.ManagementFactory;
import java.lang.ref.WeakReference;
import java.lang.reflect.Field;
import java.util.Collections;
import java.util.Map;
import javax.management.MBeanServer;
import javax.management.MBeanServerConnection;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnector;
import javax.security.auth.Subject;
/*
* @test
* @bug 6566891
* @summary Check no memory leak on RMIConnector's rmbscMap
* @author Shanliang JIANG
* @modules java.management.rmi/javax.management.remote.rmi:open
* @run clean RMIConnectorInternalMapTest
* @run build RMIConnectorInternalMapTest
* @run main RMIConnectorInternalMapTest
*/
public class RMIConnectorInternalMapTest {
public static void main(String[] args) throws Exception {
System.out.println("---RMIConnectorInternalMapTest starting...");
JMXConnectorServer connectorServer = null;
JMXConnector connectorClient = null;
try {
MBeanServer mserver = ManagementFactory.getPlatformMBeanServer();
JMXServiceURL serverURL = new JMXServiceURL("rmi", "localhost", 0);
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(serverURL, null, mserver);
connectorServer.start();
JMXServiceURL serverAddr = connectorServer.getAddress();
connectorClient = JMXConnectorFactory.connect(serverAddr, null);
connectorClient.connect();
Field rmbscMapField = RMIConnector.class.getDeclaredField("rmbscMap");
rmbscMapField.setAccessible(true);
Map<Subject, WeakReference<MBeanServerConnection>> map =
(Map<Subject, WeakReference<MBeanServerConnection>>) rmbscMapField.get(connectorClient);
if (map != null && !map.isEmpty()) { // failed
throw new RuntimeException("RMIConnector's rmbscMap must be empty at the initial time.");
}
Subject delegationSubject =
new Subject(true,
Collections.singleton(new JMXPrincipal("delegate")),
Collections.EMPTY_SET,
Collections.EMPTY_SET);
MBeanServerConnection mbsc1 =
connectorClient.getMBeanServerConnection(delegationSubject);
MBeanServerConnection mbsc2 =
connectorClient.getMBeanServerConnection(delegationSubject);
if (mbsc1 == null) {
throw new RuntimeException("Got null connection.");
}
if (mbsc1 != mbsc2) {
throw new RuntimeException("Not got same connection with a same subject.");
}
map = (Map<Subject, WeakReference<MBeanServerConnection>>) rmbscMapField.get(connectorClient);
if (map == null || map.isEmpty()) { // failed
throw new RuntimeException("RMIConnector's rmbscMap has wrong size "
+ "after creating a delegated connection.");
}
delegationSubject = null;
mbsc1 = null;
mbsc2 = null;
int i = 0;
while (!map.isEmpty() && i++ < 60) {
System.gc();
Thread.sleep(100);
}
System.out.println("---GC times: " + i);
if (!map.isEmpty()) {
throw new RuntimeException("Failed to clean RMIConnector's rmbscMap");
} else {
System.out.println("---RMIConnectorInternalMapTest: PASSED!");
}
} finally {
try {
connectorClient.close();
connectorServer.stop();
} catch (Exception e) {
}
}
}
}

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -75,11 +75,11 @@ public class DeadListenerTest {
RMIConnectorServer cs = new RMIConnectorServer(url, null, rmiServer, mbs);
cs.start();
JMXServiceURL addr = cs.getAddress();
assertTrue("No connections in new connector server", rmiServer.connections.isEmpty());
assertTrue("Expected no connections in new connector server", rmiServer.connections.isEmpty());
JMXConnector cc = JMXConnectorFactory.connect(addr);
MBeanServerConnection mbsc = cc.getMBeanServerConnection();
assertTrue("One connection on server after client connect", rmiServer.connections.size() == 1);
assertTrue("Expected one connection on server after client connect", rmiServer.connections.size() == 1);
RMIConnectionImpl connection = rmiServer.connections.get(0);
Method getServerNotifFwdM = RMIConnectionImpl.class.getDeclaredMethod("getServerNotifFwd");
getServerNotifFwdM.setAccessible(true);
@ -88,7 +88,7 @@ public class DeadListenerTest {
listenerMapF.setAccessible(true);
@SuppressWarnings("unchecked")
Map<ObjectName, Set<?>> listenerMap = (Map<ObjectName, Set<?>>) listenerMapF.get(serverNotifForwarder);
assertTrue("Server listenerMap initially empty", mapWithoutKey(listenerMap, delegateName).isEmpty());
assertTrue("Expected server listenerMap initially empty", mapWithoutKey(listenerMap, delegateName).isEmpty());
final AtomicInteger count1Val = new AtomicInteger();
CountListener count1 = new CountListener(count1Val);
@ -104,12 +104,12 @@ public class DeadListenerTest {
WeakReference<CountListener> count2Ref = new WeakReference<>(count2);
count2 = null;
assertTrue("One entry in listenerMap for two listeners on same MBean", mapWithoutKey(listenerMap, delegateName).size() == 1);
assertTrue("Expected one entry in listenerMap for two listeners on same MBean", mapWithoutKey(listenerMap, delegateName).size() == 1);
Set<?> set = listenerMap.get(name);
assertTrue("Set in listenerMap for MBean has two elements", set != null && set.size() == 2);
assertTrue("Expected Set in listenerMap for MBean to have two elements", set != null && set.size() == 2);
assertTrue("Initial value of count1 == 0", count1Val.get() == 0);
assertTrue("Initial value of count2 == 0", count2Val.get() == 0);
assertTrue("Initial value of count1 should be 0", count1Val.get() == 0);
assertTrue("Initial value of count2 should be 0", count2Val.get() == 0);
Notification notif = new Notification("type", name, 0);
@ -119,8 +119,8 @@ public class DeadListenerTest {
while ((count1Val.get() != 1 || count2Val.get() != 1) ) {
Thread.sleep(20);
}
assertTrue("New value of count1 == 1", count1Val.get() == 1);
assertTrue("Initial value of count2 == 1", count2Val.get() == 1);
assertTrue("Value of count1 expected 1, got " + count1Val.get(), count1Val.get() == 1);
assertTrue("Value of count2 expected 1, got " + count2Val.get(), count2Val.get() == 1);
// Make sure that removing a nonexistent listener from an existent MBean produces ListenerNotFoundException
CountListener count3 = new CountListener();
@ -146,8 +146,8 @@ public class DeadListenerTest {
mbean.sendNotification(notif);
Thread.sleep(200);
assertTrue("New value of count1 == 1", count1Val.get() == 1);
assertTrue("Initial value of count2 == 1", count2Val.get() == 1);
assertTrue("Value of count1 expected 1, got " + count1Val.get(), count1Val.get() == 1);
assertTrue("Value of count2 expected 1, got " + count2Val.get(), count2Val.get() == 1);
// wait for the listener cleanup to take place upon processing notifications
int countdown = 50; // waiting max. 5 secs

