JMXPluggableAuthenticatorpublic final class JMXPluggableAuthenticator extends Object implements JMXAuthenticatorThis class represents a
JAAS
based implementation of the {@link JMXAuthenticator} interface.
Authentication is performed by passing the supplied user's credentials
to one or more authentication mechanisms ({@link LoginModule}) for
verification. An authentication mechanism acquires the user's credentials
by calling {@link NameCallback} and/or {@link PasswordCallback}.
If authentication is successful then an authenticated {@link Subject}
filled in with a {@link Principal} is returned. Authorization checks
will then be performed based on this Subject.
By default, a single file-based authentication mechanism
{@link FileLoginModule} is configured (FileLoginConfig).
To override the default configuration use the
com.sun.management.jmxremote.login.config management property
described in the JRE/lib/management/management.properties file.
Set this property to the name of a JAAS configuration entry and ensure that
the entry is loaded by the installed {@link Configuration}. In addition,
ensure that the authentication mechanisms specified in the entry acquire
the user's credentials by calling {@link NameCallback} and
{@link PasswordCallback} and that they return a {@link Subject} filled-in
with a {@link Principal}, for those users that are successfully
authenticated. |
| Fields Summary |
|---|
| private LoginContext | loginContext | | private String | username | | private String | password | | private static final String | LOGIN_CONFIG_PROP | | private static final String | LOGIN_CONFIG_NAME | | private static final String | PASSWORD_FILE_PROP | | private static final ClassLogger | logger |
| Constructors Summary |
|---|
public JMXPluggableAuthenticator(Map env)Creates an instance of JMXPluggableAuthenticator
and initializes it with a {@link LoginContext}.
String loginConfigName = null;
String passwordFile = null;
if (env != null) {
loginConfigName = (String) env.get(LOGIN_CONFIG_PROP);
passwordFile = (String) env.get(PASSWORD_FILE_PROP);
}
try {
if (loginConfigName != null) {
// use the supplied JAAS login configuration
loginContext =
new LoginContext(loginConfigName, new JMXCallbackHandler());
} else {
// use the default JAAS login configuration (file-based)
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(
new AuthPermission("createLoginContext." +
LOGIN_CONFIG_NAME));
}
final String pf = passwordFile;
try {
loginContext = (LoginContext) AccessController.doPrivileged(
new PrivilegedExceptionAction() {
public Object run() throws LoginException {
return new LoginContext(
LOGIN_CONFIG_NAME,
null,
new JMXCallbackHandler(),
new FileLoginConfig(pf));
}
});
} catch (PrivilegedActionException pae) {
throw (LoginException) pae.getException();
}
}
} catch (LoginException le) {
authenticationFailure("authenticate", le);
} catch (SecurityException se) {
authenticationFailure("authenticate", se);
}
|
| Methods Summary |
|---|
| public javax.security.auth.Subject | authenticate(java.lang.Object credentials)Authenticate the MBeanServerConnection client
with the given client credentials.
// Verify that credentials is of type String[].
//
if (!(credentials instanceof String[])) {
// Special case for null so we get a more informative message
if (credentials == null)
authenticationFailure("authenticate", "Credentials required");
final String message =
"Credentials should be String[] instead of " +
credentials.getClass().getName();
authenticationFailure("authenticate", message);
}
// Verify that the array contains two elements.
//
final String[] aCredentials = (String[]) credentials;
if (aCredentials.length != 2) {
final String message =
"Credentials should have 2 elements not " +
aCredentials.length;
authenticationFailure("authenticate", message);
}
// Verify that username exists and the associated
// password matches the one supplied by the client.
//
username = (String) aCredentials[0];
password = (String) aCredentials[1];
if (username == null || password == null) {
final String message = "Username or password is null";
authenticationFailure("authenticate", message);
}
// Perform authentication
try {
loginContext.login();
final Subject subject = loginContext.getSubject();
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
subject.setReadOnly();
return null;
}
});
return subject;
} catch (LoginException le) {
authenticationFailure("authenticate", le);
}
return null;
| | private static void | authenticationFailure(java.lang.String method, java.lang.String message)
final String msg = "Authentication failed! " + message;
final SecurityException e = new SecurityException(msg);
logException(method, msg, e);
throw e;
| | private static void | authenticationFailure(java.lang.String method, java.lang.Exception exception)
String msg;
SecurityException se;
if (exception instanceof SecurityException) {
msg = exception.getMessage();
se = (SecurityException) exception;
} else {
msg = "Authentication failed! " + exception.getMessage();
final SecurityException e = new SecurityException(msg);
EnvHelp.initCause(e, exception);
se = e;
}
logException(method, msg, se);
throw se;
| | private static void | logException(java.lang.String method, java.lang.String message, java.lang.Exception e)
if (logger.traceOn()) {
logger.trace(method, message);
}
if (logger.debugOn()) {
logger.debug(method, e);
}
|
|
