author | mchung |
Tue, 17 Jan 2012 15:55:40 -0800 | |
changeset 11530 | a9d059c15b80 |
parent 11125 | 99b115114fa3 |
child 11991 | 800d0ff7b043 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
5506 | 2 |
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.management.jmxremote; |
|
27 |
||
28 |
import java.io.BufferedInputStream; |
|
29 |
import java.io.File; |
|
30 |
import java.io.FileInputStream; |
|
31 |
import java.io.InputStream; |
|
32 |
import java.io.IOException; |
|
33 |
||
34 |
import java.net.InetAddress; |
|
35 |
import java.net.MalformedURLException; |
|
36 |
import java.net.UnknownHostException; |
|
37 |
||
38 |
import java.rmi.NoSuchObjectException; |
|
39 |
import java.rmi.Remote; |
|
40 |
import java.rmi.RemoteException; |
|
41 |
import java.rmi.registry.Registry; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
42 |
import java.rmi.server.RemoteObject; |
2 | 43 |
import java.rmi.server.RMIClientSocketFactory; |
44 |
import java.rmi.server.RMIServerSocketFactory; |
|
45 |
import java.rmi.server.UnicastRemoteObject; |
|
46 |
||
47 |
import java.security.KeyStore; |
|
48 |
import java.security.Principal; |
|
49 |
||
50 |
import java.util.HashMap; |
|
51 |
import java.util.HashSet; |
|
52 |
import java.util.Iterator; |
|
53 |
import java.util.Map; |
|
54 |
import java.util.Properties; |
|
55 |
import java.util.Set; |
|
56 |
import java.util.StringTokenizer; |
|
57 |
||
58 |
import java.lang.management.ManagementFactory; |
|
59 |
||
60 |
import javax.net.ssl.*; |
|
61 |
||
62 |
import javax.management.MBeanServer; |
|
63 |
import javax.management.remote.JMXAuthenticator; |
|
64 |
import javax.management.remote.JMXConnectorServer; |
|
65 |
import javax.management.remote.JMXConnectorServerFactory; |
|
66 |
import javax.management.remote.JMXServiceURL; |
|
67 |
import javax.management.remote.rmi.RMIConnectorServer; |
|
68 |
||
69 |
import javax.rmi.ssl.SslRMIClientSocketFactory; |
|
70 |
import javax.rmi.ssl.SslRMIServerSocketFactory; |
|
71 |
||
72 |
import javax.security.auth.Subject; |
|
73 |
||
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
74 |
import sun.rmi.server.UnicastRef; |
2 | 75 |
import sun.rmi.server.UnicastServerRef; |
76 |
import sun.rmi.server.UnicastServerRef2; |
|
77 |
||
78 |
import sun.management.Agent; |
|
79 |
import sun.management.AgentConfigurationError; |
|
80 |
import static sun.management.AgentConfigurationError.*; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
81 |
import sun.management.ConnectorAddressLink; |
2 | 82 |
import sun.management.FileSystem; |
1447
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
83 |
import com.sun.jmx.remote.util.ClassLogger; |
2 | 84 |
|
85 |
import com.sun.jmx.remote.internal.RMIExporter; |
|
86 |
import com.sun.jmx.remote.security.JMXPluggableAuthenticator; |
|
87 |
||
88 |
/** |
|
89 |
* This class initializes and starts the RMIConnectorServer for JSR 163 |
|
90 |
* JMX Monitoring. |
|
91 |
**/ |
|
92 |
public final class ConnectorBootstrap { |
|
93 |
||
94 |
/** |
|
95 |
* Default values for JMX configuration properties. |
|
96 |
**/ |
|
97 |
public static interface DefaultValues { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
98 |
|
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
99 |
public static final String PORT = "0"; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
100 |
public static final String CONFIG_FILE_NAME = "management.properties"; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
101 |
public static final String USE_SSL = "true"; |
1448
86d46701261b
6758165: ConnectorBootstrap.DefaultValues should have a default value for USE_LOCAL_ONLY
dfuchs
parents:
1447
diff
changeset
|
102 |
public static final String USE_LOCAL_ONLY = "true"; |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
103 |
public static final String USE_REGISTRY_SSL = "false"; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
104 |
public static final String USE_AUTHENTICATION = "true"; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
105 |
public static final String PASSWORD_FILE_NAME = "jmxremote.password"; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
106 |
public static final String ACCESS_FILE_NAME = "jmxremote.access"; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
107 |
public static final String SSL_NEED_CLIENT_AUTH = "false"; |
2 | 108 |
} |
109 |
||
110 |
/** |
|
111 |
* Names of JMX configuration properties. |
|
112 |
**/ |
|
113 |
public static interface PropertyNames { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
114 |
|
2 | 115 |
public static final String PORT = |
116 |
"com.sun.management.jmxremote.port"; |
|
117 |
public static final String CONFIG_FILE_NAME = |
