public abstract class

MBeanServerAccessController

extends Object
implements MBeanServerForwarder
java.lang.Object
   ↳ com.sun.jmx.remote.security.MBeanServerAccessController
Known Direct Subclasses

Class Overview

An object of this class implements the MBeanServer interface and, for each of its methods, calls an appropriate checking method and then forwards the request to a wrapped MBeanServer object. The checking method may throw a RuntimeException if the operation is not allowed; in this case the request is not forwarded to the wrapped object.

A typical use of this class is to insert it between a connector server such as the RMI connector and the MBeanServer with which the connector is associated. Requests from the connector client can then be filtered and those operations that are not allowed, or not allowed in a particular context, can be rejected by throwing a SecurityException in the corresponding check* method.

This is an abstract class, because in its implementation none of the checking methods does anything. To be useful, it must be subclassed and at least one of the checking methods overridden to do some checking. Some or all of the MBeanServer methods may also be overridden, for instance if the default checking behavior is inappropriate.

If there is no SecurityManager, then the access controller will refuse to create an MBean that is a ClassLoader, which includes MLets, or to execute the method addURL on an MBean that is an MLet. This prevents people from opening security holes unintentionally. Otherwise, it would not be obvious that granting write access grants the ability to download and execute arbitrary code in the target MBean server. Advanced users who do want the ability to use MLets are presumably advanced enough to handle policy files and security managers.

Summary

Public Constructors
MBeanServerAccessController()
Public Methods
void addNotificationListener(ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback)
Call checkRead(), then forward this method to the wrapped object.
void addNotificationListener(ObjectName name, ObjectName listener, NotificationFilter filter, Object handback)
Call checkRead(), then forward this method to the wrapped object.
ObjectInstance createMBean(String className, ObjectName name)
Call checkCreate(className), then forward this method to the wrapped object.
ObjectInstance createMBean(String className, ObjectName name, Object[] params, String[] signature)
Call checkCreate(className), then forward this method to the wrapped object.
ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName)
Call checkCreate(className), then forward this method to the wrapped object.
ObjectInstance createMBean(String className, ObjectName name, ObjectName loaderName, Object[] params, String[] signature)
Call checkCreate(className), then forward this method to the wrapped object.
ObjectInputStream deserialize(ObjectName name, byte[] data)
Call checkRead(), then forward this method to the wrapped object.
ObjectInputStream deserialize(String className, ObjectName loaderName, byte[] data)
Call checkRead(), then forward this method to the wrapped object.
ObjectInputStream deserialize(String className, byte[] data)
Call checkRead(), then forward this method to the wrapped object.
Object getAttribute(ObjectName name, String attribute)
Call checkRead(), then forward this method to the wrapped object.
AttributeList getAttributes(ObjectName name, String[] attributes)
Call checkRead(), then forward this method to the wrapped object.
ClassLoader getClassLoader(ObjectName loaderName)
Call checkRead(), then forward this method to the wrapped object.
ClassLoader getClassLoaderFor(ObjectName mbeanName)
Call checkRead(), then forward this method to the wrapped object.
ClassLoaderRepository getClassLoaderRepository()
Call checkRead(), then forward this method to the wrapped object.
String getDefaultDomain()
Call checkRead(), then forward this method to the wrapped object.
String[] getDomains()
Call checkRead(), then forward this method to the wrapped object.
Integer getMBeanCount()
Call checkRead(), then forward this method to the wrapped object.
MBeanInfo getMBeanInfo(ObjectName name)
Call checkRead(), then forward this method to the wrapped object.
MBeanServer getMBeanServer()
Returns the MBeanServer object to which requests will be forwarded.
ObjectInstance getObjectInstance(ObjectName name)
Call checkRead(), then forward this method to the wrapped object.
Object instantiate(String className, ObjectName loaderName, Object[] params, String[] signature)
Call checkCreate(className), then forward this method to the wrapped object.
Object instantiate(String className, Object[] params, String[] signature)
Call checkCreate(className), then forward this method to the wrapped object.
Object instantiate(String className)
Call checkCreate(className), then forward this method to the wrapped object.
Object instantiate(String className, ObjectName loaderName)
Call checkCreate(className), then forward this method to the wrapped object.
Object invoke(ObjectName name, String operationName, Object[] params, String[] signature)
Call checkWrite(), then forward this method to the wrapped object.
boolean isInstanceOf(ObjectName name, String className)
Call checkRead(), then forward this method to the wrapped object.
boolean isRegistered(ObjectName name)
Call checkRead(), then forward this method to the wrapped object.
Set<ObjectInstance> queryMBeans(ObjectName name, QueryExp query)
Call checkRead(), then forward this method to the wrapped object.
Set<ObjectName> queryNames(ObjectName name, QueryExp query)
Call checkRead(), then forward this method to the wrapped object.
ObjectInstance registerMBean(Object object, ObjectName name)
Call checkWrite(), then forward this method to the wrapped object.
void removeNotificationListener(ObjectName name, ObjectName listener, NotificationFilter filter, Object handback)
Call checkRead(), then forward this method to the wrapped object.
void removeNotificationListener(ObjectName name, ObjectName listener)
Call checkRead(), then forward this method to the wrapped object.
void removeNotificationListener(ObjectName name, NotificationListener listener)
Call checkRead(), then forward this method to the wrapped object.
void removeNotificationListener(ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback)
Call checkRead(), then forward this method to the wrapped object.
void setAttribute(ObjectName name, Attribute attribute)
Call checkWrite(), then forward this method to the wrapped object.
AttributeList setAttributes(ObjectName name, AttributeList attributes)
Call checkWrite(), then forward this method to the wrapped object.
void setMBeanServer(MBeanServer mbs)
Sets the MBeanServer object to which requests will be forwarded after treatment by this object.
void unregisterMBean(ObjectName name)
Call checkUnregister(), then forward this method to the wrapped object.
Protected Methods
void checkCreate(String className)
Check if the caller can create the named class.
abstract void checkRead()
Check if the caller can do read operations.
void checkUnregister(ObjectName name)
Check if the caller can unregister the named MBean.
abstract void checkWrite()
Check if the caller can do write operations.
[Expand]
Inherited Methods
From class java.lang.Object
From interface javax.management.MBeanServer
From interface javax.management.MBeanServerConnection
From interface javax.management.remote.MBeanServerForwarder

Public Constructors

public MBeanServerAccessController ()

Public Methods

public void addNotificationListener (ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean on which the listener should be added.
listener The listener object which will handle the notifications emitted by the registered MBean.
filter The filter object. If filter is null, no filtering will be performed before handling notifications.
handback The context to be sent to the listener when a notification is emitted.
Throws
InstanceNotFoundException

public void addNotificationListener (ObjectName name, ObjectName listener, NotificationFilter filter, Object handback)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean on which the listener should be added.
listener The object name of the listener which will handle the notifications emitted by the registered MBean.
filter The filter object. If filter is null, no filtering will be performed before handling notifications.
handback The context to be sent to the listener when a notification is emitted.
Throws
InstanceNotFoundException

public ObjectInstance createMBean (String className, ObjectName name)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the MBean to be instantiated.
name The object name of the MBean. May be null.
Returns
  • An ObjectInstance, containing the ObjectName and the Java class name of the newly instantiated MBean. If the contained ObjectName is n, the contained Java class name is getMBeanInfo(n).getClassName().
Throws
InstanceAlreadyExistsException
MBeanException
MBeanRegistrationException
NotCompliantMBeanException
ReflectionException

