PasswordAuthenticator (MX4J API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

mx4j.tools.remote
Class PasswordAuthenticator

java.lang.Object
  mx4j.tools.remote.PasswordAuthenticator

All Implemented Interfaces:: javax.management.remote.JMXAuthenticator

public class PasswordAuthenticator
extends java.lang.Object
implements javax.management.remote.JMXAuthenticator

Implementation of the JMXAuthenticator interface to be used on server side to secure access to JMXConnectorServers.
Usage:

 JMXAuthenticator authenticator = new PasswordAuthenticator(new File("users.properties"));
 Map environment = new HashMap();
 environment.put(JMXConnectorServer.AUTHENTICATOR, authenticator);
 JMXServiceURL address = new JMXServiceURL("rmi", "localhost", 0);
 MBeanServer server = ...;
 JMXConnectorServer cntorServer = JMXConnectorServerFactory.newJMXConnectorServer(address, environment, server);

The format of the users.properties file is that of a standard properties file:
<user>=<password>
where <password> can be stored in 2 ways:

Clear text: the password is written in clear text
Obfuscated text: the password is obfuscated

The obfuscated form can be obtained running this class as a main class:

 java -cp mx4j-remote.jar mx4j.tools.remote.PasswordAuthenticator

and following the instructions printed on the console. The output will be a string that should be copy/pasted as the password into the properties file.
The obfuscated password is obtained by digesting the clear text password using a MessageDigest algorithm, and then by Base64-encoding the resulting bytes.

On client side, you are allowed to connect to a server side secured with the PasswordAuthenticator only if you provide the correct credentials:

 String[] credentials = new String[2];
 // The user will travel as clear text
 credentials[0] = "user";
 // You may send the password in clear text, but it's better to obfuscate it
 credentials[1] = PasswordAuthenticator.obfuscatePassword("password");
 Map environment = new HashMap();
 environment.put(JMXConnector.CREDENTIALS, credentials);
 JMXServiceURL address = ...;
 JMXConnector cntor = JMXConnectorFactory.connect(address, environment);

Note that obfuscating the passwords only works if the server side has been setup with the PasswordAuthenticator. However, the PasswordAuthenticator can be used with other JSR 160 implementations, such as Sun's reference implementation.

Version:: $Revision: 1.3 $

Constructor Summary
`PasswordAuthenticator(java.io.File passwordFile)` Creates a new PasswordAuthenticator that reads user/password pairs from the specified properties file.
`PasswordAuthenticator(java.io.InputStream is)` Creates a new PasswordAuthenticator that reads user/password pairs from the specified InputStream.

Method Summary
`javax.security.auth.Subject`	`authenticate(java.lang.Object credentials)`
`static void`	`main(java.lang.String[] args)` Runs this class as main class to obfuscate passwords.
`static java.lang.String`	`obfuscatePassword(java.lang.String password)` Obfuscates the given password using MD5 as digest algorithm
`static java.lang.String`	`obfuscatePassword(java.lang.String password, java.lang.String algorithm)` Obfuscates the given password using the given digest algorithm. Obfuscation consists of 2 steps: first the clear text password is `digested` using the specified algorithm, then the resulting bytes are Base64-encoded. For example, the obfuscated version of the password "password" is "OBF(MD5):X03MO1qnZdYdgyfeuILPmQ==" or "OBF(SHA-1):W6ph5Mm5Pz8GgiULbPgzG37mj9g=".

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail