Home » geronimo-2.2-source-release » org.apache.geronimo.jmxremoting » [javadoc | source]

    1   /**
    2    *  Licensed to the Apache Software Foundation (ASF) under one or more
    3    *  contributor license agreements.  See the NOTICE file distributed with
    4    *  this work for additional information regarding copyright ownership.
    5    *  The ASF licenses this file to You under the Apache License, Version 2.0
    6    *  (the "License"); you may not use this file except in compliance with
    7    *  the License.  You may obtain a copy of the License at
    8    *
    9    *     http://www.apache.org/licenses/LICENSE-2.0
   10    *
   11    *  Unless required by applicable law or agreed to in writing, software
   12    *  distributed under the License is distributed on an "AS IS" BASIS,
   13    *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    *  See the License for the specific language governing permissions and
   15    *  limitations under the License.
   16    */
   17   package org.apache.geronimo.jmxremoting;
   18   
   19   import java.io.IOException;
   20   import java.net.InetAddress;
   21   import java.net.ServerSocket;
   22   import java.net.UnknownHostException;
   23   import java.rmi.server.RMIClientSocketFactory;
   24   import java.rmi.server.RMIServerSocketFactory;
   25   import java.util.HashMap;
   26   import java.util.Map;
   27   
   28   import javax.management.MBeanServer;
   29   import javax.management.NotificationFilterSupport;
   30   import javax.management.remote.JMXConnectionNotification;
   31   import javax.management.remote.JMXConnectorServer;
   32   import javax.management.remote.JMXConnectorServerFactory;
   33   import javax.management.remote.JMXServiceURL;
   34   import javax.management.remote.rmi.RMIConnectorServer;
   35   import javax.net.ssl.KeyManagerFactory;
   36   import javax.net.ssl.SSLServerSocket;
   37   import javax.net.ssl.SSLServerSocketFactory;
   38   import javax.rmi.ssl.SslRMIClientSocketFactory;
   39   
   40   import org.apache.geronimo.gbean.GBeanInfo;
   41   import org.apache.geronimo.gbean.GBeanInfoBuilder;
   42   import org.apache.geronimo.management.geronimo.KeystoreManager;
   43   import org.apache.geronimo.system.jmx.MBeanServerReference;
   44   
   45   /**
   46    * A secure (SSL/TLS) connector that supports the server side of JSR 160 JMX Remoting.
   47    *
   48    * @version $Rev: 651684 $ $Date: 2008-04-25 15:11:52 -0400 (Fri, 25 Apr 2008) $
   49    */
   50   public class JMXSecureConnector extends JMXConnector {
   51       
   52       private KeystoreManager keystoreManager;
   53       private String algorithm;
   54       private String secureProtocol;
   55       private String keyStore;
   56       private String trustStore;
   57       private String keyAlias;
   58       private boolean clientAuth;
   59       
   60       public JMXSecureConnector(MBeanServerReference mbeanServerReference, String objectName, ClassLoader classLoader) {
   61           this(mbeanServerReference.getMBeanServer(), objectName, classLoader);
   62       }
   63   
   64       public JMXSecureConnector(MBeanServer mbeanServer, String objectName, ClassLoader classLoader) {
   65           super(mbeanServer, objectName, classLoader);
   66       }
   67   
   68       public void setKeystoreManager(KeystoreManager keystoreManager) {
   69           this.keystoreManager = keystoreManager;
   70       }
   71               
   72       public KeystoreManager getKeystoreManager() {
   73           return this.keystoreManager;
   74       }
   75               
   76       public String getKeyStore() {
   77           return this.keyStore;
   78       }
   79       
   80       public void setKeyStore(String keyStore) {
   81           this.keyStore = keyStore;
   82       }
   83           
   84       public String getTrustStore() {
   85           return this.trustStore;
   86       }
   87           
   88       public void setTrustStore(String trustStore) {
   89           this.trustStore = trustStore;
   90       }
   91           
   92       public String getKeyAlias() {
   93           return this.keyAlias;
   94       }
   95           
   96       public void setKeyAlias(String keyAlias) {
   97           this.keyAlias = keyAlias;
   98       }
   99           
  100       public String getAlgorithm() {
  101           return this.algorithm;
  102       }
  103           
  104       /**
  105        * Algorithm to use.
  106        * As different JVMs have different implementations available, the default algorithm can be used by supplying the value "Default".
