通过JMX w / JBoss EAP 5.1启动/停止战争

时间:2016-12-14 11:07:49

标签: java jboss jmx

我正在尝试创建一个UI工具,通过JMX在Jboss EAP 5.1上启动/停止webapp(war),但我遇到安全问题

public class jmx_console {
    //
    private static final Logger log = Logger.getLogger(jmx_console.class);

    //
    public static String startAndStopQueueManager(String jnpUrl, String qmUrl, String action, String username, String password) throws NamingException, MalformedObjectNameException, InstanceNotFoundException, MBeanException, ReflectionException,
            IOException, AttributeNotFoundException {
        //
        log.debug("username: " + username);
        log.debug("password: " + password);
        log.debug("action: " + action);
        log.debug("qmUrl: " + qmUrl);
        log.debug("jnpUrl: " + jnpUrl);
        //
        System.setProperty("java.security.policy", "client.policy");
        if (System.getSecurityManager() == null) {
            System.setSecurityManager(new RMISecurityManager());
        }
        //
        Properties ht = new Properties();
        ht.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
        ht.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
        ht.put(Context.PROVIDER_URL, jnpUrl);
        ht.put(Context.SECURITY_PRINCIPAL, username);
    ht.put(Context.SECURITY_CREDENTIALS, password);
        Context ctx = new InitialContext(ht);
        MBeanServerConnection mbeanConn = (MBeanServerConnection) ctx.lookup("jmx/invoker/RMIAdaptor");
        ObjectName queueManagerObjectManager = new ObjectName(qmUrl);
        mbeanConn.invoke(queueManagerObjectManager, action, null, null);
        return (String) mbeanConn.getAttribute(queueManagerObjectManager, "StateString");
    }

    public static void main(String[] args) {
        try {
            startAndStopQueueManager(args[0], args[1], args[2], args[3], args[4]);
        } catch (Exception e) {
            log.debug(ExceptionUtils.getStackTrace(e));
        }
    }
}

Args:localhost:1099,jboss.web.deployment:war = / QueueManager,start,admin,admin

那是例外:

14 12 2016 11:56:00,372 DEBUG it.m2sc.utility.jmx_console: 31 - username: admin
14 12 2016 11:56:00,373 DEBUG it.m2sc.utility.jmx_console: 32 - password: admin
14 12 2016 11:56:00,373 DEBUG it.m2sc.utility.jmx_console: 33 - action: start
14 12 2016 11:56:00,373 DEBUG it.m2sc.utility.jmx_console: 34 - qmUrl: jboss.web.deployment:war=/QueueManager
14 12 2016 11:56:00,373 DEBUG it.m2sc.utility.jmx_console: 35 - jnpUrl: LCES4DISP:1099
14 12 2016 11:56:00,411 DEBUG it.m2sc.utility.jmx_console: 59 - javax.naming.CommunicationException: Could not obtain connection to any of these urls: LCES4DISP:1099 and discovery failed with error: java.security.AccessControlException: access denied (java.net.SocketPermission 230.0.0.4 connect,accept,resolve) [Root exception is javax.naming.CommunicationException: Failed to connect to server LCES4DISP:1099 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission LCES4DISP resolve)]]
    at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1727)
    at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:680)
    at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:673)
    at javax.naming.InitialContext.lookup(InitialContext.java:392)
    at it.m2sc.utility.jmx_console.startAndStopQueueManager(jmx_console.java:49)
    at it.m2sc.utility.jmx_console.main(jmx_console.java:57)
Caused by: javax.naming.CommunicationException: Failed to connect to server LCES4DISP:1099 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission LCES4DISP resolve)]
    at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:311)
    at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1698)
    ... 5 more
Caused by: java.security.AccessControlException: access denied (java.net.SocketPermission LCES4DISP resolve)
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
    at java.security.AccessController.checkPermission(AccessController.java:549)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
    at java.lang.SecurityManager.checkConnect(SecurityManager.java:1031)
    at java.net.InetAddress.getAllByName0(InetAddress.java:1172)
    at java.net.InetAddress.getAllByName(InetAddress.java:1110)
    at java.net.InetAddress.getAllByName(InetAddress.java:1046)
    at java.net.InetAddress.getByName(InetAddress.java:996)
    at org.jnp.interfaces.TimedSocketFactory.createSocket(TimedSocketFactory.java:81)
    at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:277)
    ... 6 more

你能帮助我解决这个问题吗?

1 个答案:

答案 0 :(得分:2)

我认为问题在于您的安全政策。更多详情http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html

1 - 使用命令行标志正确分配策略文件:

java -Djava.security.policy=/home/.../<filename>.policy ...

System.setProperty("java.security.policy","file:///home/.../<filename>.policy");

您也可以将其放在与项目根目录相同的文件夹中),以将URI缩小为file:./<filename>.policy

2 - 确保政策文件的格式正确无误,例如:

grant codeBase "file:<path>/bin/-" {
    permission java.security.AllPermission;
};