You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2017/05/31 23:13:51 UTC
[5/7] geode git commit: milestone
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
new file mode 100644
index 0000000..81d28be
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/EnabledSecurityService.java
@@ -0,0 +1,418 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.AccessController;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
+import org.apache.commons.lang.SerializationException;
+import org.apache.commons.lang.StringUtils;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
+import org.apache.shiro.mgt.DefaultSecurityManager;
+import org.apache.shiro.realm.Realm;
+import org.apache.shiro.session.mgt.DefaultSessionManager;
+import org.apache.shiro.session.mgt.SessionManager;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
+import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.GemFireIOException;
+import org.apache.geode.internal.cache.EntryEventImpl;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.shiro.CustomAuthRealm;
+import org.apache.geode.internal.security.shiro.GeodeAuthenticationToken;
+import org.apache.geode.internal.security.shiro.ShiroPrincipal;
+import org.apache.geode.internal.util.BlobHelper;
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
+import org.apache.geode.security.SecurityManager;
+
+/**
+ * Security service with SecurityManager and an optional PostProcessor.
+ *
+ * TODO: rename EnabledSecurityService to IntegratedSecurityService
+ */
+public class EnabledSecurityService implements SecurityService {
+ private static Logger logger = LogService.getLogger(LogService.SECURITY_LOGGER_NAME);
+
+ private final SecurityManager securityManager;
+
+ private final PostProcessor postProcessor;
+
+ EnabledSecurityService(final SecurityManager securityManager, final PostProcessor postProcessor) {
+ this.securityManager = securityManager;
+ this.postProcessor = postProcessor;
+
+ // initialize Shiro
+ Realm realm = new CustomAuthRealm(securityManager);
+ DefaultSecurityManager shiroManager = new DefaultSecurityManager(realm);
+ SecurityUtils.setSecurityManager(shiroManager);
+ increaseShiroGlobalSessionTimeout(shiroManager);
+ }
+
+ @Override
+ public void initSecurity(final Properties securityProps) {
+ // nothing
+ }
+
+ @Override
+ public void setSecurityManager(final SecurityManager securityManager) {
+ // nothing
+ }
+
+ @Override
+ public void setPostProcessor(final PostProcessor postProcessor) {
+ // nothing
+ }
+
+ /**
+ * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to
+ * process operations from the same client, then it looks into Shiro's thead context.
+ *
+ * @return the shiro subject, null if security is not enabled
+ */
+ @Override
+ public Subject getSubject() {
+ Subject currentUser;
+
+ // First try get the principal out of AccessControlContext instead of Shiro's Thread context
+ // since threads can be shared between JMX clients.
+ javax.security.auth.Subject jmxSubject =
+ javax.security.auth.Subject.getSubject(AccessController.getContext());
+
+ if (jmxSubject != null) {
+ Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
+ if (!principals.isEmpty()) {
+ ShiroPrincipal principal = principals.iterator().next();
+ currentUser = principal.getSubject();
+ ThreadContext.bind(currentUser);
+ return currentUser;
+ }
+ }
+
+ // in other cases like rest call, client operations, we get it from the current thread
+ currentUser = SecurityUtils.getSubject();
+
+ if (currentUser == null || currentUser.getPrincipal() == null) {
+ throw new GemFireSecurityException("Error: Anonymous User");
+ }
+
+ return currentUser;
+ }
+
+ /**
+ * @return null if security is not enabled, otherwise return a shiro subject
+ */
+ @Override
+ public Subject login(final Properties credentials) {
+ if (credentials == null) {
+ return null;
+ }
+
+ // this makes sure it starts with a clean user object
+ ThreadContext.remove();
+
+ Subject currentUser = SecurityUtils.getSubject();
+ GeodeAuthenticationToken token = new GeodeAuthenticationToken(credentials);
+ try {
+ logger.info("Logging in " + token.getPrincipal());
+ currentUser.login(token);
+ } catch (ShiroException e) {
+ logger.info(e.getMessage(), e);
+ throw new AuthenticationFailedException(
+ "Authentication error. Please check your credentials.", e);
+ }
+
+ return currentUser;
+ }
+
+ @Override
+ public void logout() {
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
+ return;
+ }
+
+ try {
+ logger.info("Logging out " + currentUser.getPrincipal());
+ currentUser.logout();
+ } catch (ShiroException e) {
+ logger.info(e.getMessage(), e);
+ throw new GemFireSecurityException(e.getMessage(), e);
+ }
+
+ // clean out Shiro's thread local content
+ ThreadContext.remove();
+ }
+
+ @Override // TODO: give Callable a type
+ public Callable associateWith(final Callable callable) {
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
+ return callable;
+ }
+
+ return currentUser.associateWith(callable);
+ }
+
+ /**
+ * Binds the passed-in subject to the executing thread. Usage:
+ *
+ * <pre>
+ * ThreadState state = null;
+ * try {
+ * state = IntegratedSecurityService.bindSubject(subject);
+ * //do the rest of the work as this subject
+ * } finally {
+ * if(state!=null) state.clear();
+ * }
+ * </pre>
+ */
+ @Override
+ public ThreadState bindSubject(final Subject subject) {
+ if (subject == null) {
+ return null;
+ }
+
+ ThreadState threadState = new SubjectThreadState(subject);
+ threadState.bind();
+ return threadState;
+ }
+
+ @Override
+ public void authorize(final ResourceOperation resourceOperation) {
+ if (resourceOperation == null) {
+ return;
+ }
+
+ authorize(resourceOperation.resource().name(), resourceOperation.operation().name(), null);
+ }
+
+ @Override
+ public void authorizeClusterManage() {
