Path: blob/master/test/jdk/javax/management/remote/nonLocalAccess/NonLocalJMXRemoteTest.java
41152 views
/*1* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.net.InetAddress;24import java.rmi.AccessException;25import java.rmi.NotBoundException;26import java.rmi.registry.LocateRegistry;27import java.rmi.registry.Registry;28import java.util.Set;2930/* @test31* @bug 817477032* @summary Verify that JMX Registry rejects non-local access for bind, unbind, rebind.33* The test is manual because the (non-local) host and port running JMX must be supplied as properties.34* @run main/othervm/manual -Djmx-registry.host=jmx-registry-host -Djmx-registry.port=jmx-registry-port NonLocalJMXRemoteTest35*/3637/**38* Verify that access checks for the Registry exported by JMX Registry.bind(),39* .rebind(), and .unbind() are prevented on remote access to the registry.40* The test verifies that the access check is performed *before* the object to be41* bound or rebound is deserialized.42* This tests the SingleEntryRegistry implemented by JMX.43* This test is a manual test and uses JMX running on a *different* host.44* JMX can be enabled in any Java runtime; for example:45*46* Note: Use remote host with latest JDK update release for invoking rmiregistry.47*48* Note: Test should be ran twice once using arg1 and once using arg2.49*50* login or ssh to the remote host and invoke rmiregistry with arg1.51* It will not show any output.52* Execute the test, after test completes execution, stop the server.53*54* repeat above step using arg2 and execute the test.55*56*57* arg1: {@code $JDK_HOME/bin/rmiregistry \58* -J-Dcom.sun.management.jmxremote.port=8888 \59* -J-Dcom.sun.management.jmxremote.local.only=false \60* -J-Dcom.sun.management.jmxremote.ssl=false \61* -J-Dcom.sun.management.jmxremote.authenticate=false62* }63*64*65* replace "jmx-registry-host" with the hostname or IP address of the remote host66* for property "-J-Dcom.sun.management.jmxremote.host" below.67*68* arg2: {@code $JDK_HOME/bin/rmiregistry \69* -J-Dcom.sun.management.jmxremote.port=8888 \70* -J-Dcom.sun.management.jmxremote.local.only=false \71* -J-Dcom.sun.management.jmxremote.ssl=false \72* -J-Dcom.sun.management.jmxremote.authenticate=false \73* -J-Dcom.sun.management.jmxremote.host="jmx-registry-host"74* }75*76* On the first host modify the @run command above to replace "jmx-registry-host"77* with the hostname or IP address of the different host and run the test with jtreg.78*/79public class NonLocalJMXRemoteTest {8081public static void main(String[] args) throws Exception {8283String host = System.getProperty("jmx-registry.host");84if (host == null || host.isEmpty()) {85throw new RuntimeException("Specify host with system property: -Djmx-registry.host=<host>");86}87int port = Integer.getInteger("jmx-registry.port", -1);88if (port <= 0) {89throw new RuntimeException("Specify port with system property: -Djmx-registry.port=<port>");90}9192// Check if running the test on a local system; it only applies to remote93String myHostName = InetAddress.getLocalHost().getHostName();94Set<InetAddress> myAddrs = Set.of(InetAddress.getAllByName(myHostName));95Set<InetAddress> hostAddrs = Set.of(InetAddress.getAllByName(host));96if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))97|| hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {98throw new RuntimeException("Error: property 'jmx-registry.host' must not be the local host%n");99}100101Registry registry = LocateRegistry.getRegistry(host, port);102try {103// Verify it is a JMX Registry104registry.lookup("jmxrmi");105} catch (NotBoundException nf) {106throw new RuntimeException("Not a JMX registry, jmxrmi is not bound", nf);107}108109try {110registry.bind("foo", null);111throw new RuntimeException("Remote access should not succeed for method: bind");112} catch (Exception e) {113assertIsAccessException(e);114}115116try {117registry.rebind("foo", null);118throw new RuntimeException("Remote access should not succeed for method: rebind");119} catch (Exception e) {120assertIsAccessException(e);121}122123try {124registry.unbind("foo");125throw new RuntimeException("Remote access should not succeed for method: unbind");126} catch (Exception e) {127assertIsAccessException(e);128}129}130131/**132* Check the exception chain for the expected AccessException and message.133* @param ex the exception from the remote invocation.134*/135private static void assertIsAccessException(Throwable ex) {136Throwable t = ex;137while (!(t instanceof AccessException) && t.getCause() != null) {138t = t.getCause();139}140if (t instanceof AccessException) {141String msg = t.getMessage();142int asIndex = msg.indexOf("Registry");143int disallowIndex = msg.indexOf("disallowed");144int nonLocalHostIndex = msg.indexOf("non-local host");145if (asIndex < 0 ||146disallowIndex < 0 ||147nonLocalHostIndex < 0 ) {148System.out.println("Exception message is " + msg);149throw new RuntimeException("exception message is malformed", t);150}151System.out.printf("Found expected AccessException: %s%n%n", t);152} else {153throw new RuntimeException("AccessException did not occur when expected", ex);154}155}156}157158159