1 /* 2 * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.net.InetAddress; 25 import java.rmi.AccessException; 26 import java.rmi.NotBoundException; 27 import java.rmi.registry.LocateRegistry; 28 import java.rmi.registry.Registry; 29 import java.util.Set; 30 31 /* @test 32 * @bug 8174770 33 * @summary Verify that JMX Registry rejects non-local access for bind, unbind, rebind. 34 * The test is manual because the (non-local) host and port running JMX must be supplied as properties. 35 * @run main/othervm/manual -Djmx-registry.host=jmx-registry-host -Djmx-registry.port=jmx-registry-port NonLocalJMXRemoteTest 36 */ 37 38 /** 39 * Verify that access checks for the Registry exported by JMX Registry.bind(), 40 * .rebind(), and .unbind() are prevented on remote access to the registry. 41 * The test verifies that the access check is performed *before* the object to be 42 * bound or rebound is deserialized. 43 * This tests the SingleEntryRegistry implemented by JMX. 44 * This test is a manual test and uses JMX running on a *different* host. 45 * JMX can be enabled in any Java runtime; for example: 46 * 47 * Note: Use remote host with latest JDK update release for invoking rmiregistry. 48 * 49 * Note: Test should be ran twice once using arg1 and once using arg2. 50 * 51 * login or ssh to the remote host and invoke rmiregistry with arg1. 52 * It will not show any output. 53 * Execute the test, after test completes execution, stop the server. 54 * 55 * repeat above step using arg2 and execute the test. 56 * 57 * 58 * arg1: {@code $JDK_HOME/bin/rmiregistry \ 59 * -J-Dcom.sun.management.jmxremote.port=8888 \ 60 * -J-Dcom.sun.management.jmxremote.local.only=false \ 61 * -J-Dcom.sun.management.jmxremote.ssl=false \ 62 * -J-Dcom.sun.management.jmxremote.authenticate=false 63 * } 64 * 65 * 66 * replace "jmx-registry-host" with the hostname or IP address of the remote host 67 * for property "-J-Dcom.sun.management.jmxremote.host" below. 68 * 69 * arg2: {@code $JDK_HOME/bin/rmiregistry \ 70 * -J-Dcom.sun.management.jmxremote.port=8888 \ 71 * -J-Dcom.sun.management.jmxremote.local.only=false \ 72 * -J-Dcom.sun.management.jmxremote.ssl=false \ 73 * -J-Dcom.sun.management.jmxremote.authenticate=false \ 74 * -J-Dcom.sun.management.jmxremote.host="jmx-registry-host" 75 * } 76 * 77 * On the first host modify the @run command above to replace "jmx-registry-host" 78 * with the hostname or IP address of the different host and run the test with jtreg. 79 */ 80 public class NonLocalJMXRemoteTest { 81 main(String[] args)82 public static void main(String[] args) throws Exception { 83 84 String host = System.getProperty("jmx-registry.host"); 85 if (host == null || host.isEmpty()) { 86 throw new RuntimeException("Specify host with system property: -Djmx-registry.host=<host>"); 87 } 88 int port = Integer.getInteger("jmx-registry.port", -1); 89 if (port <= 0) { 90 throw new RuntimeException("Specify port with system property: -Djmx-registry.port=<port>"); 91 } 92 93 // Check if running the test on a local system; it only applies to remote 94 String myHostName = InetAddress.getLocalHost().getHostName(); 95 Set<InetAddress> myAddrs = Set.of(InetAddress.getAllByName(myHostName)); 96 Set<InetAddress> hostAddrs = Set.of(InetAddress.getAllByName(host)); 97 if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i)) 98 || hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) { 99 throw new RuntimeException("Error: property 'jmx-registry.host' must not be the local host%n"); 100 } 101 102 Registry registry = LocateRegistry.getRegistry(host, port); 103 try { 104 // Verify it is a JMX Registry 105 registry.lookup("jmxrmi"); 106 } catch (NotBoundException nf) { 107 throw new RuntimeException("Not a JMX registry, jmxrmi is not bound", nf); 108 } 109 110 try { 111 registry.bind("foo", null); 112 throw new RuntimeException("Remote access should not succeed for method: bind"); 113 } catch (Exception e) { 114 assertIsAccessException(e); 115 } 116 117 try { 118 registry.rebind("foo", null); 119 throw new RuntimeException("Remote access should not succeed for method: rebind"); 120 } catch (Exception e) { 121 assertIsAccessException(e); 122 } 123 124 try { 125 registry.unbind("foo"); 126 throw new RuntimeException("Remote access should not succeed for method: unbind"); 127 } catch (Exception e) { 128 assertIsAccessException(e); 129 } 130 } 131 132 /** 133 * Check the exception chain for the expected AccessException and message. 134 * @param ex the exception from the remote invocation. 135 */ assertIsAccessException(Throwable ex)136 private static void assertIsAccessException(Throwable ex) { 137 Throwable t = ex; 138 while (!(t instanceof AccessException) && t.getCause() != null) { 139 t = t.getCause(); 140 } 141 if (t instanceof AccessException) { 142 String msg = t.getMessage(); 143 int asIndex = msg.indexOf("Registry"); 144 int disallowIndex = msg.indexOf("disallowed"); 145 int nonLocalHostIndex = msg.indexOf("non-local host"); 146 if (asIndex < 0 || 147 disallowIndex < 0 || 148 nonLocalHostIndex < 0 ) { 149 System.out.println("Exception message is " + msg); 150 throw new RuntimeException("exception message is malformed", t); 151 } 152 System.out.printf("Found expected AccessException: %s%n%n", t); 153 } else { 154 throw new RuntimeException("AccessException did not occur when expected", ex); 155 } 156 } 157 } 158