/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* <p>This class represents a
* <a href="{@docRoot}/../guide/security/jaas/JAASRefGuide.html">JAAS</a>
* based implementation of the {@link JMXAuthenticator} interface.</p>
*
* <p>Authentication is performed by passing the supplied user's credentials
* to one or more authentication mechanisms ({@link LoginModule}) for
* verification. An authentication mechanism acquires the user's credentials
* If authentication is successful then an authenticated {@link Subject}
* filled in with a {@link Principal} is returned. Authorization checks
* will then be performed based on this <code>Subject</code>.</p>
*
* <p>By default, a single file-based authentication mechanism
* {@link FileLoginModule} is configured (<code>FileLoginConfig</code>).</p>
*
* <p>To override the default configuration use the
* <code>com.sun.management.jmxremote.login.config</code> management property
* described in the JRE/lib/management/management.properties file.
* Set this property to the name of a JAAS configuration entry and ensure that
* the entry is loaded by the installed {@link Configuration}. In addition,
* ensure that the authentication mechanisms specified in the entry acquire
* the user's credentials by calling {@link NameCallback} and
* {@link PasswordCallback} and that they return a {@link Subject} filled-in
* with a {@link Principal}, for those users that are successfully
* authenticated.</p>
*/
/**
* Creates an instance of <code>JMXPluggableAuthenticator</code>
* and initializes it with a {@link LoginContext}.
*
* @param env the environment containing configuration properties for the
* authenticator. Can be null, which is equivalent to an empty
* Map.
* @exception SecurityException if the authentication mechanism cannot be
* initialized.
*/
}
try {
if (loginConfigName != null) {
// use the supplied JAAS login configuration
} else {
// use the default JAAS login configuration (file-based)
new AuthPermission("createLoginContext." +
}
try {
new PrivilegedExceptionAction<LoginContext>() {
return new LoginContext(
null,
new JMXCallbackHandler(),
new FileLoginConfig(pf));
}
});
} catch (PrivilegedActionException pae) {
}
}
} catch (LoginException le) {
} catch (SecurityException se) {
}
}
/**
* Authenticate the <code>MBeanServerConnection</code> client
* with the given client credentials.
*
* @param credentials the user-defined credentials to be passed in
* to the server in order to authenticate the user before creating
* the <code>MBeanServerConnection</code>. This parameter must
* be a two-element <code>String[]</code> containing the client's
* username and password in that order.
*
* @return the authenticated subject containing a
* <code>JMXPrincipal(username)</code>.
*
* @exception SecurityException if the server cannot authenticate the user
* with the provided credentials.
*/
// Verify that credentials is of type String[].
//
if (!(credentials instanceof String[])) {
// Special case for null so we get a more informative message
if (credentials == null)
"Credentials should be String[] instead of " +
}
// Verify that the array contains two elements.
//
"Credentials should have 2 elements not " +
}
// Verify that username exists and the associated
// password matches the one supplied by the client.
//
}
// Perform authentication
try {
return null;
}
});
return subject;
} catch (LoginException le) {
}
return null;
}
throws SecurityException {
throw e;
}
throws SecurityException {
if (exception instanceof SecurityException) {
} else {
se = e;
}
throw se;
}
Exception e) {
}
}
}
"jmx.remote.x.password.file";
/**
* This callback handler supplies the username and password (which was
* originally supplied by the JMX user) to the JAAS login module performing
* the authentication. No interactive user prompting is required because the
* credentials are already available to this class (via its enclosing class).
*/
/**
* Sets the username and password in the appropriate Callback object.
*/
throws IOException, UnsupportedCallbackException {
if (callbacks[i] instanceof NameCallback) {
} else if (callbacks[i] instanceof PasswordCallback) {
((PasswordCallback)callbacks[i])
} else {
throw new UnsupportedCallbackException
(callbacks[i], "Unrecognized Callback");
}
}
}
}
/**
* This class defines the JAAS configuration for file-based authentication.
* It is equivalent to the following textual configuration entry:
* <pre>
* JMXPluggableAuthenticator {
* com.sun.jmx.remote.security.FileLoginModule required;
* };
* </pre>
*/
// The JAAS configuration for file-based authentication
// The classname of the login module for file-based authentication
FileLoginModule.class.getName();
// The option that identifies the password file to use
/**
* Creates an instance of <code>FileLoginConfig</code>
*
* @param passwordFile A filepath that identifies the password file to use.
* If null then the default password file is used.
*/
if (passwordFile != null) {
} else {
}
entries = new AppConfigurationEntry[] {
};
}
/**
* Gets the JAAS configuration for file-based authentication
*/
}
/**
* Refreshes the configuration.
*/
public void refresh() {
// the configuration is fixed
}
}
}