/* * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.management.remote.rmi; import java.io.IOException; import sun.misc.ObjectInputFilter; import java.rmi.NoSuchObjectException; import java.rmi.Remote; import java.rmi.RemoteException; import java.rmi.server.RMIClientSocketFactory; import java.rmi.server.RMIServerSocketFactory; import java.rmi.server.UnicastRemoteObject; import java.rmi.server.RemoteObject; import java.util.Map; import java.util.Collections; import javax.security.auth.Subject; import com.sun.jmx.remote.internal.RMIExporter; import com.sun.jmx.remote.util.EnvHelp; import java.util.ArrayList; import java.util.Arrays; import java.util.Set; import java.util.stream.Collectors; import sun.reflect.misc.ReflectUtil; import sun.rmi.server.DeserializationChecker; import sun.rmi.server.UnicastServerRef; import sun.rmi.server.UnicastServerRef2; import sun.rmi.transport.LiveRef; /** *

An {@link RMIServer} object that is exported through JRMP and that * creates client connections as RMI objects exported through JRMP. * User code does not usually reference this class directly.

* * @see RMIServerImpl * * @since 1.5 */ public class RMIJRMPServerImpl extends RMIServerImpl { /** *

Creates a new {@link RMIServer} object that will be exported * on the given port using the given socket factories.

* * @param port the port on which this object and the {@link * RMIConnectionImpl} objects it creates will be exported. Can be * zero, to indicate any available port. * * @param csf the client socket factory for the created RMI * objects. Can be null. * * @param ssf the server socket factory for the created RMI * objects. Can be null. * * @param env the environment map. Can be null. * * @exception IOException if the {@link RMIServer} object * cannot be created. * * @exception IllegalArgumentException if port is * negative. */ public RMIJRMPServerImpl(int port, RMIClientSocketFactory csf, RMIServerSocketFactory ssf, Map env) throws IOException { super(env); if (port < 0) throw new IllegalArgumentException("Negative port: " + port); this.port = port; this.csf = csf; this.ssf = ssf; this.env = (env == null) ? Collections.emptyMap() : env; // This attribute was represented by RMIConnectorServer.CREDENTIALS_TYPES. // This attribute is superceded by // RMIConnectorServer.CREDENTIALS_FILTER_PATTERN. // Retaining this for backward compatibility. String[] credentialsTypes = (String[]) this.env.get("jmx.remote.rmi.server.credential.types"); String credentialsFilter = (String) this.env.get(RMIConnectorServer.CREDENTIALS_FILTER_PATTERN); // It is impossible for both attributes to be specified if(credentialsTypes != null && credentialsFilter != null) throw new IllegalArgumentException("Cannot specify both \"" + "jmx.remote.rmi.server.credential.types" + "\" and \"" + RMIConnectorServer.CREDENTIALS_FILTER_PATTERN + "\""); else if(credentialsFilter != null){ cFilter = ObjectInputFilter.Config.createFilter(credentialsFilter); allowedTypes = null; } else if (credentialsTypes != null) { allowedTypes = Arrays.stream(credentialsTypes).filter( s -> s!= null).collect(Collectors.toSet()); allowedTypes.stream().forEach(ReflectUtil::checkPackageAccess); cFilter = this::newClientCheckInput; } else { allowedTypes = null; cFilter = null; } String userJmxFilter = (String) this.env.get(RMIConnectorServer.SERIAL_FILTER_PATTERN); if(userJmxFilter != null && !userJmxFilter.isEmpty()) jmxRmiFilter = ObjectInputFilter.Config.createFilter(userJmxFilter); else jmxRmiFilter = null; } protected void export() throws IOException { export(this, cFilter); } private void export(Remote obj, ObjectInputFilter typeFilter) throws RemoteException { final RMIExporter exporter = (RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE); final boolean daemon = EnvHelp.isServerDaemon(env); if (daemon && exporter != null) { throw new IllegalArgumentException("If "+EnvHelp.JMX_SERVER_DAEMON+ " is specified as true, "+RMIExporter.EXPORTER_ATTRIBUTE+ " cannot be used to specify an exporter!"); } if (exporter != null) { exporter.exportObject(obj, port, csf, ssf, typeFilter); } else { if (csf == null && ssf == null) { new UnicastServerRef(new LiveRef(port), typeFilter).exportObject(obj, null, daemon); } else { new UnicastServerRef2(port, csf, ssf, typeFilter).exportObject(obj, null, daemon); } } } private void unexport(Remote obj, boolean force) throws NoSuchObjectException { RMIExporter exporter = (RMIExporter) env.get(RMIExporter.EXPORTER_ATTRIBUTE); if (exporter == null) UnicastRemoteObject.unexportObject(obj, force); else exporter.unexportObject(obj, force); } protected String getProtocol() { return "rmi"; } /** *

Returns a serializable stub for this {@link RMIServer} object.

* * @return a serializable stub. * * @exception IOException if the stub cannot be obtained - e.g the * RMIJRMPServerImpl has not been exported yet. */ public Remote toStub() throws IOException { return RemoteObject.toStub(this); } /** *

Creates a new client connection as an RMI object exported * through JRMP. The port and socket factories for the new * {@link RMIConnection} object are the ones supplied * to the RMIJRMPServerImpl constructor.

* * @param connectionId the ID of the new connection. Every * connection opened by this connector server will have a * different id. The behavior is unspecified if this parameter is * null. * * @param subject the authenticated subject. Can be null. * * @return the newly-created RMIConnection. * * @exception IOException if the new {@link RMIConnection} * object cannot be created or exported. */ protected RMIConnection makeClient(String connectionId, Subject subject) throws IOException { if (connectionId == null) throw new NullPointerException("Null connectionId"); RMIConnection client = new RMIConnectionImpl(this, connectionId, getDefaultClassLoader(), subject, env); export(client, jmxRmiFilter); return client; } protected void closeClient(RMIConnection client) throws IOException { unexport(client, true); } /** *

Called by {@link #close()} to close the connector server by * unexporting this object. After returning from this method, the * connector server must not accept any new connections.

* * @exception IOException if the attempt to close the connector * server failed. */ protected void closeServer() throws IOException { unexport(this, true); } /** * Check that a type in the remote invocation of {@link RMIServerImpl#newClient} * is one of the {@code allowedTypes}. * * @param clazz the class; may be null * @param size the size for arrays, otherwise is 0 * @param nObjectRefs the current number of object references * @param depth the current depth * @param streamBytes the current number of bytes consumed * @return {@code ObjectInputFilter.Status.ALLOWED} if the class is allowed, * otherwise {@code ObjectInputFilter.Status.REJECTED} */ ObjectInputFilter.Status newClientCheckInput(ObjectInputFilter.FilterInfo filterInfo) { ObjectInputFilter.Status status = ObjectInputFilter.Status.UNDECIDED; if (allowedTypes != null && filterInfo.serialClass() != null) { // If enabled, check type String type = filterInfo.serialClass().getName(); if (allowedTypes.contains(type)) status = ObjectInputFilter.Status.ALLOWED; else status = ObjectInputFilter.Status.REJECTED; } return status; } private final int port; private final RMIClientSocketFactory csf; private final RMIServerSocketFactory ssf; private final Map env; private final Set allowedTypes; private final ObjectInputFilter jmxRmiFilter; private final ObjectInputFilter cFilter; }