Repository: karaf Updated Branches: refs/heads/master 64dd1f5ae -> 1991fbfa2
[KARAF-3024]RBAC - Support wildcard in jmx.acl.....cfg filename (cherry picked from commit 9626f7d39d16bab6035732b3250b03b43aed28a7) Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/1991fbfa Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/1991fbfa Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/1991fbfa Branch: refs/heads/master Commit: 1991fbfa20eaab0dff00b4c52eb4463c85a29a2f Parents: 64dd1f5 Author: Freeman Fang <[email protected]> Authored: Fri Jun 6 12:11:59 2014 +0800 Committer: Freeman Fang <[email protected]> Committed: Fri Jun 6 12:12:35 2014 +0800 ---------------------------------------------------------------------- .../karaf/management/KarafMBeanServerGuard.java | 34 ++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/1991fbfa/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java ---------------------------------------------------------------------- diff --git a/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java b/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java index 2561f71..79b0d3b 100644 --- a/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java +++ b/management/server/src/main/java/org/apache/karaf/management/KarafMBeanServerGuard.java @@ -32,6 +32,7 @@ import java.security.AccessControlContext; import java.security.AccessController; import java.security.Principal; import java.util.*; +import java.util.regex.Pattern; public class KarafMBeanServerGuard implements InvocationHandler { @@ -40,6 +41,8 @@ public class KarafMBeanServerGuard implements InvocationHandler { private static final String JMX_ACL_WHITELIST = "jmx.acl.whitelist"; + private static final String JMX_OBJECTNAME_PROPERTY_WILDCARD = "_"; + private ConfigurationAdmin configAdmin; public ConfigurationAdmin getConfigAdmin() { @@ -281,8 +284,9 @@ public class KarafMBeanServerGuard implements InvocationHandler { } for (String pid : iterateDownPids(getNameSegments(objectName))) { - if (allPids.contains(pid)) { - Configuration config = configAdmin.getConfiguration(pid); + String generalPid = getGeneralPid(allPids, pid); + if (generalPid.length() > 0) { + Configuration config = configAdmin.getConfiguration(generalPid); List<String> roles = new ArrayList<String>(); ACLConfigurationParser.Specificity s = ACLConfigurationParser.getRolesForInvocation(methodName, params, signature, config.getProperties(), roles); if (s != ACLConfigurationParser.Specificity.NO_MATCH) { @@ -293,6 +297,32 @@ public class KarafMBeanServerGuard implements InvocationHandler { return Collections.emptyList(); } + private String getGeneralPid(List<String> allPids, String pid) { + String ret = ""; + String[] pidStrArray = pid.split(Pattern.quote(".")); + for (String id : allPids) { + String[] idStrArray = id.split(Pattern.quote(".")); + if (idStrArray.length == pidStrArray.length) { + boolean match = true; + for (int i = 0; i < idStrArray.length; i++) { + if (idStrArray[i].equals(JMX_OBJECTNAME_PROPERTY_WILDCARD) + || idStrArray[i].equals(pidStrArray[i])) { + continue; + } else { + match = false; + break; + } + } + if (match) { + ret = id; + return ret; + } + } + } + + return ret; + } + private List<String> getNameSegments(ObjectName objectName) { List<String> segments = new ArrayList<String>(); segments.add(objectName.getDomain());