|
118 |
"com.sun.management.config.file"; |
|
1447
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
119 |
public static final String USE_LOCAL_ONLY = |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
120 |
"com.sun.management.jmxremote.local.only"; |
2 | 121 |
public static final String USE_SSL = |
122 |
"com.sun.management.jmxremote.ssl"; |
|
123 |
public static final String USE_REGISTRY_SSL = |
|
124 |
"com.sun.management.jmxremote.registry.ssl"; |
|
125 |
public static final String USE_AUTHENTICATION = |
|
126 |
"com.sun.management.jmxremote.authenticate"; |
|
127 |
public static final String PASSWORD_FILE_NAME = |
|
128 |
"com.sun.management.jmxremote.password.file"; |
|
129 |
public static final String ACCESS_FILE_NAME = |
|
130 |
"com.sun.management.jmxremote.access.file"; |
|
131 |
public static final String LOGIN_CONFIG_NAME = |
|
132 |
"com.sun.management.jmxremote.login.config"; |
|
133 |
public static final String SSL_ENABLED_CIPHER_SUITES = |
|
134 |
"com.sun.management.jmxremote.ssl.enabled.cipher.suites"; |
|
135 |
public static final String SSL_ENABLED_PROTOCOLS = |
|
136 |
"com.sun.management.jmxremote.ssl.enabled.protocols"; |
|
137 |
public static final String SSL_NEED_CLIENT_AUTH = |
|
138 |
"com.sun.management.jmxremote.ssl.need.client.auth"; |
|
139 |
public static final String SSL_CONFIG_FILE_NAME = |
|
140 |
"com.sun.management.jmxremote.ssl.config.file"; |
|
141 |
} |
|
142 |
||
143 |
/** |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
144 |
* JMXConnectorServer associated data. |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
145 |
*/ |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
146 |
private static class JMXConnectorServerData { |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
147 |
|
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
148 |
public JMXConnectorServerData( |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
149 |
JMXConnectorServer jmxConnectorServer, |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
150 |
JMXServiceURL jmxRemoteURL) { |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
151 |
this.jmxConnectorServer = jmxConnectorServer; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
152 |
this.jmxRemoteURL = jmxRemoteURL; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
153 |
} |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
154 |
JMXConnectorServer jmxConnectorServer; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
155 |
JMXServiceURL jmxRemoteURL; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
156 |
} |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
157 |
|
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
158 |
/** |
2 | 159 |
* <p>Prevents our RMI server objects from keeping the JVM alive.</p> |
160 |
* |
|
161 |
* <p>We use a private interface in Sun's JMX Remote API implementation |
|
162 |
* that allows us to specify how to export RMI objects. We do so using |
|
163 |
* UnicastServerRef, a class in Sun's RMI implementation. This is all |
|
164 |
* non-portable, of course, so this is only valid because we are inside |
|
165 |
* Sun's JRE.</p> |
|
166 |
* |
|
167 |
* <p>Objects are exported using {@link |
|
168 |
* UnicastServerRef#exportObject(Remote, Object, boolean)}. The |
|
169 |
* boolean parameter is called <code>permanent</code> and means |
|
170 |
* both that the object is not eligible for Distributed Garbage |
|
171 |
* Collection, and that its continued existence will not prevent |
|
172 |
* the JVM from exiting. It is the latter semantics we want (we |
|
173 |
* already have the former because of the way the JMX Remote API |
|
174 |
* works). Hence the somewhat misleading name of this class.</p> |
|
175 |
*/ |
|
176 |
private static class PermanentExporter implements RMIExporter { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
177 |
|
2 | 178 |
public Remote exportObject(Remote obj, |
179 |
int port, |
|
180 |
RMIClientSocketFactory csf, |
|
181 |
RMIServerSocketFactory ssf) |
|
182 |
throws RemoteException { |
|
183 |
||
184 |
synchronized (this) { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
185 |
if (firstExported == null) { |
2 | 186 |
firstExported = obj; |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
187 |
} |
2 | 188 |
} |
189 |
||
190 |
final UnicastServerRef ref; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
191 |
if (csf == null && ssf == null) { |
2 | 192 |
ref = new UnicastServerRef(port); |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
193 |
} else { |
2 | 194 |
ref = new UnicastServerRef2(port, csf, ssf); |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
195 |
} |
2 | 196 |