View File

@ -1,184 +0,0 @@
/*
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Simple definition of a standard MBean, named "SimpleStandard".
*
* The "SimpleStandard" standard MBean shows how to expose attributes and
* operations for management by implementing its corresponding
* "SimpleStandardMBean" management interface.
*
* This MBean has two attributes and one operation exposed
* for management by a JMX agent:
* - the read/write "State" attribute,
* - the read only "NbChanges" attribute,
* - the "reset()" operation.
*
* This object also has one property and one method not exposed
* for management by a JMX agent:
* - the "NbResets" property,
* - the "getNbResets()" method.
*/
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.util.Set;
import javax.management.AttributeChangeNotification;
import javax.management.NotificationBroadcasterSupport;
import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;
public class SimpleStandard
extends NotificationBroadcasterSupport
implements SimpleStandardMBean {
/*
* -----------------------------------------------------
* CONSTRUCTORS
* -----------------------------------------------------
*/
public SimpleStandard(String principalName) {
this.principalName = principalName;
}
/*
* -----------------------------------------------------
* IMPLEMENTATION OF THE SimpleStandardMBean INTERFACE
* -----------------------------------------------------
*/
/**
* Getter: get the "State" attribute of the "SimpleStandard" standard MBean.
*
* @return the current value of the "State" attribute.
*/
public String getState() {
checkSubject("getState");
return state;
}
/**
* Setter: set the "State" attribute of the "SimpleStandard" standard MBean.
*
* @param <VAR>s</VAR> the new value of the "State" attribute.
*/
public void setState(String s) {
checkSubject("setState");
state = s;
nbChanges++;
}
/**
* Getter: get the "NbChanges" attribute of the "SimpleStandard" standard
* MBean.
*
* @return the current value of the "NbChanges" attribute.
*/
public int getNbChanges() {
checkSubject("getNbChanges");
return nbChanges;
}
/**
* Operation: reset to their initial values the "State" and "NbChanges"
* attributes of the "SimpleStandard" standard MBean.
*/
public void reset() {
checkSubject("reset");
AttributeChangeNotification acn =
new AttributeChangeNotification(this,
0,
0,
"NbChanges reset",
"NbChanges",
"Integer",
new Integer(nbChanges),
new Integer(0));
state = "initial state";
nbChanges = 0;
nbResets++;
sendNotification(acn);
}
/*
* -----------------------------------------------------
* METHOD NOT EXPOSED FOR MANAGEMENT BY A JMX AGENT
* -----------------------------------------------------
*/
/**
* Return the "NbResets" property.
* This method is not a Getter in the JMX sense because
* it is not exposed in the "SimpleStandardMBean" interface.
*
* @return the current value of the "NbResets" property.
*/
public int getNbResets() {
return nbResets;
}
/*
* ---------------
* PRIVATE METHODS
* ---------------
*/
/**
* Check that the principal contained in the Subject is of
* type JMXPrincipal and refers to the principalName identity.
*/
private void checkSubject(String op) {
AccessControlContext acc = AccessController.getContext();
Subject subject = Subject.getSubject(acc);
Set principals = subject.getPrincipals();
Principal principal = (Principal) principals.iterator().next();
if (!(principal instanceof JMXPrincipal))
throw new SecurityException(op+": Authenticated subject contains " +
"invalid principal type = " +
principal.getClass().getName());
String identity = principal.getName();
if (!identity.equals(principalName))
throw new SecurityException(op+": Authenticated subject contains " +
"invalid principal name = " + identity);
}
/*
* -----------------------------------------------------
* ATTRIBUTES ACCESSIBLE FOR MANAGEMENT BY A JMX AGENT
* -----------------------------------------------------
*/
private String state = "initial state";
private int nbChanges = 0;
/*
* -----------------------------------------------------
* PROPERTY NOT ACCESSIBLE FOR MANAGEMENT BY A JMX AGENT
* -----------------------------------------------------
*/
private int nbResets = 0;
private String principalName;
}

View File

@ -1,67 +0,0 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This is the management interface explicitly defined for the
* "SimpleStandard" standard MBean.
* The "SimpleStandard" standard MBean implements this interface
* in order to be manageable through a JMX agent.
*
* The "SimpleStandardMBean" interface shows how to expose for management:
* - a read/write attribute (named "State") through its getter and setter
* methods,
* - a read-only attribute (named "NbChanges") through its getter method,
* - an operation (named "reset").
*/
public interface SimpleStandardMBean {
/**
* Getter: set the "State" attribute of the "SimpleStandard" standard
* MBean.
*
* @return the current value of the "State" attribute.
*/
public String getState();
/**
* Setter: set the "State" attribute of the "SimpleStandard" standard
* MBean.
*
* @param <VAR>s</VAR> the new value of the "State" attribute.
*/
public void setState(String s);
/**
* Getter: get the "NbChanges" attribute of the "SimpleStandard" standard
* MBean.
*
* @return the current value of the "NbChanges" attribute.
*/
public int getNbChanges();
/**
* Operation: reset to their initial values the "State" and "NbChanges"
* attributes of the "SimpleStandard" standard MBean.
*/
public void reset();
}

