diff options
| -rw-r--r-- | qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java | 37 | ||||
| -rw-r--r-- | qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java | 52 | ||||
| -rw-r--r-- | qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java | 12 | ||||
| -rw-r--r-- | qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java (renamed from qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java) | 22 |
4 files changed, 101 insertions, 22 deletions
diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java index 79465dbf39..512ff2a738 100644 --- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/JMXManagedObjectRegistry.java @@ -149,9 +149,8 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry } else { - //Do not specify any specific RMI socket factories, resulting in use of the defaults. - csf = null; - ssf = null; + csf = null; // signifies the default + ssf = new QpidRMIServerSocketFactory(); } int jmxPortRegistryServer = _registryPort.getPort(); @@ -260,17 +259,9 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry private Registry createRmiRegistry(int jmxPortRegistryServer, boolean useCustomRmiRegistry) throws RemoteException { - Registry rmiRegistry; - if(useCustomRmiRegistry) - { - _log.debug("Using custom RMIServerSocketFactory"); - rmiRegistry = LocateRegistry.createRegistry(jmxPortRegistryServer, null, new CustomRMIServerSocketFactory()); - } - else - { - _log.debug("Using default RMIServerSocketFactory"); - rmiRegistry = LocateRegistry.createRegistry(jmxPortRegistryServer, null, null); - } + final RMIServerSocketFactory ssf; + ssf = getRmiServerSocketFactory(useCustomRmiRegistry); + Registry rmiRegistry = LocateRegistry.createRegistry(jmxPortRegistryServer, null, ssf); getEventLogger().message(ManagementConsoleMessages.LISTENING("RMI Registry", jmxPortRegistryServer)); return rmiRegistry; @@ -409,4 +400,22 @@ public class JMXManagedObjectRegistry implements ManagedObjectRegistry } } + private RMIServerSocketFactory getRmiServerSocketFactory(final boolean useCustomRmiRegistry) + { + final RMIServerSocketFactory ssf; + if(useCustomRmiRegistry) + { + if (_log.isDebugEnabled()) + { + _log.debug("Using registry-protecting RMIServerSocketFactory"); + } + ssf = new RegistryProtectingRMIServerSocketFactory(); + } + else + { + ssf = new QpidRMIServerSocketFactory(); + } + return ssf; + } + } diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java new file mode 100644 index 0000000000..681cdc5c45 --- /dev/null +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidRMIServerSocketFactory.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.qpid.server.jmx; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.rmi.server.RMIServerSocketFactory; + +import javax.net.ServerSocketFactory; +import javax.net.SocketFactory; + +class QpidRMIServerSocketFactory implements RMIServerSocketFactory +{ + @Override + public ServerSocket createServerSocket(int port) throws IOException + { + ServerSocket serverSocket = ServerSocketFactory.getDefault().createServerSocket(port); + serverSocket.setReuseAddress(true); + return serverSocket; + } + + @Override + public int hashCode() + { + final int prime = 37; + return prime * QpidRMIServerSocketFactory.class.getName().hashCode(); + } + + @Override + public boolean equals(final Object obj) + { + return getClass() == obj.getClass(); + } +}
\ No newline at end of file diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java index ab114f0888..49e6a09872 100644 --- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/QpidSslRMIServerSocketFactory.java @@ -61,22 +61,24 @@ public class QpidSslRMIServerSocketFactory extends SslRMIServerSocketFactory { final SSLSocketFactory factory = _sslContext.getSocketFactory(); - return new ServerSocket(port) + ServerSocket serverSocket = new ServerSocket(port) { public Socket accept() throws IOException { Socket socket = super.accept(); SSLSocket sslSocket = - (SSLSocket) factory.createSocket(socket, - socket.getInetAddress().getHostName(), - socket.getPort(), - true); + (SSLSocket) factory.createSocket(socket, + socket.getInetAddress().getHostName(), + socket.getPort(), + true); sslSocket.setUseClientMode(false); return sslSocket; } }; + serverSocket.setReuseAddress(true); + return serverSocket; } /** diff --git a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java index b7aab78e45..48d63c8cea 100644 --- a/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/CustomRMIServerSocketFactory.java +++ b/qpid/java/broker-plugins/management-jmx/src/main/java/org/apache/qpid/server/jmx/RegistryProtectingRMIServerSocketFactory.java @@ -26,19 +26,35 @@ import java.net.Socket; import java.rmi.server.RMIServerSocketFactory; /** - * Custom RMIServerSocketFactory class, used to prevent updates to the RMI registry. + * A custom RMIServerSocketFactory class, used to prevent updates to the RMI registry. * Supplied to the registry at creation, this will prevent RMI-based operations on the * registry such as attempting to bind a new object, thereby securing it from tampering. * This is accomplished by always returning null when attempting to determine the address * of the caller, thus ensuring the registry will refuse the attempt. Calls to bind etc * made using the object reference will not be affected and continue to operate normally. */ -class CustomRMIServerSocketFactory implements RMIServerSocketFactory +class RegistryProtectingRMIServerSocketFactory implements RMIServerSocketFactory { + @Override public ServerSocket createServerSocket(int port) throws IOException { - return new NoLocalAddressServerSocket(port); + NoLocalAddressServerSocket serverSocket = new NoLocalAddressServerSocket(port); + serverSocket.setReuseAddress(true); + return serverSocket; + } + + @Override + public int hashCode() + { + final int prime = 31; + return prime * RegistryProtectingRMIServerSocketFactory.class.getName().hashCode(); + } + + @Override + public boolean equals(final Object obj) + { + return getClass() == obj.getClass(); } private static class NoLocalAddressServerSocket extends ServerSocket |