return ref.exportObject(obj, null, true); |
197 |
} |
|
198 |
||
199 |
// Nothing special to be done for this case |
|
200 |
public boolean unexportObject(Remote obj, boolean force) |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
201 |
throws NoSuchObjectException { |
2 | 202 |
return UnicastRemoteObject.unexportObject(obj, force); |
203 |
} |
|
204 |
Remote firstExported; |
|
205 |
} |
|
206 |
||
207 |
/** |
|
208 |
* This JMXAuthenticator wraps the JMXPluggableAuthenticator and verifies |
|
209 |
* that at least one of the principal names contained in the authenticated |
|
210 |
* Subject is present in the access file. |
|
211 |
*/ |
|
212 |
private static class AccessFileCheckerAuthenticator |
|
213 |
implements JMXAuthenticator { |
|
214 |
||
215 |
public AccessFileCheckerAuthenticator(Map<String, Object> env) throws IOException { |
|
216 |
environment = env; |
|
217 |
accessFile = (String) env.get("jmx.remote.x.access.file"); |
|
218 |
properties = propertiesFromFile(accessFile); |
|
219 |
} |
|
220 |
||
221 |
public Subject authenticate(Object credentials) { |
|
222 |
final JMXAuthenticator authenticator = |
|
223 |
new JMXPluggableAuthenticator(environment); |
|
224 |
final Subject subject = authenticator.authenticate(credentials); |
|
225 |
checkAccessFileEntries(subject); |
|
226 |
return subject; |
|
227 |
} |
|
228 |
||
229 |
private void checkAccessFileEntries(Subject subject) { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
230 |
if (subject == null) { |
2 | 231 |
throw new SecurityException( |
232 |
"Access denied! No matching entries found in " + |
|
233 |
"the access file [" + accessFile + "] as the " + |
|
234 |
"authenticated Subject is null"); |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
235 |
} |
11125
99b115114fa3
7117357: Warnings in sun.instrument, tools and other sun.* classes
alanb
parents:
5506
diff
changeset
|
236 |
final Set<Principal> principals = subject.getPrincipals(); |
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
237 |
for (Principal p1: principals) { |
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
238 |
if (properties.containsKey(p1.getName())) { |
2 | 239 |
return; |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
240 |
} |
2 | 241 |
} |
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
242 |
|
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
243 |
final Set<String> principalsStr = new HashSet<>(); |
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
244 |
for (Principal p2: principals) { |
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
245 |
principalsStr.add(p2.getName()); |
2 | 246 |
} |
247 |
throw new SecurityException( |
|
248 |
"Access denied! No entries found in the access file [" + |
|
249 |
accessFile + "] for any of the authenticated identities " + |
|
250 |
principalsStr); |
|
251 |
} |
|
252 |
||
253 |
private static Properties propertiesFromFile(String fname) |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
254 |
throws IOException { |
2 | 255 |
Properties p = new Properties(); |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
256 |
if (fname == null) { |
2 | 257 |
return p; |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
258 |
} |
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
259 |
try (FileInputStream fin = new FileInputStream(fname)) { |
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
260 |
p.load(fin); |
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
261 |
} |
2 | 262 |
return p; |
263 |
} |
|
264 |
private final Map<String, Object> environment; |
|
265 |
private final Properties properties; |
|
266 |
private final String accessFile; |
|
267 |
} |
|
268 |
||
269 |
/** |
|
270 |
* Initializes and starts the JMX Connector Server. |
|
271 |
* If the com.sun.management.jmxremote.port property is not defined, |
|
272 |
* simply return. Otherwise, attempts to load the config file, and |
|
273 |
* then calls {@link #initialize(java.lang.String, java.util.Properties)}. |
|
274 |
* |
|
275 |
**/ |
|
276 |
public static synchronized JMXConnectorServer initialize() { |
|
277 |
||
278 |
// Load a new management properties |
|
279 |
final Properties props = Agent.loadManagementProperties(); |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
280 |
if (props == null) { |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
281 |
return null; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
282 |
} |
2 | 283 |
|
284 |
final String portStr = props.getProperty(PropertyNames.PORT); |
|
285 |
||
286 |
||
287 |
// System.out.println("initializing: {port=" + portStr + ", |
|
288 |
// properties="+props+"}"); |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