View File

@ -1,226 +0,0 @@
/*
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6261831
* @summary Tests the use of the subject delegation feature in the
* RMI connector
* @author Luis-Miguel Alventosa
* @modules java.management.rmi
* java.management/com.sun.jmx.remote.security
* @run clean SubjectDelegation1Test SimpleStandard SimpleStandardMBean
* @run build SubjectDelegation1Test SimpleStandard SimpleStandardMBean
* @run main/othervm -Djava.security.manager=allow SubjectDelegation1Test policy11 ok
* @run main/othervm -Djava.security.manager=allow SubjectDelegation1Test policy12 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation1Test policy13 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation1Test policy14 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation1Test policy15 ok
* @run main/othervm -Djava.security.manager=allow SubjectDelegation1Test policy16 ko
*/
import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Collections;
import java.util.HashMap;
import java.util.Properties;
import javax.management.Attribute;
import javax.management.MBeanServer;
import javax.management.MBeanServerConnection;
import javax.management.Notification;
import javax.management.NotificationListener;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.JMXServiceURL;
import javax.security.auth.Subject;
public class SubjectDelegation1Test {
public static void main(String[] args) throws Exception {
String policyFile = args[0];
String testResult = args[1];
System.out.println("Policy file = " + policyFile);
System.out.println("Expected test result = " + testResult);
JMXConnectorServer jmxcs = null;
JMXConnector jmxc = null;
try {
// Create an RMI registry
//
System.out.println("Start RMI registry...");
Registry reg = null;
int port = 5860;
while (port++ < 5880) {
try {
reg = LocateRegistry.createRegistry(port);
System.out.println("RMI registry running on port " + port);
break;
} catch (RemoteException e) {
// Failed to create RMI registry...
System.out.println("Failed to create RMI registry " +
"on port " + port);
}
}
if (reg == null) {
System.exit(1);
}
// Set the default password file
//
final String passwordFile = System.getProperty("test.src") +
File.separator + "jmxremote.password";
System.out.println("Password file = " + passwordFile);
// Set policy file
//
final String policy = System.getProperty("test.src") +
File.separator + policyFile;
System.out.println("PolicyFile = " + policy);
System.setProperty("java.security.policy", policy);
// Instantiate the MBean server
//
System.out.println("Create the MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Register the SimpleStandardMBean
//
System.out.println("Create SimpleStandard MBean");
SimpleStandard s = new SimpleStandard("delegate");
mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
// Create Properties containing the username/password entries
//
Properties props = new Properties();
props.setProperty("jmx.remote.x.password.file", passwordFile);
// Initialize environment map to be passed to the connector server
//
System.out.println("Initialize environment map");
HashMap env = new HashMap();
env.put("jmx.remote.authenticator",
new JMXPluggableAuthenticator(props));
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
JMXServiceURL url =
new JMXServiceURL("rmi", null, 0,
"/jndi/rmi://:" + port + "/server" + port);
jmxcs =
JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
jmxcs.start();
// Create an RMI connector client
//
System.out.println("Create an RMI connector client");
HashMap cli_env = new HashMap();
// These credentials must match those in the default password file
//
String[] credentials = new String[] { "monitorRole" , "QED" };
cli_env.put("jmx.remote.credentials", credentials);
jmxc = JMXConnectorFactory.connect(url, cli_env);
Subject delegationSubject =
new Subject(true,
Collections.singleton(new JMXPrincipal("delegate")),
Collections.EMPTY_SET,
Collections.EMPTY_SET);
MBeanServerConnection mbsc =
jmxc.getMBeanServerConnection(delegationSubject);
// Get domains from MBeanServer
//
System.out.println("Domains:");
String domains[] = mbsc.getDomains();
for (int i = 0; i < domains.length; i++) {
System.out.println("\tDomain[" + i + "] = " + domains[i]);
}
// Get MBean count
//
System.out.println("MBean count = " + mbsc.getMBeanCount());
// Get State attribute
//
String oldState =
(String) mbsc.getAttribute(
new ObjectName("MBeans:type=SimpleStandard"),
"State");
System.out.println("Old State = \"" + oldState + "\"");
// Set State attribute
//
System.out.println("Set State to \"changed state\"");
mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"),
new Attribute("State", "changed state"));
// Get State attribute
//
String newState =
(String) mbsc.getAttribute(
new ObjectName("MBeans:type=SimpleStandard"),
"State");
System.out.println("New State = \"" + newState + "\"");
if (!newState.equals("changed state")) {
System.out.println("Invalid State = \"" + newState + "\"");
System.exit(1);
}
// Add notification listener on SimpleStandard MBean
//
System.out.println("Add notification listener...");
mbsc.addNotificationListener(
new ObjectName("MBeans:type=SimpleStandard"),
new NotificationListener() {
public void handleNotification(Notification notification,
Object handback) {
System.out.println("Received notification: " +
notification);
}
},
null,
null);
// Unregister SimpleStandard MBean
//
System.out.println("Unregister SimpleStandard MBean...");
mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard"));
} catch (SecurityException e) {
if (testResult.equals("ko")) {
System.out.println("Got expected security exception = " + e);
} else {
System.out.println("Got unexpected security exception = " + e);
e.printStackTrace();
throw e;
}
} catch (Exception e) {
System.out.println("Unexpected exception caught = " + e);
e.printStackTrace();
throw e;
} finally {
// Close connector client
//
if (jmxc != null)
jmxc.close();
// Stop connector server
//
if (jmxcs != null)
jmxcs.stop();
// Say goodbye
//
System.out.println("Bye! Bye!");
}
}
}

