1/* 2 * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 26 * @bug 6261831 27 * @summary Tests the use of the subject delegation feature on the authenticated 28 * principals within the RMI connector server's creator codebase. 29 * @author Luis-Miguel Alventosa 30 * @modules java.management.rmi 31 * java.management/com.sun.jmx.remote.security 32 * @run clean SubjectDelegation2Test SimpleStandard SimpleStandardMBean 33 * @run build SubjectDelegation2Test SimpleStandard SimpleStandardMBean 34 * @run main SubjectDelegation2Test policy21 ok 35 * @run main SubjectDelegation2Test policy22 ko 36 * @run main SubjectDelegation2Test policy23 ko 37 * @run main SubjectDelegation2Test policy24 ok 38 * @run main SubjectDelegation2Test policy25 ko 39 */ 40 41import com.sun.jmx.remote.security.JMXPluggableAuthenticator; 42import java.io.File; 43import java.lang.management.ManagementFactory; 44import java.rmi.RemoteException; 45import java.rmi.registry.LocateRegistry; 46import java.rmi.registry.Registry; 47import java.util.HashMap; 48import java.util.Properties; 49import javax.management.Attribute; 50import javax.management.MBeanServer; 51import javax.management.MBeanServerConnection; 52import javax.management.Notification; 53import javax.management.NotificationListener; 54import javax.management.ObjectName; 55import javax.management.remote.JMXConnector; 56import javax.management.remote.JMXConnectorFactory; 57import javax.management.remote.JMXConnectorServer; 58import javax.management.remote.JMXConnectorServerFactory; 59import javax.management.remote.JMXServiceURL; 60 61public class SubjectDelegation2Test { 62 63 public static void main(String[] args) throws Exception { 64 String policyFile = args[0]; 65 String testResult = args[1]; 66 System.out.println("Policy file = " + policyFile); 67 System.out.println("Expected test result = " + testResult); 68 JMXConnectorServer jmxcs = null; 69 JMXConnector jmxc = null; 70 try { 71 // Create an RMI registry 72 // 73 System.out.println("Start RMI registry..."); 74 Registry reg = null; 75 int port = 5800; 76 while (port++ < 6000) { 77 try { 78 reg = LocateRegistry.createRegistry(port); 79 System.out.println("RMI registry running on port " + port); 80 break; 81 } catch (RemoteException e) { 82 // Failed to create RMI registry... 83 System.out.println("Failed to create RMI registry " + 84 "on port " + port); 85 } 86 } 87 if (reg == null) { 88 System.exit(1); 89 } 90 // Set the default password file 91 // 92 final String passwordFile = System.getProperty("test.src") + 93 File.separator + "jmxremote.password"; 94 System.out.println("Password file = " + passwordFile); 95 // Set policy file 96 // 97 final String policy = System.getProperty("test.src") + 98 File.separator + policyFile; 99 System.out.println("PolicyFile = " + policy); 100 System.setProperty("java.security.policy", policy); 101 // Instantiate the MBean server 102 // 103 System.out.println("Create the MBean server"); 104 MBeanServer mbs = ManagementFactory.getPlatformMBeanServer(); 105 // Register the SimpleStandardMBean 106 // 107 System.out.println("Create SimpleStandard MBean"); 108 SimpleStandard s = new SimpleStandard("monitorRole"); 109 mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard")); 110 // Create Properties containing the username/password entries 111 // 112 Properties props = new Properties(); 113 props.setProperty("jmx.remote.x.password.file", passwordFile); 114 // Initialize environment map to be passed to the connector server 115 // 116 System.out.println("Initialize environment map"); 117 HashMap env = new HashMap(); 118 env.put("jmx.remote.authenticator", 119 new JMXPluggableAuthenticator(props)); 120 // Set Security Manager 121 // 122 System.setSecurityManager(new SecurityManager()); 123 // Create an RMI connector server 124 // 125 System.out.println("Create an RMI connector server"); 126 JMXServiceURL url = new JMXServiceURL("rmi", null, 0); 127 128 jmxcs = 129 JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbs); 130 jmxcs.start(); 131 // Create an RMI connector client 132 // 133 System.out.println("Create an RMI connector client"); 134 HashMap cli_env = new HashMap(); 135 // These credentials must match those in the default password file 136 // 137 String[] credentials = new String[] { "monitorRole" , "QED" }; 138 cli_env.put("jmx.remote.credentials", credentials); 139 jmxc = JMXConnectorFactory.connect(jmxcs.getAddress(), cli_env); 140 MBeanServerConnection mbsc = jmxc.getMBeanServerConnection(); 141 // Get domains from MBeanServer 142 // 143 System.out.println("Domains:"); 144 String domains[] = mbsc.getDomains(); 145 for (int i = 0; i < domains.length; i++) { 146 System.out.println("\tDomain[" + i + "] = " + domains[i]); 147 } 148 // Get MBean count 149 // 150 System.out.println("MBean count = " + mbsc.getMBeanCount()); 151 // Get State attribute 152 // 153 String oldState = 154 (String) mbsc.getAttribute( 155 new ObjectName("MBeans:type=SimpleStandard"), 156 "State"); 157 System.out.println("Old State = \"" + oldState + "\""); 158 // Set State attribute 159 // 160 System.out.println("Set State to \"changed state\""); 161 mbsc.setAttribute(new ObjectName("MBeans:type=SimpleStandard"), 162 new Attribute("State", "changed state")); 163 // Get State attribute 164 // 165 String newState = 166 (String) mbsc.getAttribute( 167 new ObjectName("MBeans:type=SimpleStandard"), 168 "State"); 169 System.out.println("New State = \"" + newState + "\""); 170 if (!newState.equals("changed state")) { 171 System.out.println("Invalid State = \"" + newState + "\""); 172 System.exit(1); 173 } 174 // Add notification listener on SimpleStandard MBean 175 // 176 System.out.println("Add notification listener..."); 177 mbsc.addNotificationListener( 178 new ObjectName("MBeans:type=SimpleStandard"), 179 new NotificationListener() { 180 public void handleNotification(Notification notification, 181 Object handback) { 182 System.out.println("Received notification: " + 183 notification); 184 } 185 }, 186 null, 187 null); 188 // Unregister SimpleStandard MBean 189 // 190 System.out.println("Unregister SimpleStandard MBean..."); 191 mbsc.unregisterMBean(new ObjectName("MBeans:type=SimpleStandard")); 192 } catch (SecurityException e) { 193 if (testResult.equals("ko")) { 194 System.out.println("Got expected security exception = " + e); 195 } else { 196 System.out.println("Got unexpected security exception = " + e); 197 e.printStackTrace(); 198 throw e; 199 } 200 } catch (Exception e) { 201 System.out.println("Unexpected exception caught = " + e); 202 e.printStackTrace(); 203 throw e; 204 } finally { 205 // Close connector client 206 // 207 if (jmxc != null) 208 jmxc.close(); 209 // Stop connector server 210 // 211 if (jmxcs != null) 212 jmxcs.stop(); 213 // Say goodbye 214 // 215 System.out.println("Bye! Bye!"); 216 } 217 } 218} 219