Author: azeez
Date: Wed Jan 2 04:11:30 2008
New Revision: 11763
Log:
Using a custom JMX Authenticator for JMX authentication
Added:
trunk/wsas/java/modules/core/src/org/wso2/wsas/security/WSASJMXAuthenticator.java
Modified:
trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java
Modified:
trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java
==============================================================================
---
trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java
(original)
+++
trunk/wsas/java/modules/core/src/org/wso2/wsas/DefaultServerInitializer.java
Wed Jan 2 04:11:30 2008
@@ -49,6 +49,7 @@
import org.wso2.wsas.persistence.exception.ServiceUserAlreadyExistsException;
import org.wso2.wsas.persistence.exception.TransportAlreadyExistsException;
import org.wso2.wsas.persistence.exception.UserRoleAlreadyExistsException;
+import org.wso2.wsas.security.WSASJMXAuthenticator;
import org.wso2.wsas.util.ClusteringUtil;
import org.wso2.wsas.util.HouseKeepingTask;
import org.wso2.wsas.util.XmlConfiguration;
@@ -58,9 +59,7 @@
import javax.management.remote.JMXConnectorServerFactory;
import javax.management.remote.JMXServiceURL;
import javax.xml.namespace.QName;
-import java.io.BufferedWriter;
import java.io.File;
-import java.io.FileWriter;
import java.lang.management.ManagementFactory;
import java.rmi.registry.LocateRegistry;
import java.util.HashMap;
@@ -144,45 +143,9 @@
if (isJMXServiceStarted) {
return;
}
- String workDirName =
serverConfig.getFirstProperty("WorkDirectory");
- File worDir = new File(workDirName);
- if(!worDir.exists()){
- worDir.mkdirs();
- }
- String jmxPasswordFileName =
- workDirName + File.separator + "jmx" +
System.currentTimeMillis();
- File jmxPasswordFile = new File(jmxPasswordFileName);
- if (jmxPasswordFile.exists()) {
- jmxPasswordFile.delete();
- }
int jmxPortInt = Integer.parseInt(jmxPort);
MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
try {
-
- // Store username,pwd in temp file
- jmxPasswordFile.createNewFile();
- ServiceUserDO[] users = pm.getUsers();
- CryptoUtil cryptoUtil =
- new CryptoUtil(new File(
-
serverConfig.getFirstProperty("Security.KeyStore.Location")).getAbsolutePath(),
-
serverConfig.getFirstProperty("Security.KeyStore.Password"),
-
serverConfig.getFirstProperty("Security.KeyStore.KeyAlias"),
-
serverConfig.getFirstProperty("Security.KeyStore.KeyPassword"),
-
serverConfig.getFirstProperty("Security.KeyStore.Type"));
- FileWriter fileWriter = new FileWriter(jmxPasswordFile);
- BufferedWriter writer = new BufferedWriter(fileWriter);
- for (int i = 0; i < users.length; i++) {
- ServiceUserDO user = users[i];
- if (user.hasRole("admin")) {
- String username = user.getUsername();
- String pwd = new
String(cryptoUtil.base64DecodeAndDecrypt(user.getPassword()));
- writer.write(username + " " + pwd);
- }
- }
- writer.flush();
- fileWriter.close();
- writer.close();
-
LocateRegistry.createRegistry(jmxPortInt);
// Create an RMI connector and start it
@@ -192,12 +155,7 @@
// Security credentials are included in the env Map
HashMap env = new HashMap();
-
- //TODO: Create the password file in a temp location
- env.put("jmx.remote.x.password.file", jmxPasswordFileName);
//TODO: Check how a JDBC JAAS realm can be created
-// env.put("jmx.remote.x.access.file",
-// "conf" + File.separator + "access.properties");
-
+ env.put(JMXConnectorServer.AUTHENTICATOR, new
WSASJMXAuthenticator());
JMXConnectorServer cs =
JMXConnectorServerFactory.newJMXConnectorServer(url,
env, mbs);
cs.start();
@@ -207,11 +165,6 @@
String msg = "Could not initialize MBean server";
log.error(msg, e);
throw new ServerException(msg, e);
- } finally {
- //TODO: Delete the file that was created
- /* if (jmxPasswordFile != null && jmxPasswordFile.exists()) {
- jmxPasswordFile.delete();
- }*/
}
}
}
Added:
trunk/wsas/java/modules/core/src/org/wso2/wsas/security/WSASJMXAuthenticator.java
==============================================================================
--- (empty file)
+++
trunk/wsas/java/modules/core/src/org/wso2/wsas/security/WSASJMXAuthenticator.java
Wed Jan 2 04:11:30 2008
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wso2.wsas.security;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.utils.ServerConfiguration;
+import org.wso2.utils.security.CryptoException;
+import org.wso2.utils.security.CryptoUtil;
+import org.wso2.wsas.persistence.PersistenceManager;
+import org.wso2.wsas.persistence.dataobject.ServiceUserDO;
+
+import javax.management.remote.JMXAuthenticator;
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
+import java.io.File;
+import java.util.Collections;
+
+/**
+ * JMX Authenticator for WSAS
+ */
+public class WSASJMXAuthenticator implements JMXAuthenticator {
+
+ private static Log log = LogFactory.getLog(WSASJMXAuthenticator.class);
+
+ public Subject authenticate(Object credentials) {
+
+ // Verify that credentials is of type String[].
+ //
+ if (!(credentials instanceof String[])) {
+ // Special case for null so we get a more informative message
+ if (credentials == null) {
+ throw new SecurityException("Credentials required");
+ }
+ throw new SecurityException("Credentials should be String[]");
+ }
+
+ // Verify that the array contains three elements
(username/password/realm).
+ //
+ final String[] aCredentials = (String[]) credentials;
+ if (aCredentials.length < 2) {
+ throw new SecurityException("Credentials should have at least
username & password");
+ }
+
+ // Perform authentication
+ //
+ String username = aCredentials[0];
+ String password = aCredentials[1];
+
+ // ...perform authentication
+ boolean authenticated = false;
+ PersistenceManager pm = new PersistenceManager();
+ ServiceUserDO user = pm.getUser(username);
+ if (user != null) {
+ ServerConfiguration serverConfig =
ServerConfiguration.getInstance();
+ CryptoUtil cryptoUtil =
+ new CryptoUtil(new File(
+
serverConfig.getFirstProperty("Security.KeyStore.Location")).getAbsolutePath(),
+
serverConfig.getFirstProperty("Security.KeyStore.Password"),
+
serverConfig.getFirstProperty("Security.KeyStore.KeyAlias"),
+
serverConfig.getFirstProperty("Security.KeyStore.KeyPassword"),
+
serverConfig.getFirstProperty("Security.KeyStore.Type"));
+ try {
+ String pwd = new
String(cryptoUtil.base64DecodeAndDecrypt(user.getPassword()));
+ if (pwd.equals(password)) {
+ authenticated = true;
+ }
+ } catch (CryptoException e) {
+ String msg = "Could not decrypt password";
+ log.error(msg, e);
+ throw new SecurityException(msg, e);
+ }
+ }
+
+ if (authenticated) {
+ return new Subject(true,
+ Collections.singleton(new
JMXPrincipal(username)),
+ Collections.EMPTY_SET,
+ Collections.EMPTY_SET);
+ } else {
+ throw new SecurityException("Username and/or password are
incorrect, " +
+ "or you do not have the necessary
access rights.");
+ }
+ }
+}
_______________________________________________
Wsas-java-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/wsas-java-dev