View File

@ -1,218 +0,0 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6261831
* @summary Tests the use of the subject delegation feature on the authenticated
* principals within the RMI connector server's creator codebase.
* @author Luis-Miguel Alventosa
* @modules java.management.rmi
* java.management/com.sun.jmx.remote.security
* @run clean SubjectDelegation2Test SimpleStandard SimpleStandardMBean
* @run build SubjectDelegation2Test SimpleStandard SimpleStandardMBean
* @run main/othervm -Djava.security.manager=allow SubjectDelegation2Test policy21 ok
* @run main/othervm -Djava.security.manager=allow SubjectDelegation2Test policy22 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation2Test policy23 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation2Test policy24 ok
* @run main/othervm -Djava.security.manager=allow SubjectDelegation2Test policy25 ko
*/
import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.HashMap;
import java.util.Properties;
import javax.management.Attribute;
import javax.management.MBeanServer;
import javax.management.MBeanServerConnection;
import javax.management.Notification;
import javax.management.NotificationListener;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
public class SubjectDelegation2Test {
public static void main(String[] args) throws Exception {
String policyFile = args[0];
String testResult = args[1];
System.out.println("Policy file = " + policyFile);
System.out.println("Expected test result = " + testResult);
JMXConnectorServer jmxcs = null;
JMXConnector jmxc = null;
try {
// Create an RMI registry
//
System.out.println("Start RMI registry...");
Registry reg = null;
int port = 5880;
while (port++ < 5900) {
try {
reg = LocateRegistry.createRegistry(port);
System.out.println("RMI registry running on port " + port);
break;
} catch (RemoteException e) {
// Failed to create RMI registry...
System.out.println("Failed to create RMI registry " +
"on port " + port);
}
}
if (reg == null) {
System.exit(1);
}
// Set the default password file
//
final String passwordFile = System.getProperty("test.src") +
File.separator + "jmxremote.password";
System.out.println("Password file = " + passwordFile);
// Set policy file
//
final String policy = System.getProperty("test.src") +
File.separator + policyFile;
System.out.println("PolicyFile = " + policy);
System.setProperty("java.security.policy", policy);
// Instantiate the MBean server
//
System.out.println("Create the MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Register the SimpleStandardMBean
//
System.out.println("Create SimpleStandard MBean");
SimpleStandard s = new SimpleStandard("monitorRole");
mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
// Create Properties containing the username/password entries
//
Properties props = new Properties();
props.setProperty("jmx.remote.x.password.file", passwordFile);
// Initialize environment map to be passed to the connector server
//
System.out.println("Initialize environment map");
HashMap env = new HashMap();
env.put("jmx.remote.authenticator",
new JMXPluggableAuthenticator(props));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
JMXServiceURL url = new JMXServiceURL("rmi", null, 0);
jmxcs =
JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
jmxcs.start();
// Create an RMI connector client
//
System.out.println("Create an RMI connector client");
HashMap cli_env = new HashMap();
// These credentials must match those in the default password file
//
String[] credentials = new String[] { "monitorRole" , "QED" };
cli_env.put("jmx.remote.credentials", credentials);
jmxc = JMXConnectorFactory.connect(jmxcs.getAddress(), cli_env);
MBeanServerConnection mbsc = jmxc.getMBeanServerConnection();
// Get domains from MBeanServer
//
System.out.println("Domains:");
String domains[] = mbsc.getDomains();
for (int i = 0; i < domains.length; i++) {
System.out.println("\tDomain[" + i + "] = " + domains[i]);
}
// Get MBean count
//
System.out.println("MBean count = " + mbsc.getMBeanCount());
// Get State attribute
//
String oldState =
(String) mbsc.getAttribute(
new ObjectName("MBeans:type=SimpleStandard"),
"State");
System.out.println("Old State = \"" + oldState + "\"");
// Set State attribute
//
System.out.println("Set State to \"changed state\"");
mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"),
new Attribute("State", "changed state"));
// Get State attribute
//
String newState =
(String) mbsc.getAttribute(
new ObjectName("MBeans:type=SimpleStandard"),
"State");
System.out.println("New State = \"" + newState + "\"");
if (!newState.equals("changed state")) {
System.out.println("Invalid State = \"" + newState + "\"");
System.exit(1);
}
// Add notification listener on SimpleStandard MBean
//
System.out.println("Add notification listener...");
mbsc.addNotificationListener(
new ObjectName("MBeans:type=SimpleStandard"),
new NotificationListener() {
public void handleNotification(Notification notification,
Object handback) {
System.out.println("Received notification: " +
notification);
}
},
null,
null);
// Unregister SimpleStandard MBean
//
System.out.println("Unregister SimpleStandard MBean...");
mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard"));
} catch (SecurityException e) {
if (testResult.equals("ko")) {
System.out.println("Got expected security exception = " + e);
} else {
System.out.println("Got unexpected security exception = " + e);
e.printStackTrace();
throw e;
}
} catch (Exception e) {
System.out.println("Unexpected exception caught = " + e);
e.printStackTrace();
throw e;
} finally {
// Close connector client
//
if (jmxc != null)
jmxc.close();
// Stop connector server
//
if (jmxcs != null)
jmxcs.stop();
// Say goodbye
//
System.out.println("Bye! Bye!");
}
}
}

