| java.lang.Object | ||
| ↳ | com.sun.jmx.remote.security.MBeanServerAccessController | |
| ↳ | com.sun.jmx.remote.security.MBeanServerFileAccessController | |
Class Overview
An object of this class implements the MBeanServerAccessController interface and, for each of its methods, calls an appropriate checking method and then forwards the request to a wrapped MBeanServer object. The checking method may throw a SecurityException if the operation is not allowed; in this case the request is not forwarded to the wrapped object.
This class implements the checkRead(), checkWrite(),
checkCreate(String), and checkUnregister(ObjectName)
methods based on an access level properties file containing username/access
level pairs. The set of username/access level pairs is passed either as a
filename which denotes a properties file on disk, or directly as an instance
of the Properties class. In both cases, the name of each property
represents a username, and the value of the property is the associated access
level. Thus, any given username either does not exist in the properties or
has exactly one access level. The same access level can be shared by several
usernames.
The supported access level values are readonly and
readwrite. The readwrite access level can be
qualified by one or more clauses, where each clause looks
like create classNamePattern or unregister. For example:
monitorRole readonly
controlRole readwrite \
create javax.management.timer.*,javax.management.monitor.* \
unregister
(The continuation lines with \ come from the parser for
Properties files.)
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to the MBeanServer set by invoking the | |||||||||||
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to | |||||||||||
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to the MBeanServer set by invoking the | |||||||||||
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to the MBeanServer set by invoking the | |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Check if the caller can create MBeans or instances of the given class.
| |||||||||||
Check if the caller can do read operations.
| |||||||||||
Check if the caller can do unregister operations.
| |||||||||||
Check if the caller can do write operations.
| |||||||||||
Refresh the set of username/access level entries. | |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
com.sun.jmx.remote.security.MBeanServerAccessController
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
|
From interface
javax.management.MBeanServer
| |||||||||||
|
From interface
javax.management.MBeanServerConnection
| |||||||||||
|
From interface
javax.management.remote.MBeanServerForwarder
| |||||||||||
Public Constructors
public MBeanServerFileAccessController (String accessFileName)
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to the MBeanServer set by invoking the setMBeanServer(MBeanServer) method after doing access checks based on read and
write permissions.
This instance is initialized from the specified properties file.
Parameters
| accessFileName | name of the file which denotes a properties file on disk containing the username/access level entries. |
|---|
Throws
| IOException | if the file does not exist, is a directory rather than a regular file, or for some other reason cannot be opened for reading. |
|---|---|
| IllegalArgumentException | if any of the supplied access level values differs from "readonly" or "readwrite". |
public MBeanServerFileAccessController (String accessFileName, MBeanServer mbs)
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to mbs after doing access checks
based on read and write permissions.
This instance is initialized from the specified properties file.
Parameters
| accessFileName | name of the file which denotes a properties file on disk containing the username/access level entries. |
|---|---|
| mbs | the MBeanServer object to which requests will be forwarded. |
Throws
| IOException | if the file does not exist, is a directory rather than a regular file, or for some other reason cannot be opened for reading. |
|---|---|
| IllegalArgumentException | if any of the supplied access level values differs from "readonly" or "readwrite". |
public MBeanServerFileAccessController (Properties accessFileProps)
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to the MBeanServer set by invoking the setMBeanServer(MBeanServer) method after doing access checks based on read and
write permissions.
This instance is initialized from the specified properties
instance. This constructor makes a copy of the properties
instance and it is the copy that is consulted to check the
username and access level of an incoming connection. The
original properties object can be modified without affecting
the copy. If the refresh() method is then called, the
MBeanServerFileAccessController will make a new
copy of the properties object at that time.
Parameters
| accessFileProps | properties list containing the username/access level entries. |
|---|
Throws
| IllegalArgumentException | if accessFileProps is
null or if any of the supplied access level values differs
from "readonly" or "readwrite".
|
|---|---|
| IOException |
public MBeanServerFileAccessController (Properties accessFileProps, MBeanServer mbs)
Create a new MBeanServerAccessController that forwards all the
MBeanServer requests to the MBeanServer set by invoking the setMBeanServer(MBeanServer) method after doing access checks based on read and
write permissions.
This instance is initialized from the specified properties
instance. This constructor makes a copy of the properties
instance and it is the copy that is consulted to check the
username and access level of an incoming connection. The
original properties object can be modified without affecting
the copy. If the refresh() method is then called, the
MBeanServerFileAccessController will make a new
copy of the properties object at that time.
Parameters
| accessFileProps | properties list containing the username/access level entries. |
|---|---|
| mbs | the MBeanServer object to which requests will be forwarded. |
Throws
| IllegalArgumentException | if accessFileProps is
null or if any of the supplied access level values differs
from "readonly" or "readwrite".
|
|---|---|
| IOException |
Public Methods
public void checkCreate (String className)
Check if the caller can create MBeans or instances of the given class. This method does nothing if so, otherwise throws SecurityException.
public void checkRead ()
Check if the caller can do read operations. This method does nothing if so, otherwise throws SecurityException.
public void checkUnregister (ObjectName name)
Check if the caller can do unregister operations. This method does nothing if so, otherwise throws SecurityException.
public void checkWrite ()
Check if the caller can do write operations. This method does nothing if so, otherwise throws SecurityException.
public synchronized void refresh ()
Refresh the set of username/access level entries.
If this instance was created using the
MBeanServerFileAccessController(String) or
MBeanServerFileAccessController(String, MBeanServer)
constructors to specify a file from which the entries are read,
the file is re-read.
If this instance was created using the
MBeanServerFileAccessController(Properties) or
MBeanServerFileAccessController(Properties, MBeanServer)
constructors then a new copy of the Properties object
is made.
Throws
| IOException | if the file does not exist, is a directory rather than a regular file, or for some other reason cannot be opened for reading. |
|---|---|
| IllegalArgumentException | if any of the supplied access level values differs from "readonly" or "readwrite". |