Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/java.management.rest/share/classes/com/oracle/jmx/remote/rest/http/MBeanServerResource.java
branchjmx-rest-api
changeset 56026 bd531f08d7c7
parent 56007 d6cbabcaf518
child 56027 81372436b79e 
--- a/src/java.management.rest/share/classes/com/oracle/jmx/remote/rest/http/MBeanServerResource.java	Fri Jan 05 13:42:53 2018 +0530
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,334 +0,0 @@
-/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package com.oracle.jmx.remote.rest.http;
-
-import com.oracle.jmx.remote.rest.json.JSONElement;
-import com.oracle.jmx.remote.rest.mapper.JSONMapper;
-import com.oracle.jmx.remote.rest.mapper.JSONMappingException;
-import com.oracle.jmx.remote.rest.mapper.JSONMappingFactory;
-import com.sun.jmx.remote.security.JMXPluggableAuthenticator;
-import com.sun.jmx.remote.security.JMXSubjectDomainCombiner;
-import com.sun.jmx.remote.security.SubjectDelegator;
-import com.sun.net.httpserver.BasicAuthenticator;
-import com.sun.net.httpserver.HttpContext;
-import com.sun.net.httpserver.HttpExchange;
-import com.sun.net.httpserver.HttpServer;
-
-import javax.management.JMX;
-import javax.management.MBeanServer;
-import javax.management.MBeanServerDelegate;
-import javax.management.MBeanServerDelegateMBean;
-import javax.management.remote.JMXAuthenticator;
-import javax.management.remote.rest.JmxRestAdapter;
-import javax.management.remote.rest.PlatformRestAdapter;
-import javax.security.auth.Subject;
-import java.io.IOException;
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-import java.lang.reflect.Proxy;
-import java.net.HttpURLConnection;
-import java.net.URLDecoder;
-import java.nio.charset.StandardCharsets;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.util.Arrays;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicInteger;
-
-
-public final class MBeanServerResource implements RestResource, JmxRestAdapter {
-
-    // Initialization parameters
-    private final HttpServer httpServer;
-    private final String contextStr;
-    private final Map<String, ?> env;
-    private final MBeanServer mbeanServer;
-
-    // Save the context to start/stop the adapter
-    private HttpContext httpContext;
-    private JMXAuthenticator authenticator = null;
-    private final MBeanServerDelegateMBean mBeanServerDelegateMBean;
-
-    // Save MBeanServer Proxy for a user
-    private final MBeanCollectionResource defaultMBeansResource;
-    // Use an expiring map that removes entries after the configured period lapses.
-    private final TimedMap<String, MBeanCollectionResource> proxyMBeanServers = new TimedMap<>(5*60);
-
-    private static AtomicInteger resourceNumber = new AtomicInteger(1);
-    private boolean started = false;
-
-    public MBeanServerResource(HttpServer hServer, MBeanServer mbeanServer,
-                               String context, Map<String, ?> env) {
-        this.httpServer = hServer;
-        this.env = env;
-        this.mbeanServer = mbeanServer;
-
-        mBeanServerDelegateMBean = JMX.newMBeanProxy(mbeanServer,
-                MBeanServerDelegate.DELEGATE_NAME, MBeanServerDelegateMBean.class);
-
-        if (context == null || context.isEmpty()) {
-            contextStr = "server-" + resourceNumber.getAndIncrement();
-        } else {
-            contextStr = context;
-        }
-        // setup authentication
-        if (env.get("jmx.remote.x.authentication") != null) {
-            authenticator = (JMXAuthenticator) env.get("jmx.remote.authenticator");
-            if (authenticator == null) {
-                if (env.get("jmx.remote.x.password.file") != null
-                        || env.get("jmx.remote.x.login.config") != null) {
-                    authenticator = new JMXPluggableAuthenticator(env);
-                } else {
-                    throw new IllegalArgumentException
-                            ("Config error : Authentication is enabled with no authenticator");
-                }
-            }
-        }
-
-        if (env.get("jmx.remote.x.authentication") == null) {