+ authorize("CLUSTER", "MANAGE");
+ }
+
+ @Override
+ public void authorizeClusterWrite() {
+ authorize("CLUSTER", "WRITE");
+ }
+
+ @Override
+ public void authorizeClusterRead() {
+ authorize("CLUSTER", "READ");
+ }
+
+ @Override
+ public void authorizeDataManage() {
+ authorize("DATA", "MANAGE");
+ }
+
+ @Override
+ public void authorizeDataWrite() {
+ authorize("DATA", "WRITE");
+ }
+
+ @Override
+ public void authorizeDataRead() {
+ authorize("DATA", "READ");
+ }
+
+ @Override
+ public void authorizeRegionManage(final String regionName) {
+ authorize("DATA", "MANAGE", regionName);
+ }
+
+ @Override
+ public void authorizeRegionManage(final String regionName, final String key) {
+ authorize("DATA", "MANAGE", regionName, key);
+ }
+
+ @Override
+ public void authorizeRegionWrite(final String regionName) {
+ authorize("DATA", "WRITE", regionName);
+ }
+
+ @Override
+ public void authorizeRegionWrite(final String regionName, final String key) {
+ authorize("DATA", "WRITE", regionName, key);
+ }
+
+ @Override
+ public void authorizeRegionRead(final String regionName) {
+ authorize("DATA", "READ", regionName);
+ }
+
+ @Override
+ public void authorizeRegionRead(final String regionName, final String key) {
+ authorize("DATA", "READ", regionName, key);
+ }
+
+ @Override
+ public void authorize(final String resource, final String operation) {
+ authorize(resource, operation, null);
+ }
+
+ @Override
+ public void authorize(final String resource, final String operation, final String regionName) {
+ authorize(resource, operation, regionName, null);
+ }
+
+ @Override
+ public void authorize(final String resource, final String operation, String regionName, final String key) {
+ regionName = StringUtils.stripStart(regionName, "/");
+ authorize(new ResourcePermission(resource, operation, regionName, key));
+ }
+
+ @Override
+ public void authorize(final ResourcePermission context) {
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
+ return;
+ }
+ if (context == null) {
+ return;
+ }
+ if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
+ return;
+ }
+
+ try {
+ currentUser.checkPermission(context);
+ } catch (ShiroException e) {
+ String msg = currentUser.getPrincipal() + " not authorized for " + context;
+ logger.info(msg);
+ throw new NotAuthorizedException(msg, e);
+ }
+ }
+
+ @Override
+ public void close() {
+ if (this.securityManager != null) {
+ this.securityManager.close();
+ }
+
+ if (this.postProcessor != null) {
+ this.postProcessor.close();
+ }
+
+ ThreadContext.remove();
+ SecurityUtils.setSecurityManager(null);
+ }
+
+ /**
+ * postProcess call already has this logic built in, you don't need to call this everytime you
+ * call postProcess. But if your postProcess is pretty involved with preparations and you need to
+ * bypass it entirely, call this first.
+ */
+ @Override
+ public boolean needPostProcess() {
+ return this.postProcessor != null;
+ }
+
+ @Override
+ public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) {
+ return postProcess(null, regionPath, key, value, valueIsSerialized);
+ }
+
+ @Override
+ public Object postProcess(Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) {
+ if (!needPostProcess()) {
+ return value;
+ }
+
+ if (principal == null) {
+ Subject subject = getSubject();
+ if (subject == null) {
+ return value;
+ }
+ principal = (Serializable) subject.getPrincipal();
+ }
+
+ String regionName = StringUtils.stripStart(regionPath, "/");
+ Object newValue;
+
+ // if the data is a byte array, but the data itself is supposed to be an object, we need to
+ // deserialize it before we pass it to the callback.
+ if (valueIsSerialized && value instanceof byte[]) {
+ try {
+ Object oldObj = EntryEventImpl.deserialize((byte[]) value);
+ Object newObj = this.postProcessor.processRegionValue(principal, regionName, key, oldObj);
+ newValue = BlobHelper.serializeToBlob(newObj);
+ } catch (IOException | SerializationException e) {
+ throw new GemFireIOException("Exception de/serializing entry value", e);
+ }
+ } else {
+ newValue = this.postProcessor.processRegionValue(principal, regionName, key, value);
+ }
+
+ return newValue;
+ }
+
+ @Override
+ public SecurityManager getSecurityManager() {
+ return this.securityManager;
+ }
+
+ @Override
+ public PostProcessor getPostProcessor() {
+ return this.postProcessor;
+ }
+
+ @Override
+ public boolean isIntegratedSecurity() {
+ return true;
+ }
+
+ @Override
+ public boolean isClientSecurityRequired() {
+ return true;
+ }
+
+ @Override
+ public boolean isPeerSecurityRequired() {
+ return true;
+ }
+
+ private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) {
+ SessionManager sessionManager = shiroManager.getSessionManager();
+ if (DefaultSessionManager.class.isInstance(sessionManager)) {
+ DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
+ defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
+ long value = defaultSessionManager.getGlobalSessionTimeout();
+ if (value != Long.MAX_VALUE) {
+ logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value);
+ }
+ } else {
+ logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.",
+ sessionManager == null ? "null" : sessionManager.getClass());
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
new file mode 100644
index 0000000..0e8bdbe
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/LegacySecurityService.java
@@ -0,0 +1,218 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+
+import java.util.Properties;
+import java.util.concurrent.Callable;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
+import org.apache.geode.management.internal.security.ResourceOperation;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.SecurityManager;
+
+/**
+ * Legacy security service with ClientAuthenticator and/or PeerAuthenticator.
