[
https://issues.apache.org/jira/browse/GEODE-4193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312015#comment-16312015
]
ASF GitHub Bot commented on GEODE-4193:
---------------------------------------
jinmeiliao closed pull request #1227: GEODE-4193: fix password file security in
JMX
URL: https://github.com/apache/geode/pull/1227
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
index 6c0b30484e..f77c2e4feb 100644
---
a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
+++
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
@@ -51,6 +51,7 @@
import org.apache.geode.management.internal.ManagementConstants;
import org.apache.geode.management.internal.cli.CommandRequest;
import org.apache.geode.management.internal.cli.LogWrapper;
+import org.apache.geode.management.internal.security.ResourceConstants;
/**
* OperationInvoker JMX Implementation
@@ -100,7 +101,15 @@ public JmxOperationInvoker(final String host, final int
port, Properties gfPrope
final Map<String, Object> env = new HashMap<>();
env.put(JMXConnectionListener.CHECK_PERIOD_PROP,
JMXConnectionListener.CHECK_PERIOD);
- env.put(JMXConnector.CREDENTIALS, gfProperties);
+
+ // when not using JMXShiroAuthenticator in the integrated security, JMX
own password file
+ // authentication requires the credentials been sent in String[] format.
+ // Our JMXShiroAuthenticator handles both String[] and Properties format
+ String username = gfProperties.getProperty(ResourceConstants.USER_NAME);
+ String password = gfProperties.getProperty(ResourceConstants.PASSWORD);
+ if (username != null) {
+ env.put(JMXConnector.CREDENTIALS, new String[] {username, password});
+ }
SSLConfig sslConfig =
SSLConfigurationFactory.getSSLConfigForComponent(gfProperties,
SecurableCommunicationChannel.JMX);
diff --git
a/geode-core/src/test/java/org/apache/geode/management/internal/security/JmxPasswordFileTest.java
b/geode-core/src/test/java/org/apache/geode/management/internal/security/JmxPasswordFileTest.java
new file mode 100644
index 0000000000..2a96b37323
--- /dev/null
+++
b/geode-core/src/test/java/org/apache/geode/management/internal/security/JmxPasswordFileTest.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+ * agreements. See the NOTICE file distributed with this work for additional
information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache
License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ * or implied. See the License for the specific language governing permissions
and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.security;
+
+import static
org.apache.geode.test.junit.rules.GfshCommandRule.PortType.jmxManager;
+
+import java.io.File;
+import java.util.Collections;
+
+import org.apache.commons.io.FileUtils;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.rules.GfshCommandRule;
+import org.apache.geode.test.junit.rules.LocatorStarterRule;
+
+
+@Category(IntegrationTest.class)
+public class JmxPasswordFileTest {
+ @Rule
+ public LocatorStarterRule locator = new LocatorStarterRule();
+
+ @Rule
+ public GfshCommandRule gfsh = new GfshCommandRule();
+
+ @Rule
+ public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+ @Test
+ public void connectWhenJmxManagerSecuredWithPasswordFile() throws Exception {
+ File passwordFile = temporaryFolder.newFile("password.properties");
+ FileUtils.writeLines(passwordFile, Collections.singleton("user user"));
+ locator.withProperty("jmx-manager-password-file",
passwordFile.getAbsolutePath());
+
+ locator.startLocator();
+
+ gfsh.secureConnectAndVerify(locator.getJmxPort(), jmxManager, "user",
"user");
+ }
+}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Using JMX password file to secure JMX manager results in connection error.
> --------------------------------------------------------------------------
>
> Key: GEODE-4193
> URL: https://issues.apache.org/jira/browse/GEODE-4193
> Project: Geode
> Issue Type: Bug
> Components: gfsh, security
> Reporter: Jinmei Liao
> Assignee: Jinmei Liao
> Fix For: 1.4.0
>
>
> Steps to reproduce:
> gfsh>start locator --name=locator
> --J=-Dgemfire.jmx-manager-password-file=password.properties
> gfsh>connect
> stack trace in gfsh log:
> [info 2018/01/04 08:57:36.498 PST Gfsh Launcher tid=0x1f] (msgTID=31 msgSN=6)
> Authentication failed! Credentials should be String[] instead of
> java.util.Properties
> java.lang.SecurityException: Authentication failed! Credentials should be
> String[] instead of java.util.Properties
> at
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:211)
> at
> com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:168)
> at
> javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:232)
> at
> javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:199)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
> at sun.rmi.transport.Transport$1.run(Transport.java:200)
> at sun.rmi.transport.Transport$1.run(Transport.java:197)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.rmi.transport.Transport.serviceCall(Transport.java:196)
> at
> sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:568)
> at
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:826)
> at
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(TCPTransport.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:682)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
> at
> sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:283)
> at
> sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:260)
> at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161)
> at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown
> Source)
> at
> javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2430)
> at
> javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
> at
> javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
> at
> org.apache.geode.management.internal.cli.shell.JmxOperationInvoker.<init>(JmxOperationInvoker.java:142)
> at
> org.apache.geode.management.internal.cli.commands.StartLocatorCommand.doAutoConnect(StartLocatorCommand.java:336)
> at
> org.apache.geode.management.internal.cli.commands.StartLocatorCommand.startLocator(StartLocatorCommand.java:296)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:216)
> at
> org.apache.geode.management.internal.cli.remote.CommandExecutor.invokeCommand(CommandExecutor.java:97)
> at
> org.apache.geode.management.internal.cli.remote.CommandExecutor.execute(CommandExecutor.java:45)
> at
> org.apache.geode.management.internal.cli.remote.CommandExecutor.execute(CommandExecutor.java:39)
> at
> org.apache.geode.management.internal.cli.shell.GfshExecutionStrategy.execute(GfshExecutionStrategy.java:79)
> at
> org.springframework.shell.core.AbstractShell.executeCommand(AbstractShell.java:134)
> at
> org.apache.geode.management.internal.cli.shell.Gfsh.promptLoop(Gfsh.java:1008)
> at org.springframework.shell.core.JLineShell.run(JLineShell.java:179)
> at java.lang.Thread.run(Thread.java:748)
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