View File

@ -1,228 +0,0 @@
/*
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 6261831
* @summary Tests the use of the subject delegation feature on the authenticated
* principals within the RMI connector server's creator codebase with
* subject delegation.
* @author Luis-Miguel Alventosa
* @modules java.management.rmi
* java.management/com.sun.jmx.remote.security
* @run clean SubjectDelegation3Test SimpleStandard SimpleStandardMBean
* @run build SubjectDelegation3Test SimpleStandard SimpleStandardMBean
* @run main/othervm -Djava.security.manager=allow SubjectDelegation3Test policy31 ok
* @run main/othervm -Djava.security.manager=allow SubjectDelegation3Test policy32 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation3Test policy33 ko
* @run main/othervm -Djava.security.manager=allow SubjectDelegation3Test policy34 ok
* @run main/othervm -Djava.security.manager=allow SubjectDelegation3Test policy35 ko
*/
import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
import java.io.File;
import java.lang.management.ManagementFactory;
import java.rmi.RemoteException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Collections;
import java.util.HashMap;
import java.util.Properties;
import javax.management.Attribute;
import javax.management.MBeanServer;
import javax.management.MBeanServerConnection;
import javax.management.Notification;
import javax.management.NotificationListener;
import javax.management.ObjectName;
import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServer;
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.JMXServiceURL;
import javax.security.auth.Subject;
public class SubjectDelegation3Test {
public static void main(String[] args) throws Exception {
String policyFile = args[0];
String testResult = args[1];
System.out.println("Policy file = " + policyFile);
System.out.println("Expected test result = " + testResult);
JMXConnectorServer jmxcs = null;
JMXConnector jmxc = null;
try {
// Create an RMI registry
//
System.out.println("Start RMI registry...");
Registry reg = null;
int port = 5900;
while (port++ < 5920) {
try {
reg = LocateRegistry.createRegistry(port);
System.out.println("RMI registry running on port " + port);
break;
} catch (RemoteException e) {
// Failed to create RMI registry...
System.out.println("Failed to create RMI registry " +
"on port " + port);
}
}
if (reg == null) {
System.exit(1);
}
// Set the default password file
//
final String passwordFile = System.getProperty("test.src") +
File.separator + "jmxremote.password";
System.out.println("Password file = " + passwordFile);
// Set policy file
//
final String policy = System.getProperty("test.src") +
File.separator + policyFile;
System.out.println("PolicyFile = " + policy);
System.setProperty("java.security.policy", policy);
// Instantiate the MBean server
//
System.out.println("Create the MBean server");
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
// Register the SimpleStandardMBean
//
System.out.println("Create SimpleStandard MBean");
SimpleStandard s = new SimpleStandard("delegate");
mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard"));
// Create Properties containing the username/password entries
//
Properties props = new Properties();