+ */
+public class LegacySecurityService implements SecurityService {
+
+ private final boolean hasClientAuthenticator;
+
+ private final boolean hasPeerAuthenticator;
+
+ LegacySecurityService(final String clientAuthenticator, final String peerAuthenticator) {
+ this.hasClientAuthenticator = clientAuthenticator != null;
+ this.hasPeerAuthenticator = peerAuthenticator != null;
+ }
+
+ @Override
+ public void initSecurity(final Properties securityProps) {
+ // nothing
+ }
+
+ @Override
+ public void setSecurityManager(final SecurityManager securityManager) {
+ // nothing
+ }
+
+ @Override
+ public void setPostProcessor(final PostProcessor postProcessor) {
+ // nothing
+ }
+
+ @Override
+ public ThreadState bindSubject(final Subject subject) {
+ return null;
+ }
+
+ @Override
+ public Subject getSubject() {
+ return null;
+ }
+
+ @Override
+ public Subject login(final Properties credentials) {
+ return null;
+ }
+
+ @Override
+ public void logout() {
+ // nothing
+ }
+
+ @Override
+ public Callable associateWith(final Callable callable) {
+ return null;
+ }
+
+ @Override
+ public void authorize(final ResourceOperation resourceOperation) {
+ // nothing
+ }
+
+ @Override
+ public void authorizeClusterManage() {
+ // nothing
+ }
+
+ @Override
+ public void authorizeClusterWrite() {
+ // nothing
+ }
+
+ @Override
+ public void authorizeClusterRead() {
+ // nothing
+ }
+
+ @Override
+ public void authorizeDataManage() {
+ // nothing
+ }
+
+ @Override
+ public void authorizeDataWrite() {
+ // nothing
+ }
+
+ @Override
+ public void authorizeDataRead() {
+ // nothing
+ }
+
+ @Override
+ public void authorizeRegionManage(final String regionName) {
+ // nothing
+ }
+
+ @Override
+ public void authorizeRegionManage(final String regionName, final String key) {
+ // nothing
+ }
+
+ @Override
+ public void authorizeRegionWrite(final String regionName) {
+ // nothing
+ }
+
+ @Override
+ public void authorizeRegionWrite(final String regionName, final String key) {
+ // nothing
+ }
+
+ @Override
+ public void authorizeRegionRead(final String regionName) {
+ // nothing
+ }
+
+ @Override
+ public void authorizeRegionRead(final String regionName, final String key) {
+ // nothing
+ }
+
+ @Override
+ public void authorize(final String resource, final String operation) {
+ // nothing
+ }
+
+ @Override
+ public void authorize(final String resource, final String operation, final String regionName) {
+ // nothing
+ }
+
+ @Override
+ public void authorize(final String resource, final String operation, final String regionName, final String key) {
+ // nothing
+ }
+
+ @Override
+ public void authorize(final ResourcePermission context) {
+ // nothing
+ }
+
+ @Override
+ public void close() {
+ // nothing
+ }
+
+ @Override
+ public boolean needPostProcess() {
+ return false;
+ }
+
+ @Override
+ public Object postProcess(final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) {
+ return null;
+ }
+
+ @Override
+ public Object postProcess(final Object principal, final String regionPath, final Object key, final Object value, final boolean valueIsSerialized) {
+ return null;
+ }
+
+ @Override
+ public boolean isClientSecurityRequired() {
+ return this.hasClientAuthenticator;
+ }
+
+ @Override
+ public boolean isIntegratedSecurity() {
+ return false;
+ }
+
+ @Override
+ public boolean isPeerSecurityRequired() {
+ return this.hasPeerAuthenticator;
+ }
+
+ @Override
+ public SecurityManager getSecurityManager() {
+ return null;
+ }
+
+ @Override
+ public PostProcessor getPostProcessor() {
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index 14784c3..1a5375a 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -30,6 +30,12 @@ import java.util.concurrent.Callable;
public interface SecurityService {
+ void initSecurity(Properties securityProps); // TODO:KIRK
+
+ void setSecurityManager(SecurityManager securityManager); // TODO:KIRK
+
+ void setPostProcessor(PostProcessor postProcessor); // TODO:KIRK
+
ThreadState bindSubject(Subject subject);
Subject getSubject();
@@ -74,8 +80,6 @@ public interface SecurityService {
void authorize(ResourcePermission context);
- void initSecurity(Properties securityProps);
-
void close();
boolean needPostProcess();
@@ -93,21 +97,17 @@ public interface SecurityService {
SecurityManager getSecurityManager();
- void setSecurityManager(SecurityManager securityManager);
-
PostProcessor getPostProcessor();
- void setPostProcessor(PostProcessor postProcessor);
-
/**
* this method would never return null, it either throws an exception or returns an object
*/
- public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
- Class actualClass = null;
+ static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
+ Class actualClass;
try {
actualClass = ClassLoadUtil.classFromName(className);
- } catch (Exception ex) {
- throw new GemFireSecurityException("Instance could not be obtained, " + ex.toString(), ex);
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Instance could not be obtained, " + e, e);
}
if (!expectedClazz.isAssignableFrom(actualClass)) {
@@ -115,22 +115,22 @@ public interface SecurityService {
"Instance could not be obtained. Expecting a " + expectedClazz.getName() + " class.");
}
- T actualObject = null;
try {
- actualObject = (T) actualClass.newInstance();
+ return (T) actualClass.newInstance();
} catch (Exception e) {
throw new GemFireSecurityException(
"Instance could not be obtained. Error instantiating " + actualClass.getName(), e);
}
- return actualObject;
}
/**
* this method would never return null, it either throws an exception or returns an object
+ *
+ * TODO: expectedClazz is unused
*/
- public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName,
+ static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName,
Class<T> expectedClazz) {
- T actualObject = null;
+ T actualObject;
try {
Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
actualObject = (T) factoryMethod.invoke(null, (Object[]) null);
@@ -153,17 +153,17 @@ public interface SecurityService {
* @return an object of type expectedClazz. This method would never return null. It either returns
* an non-null object or throws exception.
*/
- public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
- T object = null;
+ static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+ T object;
try {
object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
- } catch (Exception e) {
+ } catch (Exception ignore) {
object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
}
return object;
}
- public static Properties getCredentials(Properties securityProps) {
+ static Properties getCredentials(Properties securityProps) {
Properties credentials = null;
if (securityProps.containsKey(ResourceConstants.USER_NAME)
&& securityProps.containsKey(ResourceConstants.PASSWORD)) {
@@ -177,6 +177,7 @@ public interface SecurityService {
}
static SecurityService getSecurityService() {
+ // TODO:KIRK
return IntegratedSecurityService.getSecurityService();
}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
new file mode 100644
index 0000000..83781a7
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceFactory.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.cache.CacheConfig;
+import org.apache.geode.internal.security.shiro.ConfigInitialization;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.SecurityManager;
+
+public class SecurityServiceFactory {
+
+ private SecurityServiceFactory() {
+ // do not instantiate
+ }
+
+ public static SecurityService create(CacheConfig cacheConfig, DistributionConfig distributionConfig) {
+ Properties securityConfig = getSecurityConfig(distributionConfig);
+ SecurityManager securityManager = getSecurityManager(getSecurityManagerFromConfig(cacheConfig), securityConfig);
+ PostProcessor postProcessor = getPostProcessor(getPostProcessorFromConfig(cacheConfig), securityConfig);
+
+ SecurityService securityService = create(securityConfig, securityManager, postProcessor);
+ // securityService.initSecurity(distributionConfig.getSecurityProps());
