[rhq] Branch 'lkrejci/dissalow-alert-scripts-from-accessing-local-slsbs' - 2 commits - modules/enterprise modules/integration-tests
by lkrejci
modules/enterprise/server/container-lib/pom.xml | 1
modules/enterprise/server/container-lib/src/main/java/org/rhq/jndi/AccessCheckingInitialContextFactoryBuilder.java | 11
modules/integration-tests/jndi-access/jndi-access-test/pom.xml | 315 ++++++++++
modules/integration-tests/jndi-access/jndi-access-test/src/test/java/org/rhq/jndi/test/JndiAccessTest.java | 193 ++++++
modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/hibernate.properties | 26
modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/jms-ra.rar |binary
modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/log4j.xml | 78 ++
modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/security.policy | 10
modules/integration-tests/jndi-access/pom.xml | 21
modules/integration-tests/jndi-access/remote-server/pom.xml | 72 ++
modules/integration-tests/jndi-access/remote-server/src/main/java/org/rhq/jndi/test/Server.java | 79 ++
modules/integration-tests/jndi-access/remote-server/src/main/resources/jndi.properties | 2
modules/integration-tests/jndi-access/remote-server/src/main/resources/log4j.properties | 5
modules/integration-tests/pom.xml | 1
14 files changed, 807 insertions(+), 7 deletions(-)
New commits:
commit 0dcc5c33c0cc9ca03a32bd17dd8e188ca27b243d
Author: Lukas Krejci <lkrejci(a)redhat.com>
Date: Tue Jan 3 14:47:12 2012 +0100
Adding integration tests for the ability of serverside scripts to access remote JNDI servers (unlike the JNDI directory of the RHQ server itself).
diff --git a/modules/integration-tests/jndi-access/jndi-access-test/pom.xml b/modules/integration-tests/jndi-access/jndi-access-test/pom.xml
new file mode 100644
index 0000000..1991e0e
--- /dev/null
+++ b/modules/integration-tests/jndi-access/jndi-access-test/pom.xml
@@ -0,0 +1,315 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>jndi-access-test-parent</artifactId>
+ <groupId>org.rhq</groupId>
+ <version>4.3.0-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.rhq</groupId>
+ <artifactId>jndi-access-test</artifactId>
+ <packaging>jar</packaging>
+
+ <name>JNDI access integration test</name>
+ <description>Tests for local and remote JNDI access from within serverside scripts.</description>
+
+ <properties>
+ <rhq.server.datasource>java:/RHQDS</rhq.server.datasource>
+ <rhq.server.ds-mapping>PostgreSQL</rhq.server.ds-mapping>
+ <jboss-embeddable-ejb3.version>1.0.0.Alpha9</jboss-embeddable-ejb3.version>
+ <jnp.port>54987</jnp.port>
+ <jnp.rmiPort>54988</jnp.rmiPort>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ <scope>runtime</scope>
+ </dependency>
+
+ <!--================ Test Deps ================ -->
+
+ <!-- Note, the test deps are intentionally placed above the other
+ scoped deps because of classpath reasons. Maven orders the [test] classpath
+ in the order listed in the pom. We specifically need the embeddable-ejb3
+ jar above the standard ejb3 jars because we need the embeddble packages loaded
+ when testing. -->
+
+ <dependency>
+ <groupId>org.rhq</groupId>
+ <artifactId>test-utils</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.testng</groupId>
+ <artifactId>testng</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.rhq</groupId>
+ <artifactId>rhq-core-domain</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.rhq</groupId>
+ <artifactId>rhq-enterprise-server</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.rhq</groupId>
+ <artifactId>rhq-enterprise-server</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>rhq-core-client-api</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>rhq-container-lib</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>rhq-server-client-api</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.rhq</groupId>
+ <artifactId>jndi-access-remote-server</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>jboss.jboss-embeddable-ejb3</groupId>
+ <artifactId>jboss-ejb3-all</artifactId>
+ <version>${jboss-embeddable-ejb3.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- NOTE: The remaining test deps correspond to the classes contained
+ in hibernate-all.jar and thirdparty-all.jar. -->
+
+ <dependency>
+ <groupId>javassist</groupId>
+ <artifactId>javassist</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- needed by embedded ejb container -->
+ <dependency>
+ <groupId>trove</groupId>
