diff --git a/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/config/BrokerConfig.java b/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/config/BrokerConfig.java index e7a27545d..159605157 100644 --- a/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/config/BrokerConfig.java +++ b/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/config/BrokerConfig.java @@ -1,6 +1,6 @@ /* * Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation + * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -470,7 +470,7 @@ * // accesscontrol classes/properties imq.accesscontrol.file.properties=class,filename,dirpath * imq.accesscontrol.file.class=com.sun.messaging.jmq.jmsserver.auth.acl.JMQFileAccessControlModel * - * imq.accesscontrol.jaas.properties=class,permissionFactory,policyProvider + * imq.accesscontrol.jaas.properties=class,permissionFactory * imq.accesscontrol.jaas.class=com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel * * // logging classes imq.log.file.class=com.sun.messaging.jmq.util.log.FileLogHandler @@ -686,7 +686,7 @@ public class BrokerConfig extends UpdateProperties { + ".user_repository.jaas.class=com.sun.messaging.jmq.jmsserver.auth.jaas.UserRepositoryImpl\n" + IMQ + ".accesscontrol.file.properties=class,filename,dirpath,url\n" + IMQ + ".accesscontrol.file.class=com.sun.messaging.jmq.jmsserver.auth.acl.JMQFileAccessControlModel\n" + IMQ - + ".accesscontrol.jaas.properties=class,permissionFactory,permissionFactoryProvide,policyProvider\n" + IMQ + + ".accesscontrol.jaas.properties=class,permissionFactory,permissionFactoryProvide\n" + IMQ + ".accesscontrol.jaas.class=com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel\n" + IMQ + ".log.file.class=com.sun.messaging.jmq.util.log.FileLogHandler\n" + IMQ + ".log.console.class=com.sun.messaging.jmq.util.log.StreamLogHandler\n" + IMQ + ".log.syslog.class=com.sun.messaging.jmq.util.log.SysLogHandler\n" + IMQ diff --git a/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.java b/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.java index f240da52e..ea5a2df97 100644 --- a/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.java +++ b/mq/main/mq-broker/broker-comm/src/main/java/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.java @@ -1,6 +1,6 @@ /* * Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation + * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -452,8 +452,6 @@ private BrokerResources(ResourceBundle rb) { public static final String I_RM_DST_NOTFOUND_INSTORE = "B1304"; public static final String I_AUTHENTICATE_USER_AS = "B1305"; public static final String I_AUTHENTICATE_AS_USER = "B1306"; - public static final String I_SET_DEFAULT_SECURITY_MANAGER = "B1307"; - public static final String I_SET_JAVA_POLICY_PROVIDER = "B1308"; public static final String I_NO_NONRECOVERY_TXNACK_TO_ROLLBACK = "B1309"; public static final String I_NO_MORE_TXNACK_TO_ROLLBACK = "B1310"; public static final String I_REMOTE_TXN_PRESUMED_ROLLBACK = "B1311"; @@ -1746,7 +1744,6 @@ private BrokerResources(ResourceBundle rb) { public static final String X_REPLACE_PROPS_FOR_REPLACE_MSG = "B4442"; public static final String X_CLEANUP_MSG_CLOSE_SESSION = "B4443"; public static final String X_CANNOT_DELIVER_MESSAGE_TO_CONSUMER = "B4444"; - public static final String X_SERVICE_TYPE_NOT_FOUND_FOR_SERVICE = "B4445"; public static final String X_PU_SERVICE_REBIND = "B4446"; public static final String X_CREATE_CONNECTION_FOR_USER_IN_SERVICE = "B4447"; public static final String X_JDBC_DRIVER_SET_LOGIN_TIMEOUT = "B4448"; diff --git a/mq/main/mq-broker/broker-comm/src/main/resources/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.properties b/mq/main/mq-broker/broker-comm/src/main/resources/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.properties index efe56a8f3..a104b6b6f 100644 --- a/mq/main/mq-broker/broker-comm/src/main/resources/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.properties +++ b/mq/main/mq-broker/broker-comm/src/main/resources/com/sun/messaging/jmq/jmsserver/resources/BrokerResources.properties @@ -1,6 +1,6 @@ # # Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved. -# Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation # # This program and the accompanying materials are made available under the # terms of the Eclipse Public License v. 2.0, which is available at @@ -941,8 +941,6 @@ B1304=Unable to remove destination {0} from store because of not found in store: B1305=Authenticating user {0} as {1} B1306=Authenticating {0} as user {1} -B1307=Set default security manager -B1308=Set Java policy provider to {0} B1309=No non-recovery transaction acks to roll back for remote transaction {0} B1310=No more transaction acks to roll back for remote transaction {0} B1311=Presumed rollback for remote transaction {0} from {1} @@ -3163,7 +3161,6 @@ B4442=Exception in replacing properties for replacement of message {0}: {1} B4443=Exception in cleanup message {0} on closing session {1}: {2} B4444=Can not deliver message {0} to consumer {1} #{0} is a string -B4445=Can not find service type for service {0} B4446=Exception occurred while rebinding port unification service to address {0} B4447=Failed to create connection for user {0} in service {1}: {2} #{0}, {1} are strings diff --git a/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/Broker.java b/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/Broker.java index e7a66d1a9..415787c1b 100644 --- a/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/Broker.java +++ b/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/Broker.java @@ -533,15 +533,6 @@ private int _start(boolean inProcess, Properties propsFromCommandLine, boolean i return 0; } - try { - AccessController.setSecurityManagerIfneed(); - } catch (Exception e) { - logger.logStack(Logger.ERROR, e.getMessage(), e); - if (failStartThrowable != null) { - failStartThrowable.initCause(e); - } - return (1); - } if (!MQAuthenticator.authenticateCMDUserIfset()) { logger.log(Logger.INFO, BrokerResources.I_SHUTDOWN_BROKER); if (failStartThrowable != null) { diff --git a/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/AccessController.java b/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/AccessController.java index bf54eb0c1..f01cb0aab 100644 --- a/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/AccessController.java +++ b/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/AccessController.java @@ -1,6 +1,6 @@ /* * Copyright (c) 2000, 2017 Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2021, 2022 Contributors to the Eclipse Foundation + * Copyright (c) 2021, 2025 Contributors to the Eclipse Foundation * * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v. 2.0, which is available at @@ -19,9 +19,7 @@ import java.util.List; import java.util.Properties; -import java.util.Iterator; import java.security.Principal; -import java.security.Policy; import java.security.AccessControlException; import javax.security.auth.Subject; import javax.security.auth.Refreshable; @@ -32,8 +30,6 @@ import com.sun.messaging.jmq.jmsserver.resources.BrokerResources; import com.sun.messaging.jmq.jmsserver.config.BrokerConfig; import com.sun.messaging.jmq.jmsserver.util.BrokerException; -import com.sun.messaging.jmq.jmsserver.service.ServiceManager; -import com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel; import com.sun.messaging.jmq.util.StringUtil; import com.sun.messaging.jmq.auth.api.server.*; @@ -81,7 +77,6 @@ public class AccessController { public static final String BAD_AUTHTYPE = "client"; private String authType = AUTHTYPE_BASIC; - private String accesscontrolType = ""; private String userRepository = ""; private boolean accessControlEnabled = true; @@ -148,14 +143,6 @@ private void setAuthType(String authType) { this.authType = authType; } - private void setAccessControlType(String t) { - this.accesscontrolType = t; - } - - public String getAccessControlType() { - return accesscontrolType; - } - public String getUserRepository() { return userRepository; } @@ -280,7 +267,6 @@ private static void loadProps(AccessController ac) throws BrokerException { throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_TYPE_NOT_DEFINED)); } } else { - ac.setAccessControlType(value); ac.getAuthProperties().setProperty(PROP_ACCESSCONTROL_TYPE, value); getProps(ac.getAuthProperties(), PROP_ACCESSCONTROL_PREFIX, value, null, null); getProps(ac.getAuthProperties(), PROP_ACCESSCONTROL_PREFIX, value, PROP_ACCESSCONTROL_AREA, serviceName); @@ -448,80 +434,4 @@ public synchronized void checkDestinationPermission(String