db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r635723 - in /db/derby/code/trunk/java: drda/org/apache/derby/impl/drda/ engine/org/apache/derby/iapi/services/info/ engine/org/apache/derby/impl/services/jmx/
Date Mon, 10 Mar 2008 22:12:29 GMT
Author: djd
Date: Mon Mar 10 15:12:24 2008
New Revision: 635723

URL: http://svn.apache.org/viewvc?rev=635723&view=rev
Log:
DERBY-3462 Add methods to check for monitor and control permissions in the implementation
of NetworkServerMBean and VersionMBean. Actual methods do not perform any security manager
checks yet. Will be added in a future commit

Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java?rev=635723&r1=635722&r2=635723&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
(original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
Mon Mar 10 15:12:24 2008
@@ -799,7 +799,9 @@
                 Monitor.getSystemModule(Module.JMX));
         
         Object versionMBean = mgmtService.registerMBean(
-                           new Version(getNetProductVersionHolder()),
+                           new Version(
+                                   getNetProductVersionHolder(),
+                                   null /*SystemPermission.SERVER*/),
                            VersionMBean.class,
                            "type=Version,jar=derbynet.jar");
         Object networkServerMBean = mgmtService.registerMBean(

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java?rev=635723&r1=635722&r2=635723&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/NetworkServerMBeanImpl.java Mon
Mar 10 15:12:24 2008
@@ -51,6 +51,20 @@
         this.server = nsc;
         startTime = System.currentTimeMillis();
     }
+    
+    /**
+     * Ensure the caller has permission to control the network server.
+     */
+    private void checkControl() { 
+        // TODO: implement check
+    }
+
+    /**
+     * Ensure the caller has permission to monitor the network server.
+     */
+    private void checkMonitor() { 
+//      TODO: implement check
+    }
 
     // Some of the code is disabled (commented out) due to security concerns,
     // see DERBY-1387 for details.
@@ -60,6 +74,9 @@
     //
     
     public String getDrdaHost() {
+        // Since this is sensitive information require control permission.
+        checkControl();
+
         String host = getServerProperty(Property.DRDA_PROP_HOSTNAME);
         return host;
     }
@@ -70,6 +87,8 @@
     }
     
     public int getDrdaMaxThreads() {
+        checkMonitor();
+        
         int maxThreads = 0; // default
         String maxThreadsStr = getServerProperty(Property.DRDA_PROP_MAXTHREADS);
         if (maxThreadsStr != null) {
@@ -95,6 +114,9 @@
     }*/
     
     public int getDrdaPortNumber() {
+        // Since this is sensitive information require control permission.
+        checkControl();
+
         int portNumber = NetworkServerControl.DEFAULT_PORTNUMBER; // the default
         String portString = getServerProperty(Property.DRDA_PROP_PORTNUMBER);
         try {
@@ -106,6 +128,9 @@
     }
     
     public String getDrdaSecurityMechanism() {
+        // Since this is sensitive information require control permission.
+        checkControl();
+
         String secmec = getServerProperty(Property.DRDA_PROP_SECURITYMECHANISM);
         if (secmec == null) {
             // default is none (represented by the empty string)
@@ -115,6 +140,9 @@
     }
     
     public String getDrdaSslMode() {
+        // Since this is sensitive information require control permission.
+        checkControl();
+
         // may be null if not set (?)
         String SSLMode = getServerProperty(Property.DRDA_PROP_SSL_MODE);
         return SSLMode;
@@ -122,6 +150,8 @@
     
     
     public String getDrdaStreamOutBufferSize() {
+        checkMonitor();
+        
         // TODO - Fix NetworkServerControlImpl so that this setting is included
         //        in the property values returned by getPropertyValues()?
         //String size = getServerProperty(Property.DRDA_PROP_STREAMOUTBUFFERSIZE);
@@ -132,6 +162,8 @@
 
        
     public int getDrdaTimeSlice() {
+        checkMonitor();
+        
         // relying on server to return the default if not set
         return server.getTimeSlice();
     }
@@ -149,6 +181,8 @@
     }*/
     
     public boolean getDrdaTraceAll() {
+        checkMonitor();
+        
         String on = getServerProperty(Property.DRDA_PROP_TRACEALL);
         return ("true".equals(on) ? true : false );
     }
@@ -166,6 +200,10 @@
     }*/
     
     public String getDrdaTraceDirectory() {
+        // Since this is sensitive information require control
+        // (gives away information about the file system).
+        checkControl();
+        
         String traceDirectory = null;
         traceDirectory = getServerProperty(Property.DRDA_PROP_TRACEDIRECTORY);
         if(traceDirectory == null){
@@ -209,30 +247,44 @@
      **/
 
