geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rwo...@apache.org
Subject svn commit: r1347255 - in /geronimo/server/branches/3.0-beta: framework/configs/j2ee-security/ framework/configs/j2ee-security/src/main/history/ framework/configs/j2ee-security/src/main/plan/ framework/configs/jmx-security/ framework/configs/jmx-securi...
Date Thu, 07 Jun 2012 01:18:22 GMT
Author: rwonly
Date: Thu Jun  7 01:18:21 2012
New Revision: 1347255

URL: http://svn.apache.org/viewvc?rev=1347255&view=rev
Log:
GERONIMO-6314 Add monitor role to protect the JMX access (thanks Tina for the patch!)

Added:
    geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
  (with props)
Modified:
    geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/pom.xml
    geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/plan/plan.xml
    geronimo/server/branches/3.0-beta/framework/configs/jmx-security/pom.xml
    geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/history/dependencies.xml
    geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/plan/plan.xml
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXConnector.java
    geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXSecureConnector.java
    geronimo/server/branches/3.0-beta/plugins/clustering/geronimo-clustering-wadi/src/test/java/org/apache/geronimo/clustering/wadi/BasicNodeServiceTest.java

Modified: geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/pom.xml?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/pom.xml (original)
+++ geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/pom.xml Thu Jun  7 01:18:21
2012
@@ -54,6 +54,13 @@
 
         <dependency>
             <groupId>org.apache.geronimo.framework</groupId>
+            <artifactId>j2ee-system</artifactId>
+            <version>${project.version}</version>
+            <type>car</type>
+        </dependency>
+
+        <dependency>
+            <groupId>org.apache.geronimo.framework</groupId>
             <artifactId>geronimo-security</artifactId>
             <version>${project.version}</version>
         </dependency>

Modified: geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/history/dependencies.xml?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/history/dependencies.xml
(original)
+++ geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/history/dependencies.xml
Thu Jun  7 01:18:21 2012
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<plugin-artifact xmlns:ns2="http://geronimo.apache.org/xml/ns/attributes-1.2" xmlns="http://geronimo.apache.org/xml/ns/plugins-1.3">
+<plugin-artifact xmlns="http://geronimo.apache.org/xml/ns/plugins-1.3" xmlns:ns2="http://geronimo.apache.org/xml/ns/attributes-1.2">
     <module-id>
         <groupId>org.apache.geronimo.framework</groupId>
         <artifactId>j2ee-security</artifactId>
-        <version>3.0-SNAPSHOT</version>
+        <version>3.0-beta-2-SNAPSHOT</version>
         <type>car</type>
     </module-id>
     <dependency>
@@ -23,6 +23,11 @@
     </dependency>
     <dependency>
         <groupId>org.apache.geronimo.framework</groupId>
+        <artifactId>j2ee-system</artifactId>
+        <type>car</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.geronimo.framework</groupId>
         <artifactId>rmi-naming</artifactId>
         <type>car</type>
     </dependency>

Modified: geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/plan/plan.xml?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/plan/plan.xml
(original)
+++ geronimo/server/branches/3.0-beta/framework/configs/j2ee-security/src/main/plan/plan.xml
Thu Jun  7 01:18:21 2012
@@ -42,6 +42,7 @@
         <attribute name="port">${planJMXPort}</attribute>
         <attribute name="urlPath">/jndi/rmi://${planServerHostname}:${planNamingPort}/JMXConnector</attribute>
         <attribute name="applicationConfigName">geronimo-admin</attribute>
+        <reference name="ServerInfo"><name>ServerInfo</name></reference>
         <reference name="MBeanServerReference">
             <name>MBeanServerReference</name>
         </reference>

