File Doc Category Size Date Package
MBeanServerAccessController.java API Doc Java SE 5 API 18235 Fri Aug 26 14:55:00 BST 2005 com.sun.jmx.remote.security

MBeanServerAccessController

java.lang.Object

public abstract class MBeanServerAccessController extends Object implements MBeanServerForwarder

An object of this class implements the MBeanServer interface and, for each of its methods, calls an appropriate checking method and then forwards the request to a wrapped MBeanServer object. The checking method may throw a RuntimeException if the operation is not allowed; in this case the request is not forwarded to the wrapped object.

A typical use of this class is to insert it between a connector server such as the RMI connector and the MBeanServer with which the connector is associated. Requests from the connector client can then be filtered and those operations that are not allowed, or not allowed in a particular context, can be rejected by throwing a SecurityException in the corresponding check* method.

This is an abstract class, because in its implementation none of the checking methods does anything. To be useful, it must be subclassed and at least one of the checking methods overridden to do some checking. Some or all of the MBeanServer methods may also be overridden, for instance if the default checking behaviour is inappropriate.

If there is no SecurityManager, then the access controller will refuse to create an MBean that is a ClassLoader, which includes MLets, or to execute the method addURL on an MBean that is an MLet. This prevents people from opening security holes unintentionally. Otherwise, it would not be obvious that granting write access grants the ability to download and execute arbitrary code in the target MBean server. Advanced users who do want the ability to use MLets are presumably advanced enough to handle policy files and security managers.