  107        *
  108        * @param algorithm the algorithm to use, or "Default" to use the default from {@link javax.net.ssl.KeyManagerFactory#getDefaultAlgorithm()}
  109        */
  110       public void setAlgorithm(String algorithm) {                
  111           if ("default".equalsIgnoreCase(algorithm)) {
  112               this.algorithm = KeyManagerFactory.getDefaultAlgorithm();
  113           } else {
  114               this.algorithm = algorithm;
  115           }
  116       }
  117               
  118       public String getSecureProtocol() {
  119           return this.secureProtocol;
  120       }
  121           
  122       public void setSecureProtocol(String secureProtocol) {
  123           this.secureProtocol = secureProtocol;
  124       }
  125           
  126       public void setClientAuth(boolean clientAuth) {
  127           this.clientAuth = clientAuth;
  128       }
  129           
  130       public boolean isClientAuth() {
  131           return this.clientAuth;
  132       }
  133                  
  134       public void doStart() throws Exception {
  135           jmxServiceURL = new JMXServiceURL(protocol, host, port, urlPath);
  136           Map env = new HashMap();
  137           Authenticator authenticator = null;
  138           if (applicationConfigName != null) {
  139               authenticator = new Authenticator(applicationConfigName, classLoader);
  140               env.put(JMXConnectorServer.AUTHENTICATOR, authenticator);
  141           } else {
  142               log.warn("Starting unauthenticating JMXConnector for " + jmxServiceURL);
  143           }
  144           
  145           SSLServerSocketFactory sssf = keystoreManager.createSSLServerFactory(null, secureProtocol, algorithm, keyStore, keyAlias, trustStore, classLoader);
  146           RMIServerSocketFactory rssf = new GeronimoSslRMIServerSocketFactory(sssf, host, clientAuth);
  147           RMIClientSocketFactory rcsf = new SslRMIClientSocketFactory();
  148           env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE, rssf);
  149           env.put(RMIConnectorServer.RMI_CLIENT_SOCKET_FACTORY_ATTRIBUTE, rcsf);
  150           
  151           server = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mbeanServer);
  152           NotificationFilterSupport filter = new NotificationFilterSupport();
  153           filter.enableType(JMXConnectionNotification.OPENED);
  154           filter.enableType(JMXConnectionNotification.CLOSED);
  155           filter.enableType(JMXConnectionNotification.FAILED);
  156           server.addNotificationListener(authenticator, filter, null);
  157           server.start();
  158           log.debug("Started JMXConnector " + server.getAddress());
  159       }
  160   
  161       private static class GeronimoSslRMIServerSocketFactory implements RMIServerSocketFactory {
  162           private SSLServerSocketFactory sssf;
  163           private boolean clientAuth;
  164           private InetAddress bindAddress;
  165           
  166           public GeronimoSslRMIServerSocketFactory(SSLServerSocketFactory sssf, String bindHost, boolean clientAuth) throws UnknownHostException {
  167               this.sssf = sssf;
  168               this.bindAddress = InetAddress.getByName(bindHost);
  169               this.clientAuth = clientAuth;
  170           }
  171           
  172           public ServerSocket createServerSocket(int port) throws IOException {
  173               SSLServerSocket ss = (SSLServerSocket) sssf.createServerSocket(port, 0, this.bindAddress);
  174               ss.setNeedClientAuth(clientAuth);
  175               return ss;
  176           }
  177       }
  178       
  179       public static final GBeanInfo GBEAN_INFO;
  180   
  181       static {
  182           GBeanInfoBuilder infoFactory = GBeanInfoBuilder.createStatic("JMX Secure Remoting Connector", JMXSecureConnector.class);
  183           infoFactory.addReference("MBeanServerReference", MBeanServerReference.class);
  184           infoFactory.addAttribute("objectName", String.class, false);
  185           infoFactory.addAttribute("classLoader", ClassLoader.class, false);
  186   
  187           infoFactory.addAttribute("protocol", String.class, true, true);
  188           infoFactory.addAttribute("host", String.class, true, true);
  189           infoFactory.addAttribute("port", int.class, true, true);
  190           infoFactory.addAttribute("urlPath", String.class, true, true);
  191           infoFactory.addAttribute("applicationConfigName", String.class, true, true);
  192   
  193           infoFactory.addInterface(JMXConnectorInfo.class);
  194           
  195           infoFactory.addReference("KeystoreManager", KeystoreManager.class);
  196           infoFactory.addAttribute("algorithm", String.class, true, true);
  197           infoFactory.addAttribute("secureProtocol", String.class, true, true);
  198           infoFactory.addAttribute("keyStore", String.class, true, true);
  199           infoFactory.addAttribute("keyAlias", String.class, true, true);
  200           infoFactory.addAttribute("trustStore", String.class, true, true);
  201           infoFactory.addAttribute("clientAuth", boolean.class, true, true);
  202           
  203           infoFactory.setConstructor(new String[]{"MBeanServerReference", "objectName", "classLoader"});
  204           GBEAN_INFO = infoFactory.getBeanInfo();
  205       }
  206   
  207       public static GBeanInfo getGBeanInfo() {
  208           return GBEAN_INFO;
  209       }
  210   }

Home » geronimo-2.2-source-release » org.apache.geronimo.jmxremoting » [javadoc | source]