+ <artifactId>trove</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- needed by embedded ejb container -->
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.8.1</version>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- 3rd Party Deps -->
+
+ <!-- required by RHQ server classes, as well as EJB3 Embedded -->
+ <dependency>
+ <groupId>dom4j</groupId>
+ <artifactId>dom4j</artifactId>
+ <version>1.6.1-jboss</version>
+ <scope>runtime</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>hibernate</groupId>
+ <artifactId>hibernate3</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS -->
+ </dependency>
+
+ <dependency>
+ <groupId>hibernate-annotations</groupId>
+ <artifactId>hibernate-annotations</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS -->
+ </dependency>
+
+ <dependency>
+ <groupId>hibernate-entitymanager</groupId>
+ <artifactId>hibernate-entitymanager</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>1.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.persistence</groupId>
+ <artifactId>persistence-api</artifactId>
+ <version>1.0</version>
+ <scope>provided</scope> <!-- by JBossAS -->
+ </dependency>
+
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-annotations-ejb3</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS -->
+ </dependency>
+
+ <!-- includes the org.jboss.ejb3.StrictMaxPool class, which is needed
+ by the PoolClass annotation used on some of our SLSB's -->
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-ejb3</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS -->
+ </dependency>
+
+ <!-- for the transaction interrupt EJB3 interceptor -->
+ <dependency>
+ <groupId>org.jboss.transaction</groupId>
+ <artifactId>jboss-jta</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS -->
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensymphony.quartz</groupId>
+ <artifactId>quartz</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS itself, which the container build has packaged with 1.6.5 -->
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensymphony.quartz</groupId>
+ <artifactId>quartz-oracle</artifactId>
+ <!-- NOTE: The version is defined in the root POM's dependencyManagement
+ section. -->
+ <scope>provided</scope> <!-- by JBossAS itself, which the container build has packaged with 1.6.5 -->
+ </dependency>
+
+ <!-- This is needed cglib which is in turn needed by hibernate -->
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymockclassextension</artifactId>
+ <version>2.2</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.freemarker</groupId>
+ <artifactId>freemarker</artifactId>
+ <version>2.3.18</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.resteasy</groupId>
+ <artifactId>resteasy-jaxrs</artifactId>
+ <version>${resteasy.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>true</filtering>
+ </testResource>
+ </testResources>
+
+ <plugins>
+ <plugin>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <!-- in order to get JMS to work properly in embedded
+ test container, extract jms-rs.rar classes -->
+ <execution>
+ <id>Extract JMS classes from RAR needed for JMS tests</id>
+ <phase>process-classes</phase>
+ <configuration>
+ <tasks>
+ <unzip src="src/test/resources/jms-ra.rar"
+ dest="target">
+ <patternset>
+ <include name="jms-ra.jar" />
+ </patternset>
+ </unzip>
+ <unzip src="target/jms-ra.jar"
+ dest="target/test-classes">
+ <patternset>
+ <include name="org/**" />
+ </patternset>
+ </unzip>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <!-- Everything but the web service tests, this is the standard
+ test execution -->
+ <configuration>
+ <excludedGroups>${rhq.testng.excludedGroups}</excludedGroups>
+ <groups>${rhq.testng.includedGroups}</groups>
+ <systemPropertyVariables>
+ <embeddedDeployment>true</embeddedDeployment>
+ <deploymentDirectory>target/test-classes</deploymentDirectory>
+ <hibernate.dialect>${rhq.test.ds.hibernate-dialect}</hibernate.dialect>
+ <clean.db>${clean.db}</clean.db>
+ <test.server.jar.path>${settings.localRepository}/org/rhq/jndi-access-remote-server/${project.version}/jndi-access-remote-server-${project.version}.jar</test.server.jar.path>
+ <jnp.port>${jnp.port}</jnp.port>
+ <jnp.rmiPort>${jnp.rmiPort}</jnp.rmiPort>
+ </systemPropertyVariables>
+ <argLine>-Djava.security.manager -Djava.security.policy==target/test-classes/security.policy</argLine>
+ <additionalClasspathElements>
+ <!-- The below is required for tests to run against
+ Oracle. -->
