equal
deleted
inserted
replaced
55 import javax.management.MalformedObjectNameException; |
55 import javax.management.MalformedObjectNameException; |
56 import javax.security.auth.Subject; |
56 import javax.security.auth.Subject; |
57 |
57 |
58 public class ServerNotifForwarder { |
58 public class ServerNotifForwarder { |
59 |
59 |
|
60 |
60 public ServerNotifForwarder(MBeanServer mbeanServer, |
61 public ServerNotifForwarder(MBeanServer mbeanServer, |
61 Map env, |
62 Map env, |
62 NotificationBuffer notifBuffer, |
63 NotificationBuffer notifBuffer, |
63 String connectionId) { |
64 String connectionId) { |
64 this.mbeanServer = mbeanServer; |
65 this.mbeanServer = mbeanServer; |
83 |
84 |
84 checkState(); |
85 checkState(); |
85 |
86 |
86 // Explicitly check MBeanPermission for addNotificationListener |
87 // Explicitly check MBeanPermission for addNotificationListener |
87 // |
88 // |
88 checkMBeanPermission(name, "addNotificationListener"); |
89 checkMBeanPermission(getMBeanServerName(), |
|
90 mbeanServer, name, "addNotificationListener"); |
89 if (notificationAccessController != null) { |
91 if (notificationAccessController != null) { |
90 notificationAccessController.addNotificationListener( |
92 notificationAccessController.addNotificationListener( |
91 connectionId, name, getSubject()); |
93 connectionId, name, getSubject()); |
92 } |
94 } |
93 try { |
95 try { |
153 |
155 |
154 checkState(); |
156 checkState(); |
155 |
157 |
156 // Explicitly check MBeanPermission for removeNotificationListener |
158 // Explicitly check MBeanPermission for removeNotificationListener |
157 // |
159 // |
158 checkMBeanPermission(name, "removeNotificationListener"); |
160 checkMBeanPermission(getMBeanServerName(), |
|
161 mbeanServer, name, "removeNotificationListener"); |
159 if (notificationAccessController != null) { |
162 if (notificationAccessController != null) { |
160 notificationAccessController.removeNotificationListener( |
163 notificationAccessController.removeNotificationListener( |
161 connectionId, name, getSubject()); |
164 connectionId, name, getSubject()); |
162 } |
165 } |
163 |
166 |
328 |
331 |
329 /** |
332 /** |
330 * Explicitly check the MBeanPermission for |
333 * Explicitly check the MBeanPermission for |
331 * the current access control context. |
334 * the current access control context. |
332 */ |
335 */ |
333 private void checkMBeanPermission(final ObjectName name, |
336 public static void checkMBeanPermission(String serverName, |
334 final String actions) |
|
335 throws InstanceNotFoundException, SecurityException { |
|
336 checkMBeanPermission(mbeanServer, name, actions); |
|
337 } |
|
338 |
|
339 public static void checkMBeanPermission( |
|
340 final MBeanServer mbs, final ObjectName name, final String actions) |
337 final MBeanServer mbs, final ObjectName name, final String actions) |
341 throws InstanceNotFoundException, SecurityException { |
338 throws InstanceNotFoundException, SecurityException { |
342 SecurityManager sm = System.getSecurityManager(); |
339 SecurityManager sm = System.getSecurityManager(); |
343 if (sm != null) { |
340 if (sm != null) { |
344 AccessControlContext acc = AccessController.getContext(); |
341 AccessControlContext acc = AccessController.getContext(); |
353 }); |
350 }); |
354 } catch (PrivilegedActionException e) { |
351 } catch (PrivilegedActionException e) { |
355 throw (InstanceNotFoundException) extractException(e); |
352 throw (InstanceNotFoundException) extractException(e); |
356 } |
353 } |
357 String classname = oi.getClassName(); |
354 String classname = oi.getClassName(); |
358 MBeanPermission perm = new MBeanPermission(classname, |
355 MBeanPermission perm = new MBeanPermission( |
|
356 serverName, |
|
357 classname, |
359 null, |
358 null, |
360 name, |
359 name, |
361 actions); |
360 actions); |
362 sm.checkPermission(perm, acc); |
361 sm.checkPermission(perm, acc); |
363 } |
362 } |
368 */ |
367 */ |
369 private boolean allowNotificationEmission(ObjectName name, |
368 private boolean allowNotificationEmission(ObjectName name, |
370 TargetedNotification tn) { |
369 TargetedNotification tn) { |
371 try { |
370 try { |
372 if (checkNotificationEmission) { |
371 if (checkNotificationEmission) { |
373 checkMBeanPermission( |
372 checkMBeanPermission(getMBeanServerName(), |
374 name, "addNotificationListener"); |
373 mbeanServer, name, "addNotificationListener"); |
375 } |
374 } |
376 if (notificationAccessController != null) { |
375 if (notificationAccessController != null) { |
377 notificationAccessController.fetchNotification( |
376 notificationAccessController.fetchNotification( |
378 connectionId, name, tn.getNotification(), getSubject()); |
377 connectionId, name, tn.getNotification(), getSubject()); |
379 } |
378 } |
431 return ((o instanceof IdAndFilter) && |
430 return ((o instanceof IdAndFilter) && |
432 ((IdAndFilter) o).getId().equals(getId())); |
431 ((IdAndFilter) o).getId().equals(getId())); |
433 } |
432 } |
434 } |
433 } |
435 |
434 |
|
435 private String getMBeanServerName() { |
|
436 if (mbeanServerName != null) return mbeanServerName; |
|
437 else return (mbeanServerName = getMBeanServerName(mbeanServer)); |
|
438 } |
|
439 |
|
440 private static String getMBeanServerName(final MBeanServer server) { |
|
441 final PrivilegedAction<String> action = new PrivilegedAction<String>() { |
|
442 public String run() { |
|
443 return Util.getMBeanServerSecurityName(server); |
|
444 } |
|
445 }; |
|
446 return AccessController.doPrivileged(action); |
|
447 } |
|
448 |
|
449 |
436 //------------------ |
450 //------------------ |
437 // PRIVATE VARIABLES |
451 // PRIVATE VARIABLES |
438 //------------------ |
452 //------------------ |
439 |
453 |
440 private MBeanServer mbeanServer; |
454 private MBeanServer mbeanServer; |
|
455 private volatile String mbeanServerName; |
441 |
456 |
442 private final String connectionId; |
457 private final String connectionId; |
443 |
458 |
444 private final long connectionTimeout; |
459 private final long connectionTimeout; |
445 |
460 |