-            defaultMBeansResource = new MBeanCollectionResource(mbeanServer);
-        } else {
-            defaultMBeansResource = null;
-        }
-    }
-
-    private MBeanServer getMBeanServerProxy(MBeanServer mbeaServer, Subject subject) {
-        return (MBeanServer) Proxy.newProxyInstance(MBeanServer.class.getClassLoader(),
-                new Class<?>[]{MBeanServer.class},
-                new AuthInvocationHandler(mbeaServer, subject));
-    }
-
-    @Override
-    public HttpResponse doGet(HttpExchange exchange) {
-        String selfUrl = getUrl();
-        Map<String, String> links = new LinkedHashMap<>();
-        links.put("mbeans", selfUrl + "/mbeans");
-
-        Map<String, Object> mBeanServerInfo = getMBeanServerInfo();
-        mBeanServerInfo.put("_links", links);
-
-        final JSONMapper typeMapper = JSONMappingFactory.INSTANCE.getTypeMapper(mBeanServerInfo);
-        if (typeMapper != null) {
-            try {
-                JSONElement jsonElement = typeMapper.toJsonValue(mBeanServerInfo);
-                return new HttpResponse(jsonElement.toJsonString());
-            } catch (JSONMappingException e) {
-                return HttpResponse.SERVER_ERROR;
-            }
-        } else {
-            return HttpResponse.SERVER_ERROR;
-        }
-    }
-
-    @Override
-    public void handle(HttpExchange exchange) throws IOException {
-        MBeanCollectionResource mBeansResource = defaultMBeansResource;
-        if (env.get("jmx.remote.x.authentication") != null) {
-            String authCredentials = HttpUtil.getCredentials(exchange);
-            // MBeanServer proxy should be populated in the authenticator
-            mBeansResource = proxyMBeanServers.get(authCredentials);
-            if (mBeansResource == null) {
-                throw new IllegalArgumentException("Invalid HTTP request Headers");
-            }
-        }
-
-        String path = URLDecoder.decode(exchange.getRequestURI().getPath(), StandardCharsets.UTF_8.displayName());
-        String pathPrefix = httpContext.getPath();
-        // Route request to appropriate resource
-        if (path.matches(pathPrefix + "/?$")) {
-            RestResource.super.handle(exchange);
-        } else if (path.matches(pathPrefix + "/mbeans.*")) {
-            mBeansResource.handle(exchange);
-        } else {
-            HttpUtil.sendResponse(exchange, HttpResponse.REQUEST_NOT_FOUND);
-        }
-    }
-
-    @Override
-    public synchronized void start() {
-        if (!started) {
-            httpContext = httpServer.createContext("/jmx/servers/" + contextStr, this);
-            if (env.get("jmx.remote.x.authentication") != null) {
-                httpContext.setAuthenticator(new RestAuthenticator("jmx-rest"));
-            }
-            started = true;
-        }
-    }
-
-    @Override
-    public synchronized void stop() {
-        if (!started) {
-            throw new IllegalStateException("Rest Adapter not started yet");
-        }
-        httpServer.removeContext(httpContext);
-        started = false;
-    }
-
-    @Override
-    public String getUrl() {
-        return PlatformRestAdapter.getBaseURL() + "/" + contextStr;
-    }
-
-    @Override
-    public MBeanServer getMBeanServer() {
-        return mbeanServer;
-    }
-
-    public String getContext() {
-        return contextStr;
-    }
-
-    private class RestAuthenticator extends BasicAuthenticator {
-
-        RestAuthenticator(String realm) {
-            super(realm);
-        }
-
-        @Override
-        public boolean checkCredentials(String username, String password) {
-            if (proxyMBeanServers.containsKey(username)) {
-                return true;
-            } else {
-                Subject subject = null;
-                if (authenticator != null) {
-                    String[] credential = new String[]{username, password};
-                    try {
-                        subject = authenticator.authenticate(credential);
-                    } catch (SecurityException e) {