+ <additionalClasspathElement>${settings.localRepository}/com/oracle/ojdbc5/${ojdbc5.version}/ojdbc5-${ojdbc5.version}.jar</additionalClasspathElement>
+ </additionalClasspathElements>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+
+</project>
diff --git a/modules/integration-tests/jndi-access/jndi-access-test/src/test/java/org/rhq/jndi/test/JndiAccessTest.java b/modules/integration-tests/jndi-access/jndi-access-test/src/test/java/org/rhq/jndi/test/JndiAccessTest.java
new file mode 100644
index 0000000..f20d4f1
--- /dev/null
+++ b/modules/integration-tests/jndi-access/jndi-access-test/src/test/java/org/rhq/jndi/test/JndiAccessTest.java
@@ -0,0 +1,193 @@
+/*
+ * RHQ Management Platform
+ * Copyright (C) 2005-2012 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+package org.rhq.jndi.test;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.io.SerializablePermission;
+import java.security.PermissionCollection;
+import java.util.Collections;
+import java.util.Properties;
+
+import javax.naming.InitialContext;
+import javax.script.ScriptEngine;
+import javax.script.ScriptException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.testng.Assert;
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Parameters;
+import org.testng.annotations.Test;
+
+import org.rhq.bindings.SandboxedScriptEngine;
+import org.rhq.bindings.ScriptEngineFactory;
+import org.rhq.bindings.StandardBindings;
+import org.rhq.bindings.StandardScriptPermissions;
+import org.rhq.bindings.util.PackageFinder;
+import org.rhq.core.domain.auth.Subject;
+import org.rhq.enterprise.client.LocalClient;
+import org.rhq.enterprise.server.test.AbstractEJB3Test;
+import org.rhq.enterprise.server.util.LookupUtil;
+import org.rhq.jndi.AllowRhqServerInternalsAccessPermission;
+
+/**
+ *
+ *
+ * @author Lukas Krejci
+ */
+@Test
+public class JndiAccessTest extends AbstractEJB3Test {
+ private static final Log JNP_SERVER_LOG = LogFactory.getLog("Test JNP Server");
+
+ private Process testServerProcess;
+ private Thread testServerStdErrReader;
+ private Thread testServerStdOutReader;
+
+ @BeforeClass
+ @Parameters({"test.server.jar.path", "jnp.port", "jnp.rmiPort"})
+ public void startTestJnpServer(String testServerJar, int jnpPort, int rmiPort) throws Exception {
+ ProcessBuilder bld = new ProcessBuilder("java", "-Djnp.port=" + jnpPort, "-Djnp.rmiPort=" + rmiPort, "-jar", testServerJar);
+
+ testServerProcess = bld.start();
+
+ testServerStdErrReader = new Thread(new Runnable() {
+ @Override
+ public void run() {
+ BufferedReader rdr = new BufferedReader(new InputStreamReader(testServerProcess.getErrorStream()));
+ try {
+ String line;
+ while((line = rdr.readLine()) != null) {
+ JNP_SERVER_LOG.warn(line);
+ }
+ } catch (IOException e) {
+ JNP_SERVER_LOG.error("Reading test JNP server error output failed.", e);
+ } finally {
+ try {
+ rdr.close();
+ } catch (IOException e) {
+ JNP_SERVER_LOG.error("Failed to close the test server error stream.", e);
+ }
+ }
+ }
+ });
+ testServerStdErrReader.start();
+
+ testServerStdOutReader = new Thread(new Runnable() {
+ @Override
+ public void run() {
+ BufferedReader rdr = new BufferedReader(new InputStreamReader(testServerProcess.getInputStream()));
+ try {
+ String line;
+ while((line = rdr.readLine()) != null) {
+ JNP_SERVER_LOG.debug(line);
+ }
+ } catch (IOException e) {
+ JNP_SERVER_LOG.error("Reading test JNP server standard output failed.", e);
+ } finally {
+ try {
+ rdr.close();
+ } catch (IOException e) {
+ JNP_SERVER_LOG.error("Failed to close the test server standard output stream.", e);
+ }
+ }
+ }
+ });
+ testServerStdOutReader.start();
+
+ //give the JNP server some time to start up
+ Thread.sleep(5000);
+ }
+
+ @AfterClass
+ public void stopTestJnpServer() throws Exception {
+ testServerProcess.destroy();
+ testServerStdErrReader.join();
+ testServerStdOutReader.join();
+ }
+
+ @Parameters("jnp.port")
+ public void testRemoteConnectionWorkingFromJava(int jnpPort) throws Exception {
+ Properties env = new Properties();
+ env.put("java.naming.factory.initial", "org.jboss.naming.NamingContextFactory");
+ env.put("java.naming.provider.url", "jnp://localhost:" + jnpPort);
+ InitialContext ctx = new InitialContext(env);
+ Object kachny = ctx.lookup("kachny");
+
+ assert kachny != null;
+ }
+
+ public void testLocalJNDILookupFailsFromScripts() throws Exception {
+ Subject overlord = LookupUtil.getSubjectManager().getOverlord();
+
+ ScriptEngine engine = getEngine(overlord);
+
+ try {
+ engine.eval(""
