/** * Processes the given command string using the given environment information if it's non-empty. * Result returned is in a JSON format. * * @param commandString command string to be processed * @param env environment information to be used for processing the command * @return result of the processing the given command string. */ public String processCommand(String commandString, Map<String, String> env) { if (commandService == null) { throw new JMRuntimeException( "Command can not be processed as Command Service did not get initialized. Reason: " + commandServiceInitError); } boolean isGfshRequest = isGfshRequest(env); if (isGfshRequest) { CommandExecutionContext.setShellRequest(); } Result result = ((MemberCommandService) commandService).processCommand(commandString, env); if (!(result instanceof CommandResult)) {// TODO - Abhishek - Shouldn't be needed while (result.hasNextLine()) { result = ResultBuilder.createInfoResult(result.nextLine()); } } if (isGfshRequest) { return CommandResponseBuilder.createCommandResponseJson(getMember(), (CommandResult) result); } else { return ResultBuilder.resultAsString(result); } }
private ModelNode getInfo(ObjectName objectName) { MBeanServerConnection connection = getConnection(); ModelNode attributes = null; ModelNode headers = null; Exception exception = null; try { MBeanInfo mBeanInfo = connection.getMBeanInfo(objectName); MBeanAttributeInfo[] attributeInfos = mBeanInfo.getAttributes(); ModelNode[] data = modelNodeAttributesInfo(attributeInfos, objectName); attributes = data[0]; headers = data[1]; } catch (Exception e) { if (e instanceof JMException || e instanceof JMRuntimeException) { exception = e; } else { throw new RuntimeException(e); } } return modelNodeResult(attributes, exception, headers); }
private void getAttribute(String userName, JmxManagementInterface jmx) throws Exception { boolean successExpected = isReadAllowed(userName); MBeanServerConnection connection = jmx.getConnection(); ObjectName domain = new ObjectName("java.lang:type=OperatingSystem"); try { Object attribute = connection.getAttribute(domain, "Name"); assertTrue("Failure was expected", successExpected); assertEquals(System.getProperty("os.name"), attribute.toString()); } catch (JMRuntimeException e) { if (e.getMessage().contains("WFLYJMX0037")) { assertFalse("Success was expected but failure happened: " + e, successExpected); } else { throw e; } } }
private void setAttribute(String userName, JmxManagementInterface jmx) throws Exception { boolean successExpected = isWriteAllowed(userName); MBeanServerConnection connection = jmx.getConnection(); ObjectName domain = new ObjectName("java.lang:type=Memory"); try { connection.setAttribute(domain, new Attribute("Verbose", true)); connection.setAttribute(domain, new Attribute("Verbose", false)); // back to default to not pollute the logs assertTrue("Failure was expected", successExpected); } catch (JMRuntimeException e) { if (e.getMessage().contains("WFLYJMX0037")) { assertFalse("Success was expected but failure happened: " + e, successExpected); } else { throw e; } } }
private void checkAddSensitive(final StandardRole standardRole, final boolean wildcard, final boolean executable, final SensitiveTargetAccessConstraintDefinition...sensitivityConstraints) throws Exception { PathElement pathElement = wildcard ? ONE : ONE_A; ChildResourceDefinition oneChild = new ChildResourceDefinition(pathElement, sensitivityConstraints); oneChild.addAttribute("attr1"); oneChild.addOperation("test", true, false, null); rootRegistration.registerSubModel(oneChild); AccessAuditContext.doAs(roleToSecurityIdentity(standardRole), null, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { Assert.assertFalse(server.queryNames(null, null).contains(ONE_A_NAME)); try { String add = wildcard ? "addOne" : "addOneA"; Object[] params = wildcard ? new String[]{"a", "test"} : new String[]{"test"}; String[] sig = wildcard ? new String[] {String.class.getName(), String.class.getName()} : new String[] {String.class.getName()}; server.invoke(ROOT_NAME, add, params, sig); Assert.assertTrue(executable); Assert.assertTrue(server.queryNames(null, null).contains(ONE_A_NAME)); } catch (JMRuntimeException e) { Assert.assertFalse(executable); } return null; } }); }
