karaf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject git commit: [KARAF-3293]more fine-grained way to specify the jmx.acl.whitelist.cfg (cherry picked from commit edb7b1bc40be6ad65d65c9e1b3c18ba2a2ca80a3)
Date Thu, 16 Oct 2014 08:01:16 GMT
Repository: karaf
Updated Branches:
  refs/heads/karaf-3.0.x c5822d929 -> 920477402


[KARAF-3293]more fine-grained way to specify the jmx.acl.whitelist.cfg
(cherry picked from commit edb7b1bc40be6ad65d65c9e1b3c18ba2a2ca80a3)

Conflicts:
	management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/92047740
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/92047740
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/92047740

Branch: refs/heads/karaf-3.0.x
Commit: 92047740249b2492c33673a99d1bf9f998f2606a
Parents: c5822d9
Author: Freeman Fang <freeman.fang@gmail.com>
Authored: Thu Oct 16 15:39:07 2014 +0800
Committer: Freeman Fang <freeman.fang@gmail.com>
Committed: Thu Oct 16 16:00:54 2014 +0800

----------------------------------------------------------------------
 .../karaf/management/KarafMBeanServerGuard.java | 35 ++++++++++++++------
 1 file changed, 25 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/92047740/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
----------------------------------------------------------------------
diff --git a/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
b/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
index 4db504f..3dd2dae 100644
--- a/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
+++ b/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java
@@ -31,7 +31,10 @@ import java.lang.reflect.Method;
 import java.security.AccessControlContext;
 import java.security.AccessController;
 import java.security.Principal;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
 import java.util.regex.Pattern;
 
 import org.slf4j.Logger;
@@ -181,7 +184,7 @@ public class KarafMBeanServerGuard implements InvocationHandler {
     }
 
     private boolean canInvoke(ObjectName objectName, String methodName, String[] signature)
throws IOException {
-        if (canBypassRBAC(objectName)) {
+        if (canBypassRBAC(objectName, methodName)) {
             return true;
         }
         for (String role : getRequiredRoles(objectName, methodName, signature)) {
@@ -202,9 +205,9 @@ public class KarafMBeanServerGuard implements InvocationHandler {
         }
         if (prefix == null) {
             LOG.debug("Attribute " + attributeName + " can not be found for MBean " + objectName.toString());
+        } else {
+            handleInvoke(objectName, prefix + attributeName, new Object[]{}, new String[]{});
         }
-
-        handleInvoke(objectName, prefix + attributeName, new Object[]{}, new String[]{});
     }
 
     private void handleGetAttributes(MBeanServer proxy, ObjectName objectName, String[] attributeNames)
throws JMException, IOException {
@@ -234,8 +237,8 @@ public class KarafMBeanServerGuard implements InvocationHandler {
             handleSetAttribute(proxy, objectName, attr);
         }
     }
-
-    private boolean canBypassRBAC(ObjectName objectName) {
+    
+    private boolean canBypassRBAC(ObjectName objectName, String operationName) {
         List<String> allBypassObjectName = new ArrayList<String>();
         try {
             Configuration[] configs = configAdmin.listConfigurations("(service.pid=" + JMX_ACL_WHITELIST
+ ")");
@@ -255,16 +258,28 @@ public class KarafMBeanServerGuard implements InvocationHandler {
         } 
 
         for (String pid : iterateDownPids(getNameSegments(objectName))) {
-            if (!pid.equals("jmx.acl") 
-                && allBypassObjectName.contains(pid.substring("jmx.acl.".length())))
{
-                return true;
+            if (!pid.equals("jmx.acl"))  {
+                for (String bypassObjectName : allBypassObjectName) {
+                    String objectNameAndMethod[] = bypassObjectName.split(";");
+                    if (objectNameAndMethod.length > 1) {
+                        //check both the ObjectName and MethodName
+                        if (bypassObjectName.equals(pid.substring("jmx.acl.".length()) 
+                            + ";" + operationName)) {
+                            return true;
+                        }
+                    } else {
+                        if (bypassObjectName.equals(pid.substring("jmx.acl.".length())))
{
+                            return true;
+                        }
+                    }
+                }
             }
         }
         return false;
     }
 
     void handleInvoke(ObjectName objectName, String operationName, Object[] params, String[]
signature) throws IOException {
-        if (canBypassRBAC(objectName)) {
+        if (canBypassRBAC(objectName, operationName)) {
             return;
         }
         for (String role : getRequiredRoles(objectName, operationName, params, signature))
{


Mime
View raw message