+ + "context = new javax.naming.InitialContext();\n"
+ + "entityManagerFactory = context.lookup('java:/RHQEntityManagerFactory');\n"
+ + "entityManager = entityManagerFactory.createEntityManager();\n"
+ + "entityManager.find(java.lang.Class.forName('org.rhq.core.domain.resource.Resource'), java.lang.Integer.valueOf('10001'));");
+
+ Assert.fail("The script shouldn't have been able to use the EntityManager.");
+ } catch (ScriptException e) {
+ checkIsDesiredSecurityException(e);
+ }
+ }
+
+ @Parameters("jnp.port")
+ public void testRemoteJNDILookupWorksFromScripts(int jnpPort) throws Exception {
+ Subject overlord = LookupUtil.getSubjectManager().getOverlord();
+
+ ScriptEngine engine = getEngine(overlord);
+
+ try {
+ engine.eval(""
+ + "env = new java.util.Hashtable();"
+ + "env.put('java.naming.factory.initial', 'org.jboss.naming.NamingContextFactory');"
+ + "env.put('java.naming.provider.url', 'jnp://localhost:" + jnpPort + "');"
+ + "context = new javax.naming.InitialContext(env);\n"
+ + "kachny = context.lookup('kachny');\n"
+ + "assertNotNull(kachny);\n");
+ } catch (ScriptException e) {
+ Assert.fail("The script should have been able to access a remote JNDI server.", e);
+ }
+ }
+
+ private ScriptEngine getEngine(Subject subject) throws ScriptException, IOException {
+ StandardBindings bindings = new StandardBindings(new PrintWriter(System.out), new LocalClient(subject));
+ ScriptEngine engine = ScriptEngineFactory.getScriptEngine("JavaScript", new PackageFinder(Collections.<File>emptyList()), bindings);
+
+ PermissionCollection perms = new StandardScriptPermissions();
+
+ return new SandboxedScriptEngine(engine, perms);
+ }
+
+ private static void checkIsDesiredSecurityException(ScriptException e) {
+ String message = e.getMessage();
+ String permissionTrace = AllowRhqServerInternalsAccessPermission.class.getName();
+
+ Assert.assertTrue(message.contains(permissionTrace), "The script exception doesn't seem to be caused by the AllowRhqServerInternalsAccessPermission security exception. " + message);
+ }
+}
diff --git a/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/hibernate.properties b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/hibernate.properties
new file mode 100644
index 0000000..1951b84
--- /dev/null
+++ b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/hibernate.properties
@@ -0,0 +1,26 @@
+# FOR SOME STRANGE REASON, THIS FILE NEEDS TO BE HERE FOR THE HIBERNATE TO CORRECTLY
+# INITIALIZE. I DON'T KNOW WHY THE STANDARD default.persistence.properties FILE DOESN'T
+# WORK IN THIS MODULE.
+
+hibernate.transaction.manager_lookup_class=org.hibernate.transaction.JBossTransactionManagerLookup
+#hibernate.connection.release_mode=after_statement
+#hibernate.transaction.flush_before_completion=false
+#hibernate.transaction.auto_close_session=false
+#hibernate.query.factory_class=org.hibernate.hql.ast.ASTQueryTranslatorFactory
+#hibernate.hbm2ddl.auto=create-drop
+#hibernate.hbm2ddl.auto=create
+hibernate.cache.provider_class=org.hibernate.cache.HashtableCacheProvider
+# Clustered cache with TreeCache
+#hibernate.cache.provider_class=org.jboss.ejb3.entity.TreeCacheProviderHook
+#hibernate.treecache.mbean.object_name=jboss.cache:service=EJB3EntityTreeCache
+#hibernate.dialect=org.hibernate.dialect.HSQLDialect
+hibernate.jndi.java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
+hibernate.jndi.java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
+hibernate.bytecode.use_reflection_optimizer=false
+# I don't think this is honored, but EJB3Deployer uses it
+hibernate.bytecode.provider=javassist
+hibernate.jdbc.use_streams_for_binary=true
+hibernate.show_sql=false
+hibernate.format_sql=true
+hibernate.default_batch_fetch_size=16
+hibernate.jdbc.batch_size=20
diff --git a/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/jms-ra.rar b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/jms-ra.rar
new file mode 100644
index 0000000..c4807c6
Binary files /dev/null and b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/jms-ra.rar differ
diff --git a/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/log4j.xml b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/log4j.xml
new file mode 100644
index 0000000..ec09ed7
--- /dev/null
+++ b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/log4j.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<!-- ===================================================================== -->
+<!-- -->
