Prevent non public bean to be exposed to JMX
Previously, a package private `@ManagedResource` annotated bean was registered to the JMX domain even if any attempt to invoke an operation on it will fail since it has to be public. This commit validates that any `@ManagedResource` annotated bean is public and throws an InvalidMetadataException otherwise. Note that the actual bean type does not have to be public as long as the class annotated with `@ManagedResource` in the hierarchy is pubic and no extra operations or attributes are defined on the child. Issue: SPR-14042
This commit is contained in:
@@ -19,6 +19,7 @@ package org.springframework.jmx.export.annotation;
|
||||
import java.lang.annotation.Annotation;
|
||||
import java.lang.reflect.Array;
|
||||
import java.lang.reflect.Method;
|
||||
import java.lang.reflect.Modifier;
|
||||
import java.util.Collection;
|
||||
import java.util.Set;
|
||||
|
||||
@@ -40,6 +41,7 @@ import org.springframework.util.StringValueResolver;
|
||||
* @author Rob Harrop
|
||||
* @author Juergen Hoeller
|
||||
* @author Jennifer Hickey
|
||||
* @author Stephane Nicoll
|
||||
* @since 1.2
|
||||
* @see ManagedResource
|
||||
* @see ManagedAttribute
|
||||
@@ -64,6 +66,11 @@ public class AnnotationJmxAttributeSource implements JmxAttributeSource, BeanFac
|
||||
if (ann == null) {
|
||||
return null;
|
||||
}
|
||||
Class<?> declaringClass = AnnotationUtils.findAnnotationDeclaringClass(ManagedResource.class, beanClass);
|
||||
Class<?> target = (declaringClass != null && !declaringClass.isInterface() ? declaringClass : beanClass);
|
||||
if (!Modifier.isPublic(target.getModifiers())) {
|
||||
throw new InvalidMetadataException("@ManagedResource class '" + target.getName() + "' must be public");
|
||||
}
|
||||
org.springframework.jmx.export.metadata.ManagedResource managedResource = new org.springframework.jmx.export.metadata.ManagedResource();
|
||||
AnnotationBeanUtils.copyPropertiesToBean(ann, managedResource, this.embeddedValueResolver);
|
||||
return managedResource;
|
||||
|
||||
Reference in New Issue
Block a user