public ObjectInstance createMBean (String className, ObjectName name, Object[] params, String[] signature)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the MBean to be instantiated.
name The object name of the MBean. May be null.
params An array containing the parameters of the constructor to be invoked.
signature An array containing the signature of the constructor to be invoked.
Returns
  • An ObjectInstance, containing the ObjectName and the Java class name of the newly instantiated MBean. If the contained ObjectName is n, the contained Java class name is getMBeanInfo(n).getClassName().
Throws
InstanceAlreadyExistsException
MBeanException
MBeanRegistrationException
NotCompliantMBeanException
ReflectionException

public ObjectInstance createMBean (String className, ObjectName name, ObjectName loaderName)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the MBean to be instantiated.
name The object name of the MBean. May be null.
loaderName The object name of the class loader to be used.
Returns
  • An ObjectInstance, containing the ObjectName and the Java class name of the newly instantiated MBean. If the contained ObjectName is n, the contained Java class name is getMBeanInfo(n).getClassName().
Throws
InstanceAlreadyExistsException
InstanceNotFoundException
MBeanException
MBeanRegistrationException
NotCompliantMBeanException
ReflectionException

public ObjectInstance createMBean (String className, ObjectName name, ObjectName loaderName, Object[] params, String[] signature)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the MBean to be instantiated.
name The object name of the MBean. May be null.
loaderName The object name of the class loader to be used.
params An array containing the parameters of the constructor to be invoked.
signature An array containing the signature of the constructor to be invoked.
Returns
  • An ObjectInstance, containing the ObjectName and the Java class name of the newly instantiated MBean. If the contained ObjectName is n, the contained Java class name is getMBeanInfo(n).getClassName().
Throws
InstanceAlreadyExistsException
InstanceNotFoundException
MBeanException
MBeanRegistrationException
NotCompliantMBeanException
ReflectionException

public ObjectInputStream deserialize (ObjectName name, byte[] data)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean whose class loader should be used for the de-serialization.
data The byte array to be de-sererialized.
Returns
  • The de-serialized object stream.
Throws
InstanceNotFoundException
OperationsException

public ObjectInputStream deserialize (String className, ObjectName loaderName, byte[] data)

Call checkRead(), then forward this method to the wrapped object.

Parameters
className The name of the class whose class loader should be used for the de-serialization.
loaderName The name of the class loader to be used for loading the specified class. If null, the MBean Server's class loader will be used.
data The byte array to be de-sererialized.
Returns
  • The de-serialized object stream.
Throws
InstanceNotFoundException
OperationsException
ReflectionException

public ObjectInputStream deserialize (String className, byte[] data)

Call checkRead(), then forward this method to the wrapped object.

Parameters
className The name of the class whose class loader should be used for the de-serialization.
data The byte array to be de-sererialized.
Returns
  • The de-serialized object stream.
Throws
OperationsException
ReflectionException

public Object getAttribute (ObjectName name, String attribute)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean from which the attribute is to be retrieved.
attribute A String specifying the name of the attribute to be retrieved.
Returns
  • The value of the retrieved attribute.
Throws
AttributeNotFoundException
InstanceNotFoundException
MBeanException
ReflectionException

public AttributeList getAttributes (ObjectName name, String[] attributes)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean from which the attributes are retrieved.
attributes A list of the attributes to be retrieved.
Returns
  • The list of the retrieved attributes.
Throws
InstanceNotFoundException
ReflectionException

public ClassLoader getClassLoader (ObjectName loaderName)

Call checkRead(), then forward this method to the wrapped object.

Parameters
loaderName The ObjectName of the ClassLoader. May be null, in which case the MBean server's own ClassLoader is returned.
Returns
  • The named ClassLoader. If l is the actual ClassLoader with that name, and r is the returned value, then either: What this means is that the ClassLoader may be wrapped in another ClassLoader for security or other reasons.
Throws
InstanceNotFoundException

public ClassLoader getClassLoaderFor (ObjectName mbeanName)

Call checkRead(), then forward this method to the wrapped object.

