1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.management.support;
12
13 import org.mule.module.management.agent.JmxAgent;
14 import org.mule.util.StringUtils;
15
16 import java.security.Principal;
17 import java.util.Collections;
18 import java.util.HashMap;
19 import java.util.HashSet;
20 import java.util.Map;
21 import java.util.Set;
22
23 import javax.management.remote.JMXAuthenticator;
24 import javax.management.remote.JMXPrincipal;
25 import javax.security.auth.Subject;
26
27 import org.apache.commons.logging.Log;
28 import org.apache.commons.logging.LogFactory;
29
30
31
32
33
34 public class SimplePasswordJmxAuthenticator implements JMXAuthenticator
35 {
36
37
38
39 protected static final Log logger = LogFactory.getLog(JmxAgent.class);
40
41
42
43
44 private Map<String, Object> credentials = new HashMap<String, Object>();
45
46 public Subject authenticate (Object authToken)
47 {
48 if (authToken == null)
49 {
50 throw new SecurityException("No authentication token available");
51 }
52 if (!(authToken instanceof String[]) || ((String[]) authToken).length != 2)
53 {
54 throw new SecurityException("Unsupported credentials format");
55 }
56
57 String[] authentication = (String[]) authToken;
58
59 String username = StringUtils.defaultString(authentication[0]);
60 String password = StringUtils.defaultString(authentication[1]);
61
62 if (!credentials.containsKey(username))
63 {
64 throw new SecurityException("Unauthenticated user: " + username);
65 }
66
67 Object pass = credentials.get(username);
68 if (!password.equals(pass == null ? "" : pass.toString()))
69 {
70 throw new SecurityException("Invalid password");
71 }
72
73 Set<Principal> principals = new HashSet<Principal>();
74 principals.add(new JMXPrincipal(username));
75 return new Subject(true, principals, Collections.EMPTY_SET, Collections.EMPTY_SET);
76 }
77
78 public void setCredentials (Map<String, String> newCredentials)
79 {
80 this.credentials.clear();
81 if (newCredentials == null || newCredentials.isEmpty())
82 {
83 logger.warn("Credentials cache has been purged, remote access will no longer be available");
84 }
85 else
86 {
87 this.credentials.putAll(newCredentials);
88 }
89 }
90 }