MBeanServer -> MBean interceptors
simone Mar 14, 2002 4:36 AMHi [long],
so I was playing with the idea of MBeanServer -> MBean interceptors, and actually found that they're quite useful :)
In "another implementation" (which I cannot mention because otherwise Marc will bust me) you can have the code details ]:)
My idea is this one: we intercept calls that may end up in invoking the MBean instance, that is:
- add/removeNotificationListener
- MBeanRegistration Methods
- set/getAttribute(s) + invoke
- instantiate
- getMBeanInfo
The MBeanServerInterceptor interface will have a bunch of methods instead of the de-typed "invoke(Invocation)" one, to avoid reflection slowness. Interceptors and the configurator of them are MBeans registered in the MBeanServer itself
One use of this interceptors will be the context classloader setting, that now is not factored apart.
But there is another interesting use I was discussing yesterday with JSR 160 people.
Imagine this example:
MBeanA in mbeana.jar
MBeanB in mbeanb.jar
jmx.jar with the implementation
Now MBeanB writes to files. When run under a security manager, this is a restricted operation, so you need this policy file (pseudo-syntax):
grant codebase "jmx.jar" {AllPermission};
grant codebase "mbeanb.jar" {FilePermission <<ALL FILES>>, "rwdx"};
Ok, now from MBeanA you want to call MBeanB, so the stack is:
MBeanA
MBeanServer.invoke
MBeanB
which means that also MBeanA will need MBeanB's permissions.
So what happens if MBeanA talks to 10 different MBeans ? That it will need the union of all their permissions. Bad.
But we can have an MBeanServerInterceptor to take care of this problem :)
Its task is this:
- check a MBeanAccessPermission
- invoke the next interceptor in a privileged block
MBeanAccessPermission takes an object name as parameter and its meaning is: "can I access the MBean with the specified object name, regardless of the operation I will do there ?", or better yet, "can I invoke the MBean with the specified object name in a privileged block ?"
If I cannot, the interceptor will throw a SecurityException.
The stack will be:
MBeanA
MBeanServer.invoke
AccessController.doPrivileged
MBeanB
In this case MBeanA only need the permission to access MBeanB, so the policy file will be:
grant codebase "jmx.jar" {AllPermission};
grant codebase "mbeanb.jar" {FilePermission <<ALL FILES>>, "rwdx"};
grant codebase "mbeana.jar" {MBeanAccessPermission, "MBean:type=B"};
Want to access 10 MBeans ?
grant codebase "mbeana.jar" {MBeanAccessPermission, "MBean:*"};
Comments are welcome.
Regards
Simon