Parameters
mbeanName The ObjectName of the MBean.
Returns
  • The ClassLoader used for that MBean. If l is the MBean's actual ClassLoader, and r is the returned value, then either: What this means is that the ClassLoader may be wrapped in another ClassLoader for security or other reasons.
Throws
InstanceNotFoundException

public ClassLoaderRepository getClassLoaderRepository ()

Call checkRead(), then forward this method to the wrapped object.

Returns
  • The ClassLoaderRepository for this MBeanServer.

public String getDefaultDomain ()

Call checkRead(), then forward this method to the wrapped object.

Returns
  • the default domain.

public String[] getDomains ()

Call checkRead(), then forward this method to the wrapped object.

Returns
  • the list of domains.

public Integer getMBeanCount ()

Call checkRead(), then forward this method to the wrapped object.

Returns
  • the number of registered MBeans, wrapped in an Integer. If the caller's permissions are restricted, this number may be greater than the number of MBeans the caller can access.

public MBeanInfo getMBeanInfo (ObjectName name)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean to analyze
Returns
  • An instance of MBeanInfo allowing the retrieval of all attributes and operations of this MBean.
Throws
InstanceNotFoundException
IntrospectionException
ReflectionException

public MBeanServer getMBeanServer ()

Returns the MBeanServer object to which requests will be forwarded.

Returns
  • the MBeanServer object to which requests will be forwarded, or null if there is none.

public ObjectInstance getObjectInstance (ObjectName name)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean.
Returns
  • The ObjectInstance associated with the MBean specified by name. The contained ObjectName is name and the contained class name is getMBeanInfo(name).getClassName().
Throws
InstanceNotFoundException

public Object instantiate (String className, ObjectName loaderName, Object[] params, String[] signature)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the object to be instantiated.
loaderName The object name of the class loader to be used.
params An array containing the parameters of the constructor to be invoked.
signature An array containing the signature of the constructor to be invoked.
Returns
  • The newly instantiated object.
Throws
InstanceNotFoundException
MBeanException
ReflectionException

public Object instantiate (String className, Object[] params, String[] signature)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the object to be instantiated.
params An array containing the parameters of the constructor to be invoked.
signature An array containing the signature of the constructor to be invoked.
Returns
  • The newly instantiated object.
Throws
MBeanException
ReflectionException

public Object instantiate (String className)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the object to be instantiated.
Returns
  • The newly instantiated object.
Throws
MBeanException
ReflectionException

public Object instantiate (String className, ObjectName loaderName)

Call checkCreate(className), then forward this method to the wrapped object.

Parameters
className The class name of the MBean to be instantiated.
loaderName The object name of the class loader to be used.
Returns
  • The newly instantiated object.
Throws
InstanceNotFoundException
MBeanException
ReflectionException

public Object invoke (ObjectName name, String operationName, Object[] params, String[] signature)

Call checkWrite(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean on which the method is to be invoked.
operationName The name of the operation to be invoked.
params An array containing the parameters to be set when the operation is invoked
signature An array containing the signature of the operation. The class objects will be loaded using the same class loader as the one used for loading the MBean on which the operation was invoked.
Returns
  • The object returned by the operation, which represents the result of invoking the operation on the MBean specified.
Throws
InstanceNotFoundException
MBeanException
ReflectionException

public boolean isInstanceOf (ObjectName name, String className)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The ObjectName of the MBean.
className The name of the class.
Returns
  • true if the MBean specified is an instance of the specified class according to the rules above, false otherwise.
Throws
InstanceNotFoundException

public boolean isRegistered (ObjectName name)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean to be checked.
Returns
  • True if the MBean is already registered in the MBean server, false otherwise.

public Set<ObjectInstance> queryMBeans (ObjectName name, QueryExp query)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The object name pattern identifying the MBeans to be retrieved. If null or no domain and key properties are specified, all the MBeans registered will be retrieved.
query The query expression to be applied for selecting MBeans. If null no query expression will be applied for selecting MBeans.
Returns
  • A set containing the ObjectInstance objects for the selected MBeans. If no MBean satisfies the query an empty list is returned.