289 |
return initialize(portStr, props); |
2 | 290 |
} |
291 |
||
292 |
/** |
|
293 |
* Initializes and starts a JMX Connector Server for remote |
|
294 |
* monitoring and management. |
|
295 |
**/ |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
296 |
public static synchronized JMXConnectorServer initialize(String portStr, Properties props) { |
2 | 297 |
|
298 |
// Get port number |
|
299 |
final int port; |
|
300 |
try { |
|
301 |
port = Integer.parseInt(portStr); |
|
302 |
} catch (NumberFormatException x) { |
|
303 |
throw new AgentConfigurationError(INVALID_JMXREMOTE_PORT, x, portStr); |
|
304 |
} |
|
305 |
if (port < 0) { |
|
306 |
throw new AgentConfigurationError(INVALID_JMXREMOTE_PORT, portStr); |
|
307 |
} |
|
308 |
||
309 |
// Do we use authentication? |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
310 |
final String useAuthenticationStr = |
2 | 311 |
props.getProperty(PropertyNames.USE_AUTHENTICATION, |
312 |
DefaultValues.USE_AUTHENTICATION); |
|
313 |
final boolean useAuthentication = |
|
314 |
Boolean.valueOf(useAuthenticationStr).booleanValue(); |
|
315 |
||
316 |
// Do we use SSL? |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
317 |
final String useSslStr = |
2 | 318 |
props.getProperty(PropertyNames.USE_SSL, |
319 |
DefaultValues.USE_SSL); |
|
320 |
final boolean useSsl = |
|
321 |
Boolean.valueOf(useSslStr).booleanValue(); |
|
322 |
||
323 |
// Do we use RMI Registry SSL? |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
324 |
final String useRegistrySslStr = |
2 | 325 |
props.getProperty(PropertyNames.USE_REGISTRY_SSL, |
326 |
DefaultValues.USE_REGISTRY_SSL); |
|
327 |
final boolean useRegistrySsl = |
|
328 |
Boolean.valueOf(useRegistrySslStr).booleanValue(); |
|
329 |
||
330 |
final String enabledCipherSuites = |
|
331 |
props.getProperty(PropertyNames.SSL_ENABLED_CIPHER_SUITES); |
|
332 |
String enabledCipherSuitesList[] = null; |
|
333 |
if (enabledCipherSuites != null) { |
|
334 |
StringTokenizer st = new StringTokenizer(enabledCipherSuites, ","); |
|
335 |
int tokens = st.countTokens(); |
|
336 |
enabledCipherSuitesList = new String[tokens]; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
337 |
for (int i = 0; i < tokens; i++) { |
2 | 338 |
enabledCipherSuitesList[i] = st.nextToken(); |
339 |
} |
|
340 |
} |
|
341 |
||
342 |
final String enabledProtocols = |
|
343 |
props.getProperty(PropertyNames.SSL_ENABLED_PROTOCOLS); |
|
344 |
String enabledProtocolsList[] = null; |
|
345 |
if (enabledProtocols != null) { |
|
346 |
StringTokenizer st = new StringTokenizer(enabledProtocols, ","); |
|
347 |
int tokens = st.countTokens(); |
|
348 |
enabledProtocolsList = new String[tokens]; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
349 |
for (int i = 0; i < tokens; i++) { |
2 | 350 |
enabledProtocolsList[i] = st.nextToken(); |
351 |
} |
|
352 |
} |
|
353 |
||
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
354 |
final String sslNeedClientAuthStr = |
2 | 355 |
props.getProperty(PropertyNames.SSL_NEED_CLIENT_AUTH, |
356 |
DefaultValues.SSL_NEED_CLIENT_AUTH); |
|
357 |
final boolean sslNeedClientAuth = |
|
358 |
Boolean.valueOf(sslNeedClientAuthStr).booleanValue(); |
|
359 |
||
360 |
// Read SSL config file name |
|
361 |
final String sslConfigFileName = |
|
362 |
props.getProperty(PropertyNames.SSL_CONFIG_FILE_NAME); |
|
363 |
||
364 |
String loginConfigName = null; |
|
365 |
String passwordFileName = null; |
|
366 |
String accessFileName = null; |
|
367 |
||
368 |
// Initialize settings when authentication is active |
|
369 |
if (useAuthentication) { |
|
370 |
||
371 |
// Get non-default login configuration |
|
372 |
loginConfigName = |
|
373 |
props.getProperty(PropertyNames.LOGIN_CONFIG_NAME); |
|
374 |
||
375 |
if (loginConfigName == null) { |
|
376 |
// Get password file |
|
377 |
passwordFileName = |
|
378 |
props.getProperty(PropertyNames.PASSWORD_FILE_NAME, |
|
379 |
getDefaultFileName(DefaultValues.PASSWORD_FILE_NAME)); |
|
380 |
checkPasswordFile(passwordFileName); |
|
381 |
} |
|
382 |
||
383 |
// Get access file |
|
384 |
accessFileName = props.getProperty(PropertyNames.ACCESS_FILE_NAME, |
|
385 |
getDefaultFileName(DefaultValues.ACCESS_FILE_NAME)); |
|
386 |
checkAccessFile(accessFileName); |
|
387 |
} |
|
388 |
||
1447
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
389 |
if (log.debugOn()) { |
2 | 390 |
log.debug("initialize", |
391 |
Agent.getText("jmxremote.ConnectorBootstrap.initialize") + |
|
392 |
"\n\t" + PropertyNames.PORT + "=" + port + |
|
393 |
"\n\t" + PropertyNames.USE_SSL + "=" + useSsl + |
|
394 |
"\n\t" + PropertyNames.USE_REGISTRY_SSL + "=" + useRegistrySsl + |
|
395 |
