我正在使用JMX远程监控我的服务器。但是,jmx-access和jmx-password存储了我不想要的密码。
关注How to encrypt passwords for JConsole's password file,How to make the JMX custom authentication work?和How do I create a Login Module?,我编写了一个自定义登录模块。
我的登录模块:
public class EncryptedFileLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private String name;
private String password;
private boolean succeeded = false;
public EncryptedFileLoginModule() {
System.out.println("Login Module - constructor called");
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
System.out.println("Login Module - initialize called");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
System.out.println("testOption value: " + (String) options.get("testOption"));
succeeded = false;
}
public boolean login() throws LoginException {
System.out.println("Login Module - login called");
if (callbackHandler == null) {
throw new LoginException("Oops, callbackHandler is null");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("name:");
callbacks[1] = new PasswordCallback("password:", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException("Oops, IOException calling handle on callbackHandler");
} catch (UnsupportedCallbackException e) {
throw new LoginException("Oops, UnsupportedCallbackException calling handle on callbackHandler");
}
NameCallback nameCallback = (NameCallback) callbacks[0];
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
name = nameCallback.getName();
password = new String(passwordCallback.getPassword());
if ("a".equals(name) && "a".equals(password)) {
System.out.println("Success! You get to log in!");
succeeded = true;
return succeeded;
} else {
System.out.println("Failure! You don't get to log in");
succeeded = false;
throw new FailedLoginException("Sorry! No login for you.");
}
}
public boolean abort() throws LoginException {
System.out.println("Login Module - abort called");
return false;
}
public boolean commit() throws LoginException {
System.out.println("Login Module - commit called");
return succeeded;
}
public boolean logout() throws LoginException {
System.out.println("Login Module - logout called");
return false;
}
}
class UserPrincipal implements Principal, Serializable {
private static final long serialVersionUID = -4604480892359393296L;
private String name;
public UserPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return name;
}
public boolean equals(Object o) {
return o instanceof UserPrincipal &&
((UserPrincipal)o).name.equals(name);
}
public int hashCode() {
return name.hashCode();
}
}
class StatePrincipal implements Principal, Serializable {
private static final long serialVersionUID = 8429580270033209093L;
private String state;
public StatePrincipal(String state) {
this.state = state;
}
public String getName() {
return state;
}
public String toString() {
return state;
}
public boolean equals(Object o) {
return o instanceof StatePrincipal && ((StatePrincipal)o).equals(state);
}
public int hashCode() {
return state.hashCode();
}
}
这是我的登录模块配置文件(d:/mysecurity.cfg):
MyLoginModule {
cn.com.singlee.slice.security.EncryptedFileLoginModule REQUIRED
testOption=here_is_an_option;
};
启动服务器时,我使用以下参数:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=9999
-Dcom.sun.management.jmxremote.ssl=false
-Djava.security.auth.login.config=d:/mysecurity.cfg
-Dcom.sun.management.jmxremote.login.config=MyLoginModule
但是,当我尝试使用JCsonle连接服务器时,我无法登录。服务器似乎能够使用这些日志输出成功调用自定义身份验证procudure:
Login Module - constructor called
Login Module - initialize called
testOption value: here_is_an_option
Login Module - login called
Success! You get to log in!
Login Module - commit called
但JConsole报告错误(我在调试模式下使用“jconsole -debug”启动了JConsole):
java.lang.SecurityException: Access denied! No entries found in the access file [C:\Program Files\Java\jre7\lib\management\jmxremote.access] for any of the authenticated identities []
at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.checkAccessFileEntries(Unknown Source)
at sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl.doNewClient(Unknown Source)
at javax.management.remote.rmi.RMIServerImpl.newClient(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at sun.rmi.transport.Transport$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:273)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:251)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:160)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2370)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:296)
at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:366)
at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:314)
at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:295)
此错误表示在jmxremote.access中未找到经过身份验证的身份。
由于我使用自定义身份验证登录模块,为什么需要jmxremote.access?
更重要的是,即使我在jmxremote.access中添加测试用户“a”,错误仍然存在。
有任何线索吗?
答案 0 :(得分:1)
感谢您的这篇文章,jconsole -debug是突破
我相信你缺少的是你没有配置&#34; a&#34;在jmxremote.access中,使用上面的例子,当我改变几行时它对我有用
注意添加
user = new JMXPrincipal(name);
并使用&#34; jmxremote.access&#34;
中未注释的行controlRole readwrite
我希望这能帮助处于同样情况的其他程序员。
public class EncryptedFileLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private JMXPrincipal user;
private String name;
private String password;
private boolean succeeded = false;
public EncryptedFileLoginModule() {
System.out.println("Login Module - constructor called");
}
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
Map<String, ?> options) {
System.out.println("Login Module - initialize called");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
System.out.println("testOption value: " + (String) options.get("testOption"));
succeeded = false;
}
public boolean login() throws LoginException {
System.out.println("Login Module - login called");
if (callbackHandler == null) {
throw new LoginException("Oops, callbackHandler is null");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("name:");
callbacks[1] = new PasswordCallback("password:", false);
try {
callbackHandler.handle(callbacks);
} catch (IOException e) {
throw new LoginException("Oops, IOException calling handle on callbackHandler");
} catch (UnsupportedCallbackException e) {
throw new LoginException("Oops, UnsupportedCallbackException calling handle on callbackHandler");
}
NameCallback nameCallback = (NameCallback) callbacks[0];
PasswordCallback passwordCallback = (PasswordCallback) callbacks[1];
name = nameCallback.getName();
password = new String(passwordCallback.getPassword());
if ("controlRole".equals(name) && "a".equals(password)) {
System.out.println("Success! You get to log in!");
// Create a new user principal
user = new JMXPrincipal(name);
succeeded = true;
return succeeded;
} else {
System.out.println("Failure! You don't get to log in");
succeeded = false;
throw new FailedLoginException("Sorry! No login for you.");
}
}
public boolean abort() throws LoginException {
System.out.println("Login Module - abort called");
return false;
}
public boolean commit() throws LoginException {
System.out.println("Login Module - commit called");
subject.getPrincipals().add(user);
return succeeded;
}
public boolean logout() throws LoginException {
System.out.println("Login Module - logout called");
user = null;
succeeded = false;
return false;
}
}
class UserPrincipal implements Principal, Serializable {
private static final long serialVersionUID = -4604480892359393296L;
private String name;
public UserPrincipal(String name) {
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return name;
}
public boolean equals(Object o) {
return o instanceof UserPrincipal &&
((UserPrincipal)o).name.equals(name);
}
public int hashCode() {
return name.hashCode();
}
}
class StatePrincipal implements Principal, Serializable {
private static final long serialVersionUID = 8429580270033209093L;
private String state;
public StatePrincipal(String state) {
this.state = state;
}
public String getName() {
return state;
}
public String toString() {
return state;
}
public boolean equals(Object o) {
return o instanceof StatePrincipal && ((StatePrincipal)o).equals(state);
}
public int hashCode() {
return state.hashCode();
}
}