/**
* Initialize the backend systems, the log handler and the restrictor. A subclass can tune this
* step by overriding {@link #createRestrictor(String)} and {@link
* #createLogHandler(ServletConfig, boolean)}
*
* @param pServletConfig servlet configuration
*/
@Override
public void init(ServletConfig pServletConfig) throws ServletException {
super.init(pServletConfig);
Configuration config = initConfig(pServletConfig);
// Create a log handler early in the lifecycle, but not too early
String logHandlerClass = config.get(ConfigKey.LOGHANDLER_CLASS);
logHandler =
logHandlerClass != null
? (LogHandler) ClassUtil.newInstance(logHandlerClass)
: createLogHandler(pServletConfig, Boolean.valueOf(config.get(ConfigKey.DEBUG)));
// Different HTTP request handlers
httpGetHandler = newGetHttpRequestHandler();
httpPostHandler = newPostHttpRequestHandler();
if (restrictor == null) {
restrictor =
createRestrictor(NetworkUtil.replaceExpression(config.get(ConfigKey.POLICY_LOCATION)));
} else {
logHandler.info("Using custom access restriction provided by " + restrictor);
}
configMimeType = config.get(ConfigKey.MIME_TYPE);
backendManager = new BackendManager(config, logHandler, restrictor);
requestHandler = new HttpRequestHandler(config, backendManager, logHandler);
initDiscoveryMulticast(config);
}
private void initDiscoveryMulticast(Configuration pConfig) {
String url = findAgentUrl(pConfig);
if (url != null || listenForDiscoveryMcRequests(pConfig)) {
backendManager.getAgentDetails().setUrl(url);
try {
discoveryMulticastResponder =
new DiscoveryMulticastResponder(backendManager, restrictor, logHandler);
discoveryMulticastResponder.start();
} catch (IOException e) {
logHandler.error("Cannot start discovery multicast handler: " + e, e);
}
}
}
/**
* Create a restrictor restrictor to use. By default, a policy file is looked up (with the URL
* given by the init parameter {@link ConfigKey#POLICY_LOCATION} or "/jolokia-access.xml" by
* default) and if not found an {@link AllowAllRestrictor} is used by default. This method is
* called during the {@link #init(ServletConfig)} when initializing the subsystems and can be
* overridden for custom restrictor creation.
*
* @param pLocation location to lookup the restrictor
* @return the restrictor to use.
*/
protected Restrictor createRestrictor(String pLocation) {
LogHandler log = getLogHandler();
try {
Restrictor newRestrictor = RestrictorFactory.lookupPolicyRestrictor(pLocation);
if (newRestrictor != null) {
log.info("Using access restrictor " + pLocation);
return newRestrictor;
} else {
log.info(
"No access restrictor found at " + pLocation + ", access to all MBeans is allowed");
return new AllowAllRestrictor();
}
} catch (IOException e) {
log.error(
"Error while accessing access restrictor at "
+ pLocation
+ ". Denying all access to MBeans for security reasons. Exception: "
+ e,
e);
return new DenyAllRestrictor();
}
}