Modified: geronimo/server/branches/3.0-beta/framework/configs/jmx-security/pom.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/jmx-security/pom.xml?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/jmx-security/pom.xml (original)
+++ geronimo/server/branches/3.0-beta/framework/configs/jmx-security/pom.xml Thu Jun  7 01:18:21
2012
@@ -50,6 +50,12 @@
             <version>${project.version}</version>
             <type>car</type>
         </dependency>
+        <dependency>
+            <groupId>org.apache.geronimo.framework</groupId>
+            <artifactId>j2ee-system</artifactId>
+            <version>${project.version}</version>
+            <type>car</type>
+        </dependency>
     </dependencies>
 
     <build>

Modified: geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/history/dependencies.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/history/dependencies.xml?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/history/dependencies.xml
(original)
+++ geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/history/dependencies.xml
Thu Jun  7 01:18:21 2012
@@ -1,13 +1,18 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<plugin-artifact xmlns:ns2="http://geronimo.apache.org/xml/ns/attributes-1.2" xmlns="http://geronimo.apache.org/xml/ns/plugins-1.3">
+<plugin-artifact xmlns="http://geronimo.apache.org/xml/ns/plugins-1.3" xmlns:ns2="http://geronimo.apache.org/xml/ns/attributes-1.2">
     <module-id>
         <groupId>org.apache.geronimo.framework</groupId>
         <artifactId>jmx-security</artifactId>
-        <version>3.0-SNAPSHOT</version>
+        <version>3.0-beta-2-SNAPSHOT</version>
         <type>car</type>
     </module-id>
     <dependency>
         <groupId>org.apache.geronimo.framework</groupId>
+        <artifactId>j2ee-system</artifactId>
+        <type>car</type>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.geronimo.framework</groupId>
         <artifactId>server-security-config</artifactId>
         <type>car</type>
     </dependency>

Modified: geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/plan/plan.xml
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/plan/plan.xml?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/plan/plan.xml
(original)
+++ geronimo/server/branches/3.0-beta/framework/configs/jmx-security/src/main/plan/plan.xml
Thu Jun  7 01:18:21 2012
@@ -24,6 +24,9 @@
         <attribute name="port">${planJMXSecurePort}</attribute>
         <attribute name="urlPath">/jndi/rmi://${planServerHostname}:${planNamingPort}/JMXSecureConnector</attribute>
         <attribute name="applicationConfigName">geronimo-admin</attribute>
+        <reference name="ServerInfo">
+            <name>ServerInfo</name>
+        </reference>
         <reference name="MBeanServerReference">
             <name>MBeanServerReference</name>
         </reference>

Added: geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties?rev=1347255&view=auto
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
(added)
+++ geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
Thu Jun  7 01:18:21 2012
@@ -0,0 +1,19 @@
+#=====================================================================
+#  Licensed to the Apache Software Foundation (ASF) under one or more
+#  contributor license agreements.  See the NOTICE file distributed with
+#  this work for additional information regarding copyright ownership.
+#  The ASF licenses this file to You under the Apache License, Version 2.0
+#  (the "License"); you may not use this file except in compliance with
+#  the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#=====================================================================
+
+monitor readonly
+admin  readwrite

Propchange: geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: geronimo/server/branches/3.0-beta/framework/configs/server-security-config/src/main/resources/security/jmx_access.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
(original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/Authenticator.java
Thu Jun  7 01:18:21 2012
@@ -73,13 +73,13 @@ public class Authenticator implements JM
             Set<GeronimoGroupPrincipal> pricipalsGroup = sub.getPrincipals(GeronimoGroupPrincipal.class);
             boolean isInAdminGroup = false;
             for (GeronimoGroupPrincipal principal : pricipalsGroup) {
-                if (principal.getName().equals("admin")) {
+                if (principal.getName().equals("admin")||principal.getName().equals("monitor"))
{
                     isInAdminGroup = true;
                     break;
                  }
             }
             if(!isInAdminGroup){
-                throw new LoginException("Only users in admin group are allowed");
+                throw new LoginException("Only users in admin group or monitor group are
allowed");
             }
             return context.getSubject();
         } catch (LoginException e) {

Modified: geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXConnector.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXConnector.java?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXConnector.java
(original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXConnector.java
Thu Jun  7 01:18:21 2012
@@ -35,6 +35,7 @@ import org.apache.geronimo.gbean.GBeanIn
 import org.apache.geronimo.gbean.GBeanLifecycle;
 import org.apache.geronimo.kernel.rmi.GeronimoRMIServerSocketFactory;
 import org.apache.geronimo.system.jmx.MBeanServerReference;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -56,10 +57,11 @@ public class JMXConnector implements JMX
 
     protected JMXConnectorServer server;
     protected JMXServiceURL jmxServiceURL;
+    protected ServerInfo serverInfo;
 
     // todo remove this as soon as Geronimo supports factory beans
-    public JMXConnector(MBeanServerReference mbeanServerReference, String objectName, ClassLoader
classLoader) {
-        this(mbeanServerReference.getMBeanServer(), objectName, classLoader);
+    public JMXConnector(MBeanServerReference mbeanServerReference, ServerInfo serverInfo,
String objectName, ClassLoader classLoader) {
+        this(mbeanServerReference.getMBeanServer(), serverInfo, objectName, classLoader);
     }
 
     /**
@@ -70,9 +72,10 @@ public class JMXConnector implements JMX
      * @param objectName  this connector's object name
      * @param classLoader the classLoader used to create this connector
      */
-    public JMXConnector(MBeanServer mbeanServer, String objectName, ClassLoader classLoader)
{
+    public JMXConnector(MBeanServer mbeanServer, ServerInfo serverInfo, String objectName,
ClassLoader classLoader) {
         this.mbeanServer = mbeanServer;
-        this.classLoader = classLoader;
+        this.serverInfo = serverInfo;
+        this.classLoader = classLoader;       
         log = LoggerFactory.getLogger(objectName);
     }
 
@@ -188,6 +191,8 @@ public class JMXConnector implements JMX
         Map<String, Object> env = new HashMap<String, Object>();
         if (applicationConfigName != null) {
             authenticator = new Authenticator(applicationConfigName, classLoader);
+            String accessconfig = serverInfo.resolveServerPath("var/security/jmx_access.properties");
+	    env.put("jmx.remote.x.access.file",accessconfig);
             env.put(JMXConnectorServer.AUTHENTICATOR, authenticator);
         } else {
             log.warn("Starting unauthenticating JMXConnector for " + jmxServiceURL);
@@ -238,6 +243,7 @@ public class JMXConnector implements JMX
     static {
         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("JMX Remoting Connector",
JMXConnector.class);
         infoFactory.addReference("MBeanServerReference", MBeanServerReference.class);
+        infoFactory.addReference("ServerInfo", ServerInfo.class);
         infoFactory.addAttribute("objectName", String.class, false);
         infoFactory.addAttribute("classLoader", ClassLoader.class, false);
 
@@ -249,7 +255,7 @@ public class JMXConnector implements JMX
 
         infoFactory.addInterface(JMXConnectorInfo.class);
 
-        infoFactory.setConstructor(new String[]{"MBeanServerReference", "objectName", "classLoader"});
+        infoFactory.setConstructor(new String[]{"MBeanServerReference", "ServerInfo", "objectName",
"classLoader"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 

Modified: geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXSecureConnector.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXSecureConnector.java?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXSecureConnector.java
(original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-jmx-remoting/src/main/java/org/apache/geronimo/jmxremoting/JMXSecureConnector.java
Thu Jun  7 01:18:21 2012
@@ -41,6 +41,7 @@ import org.apache.geronimo.gbean.GBeanIn
 import org.apache.geronimo.gbean.GBeanInfoBuilder;
 import org.apache.geronimo.management.geronimo.KeystoreManager;
 import org.apache.geronimo.system.jmx.MBeanServerReference;
+import org.apache.geronimo.system.serverinfo.ServerInfo;
 