+<!-- Log4j Configuration -->
+<!-- -->
+<!-- ===================================================================== -->
+
+<!-- $Id: log4j.xml 39945 2006-01-12 02:44:07Z bill $ -->
+
+<!--
+ | For more configuration infromation and examples see the Jakarta Log4j
+ | owebsite: http://jakarta.apache.org/log4j
+ -->
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="true">
+
+ <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="Target" value="System.out"/>
+ <param name="Threshold" value="WARN"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Messagen -->
+ <!--
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
+ -->
+ <param name="ConversionPattern" value="%-5p %d{dd-MM HH:mm:ss,SSS} [%c] (%F:%M:%L) -%m%n"/>
+ </layout>
+ </appender>
+
+ <appender name="FILE" class="org.apache.log4j.RollingFileAppender">
+ <param name="File" value="target/server-jar-test.log"/>
+ <param name="Threshold" value="WARN"/>
+ <param name="Append" value="false"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Messagen -->
+ <!--
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
+ -->
+ <param name="ConversionPattern" value="%-5p %d{dd-MM HH:mm:ss,SSS} [%c] (%F:%M:%L) -%m%n"/>
+ </layout>
+ </appender>
+
+ <category name="Test JNP Server">
+ <priority value="DEBUG"/>
+ </category>
+
+ <!-- Hibernate logs WARNINGS frequent from this class, in test envs. -->
+ <category name="org.hibernate.hql.ast.QueryTranslatorImpl">
+ <priority value="ERROR"/>
+ </category>
+
+ <!-- hides the TIMER SERVICE IS NOT INSTALLED warning - we know embedded EJB3 container doesn't support timers -->
+ <category name="org.jboss.ejb3.timerservice.jboss.JBossTimerServiceFactory">
+ <priority value="ERROR"/>
+ </category>
+
+ <!-- hides the shutdown warnings - for some reason, the container spits out some warnings when shutting down -->
+ <category name="org.jboss.kernel.plugins.dependency.StartStopLifecycleAction">
+ <priority value="ERROR"/>
+ </category>
+
+ <!-- Hibernate SQL logs -->
+ <!--
+ <category name="org.hibernate.SQL">
+ <priority value="DEBUG"/>
+ </category>
+ -->
+
+ <root>
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="FILE"/>
+ </root>
+
+</log4j:configuration>
diff --git a/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/security.policy b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/security.policy
new file mode 100644
index 0000000..8860b47
--- /dev/null
+++ b/modules/integration-tests/jndi-access/jndi-access-test/src/test/resources/security.policy
@@ -0,0 +1,10 @@
+// We need the SecurityManager installed to enable sandboxing of CLI scripts
+// but we don't define any other security measures on the RHQ server itself.
+//
+// Granting all permissions allows us to run the RHQ server as if no security
+// manager was in place (which is assumed by default by JBoss AS) but be able
+// to use it when we need it for our own purposes.
+
+grant {
+ permission java.security.AllPermission;
+};
diff --git a/modules/integration-tests/jndi-access/pom.xml b/modules/integration-tests/jndi-access/pom.xml
new file mode 100644
index 0000000..6e9c673
--- /dev/null
+++ b/modules/integration-tests/jndi-access/pom.xml
@@ -0,0 +1,21 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>rhq-integration-tests</artifactId>
+ <groupId>org.rhq</groupId>
+ <version>4.3.0-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.rhq</groupId>
+ <artifactId>jndi-access-test-parent</artifactId>
+ <packaging>pom</packaging>
+
+ <name>JNDI access tests</name>
+ <description>Tests for the secured JNDI access tests</description>
+
+ <modules>
+ <module>remote-server</module>
+ <module>jndi-access-test</module>
+ </modules>
+</project>
diff --git a/modules/integration-tests/jndi-access/remote-server/pom.xml b/modules/integration-tests/jndi-access/remote-server/pom.xml
new file mode 100644
index 0000000..9046e6f
--- /dev/null
+++ b/modules/integration-tests/jndi-access/remote-server/pom.xml
@@ -0,0 +1,72 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <artifactId>jndi-access-test-parent</artifactId>
+ <groupId>org.rhq</groupId>
+ <version>4.3.0-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.rhq</groupId>
+ <artifactId>jndi-access-remote-server</artifactId>
+ <packaging>jar</packaging>
+
+ <name>Test JNDI-enabled remote server</name>
+ <description>
+ A testing JNDI-enabled server to test the ability to connect to remote servers without security
+ checks from within the scripts running inside the RHQ server.