public Set<ObjectName> queryNames (ObjectName name, QueryExp query)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The object name pattern identifying the MBean names to be retrieved. If null or no domain and key properties are specified, the name of all registered MBeans will be retrieved.
query The query expression to be applied for selecting MBeans. If null no query expression will be applied for selecting MBeans.
Returns
  • A set containing the ObjectNames for the MBeans selected. If no MBean satisfies the query, an empty list is returned.

public ObjectInstance registerMBean (Object object, ObjectName name)

Call checkWrite(), then forward this method to the wrapped object.

Parameters
object The MBean to be registered as an MBean.
name The object name of the MBean. May be null.
Returns
  • An ObjectInstance, containing the ObjectName and the Java class name of the newly registered MBean. If the contained ObjectName is n, the contained Java class name is getMBeanInfo(n).getClassName().
Throws
InstanceAlreadyExistsException
MBeanRegistrationException
NotCompliantMBeanException

public void removeNotificationListener (ObjectName name, ObjectName listener, NotificationFilter filter, Object handback)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean on which the listener should be removed.
listener The object name of the listener to be removed.
filter The filter that was specified when the listener was added.
handback The handback that was specified when the listener was added.
Throws
InstanceNotFoundException
ListenerNotFoundException

public void removeNotificationListener (ObjectName name, ObjectName listener)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean on which the listener should be removed.
listener The object name of the listener to be removed.
Throws
InstanceNotFoundException
ListenerNotFoundException

public void removeNotificationListener (ObjectName name, NotificationListener listener)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean on which the listener should be removed.
listener The listener to be removed.
Throws
InstanceNotFoundException
ListenerNotFoundException

public void removeNotificationListener (ObjectName name, NotificationListener listener, NotificationFilter filter, Object handback)

Call checkRead(), then forward this method to the wrapped object.

Parameters
name The name of the MBean on which the listener should be removed.
listener The listener to be removed.
filter The filter that was specified when the listener was added.
handback The handback that was specified when the listener was added.
Throws
InstanceNotFoundException
ListenerNotFoundException

public void setAttribute (ObjectName name, Attribute attribute)

Call checkWrite(), then forward this method to the wrapped object.

Parameters
name The name of the MBean within which the attribute is to be set.
attribute The identification of the attribute to be set and the value it is to be set to.
Throws
AttributeNotFoundException
InstanceNotFoundException
InvalidAttributeValueException
MBeanException
ReflectionException

public AttributeList setAttributes (ObjectName name, AttributeList attributes)

Call checkWrite(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean within which the attributes are to be set.
attributes A list of attributes: The identification of the attributes to be set and the values they are to be set to.
Returns
  • The list of attributes that were set, with their new values.
Throws
InstanceNotFoundException
ReflectionException

public void setMBeanServer (MBeanServer mbs)

Sets the MBeanServer object to which requests will be forwarded after treatment by this object.

Parameters
mbs the MBeanServer object to which requests will be forwarded.

public void unregisterMBean (ObjectName name)

Call checkUnregister(), then forward this method to the wrapped object.

Parameters
name The object name of the MBean to be unregistered.
Throws
InstanceNotFoundException
MBeanRegistrationException

Protected Methods

protected void checkCreate (String className)

Check if the caller can create the named class. The default implementation of this method calls checkWrite().

protected abstract void checkRead ()

Check if the caller can do read operations. This method does nothing if so, otherwise throws SecurityException.

protected void checkUnregister (ObjectName name)

Check if the caller can unregister the named MBean. The default implementation of this method calls checkWrite().

protected abstract void checkWrite ()

Check if the caller can do write operations. This method does nothing if so, otherwise throws SecurityException.