 /**
  * A secure (SSL/TLS) connector that supports the server side of JSR 160 JMX Remoting.
@@ -57,12 +58,12 @@ public class JMXSecureConnector extends 
     private String keyAlias;
     private boolean clientAuth;
     
-    public JMXSecureConnector(MBeanServerReference mbeanServerReference, String objectName,
ClassLoader classLoader) {
-        this(mbeanServerReference.getMBeanServer(), objectName, classLoader);
+    public JMXSecureConnector(MBeanServerReference mbeanServerReference, ServerInfo serverInfo,
String objectName, ClassLoader classLoader) {
+        this(mbeanServerReference.getMBeanServer(), serverInfo, objectName, classLoader);
     }
 
-    public JMXSecureConnector(MBeanServer mbeanServer, String objectName, ClassLoader classLoader)
{
-        super(mbeanServer, objectName, classLoader);
+    public JMXSecureConnector(MBeanServer mbeanServer, ServerInfo serverInfo, String objectName,
ClassLoader classLoader) {
+        super(mbeanServer, serverInfo, objectName, classLoader);
     }
 
     public void setKeystoreManager(KeystoreManager keystoreManager) {
@@ -137,6 +138,8 @@ public class JMXSecureConnector extends 
         Authenticator authenticator = null;
         if (applicationConfigName != null) {
             authenticator = new Authenticator(applicationConfigName, classLoader);
+            String accessconfig = serverInfo.resolveServerPath("var/security/jmx_access.properties");
+	    env.put("jmx.remote.x.access.file",accessconfig);
             env.put(JMXConnectorServer.AUTHENTICATOR, authenticator);
         } else {
             log.warn("Starting unauthenticating JMXConnector for " + jmxServiceURL);
@@ -181,6 +184,7 @@ public class JMXSecureConnector extends 
     static {
         GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("JMX Secure Remoting
Connector", JMXSecureConnector.class);
         infoFactory.addReference("MBeanServerReference", MBeanServerReference.class);
+        infoFactory.addReference("ServerInfo",ServerInfo.class);
         infoFactory.addAttribute("objectName", String.class, false);
         infoFactory.addAttribute("classLoader", ClassLoader.class, false);
 
@@ -200,7 +204,7 @@ public class JMXSecureConnector extends 
         infoFactory.addAttribute("trustStore", String.class, true, true);
         infoFactory.addAttribute("clientAuth", boolean.class, true, true);
         
-        infoFactory.setConstructor(new String[]{"MBeanServerReference", "objectName", "classLoader"});
+        infoFactory.setConstructor(new String[]{"MBeanServerReference", "ServerInfo", "objectName",
"classLoader"});
         GBEAN_INFO = infoFactory.getBeanInfo();
     }
 

Modified: geronimo/server/branches/3.0-beta/plugins/clustering/geronimo-clustering-wadi/src/test/java/org/apache/geronimo/clustering/wadi/BasicNodeServiceTest.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/plugins/clustering/geronimo-clustering-wadi/src/test/java/org/apache/geronimo/clustering/wadi/BasicNodeServiceTest.java?rev=1347255&r1=1347254&r2=1347255&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/plugins/clustering/geronimo-clustering-wadi/src/test/java/org/apache/geronimo/clustering/wadi/BasicNodeServiceTest.java
(original)
+++ geronimo/server/branches/3.0-beta/plugins/clustering/geronimo-clustering-wadi/src/test/java/org/apache/geronimo/clustering/wadi/BasicNodeServiceTest.java
Thu Jun  7 01:18:21 2012
@@ -33,7 +33,7 @@ public class BasicNodeServiceTest extend
         LocalNode localNode = (LocalNode) mock(LocalNode.class);
         localNode.getJMXConnectorInfo();
         
-        JMXConnector connector = new JMXConnector((MBeanServer) null, "name", null);
+        JMXConnector connector = new JMXConnector((MBeanServer) null, null, "name", null);
         String host = "host";
         connector.setHost(host);
         int port = 1;



Mime
View raw message