+ </description>
+
+ <dependencies>
+
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jnpserver</artifactId>
+ <version>4.2.2.GA</version>
+ </dependency>
+
+ <dependency>
+ <groupId>jboss</groupId>
+ <artifactId>jboss-common</artifactId>
+ <version>4.2.2.GA</version>
+ </dependency>
+
+ <dependency>
+ <groupId>oswego-concurrent</groupId>
+ <artifactId>concurrent</artifactId>
+ <version>1.3.4-jboss</version>
+ </dependency>
+
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.14</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>package</id>
+ <phase>package</phase>
+ <goals><goal>single</goal></goals>
+ <configuration>
+ <archive>
+ <manifest>
+ <mainClass>org.rhq.jndi.test.Server</mainClass>
+ </manifest>
+ </archive>
+ <descriptorRefs>
+ <descriptorRef>jar-with-dependencies</descriptorRef>
+ </descriptorRefs>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ </plugins>
+ </build>
+</project>
diff --git a/modules/integration-tests/jndi-access/remote-server/src/main/java/org/rhq/jndi/test/Server.java b/modules/integration-tests/jndi-access/remote-server/src/main/java/org/rhq/jndi/test/Server.java
new file mode 100644
index 0000000..7bfb8e8
--- /dev/null
+++ b/modules/integration-tests/jndi-access/remote-server/src/main/java/org/rhq/jndi/test/Server.java
@@ -0,0 +1,79 @@
+package org.rhq.jndi.test;
+import java.util.Properties;
+
+import javax.naming.CompoundName;
+
+import org.jnp.server.Main;
+import org.jnp.server.NamingBeanImpl;
+
+import org.jboss.logging.Logger;
+
+/*
+ * RHQ Management Platform
+ * Copyright (C) 2005-2012 Red Hat, Inc.
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+/**
+ *
+ *
+ * @author Lukas Krejci
+ */
+public class Server {
+ private static final Logger LOG = Logger.getLogger(Server.class);
+
+ private static Server INSTANCE;
+
+ private Main jnpServer;
+
+ public static void main(String[] args) throws Exception {
+ LOG.debug("System properties: " + System.getProperties());
+ Server.start();
+ }
+
+ private Server() {
+ jnpServer = new Main("org.rhq.jndi.access.test.server");
+ }
+
+ public static synchronized Server getInstance() {
+ if (INSTANCE == null) {
+ INSTANCE = new Server();
+ }
+
+ return INSTANCE;
+ }
+
+ public static void start() throws Exception {
+ LOG.debug("Initializing the JNP server");
+
+ NamingBeanImpl nbi = new NamingBeanImpl();
+ getInstance().jnpServer.setNamingInfo(nbi);
+ nbi.start();
+
+ LOG.debug("Binding kachny");
+
+ nbi.getNamingInstance().bind(new CompoundName("kachny", new Properties()), "KACHNY!", String.class.getName());
+
+ LOG.debug("Starting the JNP server");
+
+ getInstance().jnpServer.start();
+ }
+
+ public static void stop() {
+ LOG.debug("Stopping the JNP server");
+ getInstance().jnpServer.stop();
+ }
+}
diff --git a/modules/integration-tests/jndi-access/remote-server/src/main/resources/jndi.properties b/modules/integration-tests/jndi-access/remote-server/src/main/resources/jndi.properties
new file mode 100644
index 0000000..a45f2ce
--- /dev/null
+++ b/modules/integration-tests/jndi-access/remote-server/src/main/resources/jndi.properties
@@ -0,0 +1,2 @@
+java.naming.factory.initial=org.jboss.naming.NamingContextFactory
+java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
\ No newline at end of file
diff --git a/modules/integration-tests/jndi-access/remote-server/src/main/resources/log4j.properties b/modules/integration-tests/jndi-access/remote-server/src/main/resources/log4j.properties
new file mode 100644
index 0000000..2d41f83
--- /dev/null
+++ b/modules/integration-tests/jndi-access/remote-server/src/main/resources/log4j.properties
@@ -0,0 +1,5 @@
+log4j.rootCategory=TRACE, CONSOLE
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c] %m%n
diff --git a/modules/integration-tests/pom.xml b/modules/integration-tests/pom.xml
index 0290729..969b94a 100644
--- a/modules/integration-tests/pom.xml
+++ b/modules/integration-tests/pom.xml
@@ -62,6 +62,7 @@
<id>integration-tests</id>
<modules>
<module>apache-plugin-test</module>
+ <module>jndi-access</module>
<!--<module>mod_cluster-plugin-test</module>-->
</modules>
</profile>
commit 14141686e5d0c9cac395a13ceb52f2817287ce7b
Author: Lukas Krejci <lkrejci(a)redhat.com>
Date: Thu Dec 22 15:31:49 2011 +0100
Jnp port is now detected from system properties rather than hardcoded.
