void setNonFacadeMBeansSensitive(boolean sensitive) { authorizer.setNonFacadeMBeansSensitive(sensitive); }
private boolean isNonFacadeMBeansSensitive() { return authorizer == null ? false : authorizer.isNonFacadeMBeansSensitive(); }
boolean authorizeSuperUserOrAdministrator(String methodName) throws MBeanException { if (authorizer != null) { //TODO populate the 'environment' variable AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(), null, new JmxAction(methodName, JmxAction.Impact.EXTRA_SENSITIVE)); if (authorizationResult.getDecision() != Decision.PERMIT) { throw JmxMessages.MESSAGES.unauthorized(); } } return true; }
boolean authorizeSensitiveOperation(String methodName, boolean readOnly, boolean exception) throws MBeanException { if (authorizer != null) { final JmxAction target = new JmxAction(methodName, readOnly ? JmxAction.Impact.READ_ONLY : JmxAction.Impact.WRITE); //TODO populate the 'environment' variable AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(), null, target); if (authorizationResult.getDecision() != Decision.PERMIT) { if (exception) { throw JmxMessages.MESSAGES.unauthorized(); } else { return false; } } } return true; }
private void authorizeClassloadingOperation(MBeanServerPlugin delegate, ObjectName objectName, String methodName) throws MBeanException { if (authorizer != null && delegate.shouldAuthorize()) { JmxTarget target = new JmxTarget(methodName, objectName, isNonFacadeMBeansSensitive(), jmxEffect, jmxEffect); JmxAction action = new JmxAction(methodName, JmxAction.Impact.CLASSLOADING); //TODO populate the 'environment' variable SecurityIdentity securityIdentity = securityIdentitySupplier != null ? securityIdentitySupplier.get() : null; AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(securityIdentity), null, action, target); if (authorizationResult.getDecision() != Decision.PERMIT) { throw JmxLogger.ROOT_LOGGER.unauthorized(); } } }
void setNonFacadeMBeansSensitive(boolean sensitive) { authorizer.setNonFacadeMBeansSensitive(sensitive); }
private boolean authorizeMBeanOperation(MBeanServerPlugin delegate, ObjectName name, String methodName, String attributeName, JmxAction.Impact impact, boolean exception) throws MBeanException { if (authorizer != null && delegate.shouldAuthorize()) { JmxTarget target = new JmxTarget(methodName, name, isNonFacadeMBeansSensitive(), jmxEffect, jmxEffect); JmxAction action = new JmxAction(methodName, impact, attributeName); //TODO populate the 'environment' variable SecurityIdentity securityIdentity = securityIdentitySupplier != null ? securityIdentitySupplier.get() : null; AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(securityIdentity), null, action, target); if (authorizationResult.getDecision() != Decision.PERMIT) { if (exception) { throw JmxLogger.ROOT_LOGGER.unauthorized(); } else { return false; } } } return true; }
/** {@inheritDoc} */ public synchronized void start(final StartContext context) throws StartException { //If the platform MBeanServer was set up to be the PluggableMBeanServer, use that otherwise create a new one and delegate MBeanServer platform = ManagementFactory.getPlatformMBeanServer(); PluggableMBeanServerImpl pluggable = platform instanceof PluggableMBeanServerImpl ? (PluggableMBeanServerImpl)platform : new PluggableMBeanServerImpl(platform, null); MBeanServerDelegate delegate = platform instanceof PluggableMBeanServerImpl ? ((PluggableMBeanServerImpl)platform).getMBeanServerDelegate() : null; pluggable.setAuditLogger(auditLoggerInfo); pluggable.setAuthorizer(authorizer); authorizer.setNonFacadeMBeansSensitive(coreMBeanSensitivity); if (resolvedDomainName != null || expressionsDomainName != null) { //TODO make these configurable ConfiguredDomains configuredDomains = new ConfiguredDomains(resolvedDomainName, expressionsDomainName); showModelPlugin = new ModelControllerMBeanServerPlugin(configuredDomains, modelControllerValue.getValue(), delegate, legacyWithProperPropertyFormat, forStandalone); pluggable.addPlugin(showModelPlugin); } mBeanServer = pluggable; }
/** {@inheritDoc} */ public synchronized void start(final StartContext context) throws StartException { //If the platform MBeanServer was set up to be the PluggableMBeanServer, use that otherwise create a new one and delegate MBeanServer platform = ManagementFactory.getPlatformMBeanServer(); PluggableMBeanServerImpl pluggable = platform instanceof PluggableMBeanServerImpl ? (PluggableMBeanServerImpl)platform : new PluggableMBeanServerImpl(platform, null); MBeanServerDelegate delegate = platform instanceof PluggableMBeanServerImpl ? ((PluggableMBeanServerImpl)platform).getMBeanServerDelegate() : null; pluggable.setAuditLogger(auditLoggerInfo); pluggable.setAuthorizer(authorizer); pluggable.setSecurityIdentitySupplier(securityIdentitySupplier); pluggable.setJmxEffect(jmxEffect); authorizer.setNonFacadeMBeansSensitive(coreMBeanSensitivity); if (resolvedDomainName != null || expressionsDomainName != null) { //TODO make these configurable ConfiguredDomains configuredDomains = new ConfiguredDomains(resolvedDomainName, expressionsDomainName); showModelPlugin = new ModelControllerMBeanServerPlugin(pluggable, configuredDomains, modelControllerValue.getValue(), notificationRegistryValue.getValue(), delegate, legacyWithProperPropertyFormat, processType, managementModelProviderValue.getValue(), isMasterHc); pluggable.addPlugin(showModelPlugin); } mBeanServer = pluggable; }