"\n\t" + PropertyNames.SSL_CONFIG_FILE_NAME + "=" + sslConfigFileName + |
|
396 |
"\n\t" + PropertyNames.SSL_ENABLED_CIPHER_SUITES + "=" + |
|
397 |
enabledCipherSuites + |
|
398 |
"\n\t" + PropertyNames.SSL_ENABLED_PROTOCOLS + "=" + |
|
399 |
enabledProtocols + |
|
400 |
"\n\t" + PropertyNames.SSL_NEED_CLIENT_AUTH + "=" + |
|
401 |
sslNeedClientAuth + |
|
402 |
"\n\t" + PropertyNames.USE_AUTHENTICATION + "=" + |
|
403 |
useAuthentication + |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
404 |
(useAuthentication ? (loginConfigName == null ? ("\n\t" + PropertyNames.PASSWORD_FILE_NAME + "=" + |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
405 |
passwordFileName) : ("\n\t" + PropertyNames.LOGIN_CONFIG_NAME + "=" + |
2 | 406 |
loginConfigName)) : "\n\t" + |
407 |
Agent.getText("jmxremote.ConnectorBootstrap.initialize.noAuthentication")) + |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
408 |
(useAuthentication ? ("\n\t" + PropertyNames.ACCESS_FILE_NAME + "=" + |
2 | 409 |
accessFileName) : "") + |
410 |
""); |
|
411 |
} |
|
412 |
||
413 |
final MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); |
|
414 |
JMXConnectorServer cs = null; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
415 |
JMXServiceURL url = null; |
2 | 416 |
try { |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
417 |
final JMXConnectorServerData data = exportMBeanServer( |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
418 |
mbs, port, useSsl, useRegistrySsl, |
2 | 419 |
sslConfigFileName, enabledCipherSuitesList, |
420 |
enabledProtocolsList, sslNeedClientAuth, |
|
421 |
useAuthentication, loginConfigName, |
|
422 |
passwordFileName, accessFileName); |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
423 |
cs = data.jmxConnectorServer; |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
424 |
url = data.jmxRemoteURL; |
2 | 425 |
log.config("initialize", |
426 |
Agent.getText("jmxremote.ConnectorBootstrap.initialize.ready", |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
427 |
url.toString())); |
2 | 428 |
} catch (Exception e) { |
429 |
throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString()); |
|
430 |
} |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
431 |
try { |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
432 |
// Export remote connector address and associated configuration |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
433 |
// properties to the instrumentation buffer. |
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
434 |
Map<String, String> properties = new HashMap<>(); |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
435 |
properties.put("remoteAddress", url.toString()); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
436 |
properties.put("authenticate", useAuthenticationStr); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
437 |
properties.put("ssl", useSslStr); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
438 |
properties.put("sslRegistry", useRegistrySslStr); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
439 |
properties.put("sslNeedClientAuth", sslNeedClientAuthStr); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
440 |
ConnectorAddressLink.exportRemote(properties); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
441 |
} catch (Exception e) { |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
442 |
// Remote connector server started but unable to export remote |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
443 |
// connector address and associated configuration properties to |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
444 |
// the instrumentation buffer - non-fatal error. |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
445 |
log.debug("initialize", e); |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
446 |
} |
2 | 447 |
return cs; |
448 |
} |
|
449 |
||
450 |
/* |
|
451 |
* Creates and starts a RMI Connector Server for "local" monitoring |
|
452 |
* and management. |
|
453 |
*/ |
|
454 |
public static JMXConnectorServer startLocalConnectorServer() { |
|
455 |
// Ensure cryptographically strong random number generater used |
|
456 |
// to choose the object number - see java.rmi.server.ObjID |
|
457 |
System.setProperty("java.rmi.server.randomIDs", "true"); |
|
458 |
||
459 |
// This RMI server should not keep the VM alive |
|
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
460 |
Map<String, Object> env = new HashMap<>(); |
2 | 461 |
env.put(RMIExporter.EXPORTER_ATTRIBUTE, new PermanentExporter()); |
462 |
||
463 |
// The local connector server need only be available via the |
|
464 |
// loopback connection. |
|
465 |
String localhost = "localhost"; |
|
466 |