Fields Summary
private MBeanServer
mbs
Constructors Summary
Methods Summary
public void addNotificationListener(javax.management.ObjectName name, javax.management.NotificationListener listener, javax.management.NotificationFilter filter, java.lang.Object handback)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); getMBeanServer().addNotificationListener(name, listener, filter, handback);
public void addNotificationListener(javax.management.ObjectName name, javax.management.ObjectName listener, javax.management.NotificationFilter filter, java.lang.Object handback)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); getMBeanServer().addNotificationListener(name, listener, filter, handback);
private void checkClassLoader(java.lang.Object object)
if (object instanceof ClassLoader) throw new SecurityException("Access denied! Creating an " + "MBean that is a ClassLoader " + "is forbidden unless a security " + "manager is installed.");
private void checkMLetAddURL(javax.management.ObjectName name, java.lang.String operationName)
SecurityManager sm = System.getSecurityManager(); if (sm == null) { if (operationName.equals("addURL") && getMBeanServer().isInstanceOf(name, "javax.management.loading.MLet")) throw new SecurityException("Access denied! MLet method " + "addURL cannot be invoked " + "unless a security manager " + "is installed."); }
protected abstract void checkRead()
Check if the caller can do read operations. This method does nothing if so, otherwise throws SecurityException.
protected abstract void checkWrite()
Check if the caller can do write operations. This method does nothing if so, otherwise throws SecurityException.
public javax.management.ObjectInstance createMBean(java.lang.String className, javax.management.ObjectName name, javax.management.ObjectName loaderName, java.lang.Object[] params, java.lang.String[] signature)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, loaderName, params, signature); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, loaderName, params, signature); }
public javax.management.ObjectInstance createMBean(java.lang.String className, javax.management.ObjectName name)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name); }
public javax.management.ObjectInstance createMBean(java.lang.String className, javax.management.ObjectName name, java.lang.Object[] params, java.lang.String[] signature)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, params, signature); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, params, signature); }
public javax.management.ObjectInstance createMBean(java.lang.String className, javax.management.ObjectName name, javax.management.ObjectName loaderName)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); SecurityManager sm = System.getSecurityManager(); if (sm == null) { Object object = getMBeanServer().instantiate(className, loaderName); checkClassLoader(object); return getMBeanServer().registerMBean(object, name); } else { return getMBeanServer().createMBean(className, name, loaderName); }
public java.io.ObjectInputStream deserialize(javax.management.ObjectName name, byte[] data)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().deserialize(name, data);
public java.io.ObjectInputStream deserialize(java.lang.String className, byte[] data)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().deserialize(className, data);
public java.io.ObjectInputStream deserialize(java.lang.String className, javax.management.ObjectName loaderName, byte[] data)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().deserialize(className, loaderName, data);
public java.lang.Object getAttribute(javax.management.ObjectName name, java.lang.String attribute)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getAttribute(name, attribute);
public javax.management.AttributeList getAttributes(javax.management.ObjectName name, java.lang.String[] attributes)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getAttributes(name, attributes);
public java.lang.ClassLoader getClassLoader(javax.management.ObjectName loaderName)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getClassLoader(loaderName);
public java.lang.ClassLoader getClassLoaderFor(javax.management.ObjectName mbeanName)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getClassLoaderFor(mbeanName);
public javax.management.loading.ClassLoaderRepository getClassLoaderRepository()
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getClassLoaderRepository();
public java.lang.String getDefaultDomain()
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getDefaultDomain();
public java.lang.String[] getDomains()
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getDomains();
public java.lang.Integer getMBeanCount()
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getMBeanCount();
public javax.management.MBeanInfo getMBeanInfo(javax.management.ObjectName name)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getMBeanInfo(name);
public javax.management.MBeanServer getMBeanServer()
return mbs;
public javax.management.ObjectInstance getObjectInstance(javax.management.ObjectName name)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().getObjectInstance(name);
public java.lang.Object instantiate(java.lang.String className)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); return getMBeanServer().instantiate(className);
public java.lang.Object instantiate(java.lang.String className, java.lang.Object[] params, java.lang.String[] signature)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); return getMBeanServer().instantiate(className, params, signature);
public java.lang.Object instantiate(java.lang.String className, javax.management.ObjectName loaderName)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); return getMBeanServer().instantiate(className, loaderName);
public java.lang.Object instantiate(java.lang.String className, javax.management.ObjectName loaderName, java.lang.Object[] params, java.lang.String[] signature)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); return getMBeanServer().instantiate(className, loaderName, params, signature);
public java.lang.Object invoke(javax.management.ObjectName name, java.lang.String operationName, java.lang.Object[] params, java.lang.String[] signature)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); checkMLetAddURL(name, operationName); return getMBeanServer().invoke(name, operationName, params, signature);
public boolean isInstanceOf(javax.management.ObjectName name, java.lang.String className)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().isInstanceOf(name, className);
public boolean isRegistered(javax.management.ObjectName name)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().isRegistered(name);
public java.util.Set queryMBeans(javax.management.ObjectName name, javax.management.QueryExp query)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().queryMBeans(name, query);
public java.util.Set queryNames(javax.management.ObjectName name, javax.management.QueryExp query)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); return getMBeanServer().queryNames(name, query);
public javax.management.ObjectInstance registerMBean(java.lang.Object object, javax.management.ObjectName name)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); return getMBeanServer().registerMBean(object, name);
public void removeNotificationListener(javax.management.ObjectName name, javax.management.NotificationListener listener)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); getMBeanServer().removeNotificationListener(name, listener);
public void removeNotificationListener(javax.management.ObjectName name, javax.management.NotificationListener listener, javax.management.NotificationFilter filter, java.lang.Object handback)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); getMBeanServer().removeNotificationListener(name, listener, filter, handback);
public void removeNotificationListener(javax.management.ObjectName name, javax.management.ObjectName listener)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); getMBeanServer().removeNotificationListener(name, listener);
public void removeNotificationListener(javax.management.ObjectName name, javax.management.ObjectName listener, javax.management.NotificationFilter filter, java.lang.Object handback)
Call checkRead(), then forward this method to the wrapped object.
checkRead(); getMBeanServer().removeNotificationListener(name, listener, filter, handback);
public void setAttribute(javax.management.ObjectName name, javax.management.Attribute attribute)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); getMBeanServer().setAttribute(name, attribute);
public javax.management.AttributeList setAttributes(javax.management.ObjectName name, javax.management.AttributeList attributes)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); return getMBeanServer().setAttributes(name, attributes);
public void setMBeanServer(javax.management.MBeanServer mbs)
if (mbs == null) throw new IllegalArgumentException("Null MBeanServer"); if (this.mbs != null) throw new IllegalArgumentException("MBeanServer object already " + "initialized"); this.mbs = mbs;
public void unregisterMBean(javax.management.ObjectName name)
Call checkWrite(), then forward this method to the wrapped object.
checkWrite(); getMBeanServer().unregisterMBean(name);