-                        return false;
-                    }
-                }
-                MBeanServer proxy = getMBeanServerProxy(mbeanServer, subject);
-                proxyMBeanServers.put(username, new MBeanCollectionResource(proxy));
-                return true;
-            }
-        }
-    }
-
-    Map<String, Object> getMBeanServerInfo() {
-        Map<String, Object> result = new LinkedHashMap<>();
-
-        result.put("id", mBeanServerDelegateMBean.getMBeanServerId());
-        result.put("context", contextStr);
-
-        result.put("defaultDomain", mbeanServer.getDefaultDomain());
-        result.put("mBeanCount", mbeanServer.getMBeanCount());
-        result.put("domains", Arrays.toString(mbeanServer.getDomains()));
-
-        result.put("specName", mBeanServerDelegateMBean.getSpecificationName());
-        result.put("specVersion", mBeanServerDelegateMBean.getSpecificationVersion());
-        result.put("specVendor", mBeanServerDelegateMBean.getSpecificationVendor());
-
-        result.put("implName", mBeanServerDelegateMBean.getImplementationName());
-        result.put("implVersion", mBeanServerDelegateMBean.getImplementationVersion());
-        result.put("implVendor", mBeanServerDelegateMBean.getImplementationVendor());
-
-        return result;
-    }
-
-    private class AuthInvocationHandler implements InvocationHandler {
-
-        private final MBeanServer mbeanServer;
-        private final AccessControlContext acc;
-
-        AuthInvocationHandler(MBeanServer server, Subject subject) {
-            this.mbeanServer = server;
-            if (subject == null) {
-                this.acc = null;
-            } else {
-                if (SubjectDelegator.checkRemoveCallerContext(subject)) {
-                    acc = JMXSubjectDomainCombiner.getDomainCombinerContext(subject);
-                } else {
-                    acc = JMXSubjectDomainCombiner.getContext(subject);
-                }
-            }
-        }
-
-        @Override
-        public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
-            if (acc == null) {
-                return method.invoke(mbeanServer, args);
-            } else {
-                PrivilegedAction<Object> op = () -> {
-                    try {
-                        return method.invoke(mbeanServer, args);
-                    } catch (Exception ex) {
-                    }
-                    return null;
-                };
-                return AccessController.doPrivileged(op, acc);
-            }
-        }
-    }
-
-    /*
-    This is an expiring map that removes entries after the configured time period lapses.
-    This is required to re-authenticate the user after the timeout.
-     */
-    private class TimedMap<K,V> {
-
-        private ConcurrentHashMap<K,TimeStampedValue<V>>  permanentMap;
-        private long timeout = Long.MAX_VALUE;   // Timeout in seconds
-
-        private class TimeStampedValue<T> {
-            private final T value;
-            private final long insertTimeStamp;
-
-            TimeStampedValue(T value) {
-                this.value = value;
-                insertTimeStamp = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
-            }
-        }
-
-        public TimedMap(int seconds) {
-            this.timeout = seconds;
-            permanentMap = new ConcurrentHashMap<>();
-        }
-
-        public boolean containsKey(K key) {
-            return permanentMap.containsKey(key);
-        }
-
-        public V get(K key) {
-            TimeStampedValue<V> vTimeStampedValue = permanentMap.get(key);
-            long current = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
-            if(current - vTimeStampedValue.insertTimeStamp > timeout) {
-                permanentMap.remove(key);
-                return null;
-            } else {
-                return vTimeStampedValue.value;
-            }
-        }
-
-        public void put(K key, V value) {
-            permanentMap.put(key, new TimeStampedValue<>(value));
-        }
-    }
-}
jdk-sandbox