InetAddress lh = null; |
|
467 |
try { |
|
468 |
lh = InetAddress.getByName(localhost); |
|
469 |
localhost = lh.getHostAddress(); |
|
470 |
} catch (UnknownHostException x) { |
|
471 |
} |
|
472 |
||
473 |
// localhost unknown or (somehow) didn't resolve to |
|
474 |
// a loopback address. |
|
475 |
if (lh == null || !lh.isLoopbackAddress()) { |
|
476 |
localhost = "127.0.0.1"; |
|
477 |
} |
|
478 |
||
479 |
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); |
|
480 |
try { |
|
481 |
JMXServiceURL url = new JMXServiceURL("rmi", localhost, 0); |
|
1447
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
482 |
// Do we accept connections from local interfaces only? |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
483 |
Properties props = Agent.getManagementProperties(); |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
484 |
if (props == null) { |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
485 |
props = new Properties(); |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
486 |
} |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
487 |
String useLocalOnlyStr = props.getProperty( |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
488 |
PropertyNames.USE_LOCAL_ONLY, DefaultValues.USE_LOCAL_ONLY); |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
489 |
boolean useLocalOnly = Boolean.valueOf(useLocalOnlyStr).booleanValue(); |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
490 |
if (useLocalOnly) { |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
491 |
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
492 |
new LocalRMIServerSocketFactory()); |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
493 |
} |
2 | 494 |
JMXConnectorServer server = |
495 |
JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); |
|
496 |
server.start(); |
|
497 |
return server; |
|
498 |
} catch (Exception e) { |
|
499 |
throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString()); |
|
500 |
} |
|
501 |
} |
|
502 |
||
503 |
private static void checkPasswordFile(String passwordFileName) { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
504 |
if (passwordFileName == null || passwordFileName.length() == 0) { |
2 | 505 |
throw new AgentConfigurationError(PASSWORD_FILE_NOT_SET); |
506 |
} |
|
507 |
File file = new File(passwordFileName); |
|
508 |
if (!file.exists()) { |
|
509 |
throw new AgentConfigurationError(PASSWORD_FILE_NOT_FOUND, passwordFileName); |
|
510 |
} |
|
511 |
||
512 |
if (!file.canRead()) { |
|
513 |
throw new AgentConfigurationError(PASSWORD_FILE_NOT_READABLE, passwordFileName); |
|
514 |
} |
|
515 |
||
516 |
FileSystem fs = FileSystem.open(); |
|
517 |
try { |
|
518 |
if (fs.supportsFileSecurity(file)) { |
|
519 |
if (!fs.isAccessUserOnly(file)) { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
520 |
final String msg = Agent.getText("jmxremote.ConnectorBootstrap.initialize.password.readonly", |
2 | 521 |
passwordFileName); |
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
522 |
log.config("initialize", msg); |
2 | 523 |
throw new AgentConfigurationError(PASSWORD_FILE_ACCESS_NOT_RESTRICTED, |
524 |
passwordFileName); |
|
525 |
} |
|
526 |
} |
|
527 |
} catch (IOException e) { |
|
528 |
throw new AgentConfigurationError(PASSWORD_FILE_READ_FAILED, |
|
529 |
e, passwordFileName); |
|
530 |
} |
|
531 |
} |
|
532 |
||
533 |
private static void checkAccessFile(String accessFileName) { |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
534 |
if (accessFileName == null || accessFileName.length() == 0) { |
2 | 535 |
throw new AgentConfigurationError(ACCESS_FILE_NOT_SET); |
536 |
} |
|
537 |
File file = new File(accessFileName); |
|
538 |
if (!file.exists()) { |
|
539 |
throw new AgentConfigurationError(ACCESS_FILE_NOT_FOUND, accessFileName); |
|
540 |
} |
|
541 |
||
542 |
if (!file.canRead()) { |
|
543 |
throw new AgentConfigurationError(ACCESS_FILE_NOT_READABLE, accessFileName); |
|
544 |
} |
|
545 |
} |
|
546 |
||
547 |
private static void checkRestrictedFile(String restrictedFileName) { |
|
548 |
if (restrictedFileName == null || restrictedFileName.length() == 0) { |
|
549 |
throw new AgentConfigurationError(FILE_NOT_SET); |
|
550 |
} |
|
551 |
File file = new File(restrictedFileName); |
|
552 |
if (!file.exists()) { |
|
553 |
throw new AgentConfigurationError(FILE_NOT_FOUND, restrictedFileName); |
|
554 |
} |
|
555 |
if (!file.canRead()) { |
|
556 |
throw new AgentConfigurationError(FILE_NOT_READABLE, restrictedFileName); |
|
557 |
} |
|
558 |
FileSystem fs = FileSystem.open(); |
|
559 |
try { |
|
560 |
if (fs.supportsFileSecurity(file)) { |
|
561 |
if (!fs.isAccessUserOnly(file)) { |
|
562 |
final String msg = Agent.getText( |
|