props.setProperty("jmx.remote.x.password.file", passwordFile);
// Initialize environment map to be passed to the connector server
//
System.out.println("Initialize environment map");
HashMap env = new HashMap();
env.put("jmx.remote.authenticator",
new JMXPluggableAuthenticator(props));
// Set Security Manager
//
System.setSecurityManager(new SecurityManager());
// Create an RMI connector server
//
System.out.println("Create an RMI connector server");
JMXServiceURL url =
new JMXServiceURL("rmi", null, 0);
jmxcs =
JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs);
jmxcs.start();
// Create an RMI connector client
//
System.out.println("Create an RMI connector client");
HashMap cli_env = new HashMap();
// These credentials must match those in the default password file
//
String[] credentials = new String[] { "monitorRole" , "QED" };
cli_env.put("jmx.remote.credentials", credentials);
jmxc = JMXConnectorFactory.connect(jmxcs.getAddress(), cli_env);
Subject delegationSubject =
new Subject(true,
Collections.singleton(new JMXPrincipal("delegate")),
Collections.EMPTY_SET,
Collections.EMPTY_SET);
MBeanServerConnection mbsc =
jmxc.getMBeanServerConnection(delegationSubject);
// Get domains from MBeanServer
//
System.out.println("Domains:");
String domains[] = mbsc.getDomains();
for (int i = 0; i < domains.length; i++) {
System.out.println("\tDomain[" + i + "] = " + domains[i]);
}
// Get MBean count
//
System.out.println("MBean count = " + mbsc.getMBeanCount());
// Get State attribute
//
String oldState =
(String) mbsc.getAttribute(
new ObjectName("MBeans:type=SimpleStandard"),
"State");
System.out.println("Old State = \"" + oldState + "\"");
// Set State attribute
//
System.out.println("Set State to \"changed state\"");
mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"),
new Attribute("State", "changed state"));
// Get State attribute
//
String newState =
(String) mbsc.getAttribute(
new ObjectName("MBeans:type=SimpleStandard"),
"State");
System.out.println("New State = \"" + newState + "\"");
if (!newState.equals("changed state")) {
System.out.println("Invalid State = \"" + newState + "\"");
System.exit(1);
}
// Add notification listener on SimpleStandard MBean
//
System.out.println("Add notification listener...");
mbsc.addNotificationListener(
new ObjectName("MBeans:type=SimpleStandard"),
new NotificationListener() {
public void handleNotification(Notification notification,
Object handback) {
System.out.println("Received notification: " +
notification);
}
},
null,
null);
// Unregister SimpleStandard MBean
//
System.out.println("Unregister SimpleStandard MBean...");
mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard"));
} catch (SecurityException e) {
if (testResult.equals("ko")) {
System.out.println("Got expected security exception = " + e);
} else {
System.out.println("Got unexpected security exception = " + e);
e.printStackTrace();
throw e;
}
} catch (Exception e) {
System.out.println("Unexpected exception caught = " + e);
e.printStackTrace();
throw e;
} finally {
// Close connector client
//
if (jmxc != null)
jmxc.close();
// Stop connector server
//
if (jmxcs != null)
jmxcs.stop();
// Say goodbye
//
System.out.println("Bye! Bye!");
}
}
}

