mirror of https://github.com/apache/activemq.git
https://issues.apache.org/activemq/browse/AMQ-3044 - secure jmx connector
git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1036455 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Bosanac Dejan
parent
3596f3706f
commit
fe3660dfcd
|
|
@ -16,6 +16,14 @@
|
|||
*/
|
||||
package org.apache.activemq.broker.jmx;
|
||||
|
||||
import org.apache.activemq.Service;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import javax.management.*;
|
||||
import javax.management.remote.JMXConnectorServer;
|
||||
import javax.management.remote.JMXConnectorServerFactory;
|
||||
import javax.management.remote.JMXServiceURL;
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.net.MalformedURLException;
|
||||
|
|
@ -23,26 +31,9 @@ import java.net.ServerSocket;
|
|||
import java.rmi.registry.LocateRegistry;
|
||||
import java.rmi.registry.Registry;
|
||||
import java.rmi.server.RMIServerSocketFactory;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.CopyOnWriteArrayList;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
import javax.management.Attribute;
|
||||
import javax.management.JMException;
|
||||
import javax.management.MBeanServer;
|
||||
import javax.management.MBeanServerFactory;
|
||||
import javax.management.MBeanServerInvocationHandler;
|
||||
import javax.management.MalformedObjectNameException;
|
||||
import javax.management.ObjectInstance;
|
||||
import javax.management.ObjectName;
|
||||
import javax.management.QueryExp;
|
||||
import javax.management.remote.JMXConnectorServer;
|
||||
import javax.management.remote.JMXConnectorServerFactory;
|
||||
import javax.management.remote.JMXServiceURL;
|
||||
import org.apache.activemq.Service;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
/**
|
||||
* An abstraction over JMX mbean registration
|
||||
|
|
@ -65,6 +56,7 @@ public class ManagementContext implements Service {
|
|||
private boolean findTigerMbeanServer = true;
|
||||
private String connectorHost = "localhost";
|
||||
private int connectorPort = 1099;
|
||||
private Map environment;
|
||||
private int rmiServerPort;
|
||||
private String connectorPath = "/jmxrmi";
|
||||
private final AtomicBoolean started = new AtomicBoolean(false);
|
||||
|
|
@ -456,7 +448,8 @@ public class ManagementContext implements Service {
|
|||
}
|
||||
String serviceURL = "service:jmx:rmi://" + rmiServer + "/jndi/rmi://" +getConnectorHost()+":" + connectorPort + connectorPath;
|
||||
JMXServiceURL url = new JMXServiceURL(serviceURL);
|
||||
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(url, null, mbeanServer);
|
||||
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(url, environment, mbeanServer);
|
||||
|
||||
}
|
||||
|
||||
public String getConnectorPath() {
|
||||
|
|
@ -512,4 +505,12 @@ public class ManagementContext implements Service {
|
|||
public void setConnectorHost(String connectorHost) {
|
||||
this.connectorHost = connectorHost;
|
||||
}
|
||||
|
||||
public Map getEnvironment() {
|
||||
return environment;
|
||||
}
|
||||
|
||||
public void setEnvironment(Map environment) {
|
||||
this.environment = environment;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,11 +18,22 @@ package org.apache.activemq.xbean;
|
|||
|
||||
import org.apache.activemq.broker.BrokerFactory;
|
||||
import org.apache.activemq.broker.BrokerService;
|
||||
import org.apache.activemq.broker.jmx.BrokerViewMBean;
|
||||
import org.apache.activemq.util.JMXSupport;
|
||||
import java.net.URI;
|
||||
import java.util.HashMap;
|
||||
import java.util.Hashtable;
|
||||
import java.util.Map;
|
||||
import javax.management.MBeanServerConnection;
|
||||
import javax.management.MBeanServerInvocationHandler;
|
||||
import javax.management.ObjectName;
|
||||
import javax.management.remote.JMXConnector;
|
||||
import javax.management.remote.JMXConnectorFactory;
|
||||
import javax.management.remote.JMXServiceURL;
|
||||
|
||||
import junit.framework.TestCase;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
/**
|
||||
* @version $Revision: 1.1 $
|
