Return-Path: X-Original-To: apmail-qpid-commits-archive@www.apache.org Delivered-To: apmail-qpid-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6E4F51156E for ; Wed, 21 May 2014 14:08:27 +0000 (UTC) Received: (qmail 26070 invoked by uid 500); 21 May 2014 14:08:27 -0000 Delivered-To: apmail-qpid-commits-archive@qpid.apache.org Received: (qmail 26048 invoked by uid 500); 21 May 2014 14:08:27 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 26041 invoked by uid 99); 21 May 2014 14:08:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 May 2014 14:08:27 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 May 2014 14:08:27 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 3406B2388860; Wed, 21 May 2014 14:08:03 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1596579 - /qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/ Date: Wed, 21 May 2014 14:08:03 -0000 To: commits@qpid.apache.org From: kwall@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20140521140803.3406B2388860@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: kwall Date: Wed May 21 14:08:02 2014 New Revision: 1596579 URL: http://svn.apache.org/r1596579 Log: QPID-5779: [Java Broker] JMX plugin's server sockets should set the SO_REUSEADDR socket option * Plugin now passes correctly configured ServerSocketFactory to JMX for both the registry and connector servers. * Manually retested SSL connections to JMX. Added: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java - copied, changed from r1596565, qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java Removed: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java Modified: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java Modified: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java?rev=1596579&r1=1596578&r2=1596579&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java (original) +++ qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java Wed May 21 14:08:02 2014 @@ -149,9 +149,8 @@ public class JMXManagedObjectRegistry im } else { - //Do not specify any specific RMI socket factories, resulting in use of the defaults. - csf = null; - ssf = null; + csf = null; // signifies the default + ssf = new QpidRMIServerSocketFactory(); } int jmxPortRegistryServer = _registryPort.getPort(); @@ -260,17 +259,9 @@ public class JMXManagedObjectRegistry im private Registry createRmiRegistry(int jmxPortRegistryServer, boolean useCustomRmiRegistry) throws RemoteException { - Registry rmiRegistry; - if(useCustomRmiRegistry) - { - _log.debug("Using custom RMIServerSocketFactory"); - rmiRegistry = LocateRegistry.createRegistry(jmxPortRegistryServer, null, new CustomRMIServerSocketFactory()); - } - else - { - _log.debug("Using default RMIServerSocketFactory"); - rmiRegistry = LocateRegistry.createRegistry(jmxPortRegistryServer, null, null); - } + final RMIServerSocketFactory ssf; + ssf = getRmiServerSocketFactory(useCustomRmiRegistry); + Registry rmiRegistry = LocateRegistry.createRegistry(jmxPortRegistryServer, null, ssf); getEventLogger().message(ManagementConsoleMessages.LISTENING("RMI Registry", jmxPortRegistryServer)); return rmiRegistry; @@ -409,4 +400,22 @@ public class JMXManagedObjectRegistry im } } + private RMIServerSocketFactory getRmiServerSocketFactory(final boolean useCustomRmiRegistry) + { + final RMIServerSocketFactory ssf; + if(useCustomRmiRegistry) + { + if (_log.isDebugEnabled()) + { + _log.debug("Using registry-protecting RMIServerSocketFactory"); + } + ssf = new RegistryProtectingRMIServerSocketFactory(); + } + else + { + ssf = new QpidRMIServerSocketFactory(); + } + return ssf; + } + } Added: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java?rev=1596579&view=auto ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java (added) +++ qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java Wed May 21 14:08:02 2014 @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.jmx; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.rmi.server.RMIServerSocketFactory; + +import javax.net.ServerSocketFactory; +import javax.net.SocketFactory; + +class QpidRMIServerSocketFactory implements RMIServerSocketFactory +{ + @Override + public ServerSocket createServerSocket(int port) throws IOException + { + ServerSocket serverSocket = ServerSocketFactory.getDefault().createServerSocket(port); + serverSocket.setReuseAddress(true); + return serverSocket; + } + + @Override + public int hashCode() + { + final int prime = 37; + return prime * QpidRMIServerSocketFactory.class.getName().hashCode(); + } + + @Override + public boolean equals(final Object obj) + { + return getClass() == obj.getClass(); + } +} \ No newline at end of file Modified: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java?rev=1596579&r1=1596578&r2=1596579&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java (original) +++ qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java Wed May 21 14:08:02 2014 @@ -61,22 +61,24 @@ public class QpidSslRMIServerSocketFacto { final SSLSocketFactory factory = _sslContext.getSocketFactory(); - return new ServerSocket(port) + ServerSocket serverSocket = new ServerSocket(port) { public Socket accept() throws IOException { Socket socket = super.accept(); SSLSocket sslSocket = - (SSLSocket) factory.createSocket(socket, - socket.getInetAddress().getHostName(), - socket.getPort(), - true); + (SSLSocket) factory.createSocket(socket, + socket.getInetAddress().getHostName(), + socket.getPort(), + true); sslSocket.setUseClientMode(false); return sslSocket; } }; + serverSocket.setReuseAddress(true); + return serverSocket; } /** Copied: qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java (from r1596565, qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java) URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java?p2=qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java&p1=qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java&r1=1596565&r2=1596579&rev=1596579&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java (original) +++ qpid/trunk/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java Wed May 21 14:08:02 2014 @@ -26,19 +26,35 @@ import java.net.Socket; import java.rmi.server.RMIServerSocketFactory; /** - * Custom RMIServerSocketFactory class, used to prevent updates to the RMI registry. + * A custom RMIServerSocketFactory class, used to prevent updates to the RMI registry. * Supplied to the registry at creation, this will prevent RMI-based operations on the * registry such as attempting to bind a new object, thereby securing it from tampering. * This is accomplished by always returning null when attempting to determine the address * of the caller, thus ensuring the registry will refuse the attempt. Calls to bind etc * made using the object reference will not be affected and continue to operate normally. */ -class CustomRMIServerSocketFactory implements RMIServerSocketFactory +class RegistryProtectingRMIServerSocketFactory implements RMIServerSocketFactory { + @Override public ServerSocket createServerSocket(int port) throws IOException { - return new NoLocalAddressServerSocket(port); + NoLocalAddressServerSocket serverSocket = new NoLocalAddressServerSocket(port); + serverSocket.setReuseAddress(true); + return serverSocket; + } + + @Override + public int hashCode() + { + final int prime = 31; + return prime * RegistryProtectingRMIServerSocketFactory.class.getName().hashCode(); + } + + @Override + public boolean equals(final Object obj) + { + return getClass() == obj.getClass(); } private static class NoLocalAddressServerSocket extends ServerSocket --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org