+ return securityService;
+ }
+
+ static SecurityService create(Properties securityConfig, SecurityManager securityManager, PostProcessor postProcessor) {
+ SecurityServiceType type = determineType(securityConfig, securityManager);
+ switch (type) {
+ case CUSTOM:
+ String shiroConfig = securityConfig.getProperty(SECURITY_SHIRO_INIT);
+ ConfigInitialization configInitialization = new ConfigInitialization(shiroConfig);
+ configInitialization.initialize();
+ return new CustomSecurityService();
+ case ENABLED:
+ return new EnabledSecurityService(securityManager, postProcessor);
+ case LEGACY:
+ String clientAuthenticator = securityConfig.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+ String peerAuthenticator = securityConfig.getProperty(SECURITY_PEER_AUTHENTICATOR);
+ return new LegacySecurityService(clientAuthenticator, peerAuthenticator);
+ default:
+ return new DisabledSecurityService();
+ }
+ }
+
+ static SecurityServiceType determineType(Properties securityConfig, SecurityManager securityManager) {
+ boolean hasShiroConfig = securityConfig.getProperty(SECURITY_SHIRO_INIT) != null;
+ if (hasShiroConfig) {
+ return SecurityServiceType.CUSTOM;
+ }
+
+ boolean hasSecurityManager = securityManager != null;
+ if (hasSecurityManager) {
+ return SecurityServiceType.ENABLED;
+ }
+
+ boolean hasClientAuthenticator = securityConfig.getProperty(SECURITY_CLIENT_AUTHENTICATOR) != null;
+ boolean hasPeerAuthenticator = securityConfig.getProperty(SECURITY_PEER_AUTHENTICATOR) != null;
+ if (hasClientAuthenticator || hasPeerAuthenticator) {
+ return SecurityServiceType.LEGACY;
+ }
+
+ return SecurityServiceType.DISABLED;
+ }
+
+ static SecurityManager getSecurityManager(SecurityManager securityManager, Properties securityConfig) {
+ if (securityManager != null) {
+ return securityManager;
+ }
+
+ String securityManagerConfig = securityConfig.getProperty(SECURITY_MANAGER);
+ if (StringUtils.isNotBlank(securityManagerConfig)) {
+ securityManager = SecurityService.getObjectOfTypeFromClassName(securityManagerConfig, SecurityManager.class);
+ securityManager.init(securityConfig);
+ }
+
+ return securityManager;
+ }
+
+ static PostProcessor getPostProcessor(PostProcessor postProcessor, Properties securityConfig) {
+ if (postProcessor != null) {
+ return postProcessor;
+ }
+
+ String postProcessorConfig = securityConfig.getProperty(SECURITY_POST_PROCESSOR);
+ if (StringUtils.isNotBlank(postProcessorConfig)) {
+ postProcessor =
+ SecurityService.getObjectOfTypeFromClassName(postProcessorConfig, PostProcessor.class);
+ postProcessor.init(securityConfig);
+ }
+
+ return postProcessor;
+ }
+
+ private static Properties getSecurityConfig(DistributionConfig distributionConfig) {
+ if (distributionConfig == null) {
+ return new Properties();
+ }
+ return distributionConfig.getSecurityProps();
+ }
+
+ private static SecurityManager getSecurityManagerFromConfig(CacheConfig cacheConfig) {
+ if (cacheConfig == null) {
+ return null;
+ }
+ return cacheConfig.getSecurityManager();
+ }
+
+ private static PostProcessor getPostProcessorFromConfig(CacheConfig cacheConfig) {
+ if (cacheConfig == null) {
+ return null;
+ }
+ return cacheConfig.getPostProcessor();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
new file mode 100644
index 0000000..99df876
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityServiceType.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security;
+
+public enum SecurityServiceType {
+ /** Integrated Security is Enabled */
+ ENABLED,
+ /** Security is Disabled */
+ DISABLED,
+ /** Legacy Security is Enabled */
+ LEGACY,
+ /** Shiro Config is specified */
+ CUSTOM
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
new file mode 100644
index 0000000..18b5dca
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/ConfigInitialization.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.internal.security.shiro;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.config.Ini.Section;
+import org.apache.shiro.config.IniSecurityManagerFactory;
+
+public class ConfigInitialization {
+
+ private final String shiroConfig;
+
+ public ConfigInitialization(String shiroConfig) {
+ this.shiroConfig = shiroConfig;
+ }
+
+ public void initialize() {
+ IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + this.shiroConfig);
+
+ // we will need to make sure that shiro uses a case sensitive permission resolver
+ Section main = factory.getIni().addSection("main");
+ main.put("geodePermissionResolver",
+ "org.apache.geode.internal.security.shiro.GeodePermissionResolver");
+ if (!main.containsKey("iniRealm.permissionResolver")) {
+ main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
+ }
+
+ org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
+ SecurityUtils.setSecurityManager(securityManager);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
index 2a641d3..49d38f5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/shiro/JMXShiroAuthenticator.java
@@ -14,7 +14,11 @@
*/
package org.apache.geode.internal.security.shiro;
-import static org.apache.geode.management.internal.security.ResourceConstants.*;
+import static org.apache.geode.management.internal.security.ResourceConstants.MISSING_CREDENTIALS_MESSAGE;
+
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.management.internal.security.ResourceConstants;
+import org.apache.geode.security.AuthenticationFailedException;
import java.security.Principal;
import java.util.Collections;
@@ -26,18 +30,16 @@ import javax.management.remote.JMXConnectionNotification;
import javax.management.remote.JMXPrincipal;
import javax.security.auth.Subject;
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.management.internal.security.ResourceConstants;
-import org.apache.geode.security.AuthenticationFailedException;
-
/**
* this will make JMX authentication to use Shiro for Authentication
*/
-
public class JMXShiroAuthenticator implements JMXAuthenticator, NotificationListener {
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ private final SecurityService securityService;
+
+ public JMXShiroAuthenticator(SecurityService securityService) {
+ this.securityService = securityService;
+ }
@Override
public Subject authenticate(Object credentials) {
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
index 767cf94..55957b2 100644
--- a/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/cli/CommandService.java
@@ -19,6 +19,7 @@ import java.util.Map;
import org.apache.geode.cache.Cache;
import org.apache.geode.cache.CacheClosedException;
+import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.management.DependenciesNotFoundException;
import org.apache.geode.management.internal.cli.CliUtil;
@@ -124,7 +125,7 @@ public abstract class CommandService {
.toLocalizedString(new Object[] {nonExistingDependency}));
}
- localCommandService = new MemberCommandService(cache);
+ localCommandService = new MemberCommandService((InternalCache) cache);
}
return localCommandService;
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
index 3e6e4484..554dc66 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java
@@ -91,7 +91,7 @@ public class ManagementAgent {
private JMXConnectorServer jmxConnectorServer;
private JMXShiroAuthenticator shiroAuthenticator;
private final DistributionConfig config;
- private SecurityService securityService = SecurityService.getSecurityService();
+ private final SecurityService securityService;
private boolean isHttpServiceRunning = false;
/**
@@ -103,8 +103,9 @@ public class ManagementAgent {
private static final String PULSE_USESSL_MANAGER = "pulse.useSSL.manager";
private static final String PULSE_USESSL_LOCATOR = "pulse.useSSL.locator";
- public ManagementAgent(DistributionConfig config) {
+ public ManagementAgent(DistributionConfig config, SecurityService securityService) {
this.config = config;
+ this.securityService = securityService;
}
public synchronized boolean isRunning() {
@@ -465,14 +466,14 @@ public class ManagementAgent {