View File

@ -1,7 +0,0 @@
grant {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};

View File

@ -1,6 +0,0 @@
grant {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
};

View File

@ -1,6 +0,0 @@
grant {
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};

View File

@ -1,5 +0,0 @@
grant {
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
};

View File

@ -1,7 +0,0 @@
grant {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.monitorRole";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};

View File

@ -1,6 +0,0 @@
grant {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.monitorRole";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
};

View File

@ -1,25 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.security.SecurityPermission "createAccessControlContext";
permission java.lang.RuntimePermission "*";
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,25 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.lang.RuntimePermission "*";
permission java.security.SecurityPermission "createAccessControlContext";
// permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,25 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.lang.RuntimePermission "*";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
// permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,18 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.monitorRole";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,18 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.monitorRole";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
// permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,30 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.lang.RuntimePermission "*";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "delegate" {
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,30 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.lang.RuntimePermission "*";
permission java.security.SecurityPermission "createAccessControlContext";
// permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "delegate" {
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,30 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.lang.RuntimePermission "*";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "delegate" {
// permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,22 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.monitorRole";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "delegate" {
permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};

View File

@ -1,22 +0,0 @@
grant {
permission javax.security.auth.AuthPermission "createLoginContext.JMXPluggableAuthenticator";
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "*:*", "accept,connect,listen,resolve";
permission java.security.SecurityPermission "createAccessControlContext";
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.monitorRole";
};
grant principal javax.management.remote.JMXPrincipal "monitorRole" {
permission javax.management.remote.SubjectDelegationPermission "javax.management.remote.JMXPrincipal.delegate";
};
grant principal javax.management.remote.JMXPrincipal "delegate" {
// permission javax.management.MBeanPermission "*", "getDomains";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "getAttribute";
permission javax.security.auth.AuthPermission "getSubject";
permission javax.management.MBeanPermission "SimpleStandard#State[MBeans:type=SimpleStandard]", "setAttribute";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "addNotificationListener";
permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "removeNotificationListener";
permission javax.management.MBeanPermission "SimpleStandard#-[MBeans:type=SimpleStandard]", "unregisterMBean";
};