     public int getConnectionCount() {
+        checkMonitor();
+        
         return getActiveConnectionCount() + getWaitingConnectionCount();
     }
     
     public int getActiveConnectionCount() {
+        checkMonitor();
+
         return server.getActiveSessions();
     }
     
     public int getWaitingConnectionCount() {
+        checkMonitor();
+        
         return server.getRunQueueSize();
     }
     
     public int getConnectionThreadPoolSize() {
+        checkMonitor();
+        
         return server.getThreadListSize();
     }
      
     public int getAccumulatedConnectionCount() {
+        checkMonitor();
+        
         return server.getConnectionNumber();
     }
     
     public long getBytesReceived() {
+        checkMonitor();
+        
         return server.getBytesRead();
     }
     
     public long getBytesSent() {
+        checkMonitor();
+        
         return server.getBytesWritten();
     }
     
@@ -241,6 +293,8 @@
     private int receiveResult = 0;
     
     synchronized public int getBytesReceivedPerSecond(){
+        checkMonitor();
+        
         long now = System.currentTimeMillis();
         if (now - lastReceiveTime >= 1000) {
             long count = getBytesReceived();
@@ -256,6 +310,8 @@
     private int sentResult = 0;
 
     synchronized public int getBytesSentPerSecond(){
+        checkMonitor();
+        
         long now = System.currentTimeMillis();
         if (now - lastSentTime >= 1000) {
             long count = getBytesSent();
@@ -270,6 +326,8 @@
      * Return start time.
      */
     public long getStartTime() {
+        checkMonitor();
+        
         return startTime;
     }
 
@@ -277,8 +335,9 @@
      * Return time server has been running.
      */
     public long getUptime() {
-        return System.currentTimeMillis() - startTime;
+        checkMonitor();
         
+        return System.currentTimeMillis() - startTime;
     }
 
     // ------------------------- MBEAN OPERATIONS  ----------------------------
@@ -290,6 +349,8 @@
      * @throws Exception if the ping fails.
      */
     public void ping() throws Exception {
+        checkMonitor();
+        
         //String feedback = "Server pinged successfully.";
         //boolean success = true;
         try {

Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java?rev=635723&r1=635722&r2=635723&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/services/info/Version.java Mon Mar
10 15:12:24 2008
@@ -34,48 +34,74 @@
     
     private final ProductVersionHolder versionInfo;
     
-    public Version(ProductVersionHolder pvh) {
+    /**
+     * Permission name for the object the version
+     * information applies to.
+     */
+    private final String permissionName;
+    
+    public Version(ProductVersionHolder pvh, String permissionName) {
         versionInfo = pvh;
+        this.permissionName = permissionName;
+    }
+    
+    /*
+    ** Security checks(non-Javadoc)
+    */
+    
+    private void checkMonitor() {
+        // TODO: Add actual check
+        //new SystemPermission(permissionName, SystemPermission.MONITOR);
     }
     
     // ------------------------- MBEAN ATTRIBUTES  ----------------------------
     
     public String getProductName(){
+        checkMonitor();
         return versionInfo.getProductName();
     }
     
      public String getProductTechnologyName(){
+         checkMonitor();
         return versionInfo.getProductTechnologyName();
     }
     
     public String getProductVendorName(){
+        checkMonitor();
         return versionInfo.getProductVendorName();
     }
     
     public String getVersionString() {
+        checkMonitor();
         return versionInfo.getVersionBuildString(true);
     }
     public int getMajorVersion(){
+        checkMonitor();
         return versionInfo.getMajorVersion();
     }
     
     public int getMinorVersion(){
+        checkMonitor();
         return versionInfo.getMinorVersion();
     }
     
     public int getMaintenanceVersion(){
+        checkMonitor();
         return versionInfo.getMaintVersion();
     }
     
     public String getBuildNumber(){
+        checkMonitor();
         return versionInfo.getBuildNumber();
     }
     
     public boolean isBeta(){
+        checkMonitor();
         return versionInfo.isBeta();
     }
     
     public boolean isAlpha(){
+        checkMonitor();
         return versionInfo.isAlpha();
     }
   

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java?rev=635723&r1=635722&r2=635723&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
Mon Mar 10 15:12:24 2008
@@ -118,7 +118,10 @@
                 "type=Management");
         myManagementServer = mbeanServer;
         
-        registerMBean(new Version(Monitor.getMonitor().getEngineVersion()),
+        registerMBean(
+                new Version(
+                        Monitor.getMonitor().getEngineVersion(),
+                        null /* SystemPermission.ENGINE */),
                 VersionMBean.class,
                 "type=Version,jar=derby.jar");
     }



Mime
View raw message