serviceName, String s } // private static final String DEFAULT_POLICY_FILENAME = "broker.policy"; - - /** @throws SecurityException */ - public static void setSecurityManagerIfneed() throws BrokerException { - - boolean need = false; - String svcname = null; - String svctype = null; - AccessController ac = null; - // BrokerConfig bcfg = Globals.getConfig(); - Logger logger = Globals.getLogger(); - - String pp = null, svcpp = null; - List activesvcs = ServiceManager.getAllActiveServiceNames(); - Iterator itr = activesvcs.iterator(); - while (itr.hasNext()) { - svcname = (String) itr.next(); - svctype = ServiceManager.getServiceTypeString(svcname); - if (svctype == null) { - throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_SERVICE_TYPE_NOT_FOUND_FOR_SERVICE, svcname)); - } - - ac = AccessController.getInstance(svcname, ServiceType.getServiceType(svctype)); - if (!ac.isAccessControlEnabled()) { - continue; - } - if (ac.getAccessControlType().equals(JAASAccessControlModel.TYPE)) { - need = true; - svcpp = ac.getAuthProperties().getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX + JAASAccessControlModel.PROP_POLICY_PROVIDER); - if (pp == null) { - pp = svcpp; - continue; - } - if (svcpp == null) { - continue; - } - if (!pp.equals(svcpp)) { - throw new BrokerException("XI18N - Multiple Java policy providers is not allowed:" + pp + ", " + svcpp); - } - } - } - if (!need) { - return; - } - - Policy ppc = null; - if (pp != null) { - try { - ppc = (Policy) Class.forName(pp).getDeclaredConstructor().newInstance(); - } catch (Exception e) { - throw new BrokerException(e.getClass().getName() + ": " + e.getMessage() + " - " + AccessController.PROP_ACCESSCONTROL_PREFIX - + JAASAccessControlModel.PROP_POLICY_PROVIDER + "=" + pp); - } - } - - synchronized (System.class) { - if (System.getSecurityManager() == null) { - String val = System.getProperty("java.security.policy"); - if (val == null) {//NOPMD - /* - * logger.log(logger.INFO, "Set java.security.policy to MQ default policy file"); - * System.setProperty("java.security.policy", - * "file:"+Globals.getInstanceEtcDir()+File.separator+DEFAULT_POLICY_FILENAME); - */ - } else { - logger.log(logger.INFO, "java.security.policy=" + val); - } - System.setSecurityManager(new SecurityManager()); - logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_SET_DEFAULT_SECURITY_MANAGER)); - } - } - if (ppc != null) { - logger.log(logger.INFO, AccessController.PROP_ACCESSCONTROL_PREFIX + JAASAccessControlModel.PROP_POLICY_PROVIDER + "=" + pp); - Policy.setPolicy(ppc); - logger.log(logger.INFO, Globals.getBrokerResources().getKString(BrokerResources.I_SET_JAVA_POLICY_PROVIDER, ppc.getClass().getName())); - } - } } diff --git a/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/acl/JAASAccessControlModel.java b/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/acl/JAASAccessControlModel.java index 11dac6103..3835af8ef 100644 --- a/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/acl/JAASAccessControlModel.java +++ b/mq/main/mq-broker/broker-core/src/main/java/com/sun/messaging/jmq/jmsserver/auth/acl/JAASAccessControlModel.java @@ -41,7 +41,6 @@ public class JAASAccessControlModel implements AccessControlModel { public static final String TYPE = "jaas"; public static final String PROP_PERMISSION_FACTORY = TYPE + ".permissionFactory"; - public static final String PROP_POLICY_PROVIDER = TYPE + ".policyProvider"; private Logger logger = Globals.getLogger(); @@ -68,15 +67,10 @@ public void initialize(String type, Properties authProperties) { Properties authProps = authProperties; String pfclass = authProps.getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX + PROP_PERMISSION_FACTORY); - String ppclass = authProps.getProperty(AccessController.PROP_ACCESSCONTROL_PREFIX + PROP_POLICY_PROVIDER); try { if (pfclass != null) { permFactory = (PermissionFactory) Class.forName(pfclass).getDeclaredConstructor().newInstance(); } - // if (ppclass != null) policyProvider = (Policy)Class.forName(ppclass).newInstance(); - if (ppclass != null) { - Class.forName(ppclass).getDeclaredConstructor().newInstance(); - } } catch (Exception e) { logger.logStack(Logger.ERROR, e.getMessage(), e); throw new AccessControlException(e.getClass().getName() + ": " + e.getMessage());