如何使 JMX 自定义身份验证起作用?
我在 JMX 上使用基于密码和访问文件的身份验证。在构建 JMXConnectorServer 时,我使用属性名称并且工作正常。
Map<String, String> env = new HashMap<String, String>();
env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);
但是,现在我想使用自定义身份验证器,并且实现了自己的 LoginModule 以在密码文件中包含加密的密码。因此,我们的想法是在密码文件中包含加密的密码和纯文本用户名。
public class ABCDJMXLoginModule implements LoginModule {
private CallbackHandler callbackHandler;
private Subject subject;
private String u_username;
private String u_password;
private JMXPrincipal user;
private Properties userCredentials;
private String passwordFile;
private String f_username;
private String f_password;
private static final Logger logger = LoggerFactory.getLogger(ABCDJMXLoginModule.class);
public boolean abort() throws LoginException {
// TODO Auto-generated method stub
return false;
}
public boolean commit() throws LoginException {
// TODO Auto-generated method stub
return true;
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
}
public boolean login() throws LoginException {
try {
attemptLogin();
loadPasswordFile();
} catch (Exception e) {
logger.info("Exception, e");
}
if (u_username == null || u_password == null) {
throw new LoginException("Either no username or no password specified");
}
logger.info("Password from user and file : " + u_password + " :: " + f_password);
if (u_password.equals(f_password)) {
return true;
}
return false;
}
public boolean logout() throws LoginException {
// TODO Auto-generated method stub
return true;
}
private void attemptLogin() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("u_username");
callbacks[1] = new PasswordCallback("u_password", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
logger.error("IOException", e);
} catch (UnsupportedCallbackException e) {
logger.error("UnsupportedCallbackException", e);
}
u_username = ((NameCallback) callbacks[0]).getName();
user = new JMXPrincipal(u_username);
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
u_password = tmpPassword.toString();
logger.info("UserName : " + u_username);
logger.info("Password : " + u_password);
System.arraycopy(tmpPassword, 0, u_password, 0, tmpPassword.length);
((PasswordCallback) callbacks[1]).clearPassword();
}
private void loadPasswordFile() throws IOException {
FileInputStream fis = null;
passwordFile = "c:\\abcd.jmx.enc.password.file";
try {
fis = new FileInputStream(passwordFile);
} catch (SecurityException e) {
logger.error("Security Exception", e);
}
BufferedInputStream bis = new BufferedInputStream(fis);
userCredentials = new Properties();
userCredentials.load(bis);
bis.close();
f_username = u_username;
f_password = (String) userCredentials.get(f_username);
logger.info("UserName before Decrypt : " + f_username);
logger.info("Password from file before Decrypt : " + f_password);
// decrypt the password from file and later compare it with user password from JConsole
if (f_password != null) f_password = Cryptography.decrypt(f_password);
logger.info("Password from file after Decrypt : " + f_password);
}
}
当我使用以下代码并尝试通过 JConsole 连接时,没有任何反应。
Map<String, String> env = new HashMap<String, String>();
env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
env.put("jmx.remote.x.login.config", "com.splwg.ejb.service.management.ABCDJMXLoginModule");
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);
关于为什么会发生这种情况有什么想法吗?当然,我也不会进入 ABCDJMXLoginModule 类 - 我在那里有一些打印语句,但没有一个被打印。任何类型的想法和解决方案都会受到赞赏。我也尝试使用属性“com.sun.management.jmxremote.login.config”。我期望在环境中提及该属性并将其传递给 JMXCOnnectorServer 就可以解决所有问题。
我错过了什么吗?
I am using the password and access file based authentication on JMX. When building my JMXConnectorServer, i use the property names and it works fine.
Map<String, String> env = new HashMap<String, String>();
env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);
However, now i want to use a custom authenticator and i implemented my own LoginModule to have a encrypted password in the password file. Thus the ideas is to have an encrypted password and plain text user name in the password file.