563 |
"jmxremote.ConnectorBootstrap.initialize.file.readonly", |
|
564 |
restrictedFileName); |
|
565 |
log.config("initialize", msg); |
|
566 |
throw new AgentConfigurationError( |
|
567 |
FILE_ACCESS_NOT_RESTRICTED, restrictedFileName); |
|
568 |
} |
|
569 |
} |
|
570 |
} catch (IOException e) { |
|
571 |
throw new AgentConfigurationError( |
|
572 |
FILE_READ_FAILED, e, restrictedFileName); |
|
573 |
} |
|
574 |
} |
|
575 |
||
576 |
/** |
|
577 |
* Compute the full path name for a default file. |
|
578 |
* @param basename basename (with extension) of the default file. |
|
579 |
* @return ${JRE}/lib/management/${basename} |
|
580 |
**/ |
|
581 |
private static String getDefaultFileName(String basename) { |
|
582 |
final String fileSeparator = File.separator; |
|
583 |
return System.getProperty("java.home") + fileSeparator + "lib" + |
|
584 |
fileSeparator + "management" + fileSeparator + |
|
585 |
basename; |
|
586 |
} |
|
587 |
||
588 |
private static SslRMIServerSocketFactory createSslRMIServerSocketFactory( |
|
589 |
String sslConfigFileName, |
|
590 |
String[] enabledCipherSuites, |
|
591 |
String[] enabledProtocols, |
|
592 |
boolean sslNeedClientAuth) { |
|
593 |
if (sslConfigFileName == null) { |
|
594 |
return new SslRMIServerSocketFactory( |
|
595 |
enabledCipherSuites, |
|
596 |
enabledProtocols, |
|
597 |
sslNeedClientAuth); |
|
598 |
} else { |
|
599 |
checkRestrictedFile(sslConfigFileName); |
|
600 |
try { |
|
601 |
// Load the SSL keystore properties from the config file |
|
602 |
Properties p = new Properties(); |
|
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
603 |
try (InputStream in = new FileInputStream(sslConfigFileName)) { |
2 | 604 |
BufferedInputStream bin = new BufferedInputStream(in); |
605 |
p.load(bin); |
|
606 |
} |
|
607 |
String keyStore = |
|
608 |
p.getProperty("javax.net.ssl.keyStore"); |
|
609 |
String keyStorePassword = |
|
610 |
p.getProperty("javax.net.ssl.keyStorePassword", ""); |
|
611 |
String trustStore = |
|
612 |
p.getProperty("javax.net.ssl.trustStore"); |
|
613 |
String trustStorePassword = |
|
614 |
p.getProperty("javax.net.ssl.trustStorePassword", ""); |
|
615 |
||
616 |
char[] keyStorePasswd = null; |
|
617 |
if (keyStorePassword.length() != 0) { |
|
618 |
keyStorePasswd = keyStorePassword.toCharArray(); |
|
619 |
} |
|
620 |
||
621 |
char[] trustStorePasswd = null; |
|
622 |
if (trustStorePassword.length() != 0) { |
|
623 |
trustStorePasswd = trustStorePassword.toCharArray(); |
|
624 |
} |
|
625 |
||
626 |
KeyStore ks = null; |
|
627 |
if (keyStore != null) { |
|
628 |
ks = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
629 |
try (FileInputStream ksfis = new FileInputStream(keyStore)) { |
2 | 630 |
ks.load(ksfis, keyStorePasswd); |
631 |
} |
|
632 |
} |
|
633 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance( |
|
634 |
KeyManagerFactory.getDefaultAlgorithm()); |
|
635 |
kmf.init(ks, keyStorePasswd); |
|
636 |
||
637 |
KeyStore ts = null; |
|
638 |
if (trustStore != null) { |
|
639 |
ts = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
640 |
try (FileInputStream tsfis = new FileInputStream(trustStore)) { |
2 | 641 |
ts.load(tsfis, trustStorePasswd); |
642 |
} |
|
643 |
} |
|
644 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance( |
|
645 |
TrustManagerFactory.getDefaultAlgorithm()); |
|
11125
99b115114fa3
7117357: Warnings in sun.instrument, tools and other sun.* classes
alanb
parents:
5506
diff
changeset
|
646 |
tmf.init(ts); |
2 | 647 |
|
648 |
SSLContext ctx = SSLContext.getInstance("SSL"); |
|
649 |
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
|
650 |
||
651 |
return new SslRMIServerSocketFactory( |
|
652 |
ctx, |
|
653 |
enabledCipherSuites, |
|
654 |
enabledProtocols, |
|
655 |
sslNeedClientAuth); |
|
656 |
} catch (Exception e) { |
|
657 |
throw new AgentConfigurationError(AGENT_EXCEPTION, e, e.toString()); |
|
658 |
} |
|
659 |
} |
|
660 |
} |
|
661 |
||
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
662 |
private static JMXConnectorServerData exportMBeanServer( |
2 | 663 |
MBeanServer mbs, |
664 |
int port, |
|
665 |
boolean useSsl, |
|
666 |
boolean useRegistrySsl, |
|
667 |
String sslConfigFileName, |
|
668 |
String[] enabledCipherSuites, |
|
669 |
String[] enabledProtocols, |
|
670 |
boolean sslNeedClientAuth, |
|
671 |
boolean useAuthentication, |
|
672 |
String loginConfigName, |
|
673 |
String passwordFileName, |
|
674 |
String accessFileName) |
|
675 |
throws IOException, MalformedURLException { |
|
676 |
||
677 |
/* Make sure we use non-guessable RMI object IDs. Otherwise |
|
678 |
* attackers could hijack open connections by guessing their |
|
679 |
* IDs. */ |
|
680 |
