Prevent non public bean to be exposed to JMX

Previously, a package private `@ManagedResource` annotated bean was
registered to the JMX domain even if any attempt to invoke an operation
on it will fail since it has to be public.

This commit validates that any `@ManagedResource` annotated bean is
public and throws an InvalidMetadataException otherwise. Note that the
actual bean type does not have to be public as long as the class
annotated with `@ManagedResource` in the hierarchy is pubic and no extra
operations or attributes are defined on the child.

Issue: SPR-14042
This commit is contained in:
Stephane Nicoll
2016-03-15 09:51:11 +01:00
parent 582864802e
commit 33a4e9e57f
4 changed files with 179 additions and 74 deletions

View File

@@ -19,6 +19,7 @@ package org.springframework.jmx.export.annotation;
import java.lang.annotation.Annotation;
import java.lang.reflect.Array;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collection;
import java.util.Set;
@@ -40,6 +41,7 @@ import org.springframework.util.StringValueResolver;
* @author Rob Harrop
* @author Juergen Hoeller
* @author Jennifer Hickey
* @author Stephane Nicoll
* @since 1.2
* @see ManagedResource
* @see ManagedAttribute
@@ -64,6 +66,11 @@ public class AnnotationJmxAttributeSource implements JmxAttributeSource, BeanFac
if (ann == null) {
return null;
}
Class<?> declaringClass = AnnotationUtils.findAnnotationDeclaringClass(ManagedResource.class, beanClass);
Class<?> target = (declaringClass != null && !declaringClass.isInterface() ? declaringClass : beanClass);
if (!Modifier.isPublic(target.getModifiers())) {
throw new InvalidMetadataException("@ManagedResource class '" + target.getName() + "' must be public");
}
org.springframework.jmx.export.metadata.ManagedResource managedResource = new org.springframework.jmx.export.metadata.ManagedResource();
AnnotationBeanUtils.copyPropertiesToBean(ann, managedResource, this.embeddedValueResolver);
return managedResource;