From 36b8b7897f8d3e38f445feda56e32b0eefbb9081 Mon Sep 17 00:00:00 2001 From: Pavel Klinkov Date: Mon, 12 Sep 2016 10:02:23 +0200 Subject: [PATCH 1/4] Antbuild makes bin dir if not existant * jhealthagent.jar and dist folder are now in .gitignore --- .gitignore | 2 ++ build.xml | 1 + 2 files changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index ae3c172..e7dd985 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ /bin/ +/jhealthagent.jar +/dist/ diff --git a/build.xml b/build.xml index 7b8f73a..805aeb5 100644 --- a/build.xml +++ b/build.xml @@ -21,6 +21,7 @@ + From 7ae90dabe54a58c709e34a4c2754cfe8a740a30a Mon Sep 17 00:00:00 2001 From: Christian Morawietz Date: Fri, 16 Sep 2016 13:32:43 +0200 Subject: [PATCH 2/4] Added ipList parameter to limit query sources. --- sample/jhealth.properties | 3 +- .../jhealth/CollectorAcceptingThread.java | 38 ++++++++++++++----- src/it/frech/jhealth/Constants.java | 1 + src/it/frech/jhealth/JmxAgent.java | 17 ++++++++- 4 files changed, 47 insertions(+), 12 deletions(-) diff --git a/sample/jhealth.properties b/sample/jhealth.properties index cd7454e..6aa4329 100644 --- a/sample/jhealth.properties +++ b/sample/jhealth.properties @@ -1,4 +1,5 @@ jhealth.format=$TIME{dd.MM.yyyy HH:mm:ss};$SYSPROP{jboss.node.name};$jhealth:type=YoungGC{count-2};$jhealth:type=TenuredGC{count-2};$java.lang:type=Threading{ThreadCount} jhealth.path=/tmp/health.log jhealth.port=5678 -jhealth.delay=1000 \ No newline at end of file +jhealth.delay=1000 +jhealth.ipList=127.0.0.1 \ No newline at end of file diff --git a/src/it/frech/jhealth/CollectorAcceptingThread.java b/src/it/frech/jhealth/CollectorAcceptingThread.java index 648f671..0118387 100644 --- a/src/it/frech/jhealth/CollectorAcceptingThread.java +++ b/src/it/frech/jhealth/CollectorAcceptingThread.java @@ -27,15 +27,20 @@ class CollectorAcceptingThread extends Thread { private boolean keepRunning; ServerSocket socket; + + String [] permittedIPs; // use a *synchronized* Map since multiple Threads may access it private Map lastValueMap = new java.util.Hashtable(); private MBeanServer mbeanServer; - public CollectorAcceptingThread() { + public CollectorAcceptingThread(String permittedIPs) { setName("Collector MBean Accept-Thread"); setDaemon(true); + if (permittedIPs != null){ + this.permittedIPs = permittedIPs.split("&"); + } } @Override @@ -48,16 +53,29 @@ public void run() { private void acceptRequests() { + if (permittedIPs != null){ - - try { - Socket reqSocket = socket.accept(); - CollectorRequestHandlingThread thread = new CollectorRequestHandlingThread(reqSocket,lastValueMap, getMBeanServer()); - thread.setName("Collector request "+reqSocket.getRemoteSocketAddress()); - thread.setDaemon(true); - thread.start(); - } catch (IOException e) { - // the socket could have been closed -> ok + try { + Socket reqSocket = socket.accept(); + boolean isPermitted = false; + for (String ip :permittedIPs){ + if (reqSocket.getInetAddress().getHostAddress().equals(ip)){ + isPermitted = true; + } + } + if (isPermitted){ + CollectorRequestHandlingThread thread = new CollectorRequestHandlingThread(reqSocket,lastValueMap, getMBeanServer()); + thread.setName("Collector request "+reqSocket.getRemoteSocketAddress()); + thread.setDaemon(true); + thread.start(); + }else{ + reqSocket.close(); + } + } catch (IOException e) { + // the socket could have been closed -> ok + }catch (SecurityException e) { + System.out.println(e.getMessage()); + } } } diff --git a/src/it/frech/jhealth/Constants.java b/src/it/frech/jhealth/Constants.java index 9e9ad1e..7a6a687 100644 --- a/src/it/frech/jhealth/Constants.java +++ b/src/it/frech/jhealth/Constants.java @@ -6,4 +6,5 @@ public class Constants { public final static String PORT_PROPERTY = "jhealth.port"; public final static String FORMAT_PROPERTY = "jhealth.format"; public final static String DELAY_PROPERTY = "jhealth.delay"; + public final static String IPLIST_PROPERTY = "jhealth.ipList"; } diff --git a/src/it/frech/jhealth/JmxAgent.java b/src/it/frech/jhealth/JmxAgent.java index 241eeb3..ee84015 100644 --- a/src/it/frech/jhealth/JmxAgent.java +++ b/src/it/frech/jhealth/JmxAgent.java @@ -20,6 +20,8 @@ import java.io.FileReader; import java.io.IOException; import java.net.ServerSocket; +import java.net.SocketPermission; +import java.util.ArrayList; import java.util.LinkedList; import java.util.Properties; @@ -32,6 +34,7 @@ public static void premain(String agentArgs) { String path = null; int delay = 5000; String format = "$TIME{yyyy-MM-dd HH:mm:ss};minorGcCount=$jhealth:type=YoungGC{count-2};majorGcCount=$jhealth:type=TenuredGC{count-2};threadCount=$java.lang:type=Threading{ThreadCount}"; + String permittedIPs= null; String sysProp = System.getProperty(Constants.PORT_PROPERTY); if (sysProp != null) { @@ -43,6 +46,10 @@ public static void premain(String agentArgs) { path = sysProp; } + sysProp = System.getProperty(Constants.IPLIST_PROPERTY); + if (sysProp != null) { + permittedIPs = sysProp; + } if (agentArgs != null) { String[] args = agentArgs.split(","); @@ -70,6 +77,10 @@ public static void premain(String agentArgs) { if (p != null) { delay = Integer.parseInt(p); } + p = props.getProperty(Constants.IPLIST_PROPERTY); + if (p != null) { + permittedIPs = p; + } } catch (IOException e) { e.printStackTrace(System.err); } @@ -89,6 +100,10 @@ public static void premain(String agentArgs) { delay = Integer.parseInt(arg.substring(6)); continue; } + if (arg.startsWith("ipList=")) { + permittedIPs = arg.substring(7); + continue; + } if (arg.startsWith("config=")) { // skip, already processed continue; @@ -112,7 +127,7 @@ public void run() { } }); - final CollectorAcceptingThread thread = new CollectorAcceptingThread(); + final CollectorAcceptingThread thread = new CollectorAcceptingThread(permittedIPs); thread.socket = serverSocket; thread.start(); From 1fd4272ffd7a3dad0026c49c013b74fc8abd922f Mon Sep 17 00:00:00 2001 From: Pavel Klinkov Date: Thu, 9 Feb 2017 10:57:31 +0100 Subject: [PATCH 3/4] Small Refactoring of the Permitted-IPs code --- .../jhealth/CollectorAcceptingThread.java | 40 ++++++++++--------- src/it/frech/jhealth/JmxAgent.java | 2 - 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/src/it/frech/jhealth/CollectorAcceptingThread.java b/src/it/frech/jhealth/CollectorAcceptingThread.java index 0118387..be7f402 100644 --- a/src/it/frech/jhealth/CollectorAcceptingThread.java +++ b/src/it/frech/jhealth/CollectorAcceptingThread.java @@ -38,7 +38,7 @@ class CollectorAcceptingThread extends Thread { public CollectorAcceptingThread(String permittedIPs) { setName("Collector MBean Accept-Thread"); setDaemon(true); - if (permittedIPs != null){ + if (permittedIPs != null && permittedIPs.length() > 0){ this.permittedIPs = permittedIPs.split("&"); } } @@ -52,22 +52,13 @@ public void run() { } private void acceptRequests() { - - if (permittedIPs != null){ - try { Socket reqSocket = socket.accept(); - boolean isPermitted = false; - for (String ip :permittedIPs){ - if (reqSocket.getInetAddress().getHostAddress().equals(ip)){ - isPermitted = true; - } - } - if (isPermitted){ - CollectorRequestHandlingThread thread = new CollectorRequestHandlingThread(reqSocket,lastValueMap, getMBeanServer()); - thread.setName("Collector request "+reqSocket.getRemoteSocketAddress()); - thread.setDaemon(true); - thread.start(); + if (isPermitted(reqSocket)){ + CollectorRequestHandlingThread thread = new CollectorRequestHandlingThread(reqSocket,lastValueMap, getMBeanServer()); + thread.setName("Collector request "+reqSocket.getRemoteSocketAddress()); + thread.setDaemon(true); + thread.start(); }else{ reqSocket.close(); } @@ -76,11 +67,24 @@ private void acceptRequests() { }catch (SecurityException e) { System.out.println(e.getMessage()); } - } } - - + public boolean isPermitted(Socket socket) { + // default is allowed + boolean isPermitted = true; + String ipAddress = socket.getInetAddress().getHostAddress(); + // If a list of IPs is defined, check if the requesting IP is in there + + if (permittedIPs != null && permittedIPs.length > 0) { + isPermitted = false; + for (String ip :permittedIPs){ + if (ipAddress.equals(ip)){ + isPermitted = true; + } + } + } + return isPermitted; + } private MBeanServer getMBeanServer() { if (mbeanServer == null) { mbeanServer = ManagementFactory.getPlatformMBeanServer(); diff --git a/src/it/frech/jhealth/JmxAgent.java b/src/it/frech/jhealth/JmxAgent.java index ee84015..6b665d7 100644 --- a/src/it/frech/jhealth/JmxAgent.java +++ b/src/it/frech/jhealth/JmxAgent.java @@ -20,8 +20,6 @@ import java.io.FileReader; import java.io.IOException; import java.net.ServerSocket; -import java.net.SocketPermission; -import java.util.ArrayList; import java.util.LinkedList; import java.util.Properties; From 3289ecc987a8e29cbcb47de2e88ff33b50fad9b7 Mon Sep 17 00:00:00 2001 From: Pavel Klinkov Date: Thu, 9 Feb 2017 12:21:10 +0100 Subject: [PATCH 4/4] Added better example and description for the ipList property --- sample/jhealth.properties | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sample/jhealth.properties b/sample/jhealth.properties index 6aa4329..2079bc8 100644 --- a/sample/jhealth.properties +++ b/sample/jhealth.properties @@ -2,4 +2,5 @@ jhealth.format=$TIME{dd.MM.yyyy HH:mm:ss};$SYSPROP{jboss.node.name};$jhealth:typ jhealth.path=/tmp/health.log jhealth.port=5678 jhealth.delay=1000 -jhealth.ipList=127.0.0.1 \ No newline at end of file +# &-Separated IP-List of allowed Hosts +jhealth.ipList=127.0.0.1&10.11.12.13 \ No newline at end of file