You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by "chibenwa (via GitHub)" <gi...@apache.org> on 2023/02/13 01:52:08 UTC
[GitHub] [james-project] chibenwa commented on a diff in pull request #1437: [WIP] JAMES-3881 Set a JMX password

chibenwa commented on code in PR #1437:
URL: https://github.com/apache/james-project/pull/1437#discussion_r1103927130


##########
server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java:
##########
@@ -126,4 +146,38 @@ private void doStop() {
         }
     }
 
+    private void generateJMXPasswordFileIfNeed() {
+        if (Boolean.parseBoolean(System.getProperty(JMX_CREDENTIAL_GENERATION_ENABLE_PROPERTY, JMX_CREDENTIAL_GENERATION_ENABLE_DEFAULT))
+            && !existJmxPasswordFile()) {
+            generateJMXPasswordFile();
+        }
+    }
+
+    private boolean existJmxPasswordFile() {
+        return Files.exists(Path.of(JmxConfiguration.PASSWORD_FILE_PATH)) && Files.exists(Path.of(JmxConfiguration.ACCESS_FILE_PATH));
+    }
+
+    private void generateJMXPasswordFile() {
+        File passwordFile = new File(JmxConfiguration.PASSWORD_FILE_PATH);
+        if (!passwordFile.exists()) {
+            try (OutputStream outputStream = new FileOutputStream(passwordFile)) {
+                String randomPassword = RandomStringUtils.random(10, true, true);
+                IOUtils.write(JmxConfiguration.JAMES_ADMIN_USER_DEFAULT + " " + randomPassword + "\n", outputStream, StandardCharsets.UTF_8);
+                LOGGER.info("Generated JMX password file: " + JmxConfiguration.PASSWORD_FILE_PATH);
+            } catch (IOException e) {
+                throw new RuntimeException("Error when creating JMX password file: " + JmxConfiguration.PASSWORD_FILE_PATH, e);
+            }
+        }
+
+        File accessFile = new File(JmxConfiguration.ACCESS_FILE_PATH);

Review Comment:
   What are the permissions on this file?



##########
server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java:
##########
@@ -126,4 +146,38 @@ private void doStop() {
         }
     }
 
+    private void generateJMXPasswordFileIfNeed() {
+        if (Boolean.parseBoolean(System.getProperty(JMX_CREDENTIAL_GENERATION_ENABLE_PROPERTY, JMX_CREDENTIAL_GENERATION_ENABLE_DEFAULT))
+            && !existJmxPasswordFile()) {
+            generateJMXPasswordFile();
+        }
+    }
+
+    private boolean existJmxPasswordFile() {
+        return Files.exists(Path.of(JmxConfiguration.PASSWORD_FILE_PATH)) && Files.exists(Path.of(JmxConfiguration.ACCESS_FILE_PATH));
+    }
+
+    private void generateJMXPasswordFile() {
+        File passwordFile = new File(JmxConfiguration.PASSWORD_FILE_PATH);

Review Comment:
   What are the permissions on this file?



##########
server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JmxConfiguration.java:
##########
@@ -34,6 +34,11 @@ public class JmxConfiguration {
     public static final String LOCALHOST = "localhost";
     public static final int DEFAULT_PORT = 9999;
     public static final boolean ENABLED = true;
+    public static final String JMX_CREDENTIAL_GENERATION_ENABLE_PROPERTY = "james.jmx.credential.generation";
+    public static final String JMX_CREDENTIAL_GENERATION_ENABLE_DEFAULT = "false";
+    public static final String PASSWORD_FILE_PATH = "/root/conf/jmxremote.password";
+    public static final String ACCESS_FILE_PATH = "/root/conf/jmxremote.access";

Review Comment:
   This location is the docker one but we should not use that for raw installation. 
   
   Suggestion:
   
   ```
   org.apache.james.filesystem.api.FileSYstem.getFile("conf://jmxremote.password");
   ```



##########
server/container/guice/jmx/src/main/java/org/apache/james/modules/server/JMXServer.java:
##########
@@ -126,4 +146,38 @@ private void doStop() {
         }
     }
 
+    private void generateJMXPasswordFileIfNeed() {
+        if (Boolean.parseBoolean(System.getProperty(JMX_CREDENTIAL_GENERATION_ENABLE_PROPERTY, JMX_CREDENTIAL_GENERATION_ENABLE_DEFAULT))
+            && !existJmxPasswordFile()) {
+            generateJMXPasswordFile();
+        }
+    }

Review Comment:
   Can we have the CLI attempt to read `~/conf/jmxremote.password` that is in clear if no option is supplied?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org