public class ABCDJMXLoginModule implements LoginModule {
private CallbackHandler callbackHandler;
private Subject subject;
private String u_username;
private String u_password;
private JMXPrincipal user;
private Properties userCredentials;
private String passwordFile;
private String f_username;
private String f_password;
private static final Logger logger = LoggerFactory.getLogger(ABCDJMXLoginModule.class);
public boolean abort() throws LoginException {
// TODO Auto-generated method stub
return false;
}
public boolean commit() throws LoginException {
// TODO Auto-generated method stub
return true;
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
}
public boolean login() throws LoginException {
try {
attemptLogin();
loadPasswordFile();
} catch (Exception e) {
logger.info("Exception, e");
}
if (u_username == null || u_password == null) {
throw new LoginException("Either no username or no password specified");
}
logger.info("Password from user and file : " + u_password + " :: " + f_password);
if (u_password.equals(f_password)) {
return true;
}
return false;
}
public boolean logout() throws LoginException {
// TODO Auto-generated method stub
return true;
}
private void attemptLogin() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("u_username");
callbacks[1] = new PasswordCallback("u_password", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
logger.error("IOException", e);
} catch (UnsupportedCallbackException e) {
logger.error("UnsupportedCallbackException", e);
}
u_username = ((NameCallback) callbacks[0]).getName();
user = new JMXPrincipal(u_username);
char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
u_password = tmpPassword.toString();
logger.info("UserName : " + u_username);
logger.info("Password : " + u_password);
System.arraycopy(tmpPassword, 0, u_password, 0, tmpPassword.length);
((PasswordCallback) callbacks[1]).clearPassword();
}
private void loadPasswordFile() throws IOException {
FileInputStream fis = null;
passwordFile = "c:\\abcd.jmx.enc.password.file";
try {
fis = new FileInputStream(passwordFile);
} catch (SecurityException e) {
logger.error("Security Exception", e);
}
BufferedInputStream bis = new BufferedInputStream(fis);
userCredentials = new Properties();
userCredentials.load(bis);
bis.close();
f_username = u_username;
f_password = (String) userCredentials.get(f_username);
logger.info("UserName before Decrypt : " + f_username);
logger.info("Password from file before Decrypt : " + f_password);
// decrypt the password from file and later compare it with user password from JConsole
if (f_password != null) f_password = Cryptography.decrypt(f_password);
logger.info("Password from file after Decrypt : " + f_password);
}
}
When i use the following code and try to connect via JConsole nothing happens.
Map<String, String> env = new HashMap<String, String>();
env.put(ApplicationProperties.JMX_PWD_FILE_PROP, pwdFile);
env.put(ApplicationProperties.JMX_ACCESS_FILE_PROP, accFile);
env.put("jmx.remote.x.login.config", "com.splwg.ejb.service.management.ABCDJMXLoginModule");
connectorServer = JMXConnectorServerFactory.newJMXConnectorServer(jmxServiceURL, env, mBeanServer);
Any ideas on why this happens ? For sure, i am also not coming into the ABCDJMXLoginModule class - I have some print statements there and none of them get printed. Any sort of ideas and solutions are appreciated. I tried with the property "com.sun.management.jmxremote.login.config" too. I was expecting that mentioning the property in the environment and passing it to the JMXCOnnectorServer would do all the trick.
Am i missing something ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
jmx.remote.x.login.config 属性旨在设置上下文名称,而不是您的 LoginModule 类名称。
您需要创建 jaas 模块配置文件并通过系统属性引用它,而不是输入 LoginModule 类名,例如:
-Djava.security.auth.login.config=path/to/your/login/config/file.cfg
示例配置:
在您的java代码中:
我也会删除,
因为我认为这可能会导致使用标准的jmx身份验证机制而不是 JAAS(但我不确定)。
通过上述更改,您应该拥有基于 jaas 的身份验证(使用您的自定义登录模块)的 jmx 和使用 accFile 的授权。
jmx.remote.x.login.config property is meant to set a context name, not your LoginModule class name.
Instead or putting your LoginModule class name, you need to create your jaas module config file and refer to it via a system property, for example:
-Djava.security.auth.login.config=path/to/your/login/config/file.cfg
Sample config:
In your java code:
I would also remove
as I think it might cause that a standard jmx authentication mechanism is used instead of JAAS (but I am not sure about it).
With the above changes you should have jmx with jaas based authentication (with your custom login module) and authorization using accFile.
只需按照这篇有用的帖子来实现类似的东西即可。我必须在 MyConfig 语法中添加一些分号
另外,以下代码来自原始 ABCDJMXLoginModule 类:
应该是:
Just following this useful post to implement something similar. I had to add some semi colons to the MyConfig syntax
Also following code from the original ABCDJMXLoginModule class:
should be: