Class AdminAuthorizedMBeanServer
- java.lang.Object
-
- org.glassfish.admin.mbeanserver.AdminAuthorizedMBeanServer
-
public class AdminAuthorizedMBeanServer extends Object
Allows per-access security checks on MBean attribute set/get and other invoked operations.This class wraps the normal GlassFish MBeanServer with a security checker. If control reaches this class then the incoming connection has already authenticated successfully. This class decides, depending on exactly what the request wants to do and what MBean is involved, whether to allow the current request or not. If so, it delegates to the real MBeanServer; if not it throws an exception.
Currently we allow all access to non-AMX MBeans. This permits, for example, the normal operations to view JVM performance characteristics. If the attempted access concerns an AMX MBean and we're running in the DAS then we allow it - it's OK to adjust configuration via JMX to the DAS. But if this is a non-DAS instance we make sure the operation on the AMX MBean is read-only before allowing it.
- Author:
- tjquinn
-
-
Constructor Summary
Constructors Constructor Description AdminAuthorizedMBeanServer()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static MBeanServerForwarder
newInstance(MBeanServer mbs, boolean isInstance)
Returns an MBeanServer that will check security and then forward requests to the real MBeanServer.
-
-
-
Method Detail
-
newInstance
public static MBeanServerForwarder newInstance(MBeanServer mbs, boolean isInstance)
Returns an MBeanServer that will check security and then forward requests to the real MBeanServer.- Parameters:
mbs
- the real MBeanServer to which to delegateisInstance
-- Returns:
- the security-checking wrapper around the MBeanServer
-
-