/** * Unregisters all GemFire MBeans and then releases the MBeanServer for garbage collection. */ static void releaseMBeanServer() { try { // unregister all GemFire mbeans... Iterator iter = mbeanServer.queryNames(null, null).iterator(); while (iter.hasNext()) { ObjectName name = (ObjectName) iter.next(); if (name.getDomain().startsWith(DEFAULT_DOMAIN)) { unregisterMBean(name); } } // last, release the mbean server... MBeanServerFactory.releaseMBeanServer(mbeanServer); mbeanServer = null; } catch (JMRuntimeException e) { logStackTrace(Level.WARN, e); } /* * See #42391. Cleaning up the static maps which might be still holding references to * ManagedResources */ synchronized (MBeanUtil.managedResources) { MBeanUtil.managedResources.clear(); } synchronized (refreshClients) { refreshClients.clear(); } /* * See #42391. Cleaning up the static maps which might be still holding references to * ManagedResources */ synchronized (MBeanUtil.managedResources) { MBeanUtil.managedResources.clear(); } synchronized (refreshClients) { refreshClients.clear(); } }
public void updateEvictionPercent(float newValue) { try { this.gfxdbridge.updateEvictionPercent(newValue); } catch (StandardException e) { throw new JMRuntimeException(e.getMessage()); } }
public void updateCriticalPercent(float newValue) { try { this.gfxdbridge.updateCriticalPercent(newValue); } catch (StandardException e) { throw new JMRuntimeException(e.getMessage()); } }
/** * Unregisters all GemFire MBeans and then releases the MBeanServer for * garbage collection. */ static void releaseMBeanServer() { try { // unregister all GemFire mbeans... Iterator iter = mbeanServer.queryNames(null, null).iterator(); while (iter.hasNext()) { ObjectName name = (ObjectName)iter.next(); if (name.getDomain().startsWith(DEFAULT_DOMAIN)) { unregisterMBean(name); } } // last, release the mbean server... MBeanServerFactory.releaseMBeanServer(mbeanServer); mbeanServer = null; } catch (JMRuntimeException e) { logStackTrace(LogWriterImpl.WARNING_LEVEL, e); } /* See #42391. Cleaning up the static maps which might be still holding * references to ManagedResources */ synchronized (MBeanUtil.managedResources) { MBeanUtil.managedResources.clear(); } synchronized (refreshClients) { refreshClients.clear(); } /* See #42391. Cleaning up the static maps which might be still holding * references to ManagedResources */ synchronized (MBeanUtil.managedResources) { MBeanUtil.managedResources.clear(); } synchronized (refreshClients) { refreshClients.clear(); } }
/** * Processes the given command string using the given environment information * if it's non-empty. Result returned is in a JSON format. * * @param commandString * command string to be processed * @param env * environment information to be used for processing the command * @return result of the processing the given command string. */ public String processCommand(String commandString, Map<String, String> env) { if (commandService == null) { throw new JMRuntimeException( "Command can not be processed as Command Service did not get initialized. Reason: "+commandServiceInitError); } boolean isGfshRequest = isGfshRequest(env); if (isGfshRequest) { CommandExecutionContext.setShellRequest(); } // System.out.println("isGfshRequest :: "+isGfshRequest); Result result = ((MemberCommandService)commandService).processCommand(commandString, env); if (!(result instanceof CommandResult)) {// TODO - Abhishek - Shouldn't be needed while (result.hasNextLine()) { result = ResultBuilder.createInfoResult(result.nextLine()); } } if (isGfshRequest) { String responseJson = CommandResponseBuilder.createCommandResponseJson(getMember(), (CommandResult) result); // System.out.println("responseJson :: "+responseJson); return responseJson; } else { return ResultBuilder.resultAsString(result); } }
private void doOperation(boolean successExpected, String operationName, JmxManagementInterface jmx) throws Exception { MBeanServerConnection connection = jmx.getConnection(); ObjectName domain = new ObjectName("jboss.test:service=testdeployments"); try { connection.invoke(domain, operationName, ArrayUtils.EMPTY_OBJECT_ARRAY, ArrayUtils.EMPTY_STRING_ARRAY); assertTrue("Failure was expected but success happened", successExpected); } catch (JMRuntimeException e) { if (e.getMessage().contains("WFLYJMX0037")) { assertFalse("Success was expected but failure happened: " + e, successExpected); } else { throw e; } } }
private void doOperation(boolean successExpected, String objectName, String operationName, JmxManagementInterface jmx) throws Exception { MBeanServerConnection connection = jmx.getConnection(); ObjectName domain = new ObjectName(objectName); try { connection.invoke(domain, operationName, ArrayUtils.EMPTY_OBJECT_ARRAY, ArrayUtils.EMPTY_STRING_ARRAY); assertTrue("Failure was expected but success happened", successExpected); } catch (JMRuntimeException e) { if (e.getMessage().contains("WFLYJMX0037")) { assertFalse("Success was expected but failure happened: " + e, successExpected); } else { throw e; } } }
