org.rhq.enterprise.server.naming

Class AccessCheckingInitialContextFactoryBuilder

java.lang.Object

org.rhq.enterprise.server.naming.AccessCheckingInitialContextFactoryBuilder

All Implemented Interfaces:

InitialContextFactoryBuilder

public class AccessCheckingInitialContextFactoryBuilder
extends Object
implements InitialContextFactoryBuilder

This initial context factory builder is installed early on during the RHQ server startup and is later on used for obtaining the Contexts for all JNDI lookups in the RHQ server.

We use a custom initial context factory builder to prevent the potential malicious 3rd party code (like CLI alert scripts) from supplying custom environment variables to InitialContext that would modify the JNDI lookup to skip our security access checks.

By using a builder we effectively take control of the initial context creation process and are free to ignore whatever the script is trying to supply.

This builder makes sure to install the RHQ server's security access checks to whatever initial context that is configured by the standard environment variables (Context.INITIAL_CONTEXT_FACTORY, etc.)

Author:

Lukas Krejci

See Also:

AllowRhqServerInternalsAccessPermission

Constructor Summary

Constructors

Constructor and Description
AccessCheckingInitialContextFactoryBuilder(InitialContextFactory defaultFactory, boolean pretendNoFactoryBuilder)

Method Summary

Methods

Modifier and Type	Method and Description
InitialContextFactory	createInitialContextFactory(Hashtable<?,?> environment) Create a InitialContext factory.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AccessCheckingInitialContextFactoryBuilder

public AccessCheckingInitialContextFactoryBuilder(InitialContextFactory defaultFactory,
                                          boolean pretendNoFactoryBuilder)
                                           throws NamingException

Parameters:

defaultFactory - the default factory to use if none can be deduced from the environment. If null, an attempt is made to obtain the default InitialContextFactory of JBoss AS (which may fail depending on the classloading "situation").

pretendNoFactoryBuilder - true if the naming contexts should pretend as if there was no initial context factory builder installed. This is to support environments as AS4, where there really was no builder initially and the lookup relied on that fact.

Throws:

NamingException

Method Detail

createInitialContextFactory

public InitialContextFactory createInitialContextFactory(Hashtable<?,?> environment)
                                                  throws NamingException

Create a InitialContext factory. If the environment does not override the factory class it will use the default context factory.

Specified by:

createInitialContextFactory in interface InitialContextFactoryBuilder

Parameters:

environment - The environment

Returns:

An initial context factory

Throws:

NamingException - If an error occurs loading the factory class.