src/org/objectweb/cjdbc/controller/jmx/AuthenticatingMBeanServer.java

説明を見る。

package org.objectweb.cjdbc.controller.jmx;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import javax.management.InstanceNotFoundException;
import javax.management.MBeanException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.ReflectionException;
import javax.security.auth.Subject;

import org.objectweb.cjdbc.common.jmx.JmxConstants;
import org.objectweb.cjdbc.common.log.Trace;
import org.objectweb.cjdbc.common.users.AbstractDatabaseUser;

public class AuthenticatingMBeanServer extends ChainedMBeanServer
{

  static Trace logger = Trace
                          .getLogger("org.objectweb.cjdbc.controller.jmx.AuthenticatingMBeanServer");

  public void setMBeanServer(MBeanServer server)
  {
    super.setMBeanServer(server);
  }

  public Object invoke(ObjectName name, String operationName, Object[] params,
      String[] signature) throws InstanceNotFoundException, MBeanException,
      ReflectionException
  {

    boolean mbeanNeedAuthentication = name.toString().indexOf(
        JmxConstants.CJDBC_TYPE_VIRTUALDATABASE) != -1
        || name.toString().indexOf(JmxConstants.CJDBC_TYPE_BACKEND) != -1;
    if (mbeanNeedAuthentication
        && (operationName.equalsIgnoreCase("checkAdminAuthentication") == false))
    {
      // we have to check all methods that access a virtual database
      // except
      // authentication
      boolean authenticationOk = false;
      String username = null;
      String password = null;

      Subject subject = Subject.getSubject(java.security.AccessController
          .getContext());
      if (subject == null || subject.getPrincipals().size() == 0)
      {
        username = (String) params[0];
        password = (String) params[1];
        authenticationOk = authenticate(name, username, password);
        if (!authenticationOk)
          throw new MBeanException(new Exception(
              "Authentication failed (username,password) invalid"));

        if (logger.isDebugEnabled())
          logger
              .debug("Authentication with username and password was successfull");

        // we have to strip the username and password from the params
        // and args
        return super.invoke(name, operationName, cleanO(params),
            cleanS(signature));
      }
      else
      {
        Set principals = subject.getPrincipals(AbstractDatabaseUser.class);
        for (Iterator it = principals.iterator(); it.hasNext();)
        {
          AbstractDatabaseUser user = (AbstractDatabaseUser) it.next();
          username = user.getName();
          password = user.getPassword();
          authenticationOk = authenticate(name, username, password);
          if (authenticationOk)
            break;
        }

        if (principals.size() == 0 && logger.isDebugEnabled())
          throw new MBeanException(new Exception(
              "Authentication failed : no principal"));

        if (!authenticationOk)
          throw new MBeanException(new Exception(
              "Authentication failed : principal invalid"));
        if (logger.isDebugEnabled())
          logger.debug("Authentication with principal was successfull");
        return super.invoke(name, operationName, params, signature);
      }
    }
    else
    {
      if (logger.isDebugEnabled())
        logger.debug("no authentication required");

      return super.invoke(name, operationName, params, signature);
    }
  }

  private boolean authenticate(ObjectName name, String username, String password)
  {
    try
    {
      boolean vdb = name.toString().indexOf(
          JmxConstants.CJDBC_TYPE_VIRTUALDATABASE) != -1;
      if (vdb)
        return ((Boolean) invoke(name, "checkAdminAuthentication",
            new Object[]{username, password}, new String[]{"java.lang.String",
                "java.lang.String"})).booleanValue();
      else
      {
        boolean backend = name.toString().indexOf(
            JmxConstants.CJDBC_TYPE_BACKEND) != -1;
        if (backend)
        {
          // Check with the owning database if the password is right
          ObjectName vdbName = JmxConstants
              .getVirtualDbObjectNameFromBackend(name);
          return ((Boolean) invoke(vdbName, "checkAdminAuthentication",
              new Object[]{username, password}, new String[]{
                  "java.lang.String", "java.lang.String"})).booleanValue();
        }
        else
          // No further check ...
          return true;
      }
    }
    catch (Exception e)
    {
      if (logger.isDebugEnabled())
      {
        logger.debug("authentication failed with exception ", e);
      }
      return false;
    }
  }

  private static Object[] cleanO(Object[] params)
  {
    List o = Arrays.asList(params);
    o = o.subList(2, o.size());
    return (new ArrayList(o).toArray());
  }

  private static String[] cleanS(String[] params)
  {
    List o = Arrays.asList(params);
    o = o.subList(2, o.size());
    String[] s = new String[o.size()];
    return (String[]) new ArrayList(o).toArray(s);
  }
}

---