/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* <p>An object of this class implements the MBeanServer interface
* and, for each of its methods, calls an appropriate checking method
* and then forwards the request to a wrapped MBeanServer object. The
* checking method may throw a RuntimeException if the operation is
* not allowed; in this case the request is not forwarded to the
* wrapped object.</p>
*
* <p>A typical use of this class is to insert it between a connector server
* such as the RMI connector and the MBeanServer with which the connector
* is associated. Requests from the connector client can then be filtered
* and those operations that are not allowed, or not allowed in a particular
* context, can be rejected by throwing a <code>SecurityException</code>
* in the corresponding <code>check*</code> method.</p>
*
* <p>This is an abstract class, because in its implementation none of
* the checking methods does anything. To be useful, it must be
* subclassed and at least one of the checking methods overridden to
* do some checking. Some or all of the MBeanServer methods may also
* be overridden, for instance if the default checking behavior is
* inappropriate.</p>
*
* <p>If there is no SecurityManager, then the access controller will refuse
* to create an MBean that is a ClassLoader, which includes MLets, or to
* execute the method addURL on an MBean that is an MLet. This prevents
* people from opening security holes unintentionally. Otherwise, it
* would not be obvious that granting write access grants the ability to
* download and execute arbitrary code in the target MBean server. Advanced
* users who do want the ability to use MLets are presumably advanced enough
* to handle policy files and security managers.</p>
*/
public abstract class MBeanServerAccessController
implements MBeanServerForwarder {
return mbs;
}
throw new IllegalArgumentException("Null MBeanServer");
throw new IllegalArgumentException("MBeanServer object already " +
"initialized");
}
/**
* Check if the caller can do read operations. This method does
* nothing if so, otherwise throws SecurityException.
*/
protected abstract void checkRead();
/**
* Check if the caller can do write operations. This method does
* nothing if so, otherwise throws SecurityException.
*/
protected abstract void checkWrite();
/**
* Check if the caller can create the named class. The default
* implementation of this method calls {@link #checkWrite()}.
*/
checkWrite();
}
/**
* Check if the caller can unregister the named MBean. The default
* implementation of this method calls {@link #checkWrite()}.
*/
checkWrite();
}
//--------------------------------------------
//--------------------------------------------
//
// Implementation of the MBeanServer interface
//
//--------------------------------------------
//--------------------------------------------
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException {
checkRead();
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
throws
} else {
}
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
throws
} else {
}
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
throws
} else {
}
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
throws
} else {
}
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException, OperationsException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws OperationsException, ReflectionException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
byte[] data)
throws
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException, ReflectionException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
return getMBeanServer().getClassLoaderRepository();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
return getMBeanServer().getDefaultDomain();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
return getMBeanServer().getDomains();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
return getMBeanServer().getMBeanCount();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException {
checkRead();
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
throws ReflectionException, MBeanException {
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
throws ReflectionException, MBeanException {
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
}
/**
* Call <code>checkCreate(className)</code>, then forward this method to the
* wrapped object.
*/
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
throws
checkWrite();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException {
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
throws
checkWrite();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkRead()</code>, then forward this method to the
* wrapped object.
*/
checkRead();
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
throws
checkWrite();
}
/**
* Call <code>checkWrite()</code>, then forward this method to the
* wrapped object.
*/
throws InstanceNotFoundException, ReflectionException {
checkWrite();
}
/**
* Call <code>checkUnregister()</code>, then forward this method to the
* wrapped object.
*/
}
//----------------
// PRIVATE METHODS
//----------------
if (object instanceof ClassLoader)
throw new SecurityException("Access denied! Creating an " +
"MBean that is a ClassLoader " +
"is forbidden unless a security " +
"manager is installed.");
}
throws InstanceNotFoundException {
// Check if security manager installed
return;
}
// Check for addURL and getMBeansFromURL methods
return;
}
// Check if MBean is instance of MLet
"javax.management.loading.MLet")) {
return;
}
// Throw security exception
throw new SecurityException("Access denied! MLet method addURL " +
"cannot be invoked unless a security manager is installed.");
} else { // getMBeansFromURL
// Whether or not calling getMBeansFromURL is allowed is controlled
// by the value of the "jmx.remote.x.mlet.allow.getMBeansFromURL"
// system property. If the value of this property is true, calling
// the MLet's getMBeansFromURL method is allowed. The default value
// for this property is false.
if (!allowGetMBeansFromURL) {
throw new SecurityException("Access denied! MLet method " +
"getMBeansFromURL cannot be invoked unless a " +
"security manager is installed or the system property " +
"-Djmx.remote.x.mlet.allow.getMBeansFromURL=true " +
"is specified.");
}
}
}
//------------------
// PRIVATE VARIABLES
//------------------
}