System.setProperty("java.rmi.server.randomIDs", "true"); |
|
681 |
||
682 |
JMXServiceURL url = new JMXServiceURL("rmi", null, 0); |
|
683 |
||
11530
a9d059c15b80
7117570: Warnings in sun.mangement.* and its subpackages
mchung
parents:
11125
diff
changeset
|
684 |
Map<String, Object> env = new HashMap<>(); |
2 | 685 |
|
686 |
PermanentExporter exporter = new PermanentExporter(); |
|
687 |
||
688 |
env.put(RMIExporter.EXPORTER_ATTRIBUTE, exporter); |
|
689 |
||
690 |
if (useAuthentication) { |
|
691 |
if (loginConfigName != null) { |
|
692 |
env.put("jmx.remote.x.login.config", loginConfigName); |
|
693 |
} |
|
694 |
if (passwordFileName != null) { |
|
695 |
env.put("jmx.remote.x.password.file", passwordFileName); |
|
696 |
} |
|
697 |
||
698 |
env.put("jmx.remote.x.access.file", accessFileName); |
|
699 |
||
700 |
if (env.get("jmx.remote.x.password.file") != null || |
|
701 |
env.get("jmx.remote.x.login.config") != null) { |
|
702 |
env.put(JMXConnectorServer.AUTHENTICATOR, |
|
703 |
new AccessFileCheckerAuthenticator(env)); |
|
704 |
} |
|
705 |
} |
|
706 |
||
707 |
RMIClientSocketFactory csf = null; |
|
708 |
RMIServerSocketFactory ssf = null; |
|
709 |
||
710 |
if (useSsl || useRegistrySsl) { |
|
711 |
csf = new SslRMIClientSocketFactory(); |
|
712 |
ssf = createSslRMIServerSocketFactory( |
|
713 |
sslConfigFileName, enabledCipherSuites, |
|
714 |
enabledProtocols, sslNeedClientAuth); |
|
715 |
} |
|
716 |
||
717 |
if (useSsl) { |
|
718 |
env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, |
|
719 |
csf); |
|
720 |
env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, |
|
721 |
ssf); |
|
722 |
} |
|
723 |
||
724 |
JMXConnectorServer connServer = null; |
|
725 |
try { |
|
726 |
connServer = |
|
727 |
JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); |
|
728 |
connServer.start(); |
|
729 |
} catch (IOException e) { |
|
730 |
if (connServer == null) { |
|
731 |
throw new AgentConfigurationError(CONNECTOR_SERVER_IO_ERROR, |
|
732 |
e, url.toString()); |
|
733 |
} else { |
|
734 |
throw new AgentConfigurationError(CONNECTOR_SERVER_IO_ERROR, |
|
735 |
e, connServer.getAddress().toString()); |
|
736 |
} |
|
737 |
} |
|
738 |
||
739 |
final Registry registry; |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
740 |
if (useRegistrySsl) { |
2 | 741 |
registry = |
742 |
new SingleEntryRegistry(port, csf, ssf, |
|
743 |
"jmxrmi", exporter.firstExported); |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
744 |
} else { |
2 | 745 |
registry = |
746 |
new SingleEntryRegistry(port, |
|
747 |
"jmxrmi", exporter.firstExported); |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
748 |
} |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
749 |
|
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
750 |
JMXServiceURL remoteURL = new JMXServiceURL( |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
751 |
"service:jmx:rmi:///jndi/rmi://" + url.getHost() + ":" + |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
752 |
((UnicastRef) ((RemoteObject) registry).getRef()).getLiveRef().getPort() + |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
753 |
"/jmxrmi"); |
2 | 754 |
|
755 |
/* Our exporter remembers the first object it was asked to |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
756 |
export, which will be an RMIServerImpl appropriate for |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
757 |
publication in our special registry. We could |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
758 |
alternatively have constructed the RMIServerImpl explicitly |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
759 |
and then constructed an RMIConnectorServer passing it as a |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
760 |
parameter, but that's quite a bit more verbose and pulls in |
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
761 |
lots of knowledge of the RMI connector. */ |
2 | 762 |
|
52
752ebbd838ad
4981215: Publishing a port number for management console to access
lmalvent
parents:
2
diff
changeset
|
763 |
return new JMXConnectorServerData(connServer, remoteURL); |
2 | 764 |
} |
765 |
||
766 |
/** |
|
767 |
* This class cannot be instantiated. |
|
768 |
**/ |
|
769 |
private ConnectorBootstrap() { |
|
770 |
} |
|
771 |
||
1447
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
772 |
private static final ClassLogger log = |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
773 |
new ClassLogger(ConnectorBootstrap.class.getPackage().getName(), |
95d5bd511ec2
6332953: JMX agent should bind to loopback address when starting the local connector server
dfuchs
parents:
52
diff
changeset
|
774 |
"ConnectorBootstrap"); |
2 | 775 |
} |