JMX客户端会话
[英]JMX Client Session
问题描述
I've bean studying JMX for a while, but I'm stuck. 
我已经学习JMX一段时间了,但是我陷入了困境。
I have an application that exposes some functionality to remote clients via JMX, although existing security features may be sufficiant for most cases my application uses Apache Shiro framework as the security backend. 我的应用程序可以通过JMX向远程客户端公开一些功能,尽管在大多数情况下,现有的安全功能可能就足够了,但我的应用程序使用Apache Shiro框架作为安全后端。
My problem is that i don't how to gather client data serverside. 我的问题是我不怎么在服务器端收集客户端数据。 Shiro needs a way to identify a client (subject), normally executing thread is associated with a subject but online JMX documentation does not give much clue about thread model of remote JMX. Shiro需要一种方法来识别客户端(主题),通常将执行线程与主题相关联,但是在线JMX文档并未提供有关远程JMX线程模型的太多线索。
How can i associate a client with a thread or is there a way to retrieve client data inside the interacted MBeans? 我如何将客户端与线程相关联,或者是否有办法在交互的MBean中检索客户端数据?
1 个解决方案
解决方案1
0 已采纳 2011-02-06 13:03:48
After researching and trying different techniques; 经过研究和尝试不同的技术; there are two winners: 有两个获奖者:
1- New feature called ClientContext that will be a part of Java 7: Java 7 is not yet complete, and ClientContext will break backwards compatibility. 1-称为ClientContext的新功能将成为Java 7的一部分:Java 7尚未完成,并且ClientContext将破坏向后兼容性。
2- Attaching Shiro subject to AccessControlContext: This is the solution I choose, Shiro's default subject retrieval mechanism does not consider Java's access control context. 2-将Shiro主题附加到AccessControlContext:这是我选择的解决方案,Shiro的默认主题检索机制不考虑Java的访问控制上下文。 I ran a test a long ago to test this but it didn't work. 很久以前,我进行了测试以进行测试,但没有成功。 Now I know why: by default SecurityUtils.getSubject() call attaches the retrieved Subject to the currently calling thread, but this approach is useless since threads can be shared between clients. 现在我知道为什么:默认情况下,SecurityUtils.getSubject()调用将检索到的Subject附加到当前调用的线程,但是这种方法没有用,因为可以在客户端之间共享线程。 But AccessControlContext is much more powerful, and it looks like JMX plays nicely with it; 但是AccessControlContext的功能要强大得多,看起来JMX可以很好地发挥作用。 your access control context (which is authenticated during login at JMXAuthenticator) can be accessed from a MBeanServerForwarder or even inside your MBean. 您的访问控制上下文(在登录时在JMXAuthenticator上进行了身份验证)可以从MBeanServerForwarder甚至在您的MBean内部进行访问。 I tested this with a multiple clients retrieving their principal, it simply works. 我在多个客户检索其委托人的情况下对此进行了测试,它很有效。
Edit: How i attach Shiro subject to the current AccessControlContext? 编辑:我如何将Shiro附加到当前的AccessControlContext?
1- Create an unattached Shiro subject using the builder class Subject.Builder. 1-使用构建器类Subject.Builder创建未附加的Shiro主题。
2- Authenticate the user (using Shiro subject's login method, etc.) 2-验证用户身份(使用Shiro主题的登录方法等)
3- Create a mutable JAAS subject with a singleton set containing the Shiro subject as the private credentials. 3-创建一个包含Shiro主题作为私有凭据的单例集的可变JAAS主题。
4- Provide the JAAS subject to the underlying Java security System (for example, Return the subject inside a JMXAuthenticator's authentication method) 4-将JAAS主题提供给基础Java安全系统(例如,在JMXAuthenticator的身份验证方法内返回主题)
A helper class can be created to simplify this approach. 可以创建一个帮助程序类来简化此方法。 When you need an action to be performed on behalf of the Shiro subject (for authorization, etc.), get it from AccessControlContext and use one of the Subject.execute... methods. 当您需要代表Shiro主题执行某项操作(用于授权等)时,请从AccessControlContext进行操作,并使用Subject.execute ...方法之一。 This can be performed inside a proxy or a forwarder (like MBeanServerForwarder). 这可以在代理或转发器(如MBeanServerForwarder)内部执行。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.