private void checkReadVaultExpressionReadSensitive(final StandardRole standardRole, final boolean readable) throws Exception { VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(false); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(true); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(false); try { ChildResourceDefinition oneChild = new ChildResourceDefinition(ONE); oneChild.addAttribute("attr1"); oneChild.addOperation("test", true, false, null); rootRegistration.registerSubModel(oneChild); Resource resourceA = Resource.Factory.create(); resourceA.getModel().get("attr1").set("test-a"); rootResource.registerChild(ONE_A, resourceA); Resource resourceB = Resource.Factory.create(); resourceB.getModel().get("attr1").set("${VAULT::AA::bb::cc}"); rootResource.registerChild(ONE_B, resourceB); AccessAuditContext.doAs(roleToSecurityIdentity(standardRole), null, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { Assert.assertEquals("test-a", server.getAttribute(ONE_A_NAME, "attr1")); try { Assert.assertEquals("${VAULT::AA::bb::cc}", server.getAttribute(ONE_B_NAME, "attr1")); Assert.assertTrue(readable); } catch (JMRuntimeException e) { Assert.assertFalse(readable); } return null; } }); } finally { VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(null); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(null); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(null); } }
private void checkWriteVaultExpressionWriteSensitive(final StandardRole standardRole, final boolean writable) throws Exception { VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(false); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(true); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(true); try { ChildResourceDefinition oneChild = new ChildResourceDefinition(ONE); oneChild.addAttribute("attr1"); oneChild.addOperation("test", true, false, null); rootRegistration.registerSubModel(oneChild); Resource resourceA = Resource.Factory.create(); resourceA.getModel().get("attr1").set("test-a"); rootResource.registerChild(ONE_A, resourceA); AccessAuditContext.doAs(roleToSecurityIdentity(standardRole), null, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { try { server.setAttribute(ONE_A_NAME, new Attribute("attr1", "${VAULT::AA::bb::cc}")); Assert.assertTrue(writable); } catch (JMRuntimeException e) { Assert.assertFalse(writable); } return null; } }); } finally { VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(null); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(null); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(null); } }
private void checkAddVaultSensitive(final StandardRole standardRole, final boolean executable) throws Exception { VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(false); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(true); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(true); try { PathElement pathElement = ONE_A; ChildResourceDefinition oneChild = new ChildResourceDefinition(pathElement); oneChild.addAttribute("attr1"); oneChild.addOperation("test", true, false, null); rootRegistration.registerSubModel(oneChild); AccessAuditContext.doAs(roleToSecurityIdentity(standardRole), null, new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { Assert.assertFalse(server.queryNames(null, null).contains(ONE_A_NAME)); try { String add = "addOneA"; Object[] params = new String[]{"${VAULT::AA::bb::cc}"}; String[] sig = new String[] {String.class.getName()}; server.invoke(ROOT_NAME, add, params, sig); Assert.assertTrue(executable); Assert.assertTrue(server.queryNames(null, null).contains(ONE_A_NAME)); } catch (JMRuntimeException e) { Assert.assertFalse(executable); } return null; } }); } finally { VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresAccessPermission(false); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresReadPermission(true); VaultExpressionSensitivityConfig.INSTANCE.setConfiguredRequiresWritePermission(true); } }
@Message(id = 37, value = "Unauthorized access") JMRuntimeException unauthorized();
@Message(id = 38, value = "Not authorized to write attribute: '%s'") JMRuntimeException notAuthorizedToWriteAttribute(String attributeName);
@Message(id = 39, value = "Not authorized to read attribute: '%s'") JMRuntimeException notAuthorizedToReadAttribute(String attributeName);
@Message(id = 40, value = "Not authorized to invoke operation: '%s'") JMRuntimeException notAuthorizedToExecuteOperation(String operationName);