/** * Initialize the backend systems, the log handler and the restrictor. A subclass can tune this * step by overriding {@link #createRestrictor(String)} and {@link * #createLogHandler(ServletConfig, boolean)} * * @param pServletConfig servlet configuration */ @Override public void init(ServletConfig pServletConfig) throws ServletException { super.init(pServletConfig); Configuration config = initConfig(pServletConfig); // Create a log handler early in the lifecycle, but not too early String logHandlerClass = config.get(ConfigKey.LOGHANDLER_CLASS); logHandler = logHandlerClass != null ? (LogHandler) ClassUtil.newInstance(logHandlerClass) : createLogHandler(pServletConfig, Boolean.valueOf(config.get(ConfigKey.DEBUG))); // Different HTTP request handlers httpGetHandler = newGetHttpRequestHandler(); httpPostHandler = newPostHttpRequestHandler(); if (restrictor == null) { restrictor = createRestrictor(NetworkUtil.replaceExpression(config.get(ConfigKey.POLICY_LOCATION))); } else { logHandler.info("Using custom access restriction provided by " + restrictor); } configMimeType = config.get(ConfigKey.MIME_TYPE); backendManager = new BackendManager(config, logHandler, restrictor); requestHandler = new HttpRequestHandler(config, backendManager, logHandler); initDiscoveryMulticast(config); }
/** * Create a restrictor restrictor to use. By default, a policy file is looked up (with the URL * given by the init parameter {@link ConfigKey#POLICY_LOCATION} or "/jolokia-access.xml" by * default) and if not found an {@link AllowAllRestrictor} is used by default. This method is * called during the {@link #init(ServletConfig)} when initializing the subsystems and can be * overridden for custom restrictor creation. * * @param pLocation location to lookup the restrictor * @return the restrictor to use. */ protected Restrictor createRestrictor(String pLocation) { LogHandler log = getLogHandler(); try { Restrictor newRestrictor = RestrictorFactory.lookupPolicyRestrictor(pLocation); if (newRestrictor != null) { log.info("Using access restrictor " + pLocation); return newRestrictor; } else { log.info( "No access restrictor found at " + pLocation + ", access to all MBeans is allowed"); return new AllowAllRestrictor(); } } catch (IOException e) { log.error( "Error while accessing access restrictor at " + pLocation + ". Denying all access to MBeans for security reasons. Exception: " + e, e); return new DenyAllRestrictor(); } }