};
if (securityService.isIntegratedSecurity()) {
- shiroAuthenticator = new JMXShiroAuthenticator();
+ shiroAuthenticator = new JMXShiroAuthenticator(this.securityService);
env.put(JMXConnectorServer.AUTHENTICATOR, shiroAuthenticator);
jmxConnectorServer.addNotificationListener(shiroAuthenticator, null,
jmxConnectorServer.getAttributes());
// always going to assume authorization is needed as well, if no custom AccessControl, then
// the CustomAuthRealm
// should take care of that
- MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper();
+ MBeanServerWrapper mBeanServerWrapper = new MBeanServerWrapper(this.securityService);
jmxConnectorServer.setMBeanServerForwarder(mBeanServerWrapper);
registerAccessControlMBean();
} else {
@@ -501,7 +502,7 @@ public class ManagementAgent {
private void registerAccessControlMBean() {
try {
- AccessControlMBean acc = new AccessControlMBean();
+ AccessControlMBean acc = new AccessControlMBean(this.securityService);
ObjectName accessControlMBeanON = new ObjectName(ResourceConstants.OBJECT_NAME_ACCESSCONTROL);
MBeanServer platformMBeanServer = ManagementFactory.getPlatformMBeanServer();
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
index fc8eb97..11402f1 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/SystemManagementService.java
@@ -144,7 +144,7 @@ public class SystemManagementService extends BaseManagementService {
this.notificationHub = new NotificationHub(repo);
if (system.getConfig().getJmxManager()) {
- this.agent = new ManagementAgent(system.getConfig());
+ this.agent = new ManagementAgent(system.getConfig(), cache.getSecurityService());
} else {
this.agent = null;
}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java
index 26b903b..31d6c0a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AbstractCommandsSupport.java
@@ -50,7 +50,6 @@ import java.util.Set;
*/
@SuppressWarnings("unused")
public abstract class AbstractCommandsSupport implements CommandMarker {
- protected static SecurityService securityService = SecurityService.getSecurityService();
protected static void assertArgument(final boolean valid, final String message,
final Object... args) {
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
index 6e1a74e..d829b3e 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
@@ -89,8 +89,6 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
public static final Set<RegionShortcut> PERSISTENT_OVERFLOW_SHORTCUTS = new TreeSet<>();
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
static {
PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_PERSISTENT);
PERSISTENT_OVERFLOW_SHORTCUTS.add(RegionShortcut.PARTITION_REDUNDANT_PERSISTENT);
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
index a38e545..696108e 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/DataCommands.java
@@ -33,8 +33,6 @@ import org.apache.geode.cache.execute.ResultCollector;
import org.apache.geode.cache.partition.PartitionRebalanceInfo;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.internal.cache.InternalCache;
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.management.DistributedRegionMXBean;
import org.apache.geode.management.ManagementService;
import org.apache.geode.management.cli.CliMetaData;
@@ -49,6 +47,7 @@ import org.apache.geode.management.internal.cli.functions.DataCommandFunction;
import org.apache.geode.management.internal.cli.functions.ExportDataFunction;
import org.apache.geode.management.internal.cli.functions.ImportDataFunction;
import org.apache.geode.management.internal.cli.functions.RebalanceFunction;
+import org.apache.geode.management.internal.cli.functions.SelectExecStep;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper;
import org.apache.geode.management.internal.cli.multistep.CLIStep;
@@ -93,8 +92,6 @@ public class DataCommands implements CommandMarker {
private final ImportDataFunction importDataFunction = new ImportDataFunction();
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
private Gfsh getGfsh() {
return Gfsh.getCurrentInstance();
}
@@ -750,7 +747,7 @@ public class DataCommands implements CommandMarker {
optionContext = ConverterHint.MEMBERIDNAME, mandatory = true,
help = CliStrings.EXPORT_DATA__MEMBER__HELP) String memberNameOrId) {
- this.securityService.authorizeRegionRead(regionName);
+ getCache().getSecurityService().authorizeRegionRead(regionName);
final DistributedMember targetMember = CliUtil.getDistributedMemberByNameOrId(memberNameOrId);
Result result;
@@ -808,7 +805,7 @@ public class DataCommands implements CommandMarker {
@CliOption(key = CliStrings.IMPORT_DATA__INVOKE_CALLBACKS, unspecifiedDefaultValue = "false",
help = CliStrings.IMPORT_DATA__INVOKE_CALLBACKS__HELP) boolean invokeCallbacks) {
- this.securityService.authorizeRegionWrite(regionName);
+ getCache().getSecurityService().authorizeRegionWrite(regionName);
Result result;
@@ -869,8 +866,8 @@ public class DataCommands implements CommandMarker {
@CliOption(key = {CliStrings.PUT__PUTIFABSENT}, help = CliStrings.PUT__PUTIFABSENT__HELP,
unspecifiedDefaultValue = "false") boolean putIfAbsent) {
- this.securityService.authorizeRegionWrite(regionPath);
InternalCache cache = getCache();
+ cache.getSecurityService().authorizeRegionWrite(regionPath);
DataCommandResult dataResult;
if (StringUtils.isEmpty(regionPath)) {
return makePresentationResult(DataCommandResult.createPutResult(key, null, null,
@@ -940,9 +937,9 @@ public class DataCommands implements CommandMarker {
@CliOption(key = CliStrings.GET__LOAD, unspecifiedDefaultValue = "true",
specifiedDefaultValue = "true",
help = CliStrings.GET__LOAD__HELP) Boolean loadOnCacheMiss) {
- this.securityService.authorizeRegionRead(regionPath, key);
InternalCache cache = getCache();
+ cache.getSecurityService().authorizeRegionRead(regionPath, key);
DataCommandResult dataResult;
if (StringUtils.isEmpty(regionPath)) {
@@ -968,7 +965,7 @@ public class DataCommands implements CommandMarker {
request.setRegionName(regionPath);
request.setValueClass(valueClass);
request.setLoadOnCacheMiss(loadOnCacheMiss);
- Subject subject = this.securityService.getSubject();
+ Subject subject = cache.getSecurityService().getSubject();
if (subject != null) {
request.setPrincipal(subject.getPrincipal());
}
@@ -1005,7 +1002,7 @@ public class DataCommands implements CommandMarker {
help = CliStrings.LOCATE_ENTRY__RECURSIVE__HELP,
unspecifiedDefaultValue = "false") boolean recursive) {
- this.securityService.authorizeRegionRead(regionPath, key);
+ getCache().getSecurityService().authorizeRegionRead(regionPath, key);
DataCommandResult dataResult;
@@ -1068,9 +1065,9 @@ public class DataCommands implements CommandMarker {
}
if (removeAllKeys) {
- this.securityService.authorizeRegionWrite(regionPath);
+ cache.getSecurityService().authorizeRegionWrite(regionPath);
} else {
- this.securityService.authorizeRegionWrite(regionPath, key);
+ cache.getSecurityService().authorizeRegionWrite(regionPath, key);
}
@SuppressWarnings("rawtypes")
@@ -1116,7 +1113,7 @@ public class DataCommands implements CommandMarker {
}
Object[] arguments = new Object[] {query, stepName, interactive};
- CLIStep exec = new DataCommandFunction.SelectExecStep(arguments);
+ CLIStep exec = new SelectExecStep(arguments);
CLIStep display = new DataCommandFunction.SelectDisplayStep(arguments);
CLIStep move = new DataCommandFunction.SelectMoveStep(arguments);
CLIStep quit = new DataCommandFunction.SelectQuitStep(arguments);
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java
index 407424a..51e378a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/IndexCommands.java
@@ -84,8 +84,6 @@ public class IndexCommands extends AbstractCommandsSupport {
private static final Set<IndexInfo> indexDefinitions =
Collections.synchronizedSet(new HashSet<IndexInfo>());
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
@Override
protected Set<DistributedMember> getMembers(final InternalCache cache) {
// TODO determine what this does (as it is untested and unmockable!)
@@ -202,7 +200,7 @@ public class IndexCommands extends AbstractCommandsSupport {
Result result = null;
AtomicReference<XmlEntity> xmlEntity = new AtomicReference<>();
- this.securityService.authorizeRegionManage(regionPath);
+ getCache().getSecurityService().authorizeRegionManage(regionPath);
try {
final Cache cache = CacheFactory.getAnyInstance();
@@ -361,9 +359,9 @@ public class IndexCommands extends AbstractCommandsSupport {
// requires data manage permission on all regions
if (StringUtils.isNotBlank(regionPath)) {
regionName = regionPath.startsWith("/") ? regionPath.substring(1) : regionPath;
- this.securityService.authorizeRegionManage(regionName);
+ getCache().getSecurityService().authorizeRegionManage(regionName);
} else {
- this.securityService.authorizeDataManage();
+ getCache().getSecurityService().authorizeDataManage();
}
IndexInfo indexInfo = new IndexInfo(indexName, regionName);
@@ -485,7 +483,7 @@ public class IndexCommands extends AbstractCommandsSupport {
Result result = null;
XmlEntity xmlEntity = null;
- this.securityService.authorizeRegionManage(regionPath);
+ getCache().getSecurityService().authorizeRegionManage(regionPath);
int idxType = IndexInfo.RANGE_INDEX;
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java
index e2164a3..9270a94 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/DataCommandFunction.java
@@ -94,9 +94,6 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti
protected static final String SELECT_STEP_EXEC = "SELECT_EXEC";
private static final int NESTED_JSON_LENGTH = 20;
- // this needs to be static so that it won't get serialized
- private static SecurityService securityService = SecurityService.getSecurityService();
-
@Override
public String getId() {
return DataCommandFunction.class.getName();
@@ -296,7 +293,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti
List<SelectResultRow> list, AtomicInteger nestedObjectCount) throws GfJsonException {
for (Object object : selectResults) {
// Post processing
- object = securityService.postProcess(principal, null, null, object, false);
+ object = getCache().getSecurityService().postProcess(principal, null, null, object, false);
if (object instanceof Struct) {
StructImpl impl = (StructImpl) object;
@@ -836,7 +833,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti
return list;
}
- private static DataCommandResult cachedResult = null;
+ static DataCommandResult cachedResult = null;
public static class SelectDisplayStep extends CLIMultiStepHelper.LocalStep {
@@ -915,107 +912,6 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti
}
}
- public static class SelectExecStep extends CLIMultiStepHelper.RemoteStep {
-
- private static final long serialVersionUID = 1L;
-
- private static SecurityService securityService = SecurityService.getSecurityService();
-
- public SelectExecStep(Object[] arguments) {
- super(SELECT_STEP_EXEC, arguments);
- }
-
- @Override
- public Result exec() {
- String remainingQuery = (String) commandArguments[0];
- boolean interactive = (Boolean) commandArguments[2];
- DataCommandResult result = _select(remainingQuery);
- int endCount = 0;
- cachedResult = result;
- if (interactive) {
- endCount = getPageSize();
- } else {
- if (result.getSelectResult() != null) {
- endCount = result.getSelectResult().size();
- }
- }
- if (interactive) {
- return result.pageResult(0, endCount, SELECT_STEP_DISPLAY);
- } else {
- return CLIMultiStepHelper.createBannerResult(new String[] {}, new Object[] {},
- SELECT_STEP_END);
- }
- }
-
- public DataCommandResult _select(String query) {
- InternalCache cache = (InternalCache) CacheFactory.getAnyInstance();
- DataCommandResult dataResult;
-
- if (StringUtils.isEmpty(query)) {
- dataResult = DataCommandResult.createSelectInfoResult(null, null, -1, null,
- CliStrings.QUERY__MSG__QUERY_EMPTY, false);
- return dataResult;
- }
-
- Object array[] = DataCommands.replaceGfshEnvVar(query, CommandExecutionContext.getShellEnv());
- query = (String) array[1];
- query = addLimit(query);
-
- @SuppressWarnings("deprecation")
- QCompiler compiler = new QCompiler();
- Set<String> regionsInQuery;
- try {
- CompiledValue compiledQuery = compiler.compileQuery(query);
- Set<String> regions = new HashSet<>();
- compiledQuery.getRegionsInQuery(regions, null);
-
- // authorize data read on these regions
- for (String region : regions) {
- securityService.authorizeRegionRead(region);
- }
-
- regionsInQuery = Collections.unmodifiableSet(regions);
- if (regionsInQuery.size() > 0) {
- Set<DistributedMember> members =
- DataCommands.getQueryRegionsAssociatedMembers(regionsInQuery, cache, false);
- if (members != null && members.size() > 0) {
- DataCommandFunction function = new DataCommandFunction();
- DataCommandRequest request = new DataCommandRequest();
- request.setCommand(CliStrings.QUERY);
- request.setQuery(query);
- Subject subject = securityService.getSubject();
- if (subject != null) {
- request.setPrincipal(subject.getPrincipal());
- }
- dataResult = DataCommands.callFunctionForRegion(request, function, members);
- dataResult.setInputQuery(query);
- return dataResult;
- } else {
- return DataCommandResult.createSelectInfoResult(null, null, -1, null, CliStrings.format(
- CliStrings.QUERY__MSG__REGIONS_NOT_FOUND, regionsInQuery.toString()), false);
- }
- } else {
- return DataCommandResult.createSelectInfoResult(null, null, -1, null,
- CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY,
- "Region mentioned in query probably missing /"),
- false);
- }
- } catch (QueryInvalidException qe) {
- logger.error("{} Failed Error {}", query, qe.getMessage(), qe);
- return DataCommandResult.createSelectInfoResult(null, null, -1, null,
- CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY, qe.getMessage()), false);
- }
- }
-
- private String addLimit(String query) {
- if (StringUtils.containsIgnoreCase(query, " limit")
- || StringUtils.containsIgnoreCase(query, " count(")) {
- return query;
- }
- return query + " limit " + getFetchSize();
- }
- }
-
public static class SelectQuitStep extends CLIMultiStepHelper.RemoteStep {
public SelectQuitStep(Object[] arguments) {
@@ -1063,7 +959,7 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnti
return pageSize;
}
- private static int getFetchSize() {
+ static int getFetchSize() {
return CommandExecutionContext.getShellFetchSize();
}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java
new file mode 100644
index 0000000..bd58534
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/functions/SelectExecStep.java
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.management.internal.cli.functions;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.cache.CacheFactory;
+import org.apache.geode.cache.query.QueryInvalidException;
+import org.apache.geode.cache.query.internal.CompiledValue;
+import org.apache.geode.cache.query.internal.QCompiler;
+import org.apache.geode.distributed.DistributedMember;
+import org.apache.geode.internal.cache.InternalCache;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.management.cli.Result;
+import org.apache.geode.management.internal.cli.commands.DataCommands;
+import org.apache.geode.management.internal.cli.domain.DataCommandRequest;
+import org.apache.geode.management.internal.cli.domain.DataCommandResult;
+import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper;
+import org.apache.geode.management.internal.cli.remote.CommandExecutionContext;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+public class SelectExecStep extends CLIMultiStepHelper.RemoteStep {
+ private static final Logger logger = LogService.getLogger();
+
+ private static final long serialVersionUID = 1L;
+
+ public SelectExecStep(Object[] arguments) {
+ super(DataCommandFunction.SELECT_STEP_EXEC, arguments);
+ }
+
+ @Override
+ public Result exec() {
+ String remainingQuery = (String) commandArguments[0];
+ boolean interactive = (Boolean) commandArguments[2];
+ DataCommandResult result = _select(remainingQuery);
+ int endCount = 0;
+ DataCommandFunction.cachedResult = result;
+ if (interactive) {
+ endCount = DataCommandFunction.getPageSize();
+ } else {
+ if (result.getSelectResult() != null) {
+ endCount = result.getSelectResult().size();
+ }
+ }
+ if (interactive) {
+ return result.pageResult(0, endCount, DataCommandFunction.SELECT_STEP_DISPLAY);
+ } else {
+ return CLIMultiStepHelper.createBannerResult(new String[] {}, new Object[] {},
+ DataCommandFunction.SELECT_STEP_END);
+ }
+ }
+
+ public DataCommandResult _select(String query) {
+ InternalCache cache = (InternalCache) CacheFactory.getAnyInstance();
+ DataCommandResult dataResult;
+
+ if (StringUtils.isEmpty(query)) {
+ dataResult = DataCommandResult.createSelectInfoResult(null, null, -1, null,
+ CliStrings.QUERY__MSG__QUERY_EMPTY, false);
+ return dataResult;
+ }
+
+ Object array[] = DataCommands.replaceGfshEnvVar(query, CommandExecutionContext.getShellEnv());
+ query = (String) array[1];
+ query = addLimit(query);
+
+ @SuppressWarnings("deprecation")
+ QCompiler compiler = new QCompiler();
+ Set<String> regionsInQuery;
+ try {
+ CompiledValue compiledQuery = compiler.compileQuery(query);
+ Set<String> regions = new HashSet<>();
+ compiledQuery.getRegionsInQuery(regions, null);
+
+ // authorize data read on these regions
+ for (String region : regions) {
+ cache.getSecurityService().authorizeRegionRead(region);
+ }
+
+ regionsInQuery = Collections.unmodifiableSet(regions);
+ if (regionsInQuery.size() > 0) {
+ Set<DistributedMember> members =
+ DataCommands.getQueryRegionsAssociatedMembers(regionsInQuery, cache, false);
+ if (members != null && members.size() > 0) {
+ DataCommandFunction function = new DataCommandFunction();
+ DataCommandRequest request = new DataCommandRequest();
+ request.setCommand(CliStrings.QUERY);
+ request.setQuery(query);
+ Subject subject = cache.getSecurityService().getSubject();
+ if (subject != null) {
+ request.setPrincipal(subject.getPrincipal());
+ }
+ dataResult = DataCommands.callFunctionForRegion(request, function, members);
+ dataResult.setInputQuery(query);
+ return dataResult;
+ } else {
+ return DataCommandResult.createSelectInfoResult(null, null, -1, null, CliStrings.format(
+ CliStrings.QUERY__MSG__REGIONS_NOT_FOUND, regionsInQuery.toString()), false);
+ }
+ } else {
+ return DataCommandResult.createSelectInfoResult(null, null, -1, null,
+ CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY,
+ "Region mentioned in query probably missing /"),
+ false);
+ }
+ } catch (QueryInvalidException qe) {
+ logger.error("{} Failed Error {}", query, qe.getMessage(), qe);
+ return DataCommandResult.createSelectInfoResult(null, null, -1, null,
+ CliStrings.format(CliStrings.QUERY__MSG__INVALID_QUERY, qe.getMessage()), false);
+ }
+ }
+
+ private String addLimit(String query) {
+ if (StringUtils.containsIgnoreCase(query, " limit")
+ || StringUtils.containsIgnoreCase(query, " count(")) {
+ return query;
+ }
+ return query + " limit " + DataCommandFunction.getFetchSize();
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
index c2c6e14..f7d78cc 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/CommandProcessor.java
@@ -14,6 +14,7 @@
*/
package org.apache.geode.management.internal.cli.remote;
+import org.apache.geode.internal.security.DisabledSecurityService;
import org.apache.geode.internal.security.IntegratedSecurityService;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.management.cli.CommandProcessingException;
@@ -49,16 +50,17 @@ public class CommandProcessor {
private volatile boolean isStopped = false;
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ private final SecurityService securityService;
public CommandProcessor() throws ClassNotFoundException, IOException {
- this(null);
+ this(null, new DisabledSecurityService());
}
- public CommandProcessor(Properties cacheProperties) throws ClassNotFoundException, IOException {
+ public CommandProcessor(Properties cacheProperties, SecurityService securityService) throws ClassNotFoundException, IOException {
this.gfshParser = new GfshParser(cacheProperties);
this.executionStrategy = new RemoteExecutionStrategy();
this.logWrapper = LogWrapper.getInstance();
+ this.securityService = securityService;
}
protected RemoteExecutionStrategy getExecutionStrategy() {
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java
index a19c5cb..1d7494e 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/remote/MemberCommandService.java
@@ -18,6 +18,7 @@ import java.io.IOException;
import java.util.Map;
import org.apache.geode.cache.Cache;
+import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.management.cli.CommandService;
import org.apache.geode.management.cli.CommandServiceException;