||||
|
|
@ -30,6 +41,7 @@ import junit.framework.TestCase;
|
|||
public class ManagementContextXBeanConfigTest extends TestCase {
|
||||
|
||||
protected BrokerService brokerService;
|
||||
private static final transient Log LOG = LogFactory.getLog(ManagementContextXBeanConfigTest.class);
|
||||
|
||||
public void testManagmentContextConfiguredCorrectly() throws Exception {
|
||||
assertEquals(2011, brokerService.getManagementContext().getConnectorPort());
|
||||
|
|
@ -43,6 +55,34 @@ public class ManagementContextXBeanConfigTest extends TestCase {
|
|||
assertNotNull(value);
|
||||
}
|
||||
|
||||
public void testSuccessAuthentication() throws Exception {
|
||||
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:2011/jmxrmi");
|
||||
Map env = new HashMap();
|
||||
env.put(JMXConnector.CREDENTIALS, new String[]{"admin", "activemq"});
|
||||
JMXConnector connector = JMXConnectorFactory.connect(url, env);
|
||||
assertAuthentication(connector);
|
||||
}
|
||||
|
||||
public void testFailAuthentication() throws Exception {
|
||||
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://localhost:2011/jmxrmi");
|
||||
try {
|
||||
JMXConnector connector = JMXConnectorFactory.connect(url, null);
|
||||
assertAuthentication(connector);
|
||||
} catch (SecurityException e) {
|
||||
return;
|
||||
}
|
||||
fail("Should have thrown an exception");
|
||||
}
|
||||
|
||||
public void assertAuthentication(JMXConnector connector) throws Exception {
|
||||
connector.connect();
|
||||
MBeanServerConnection connection = connector.getMBeanServerConnection();
|
||||
ObjectName name = new ObjectName("test.domain:BrokerName=localhost,Type=Broker");
|
||||
BrokerViewMBean mbean = (BrokerViewMBean) MBeanServerInvocationHandler
|
||||
.newProxyInstance(connection, name, BrokerViewMBean.class, true);
|
||||
LOG.info("Broker " + mbean.getBrokerId() + " - " + mbean.getBrokerName());
|
||||
}
|
||||
|
||||
protected void setUp() throws Exception {
|
||||
brokerService = createBroker();
|
||||
brokerService.start();
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
admin readwrite
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
## ---------------------------------------------------------------------------
|
||||
## Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
## contributor license agreements. See the NOTICE file distributed with
|
||||
## this work for additional information regarding copyright ownership.
|
||||
## The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
## (the "License"); you may not use this file except in compliance with
|
||||
## the License. You may obtain a copy of the License at
|
||||
##
|
||||
## http://www.apache.org/licenses/LICENSE-2.0
|
||||
##
|
||||
## Unless required by applicable law or agreed to in writing, software
|
||||
## distributed under the License is distributed on an "AS IS" BASIS,
|
||||
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
## See the License for the specific language governing permissions and
|
||||
## limitations under the License.
|
||||
## ---------------------------------------------------------------------------
|
||||
|
||||
admin activemq
|
||||
|
|
@ -29,7 +29,14 @@
|
|||
|
||||
<broker useJmx="true" xmlns="http://activemq.apache.org/schema/core">
|
||||
<managementContext>
|
||||
<managementContext connectorPort="2011" jmxDomainName="test.domain" />
|
||||
<managementContext createConnector="true" connectorPort="2011" jmxDomainName="test.domain">
|
||||
<property xmlns="http://www.springframework.org/schema/beans" name="environment">
|
||||
<map xmlns="http://www.springframework.org/schema/beans">
|
||||
<entry xmlns="http://www.springframework.org/schema/beans" key="jmx.remote.x.password.file" value="src/test/resources/jmx.password"/>
|
||||
<entry xmlns="http://www.springframework.org/schema/beans" key="jmx.remote.x.access.file" value="src/test/resources/jmx.access"/>
|
||||
</map>
|
||||
</property>
|
||||
</managementContext>
|
||||
</managementContext>
|
||||
</broker>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue