Index: system/src/main/java/org/jboss/system/server/jmx/JMXConnectorAuthenticator.java
===================================================================
--- system/src/main/java/org/jboss/system/server/jmx/JMXConnectorAuthenticator.java (revision 0)
+++ system/src/main/java/org/jboss/system/server/jmx/JMXConnectorAuthenticator.java (revision 0)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.system.server.jmx;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.SecurityContext;
+import org.picketbox.config.PicketBoxConfiguration;
+import org.picketbox.factories.SecurityFactory;
+
+import javax.management.remote.JMXAuthenticator;
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * setup JSR-160 JMXConnector
+ * @author Scott Marlow smarlow@redhat.com
+ *
+ */
+
+class JMXConnectorAuthenticator implements JMXAuthenticator {
+
+ String securityDomainName;
+ PicketBoxConfiguration idtrustConfig;
+
+ JMXConnectorAuthenticator(String configFile, String securityDomainName)
+ {
+ this.securityDomainName = securityDomainName;
+ idtrustConfig = new PicketBoxConfiguration();
+ idtrustConfig.load(configFile);
+ }
+
+ public synchronized Subject authenticate(Object creds) {
+ AuthenticationManager am;
+ SecurityContext securityContext;
+
+ String user, pass;
+ user = ((String[])creds)[0];
+ pass = ((String[])creds)[1];
+ Principal principal = new JMXPrincipal(user);
+ Subject subject = new Subject();
+ SecurityFactory.prepare();
+ securityContext = SecurityFactory.establishSecurityContext(securityDomainName);
+ am = securityContext.getAuthenticationManager();
+
+ boolean result = am.isValid(principal, pass , subject);
+ if( result ) {
+ subject.setReadOnly();
+ // securityContext.getUtil().setSubjectInfo(null);
+ }
+ SecurityFactory.release();
+ return subject;
+ }
+}
Index: system/src/main/java/org/jboss/system/server/jmx/JMXConnector.java
===================================================================
--- system/src/main/java/org/jboss/system/server/jmx/JMXConnector.java (revision 103581)
+++ system/src/main/java/org/jboss/system/server/jmx/JMXConnector.java (working copy)
@@ -34,6 +34,7 @@
import javax.naming.InitialContext;
import javax.naming.Reference;
import javax.naming.StringRefAddr;
+import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
@@ -55,11 +56,13 @@
private MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer();
private InitialContext context;
+ private String securityDomain;
+ private String securityConfigFile;
+
/* end of configurable settings */
private RMIConnectorServer adapter;
private RMIJRMPServerImpl rmiServer;
private Registry registry;
- private String securityDomain;
private static final Logger log = Logger.getLogger(JMXConnector.class);
@@ -75,6 +78,14 @@
this.context = context;
}
+ public String getSecurityConfigFile() {
+ return securityConfigFile;
+ }
+
+ public void setSecurityConfigFile(String securityConfigFile) {
+ this.securityConfigFile = securityConfigFile;
+ }
+
public String getSecurityDomain() {
return securityDomain;
}
@@ -119,6 +130,8 @@
rmiServer = new RMIJRMPServerImpl( 0, null, null, new HashMap());
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi://" + hostname);
HashMap env = new HashMap();
+ if( securityConfigFile != null && securityDomain != null)
+ env.put(RMIConnectorServer.AUTHENTICATOR, new JMXConnectorAuthenticator(securityConfigFile, securityDomain) );
adapter = new RMIConnectorServer(url, env, rmiServer, mbeanServer);
adapter.start();
url = adapter.getAddress();
Index: system/pom.xml
===================================================================
--- system/pom.xml (revision 103581)
+++ system/pom.xml (working copy)
@@ -127,6 +127,10 @@
org.jboss
jboss-common-core
+
+ org.picketbox
+ picketbox-bare
+
Index: server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml
===================================================================
--- server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml (revision 103581)
+++ server/src/resources/jmx-invoker-adaptor/META-INF/jboss-service.xml (working copy)
@@ -35,16 +35,6 @@
jboss.jmx:type=adaptor,name=Invoker,protocol=jrmp,service=proxyFactory
-
-
- jmx/rmi/RMIAdaptor
- jmx/invoker/RMIAdaptor
- jboss:service=Naming
-
-
-
- org.jboss.jmx.adaptor.rmi.RMIAdaptor,
- org.jboss.jmx.adaptor.rmi.RMIAdaptorExt
-
Index: server/src/etc/conf/all/login-config.xml
===================================================================
--- server/src/etc/conf/all/login-config.xml (revision 103581)
+++ server/src/etc/conf/all/login-config.xml (working copy)
@@ -71,12 +71,26 @@
- props/jmx-console-users.properties
- props/jmx-console-roles.properties
+ props/jmx-users.properties
+ props/jmx-roles.properties
+
+
+
+
+ props/jmx-console-users.properties
+ props/jmx-console-roles.properties
+
+
+
+
+ jmx-console
+
+ props/jmx-users.properties
+