jnpserver is declared as a provided dep.
diff --git a/modules/enterprise/server/container-lib/pom.xml b/modules/enterprise/server/container-lib/pom.xml
index 9d7d603..0974431 100644
--- a/modules/enterprise/server/container-lib/pom.xml
+++ b/modules/enterprise/server/container-lib/pom.xml
@@ -43,6 +43,7 @@
<groupId>jboss</groupId>
<artifactId>jnpserver</artifactId>
<version>4.2.2.GA</version>
+ <scope>provided</scope>
</dependency>
</dependencies>
diff --git a/modules/enterprise/server/container-lib/src/main/java/org/rhq/jndi/AccessCheckingInitialContextFactoryBuilder.java b/modules/enterprise/server/container-lib/src/main/java/org/rhq/jndi/AccessCheckingInitialContextFactoryBuilder.java
index 1a9562a..e529347 100644
--- a/modules/enterprise/server/container-lib/src/main/java/org/rhq/jndi/AccessCheckingInitialContextFactoryBuilder.java
+++ b/modules/enterprise/server/container-lib/src/main/java/org/rhq/jndi/AccessCheckingInitialContextFactoryBuilder.java
@@ -77,7 +77,6 @@ public class AccessCheckingInitialContextFactoryBuilder implements InitialContex
private static final String[] CHECKED_SCHEMES = { "java" };
private static final Set<InetAddress> SERVER_BIND_IPS;
-
static {
SERVER_BIND_IPS = new HashSet<InetAddress>();
@@ -98,10 +97,11 @@ public class AccessCheckingInitialContextFactoryBuilder implements InitialContex
LOG.error("Could not obtain the list of local IPs", e);
} catch (UnknownHostException e) {
LOG.error("Failed to get the binding address of the RHQ server.", e);
- }
-
+ }
}
+ private static final int JNP_PORT = Integer.parseInt(System.getProperty("rhq.server.startup.namingservice.port", "2099"));
+
/**
* This is the default initial context factory that is returned when no other is
* configured using the environment variables.
@@ -159,10 +159,7 @@ public class AccessCheckingInitialContextFactoryBuilder implements InitialContex
//check if we are accessing the RHQ server through some remoting
//interface.
- //I just can't find where to read the magic number 1099 from.
- //it is defined in the jboss config files, but in the code
- //it seems hardcoded - see JDBCLoginModule.
- if (uri.getPort() == 1099 && SERVER_BIND_IPS.contains(providerHost)) {
+ if (uri.getPort() == JNP_PORT && SERVER_BIND_IPS.contains(providerHost)) {
return new AccessCheckingInitialContextFactoryDecorator(factory, CHECKED_SCHEMES);
} else {
return new URLPreferringInitialContextFactoryDecorator(factory);
12 years, 4 months
- 1
- 0
[rhq] 2 commits - modules/enterprise
by Heiko W. Rupp
modules/enterprise/gui/rest-war/src/main/webapp/index.html | 4 -
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/CustomExceptionMapper.java | 36 +++++++++-
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/domain/RHQErrorWrapper.java | 28 +++++++
3 files changed, 64 insertions(+), 4 deletions(-)
New commits:
commit 89027fe4e28299fbe408617ff830701c63ec00e5
Author: Heiko W. Rupp <hwr(a)redhat.com>
Date: Tue Jan 3 14:01:32 2012 +0100
BZ 771216 - return messages accompanying error codes with the return type the client has requested.
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/CustomExceptionMapper.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/CustomExceptionMapper.java
index 58ccf30..fe23ad2 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/CustomExceptionMapper.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/CustomExceptionMapper.java
@@ -18,12 +18,16 @@
*/
package org.rhq.enterprise.server.rest;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import org.rhq.enterprise.server.authz.PermissionException;
import org.rhq.enterprise.server.resource.ResourceNotFoundException;
+import org.rhq.enterprise.server.rest.domain.RHQErrorWrapper;
/**
* Map a NotFoundException to a HTTP response with respective error message
@@ -32,10 +36,14 @@ import org.rhq.enterprise.server.resource.ResourceNotFoundException;
@Provider
public class CustomExceptionMapper implements ExceptionMapper<Exception> {
+ @Context
+ HttpHeaders httpHeaders;
@Override
public Response toResponse(Exception e) {
+
+
Throwable cause = e.getCause();
Response.ResponseBuilder builder;
if (cause !=null) {
@@ -52,7 +60,8 @@ public class CustomExceptionMapper implements ExceptionMapper<Exception> {
status = Response.Status.SERVICE_UNAVAILABLE;
builder = Response.status(status);
- builder.entity(cause.getMessage());
+ String message = cause.getMessage();
+ wrapMessage(builder, message);
}
else {
if (e instanceof PermissionException) {
@@ -60,9 +69,30 @@ public class CustomExceptionMapper implements ExceptionMapper<Exception> {
} else {
builder = Response.status(Response.Status.INTERNAL_SERVER_ERROR);
}
- if (e.getMessage()!=null)
- builder.entity(e.getMessage());
+ if (e.getMessage()!=null) {
+ wrapMessage(builder,e.getMessage());
+ }
}
return builder.build();
}
+
+ /**
+ * Wrap the passed message according to the mediaType from the HttpHeader
+ * @param builder
+ * @param message
+ */
+ private void wrapMessage(Response.ResponseBuilder builder, String message) {
+
+ MediaType mediaType = httpHeaders.getAcceptableMediaTypes().get(0);
+
+ if (mediaType.equals(MediaType.TEXT_PLAIN_TYPE)) {
+ builder.entity(message);
+ } else if (mediaType.equals(MediaType.TEXT_HTML_TYPE)) {
+ builder.entity("<html><body><h1>Error</h1><h2>" + message + "</h2></body></html>");
+ } else {
+ RHQErrorWrapper error = new RHQErrorWrapper(message);
+ builder.entity(error);
+ }
+ builder.type(mediaType);
+ }
}
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/domain/RHQErrorWrapper.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/domain/RHQErrorWrapper.java
new file mode 100644
index 0000000..f62b1bc
--- /dev/null
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/domain/RHQErrorWrapper.java
@@ -0,0 +1,28 @@
+package org.rhq.enterprise.server.rest.domain;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * Wrapper for Exceptions
+ * @author Heiko W. Rupp
+ */
+@XmlRootElement
+public class RHQErrorWrapper {
+
+ private String message;
+
+ public RHQErrorWrapper(String message) {
+ this.message = message;
+ }
+
+ public RHQErrorWrapper() {
+ }
+
+ public String getMessage() {
+ return message;
+ }
+
+ public void setMessage(String message) {
+ this.message = message;
+ }
+}
commit 3fea0b257d0598b7beeaa2bc3982b2d07def1887
Author: Heiko W. Rupp <hwr(a)redhat.com>
Date: Mon Jan 2 22:05:49 2012 +0100
Mention RHQ samples project.
diff --git a/modules/enterprise/gui/rest-war/src/main/webapp/index.html b/modules/enterprise/gui/rest-war/src/main/webapp/index.html
index 76aa220..9e96d76 100644
--- a/modules/enterprise/gui/rest-war/src/main/webapp/index.html
+++ b/modules/enterprise/gui/rest-war/src/main/webapp/index.html
@@ -5,7 +5,9 @@
Join us in making it great by providing feedback and contributions of code and examples
that use the api.
-See also <a href="http://rhq-project.org/display/RHQ/Design-REST">the RHQ wiki</a> and
+See also <a href="http://rhq-project.org/display/RHQ/Design-REST">the RHQ wiki</a> on REST.
+Check out the <a href="https://github.com/rhq-project/samples/tree/master/rest-api">RHQ samples project</a>
+for samples in various programming languages and
<a href="https://github.com/pilhuhn/RHQpocket">RHQpocket</a> as an example of a
mobile client (Android) of the API.
<ul>
12 years, 4 months
- 1
- 0
[rhq] modules/enterprise
by Heiko W. Rupp
modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/MetricHandlerBean.java | 1 +
1 file changed, 1 insertion(+)
New commits:
commit 09dee7d811bfed40ff6b4606242c4aa89f8225c6
Author: Heiko W. Rupp <hwr(a)redhat.com>
Date: Mon Jan 2 13:08:00 2012 +0100
sort retrieved values by timestamp, as some clients don't cope well with out of order data.
diff --git a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/MetricHandlerBean.java b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/MetricHandlerBean.java
index ba9785c..77e36a4 100644
--- a/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/MetricHandlerBean.java
+++ b/modules/enterprise/server/jar/src/main/java/org/rhq/enterprise/server/rest/MetricHandlerBean.java
@@ -510,6 +510,7 @@ public class MetricHandlerBean extends AbstractRestBean implements MetricHandle
sb.append(" UNION ALL ");
}
+ sb.append(" ORDER BY time_stamp ASC");
12 years, 4 months
- 1
- 0