import org.apache.geode.management.cli.CommandStatement;
@@ -28,10 +29,10 @@ import org.apache.geode.management.cli.Result;
public class MemberCommandService extends CommandService {
private final Object modLock = new Object();
- private Cache cache;
+ private InternalCache cache;
private CommandProcessor commandProcessor;
- public MemberCommandService(Cache cache) throws CommandServiceException {
+ public MemberCommandService(InternalCache cache) throws CommandServiceException {
this.cache = cache;
try {
this.commandProcessor = new CommandProcessor(cache.getDistributedSystem().getProperties());
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java b/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
index 6514a33..dbc6c6b 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/security/AccessControlMBean.java
@@ -26,7 +26,11 @@ import org.apache.geode.security.GemFireSecurityException;
*/
public class AccessControlMBean implements AccessControlMXBean {
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ private final SecurityService securityService;
+
+ public AccessControlMBean(SecurityService securityService) {
+ this.securityService = securityService;
+ }
@Override
public boolean authorize(String resource, String permission) {
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
index fe79efb..345d688 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/security/MBeanServerWrapper.java
@@ -14,6 +14,11 @@
*/
package org.apache.geode.management.internal.security;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.management.internal.ManagementConstants;
+import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission;
+
import java.io.ObjectInputStream;
import java.util.Set;
import javax.management.Attribute;
@@ -42,25 +47,22 @@ import javax.management.ReflectionException;
import javax.management.loading.ClassLoaderRepository;
import javax.management.remote.MBeanServerForwarder;
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.management.internal.ManagementConstants;
-import org.apache.geode.security.GemFireSecurityException;
-import org.apache.geode.security.ResourcePermission;
-
/**
* This class intercepts all MBean requests for GemFire MBeans and passed it to
* ManagementInterceptor for authorization
*
* @since Geode 1.0
- *
*/
public class MBeanServerWrapper implements MBeanServerForwarder {
+
+ // TODO: make volatile or verify this is thread-safe
private MBeanServer mbs;
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ private final SecurityService securityService;
- public MBeanServerWrapper() {}
+ public MBeanServerWrapper(SecurityService securityService) {
+ this.securityService = securityService;
+ }
private void checkDomain(ObjectName name) {
if (ManagementConstants.OBJECTNAME__DEFAULTDOMAIN.equals(name.getDomain()))
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java
index 54c29f8..0a18ec5 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/AbstractCommandsController.java
@@ -12,7 +12,6 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-
package org.apache.geode.management.internal.web.controllers;
import org.apache.geode.internal.cache.GemFireCacheImpl;
@@ -20,8 +19,6 @@ import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.lang.StringUtils;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.logging.log4j.LogMarker;
-import org.apache.geode.internal.security.IntegratedSecurityService;
-import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.util.ArrayUtils;
import org.apache.geode.management.DistributedSystemMXBean;
import org.apache.geode.management.ManagementService;
@@ -85,8 +82,6 @@ public abstract class AbstractCommandsController {
private MemberMXBean managingMemberMXBeanProxy;
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
-
private Class accessControlKlass;
private InternalCache getCache() {
@@ -576,10 +571,9 @@ public abstract class AbstractCommandsController {
return new ResponseEntity<String>(result, HttpStatus.OK);
}
};
- return this.securityService.associateWith(callable);
+ return getCache().getSecurityService().associateWith(callable);
}
-
/**
* Executes the specified command as entered by the user using the GemFire Shell (Gfsh). Note,
* Gfsh performs validation of the command during parsing before sending the command to the
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
index 56d9b9e..ffe1895 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java
@@ -14,10 +14,11 @@
*/
package org.apache.geode.management.internal.web.controllers.support;
-import org.apache.geode.cache.Cache;
import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.cache.GemFireCacheImpl;
+import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.security.IntegratedSecurityService;
+import org.apache.geode.internal.security.DisabledSecurityService;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.management.internal.cli.multistep.CLIMultiStepHelper;
import org.apache.geode.management.internal.security.ResourceConstants;
@@ -48,9 +49,7 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter {
private static final Logger logger = LogService.getLogger();
- private Cache cache;
-
- private SecurityService securityService = IntegratedSecurityService.getSecurityService();
+ private final SecurityService securityService;
private static final ThreadLocal<Map<String, String>> ENV =
new ThreadLocal<Map<String, String>>() {
@@ -65,10 +64,26 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter {
protected static final String SECURITY_VARIABLE_REQUEST_HEADER_PREFIX =
DistributionConfig.SECURITY_PREFIX_NAME;
+ public LoginHandlerInterceptor() {
+ this(findSecurityService());
+ }
+
+ LoginHandlerInterceptor(SecurityService securityService) {
+ this.securityService = securityService;
+ }
+
public static Map<String, String> getEnvironment() {
return ENV.get();
}
+ private static SecurityService findSecurityService() {
+ InternalCache cache = GemFireCacheImpl.getInstance();
+ if (cache != null) {
+ return cache.getSecurityService();
+ }
+ return new DisabledSecurityService();
+ }
+
@Override
public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response,
final Object handler) throws Exception {
@@ -104,11 +119,6 @@ public class LoginHandlerInterceptor extends HandlerInterceptorAdapter {
return true;
}
- public void setSecurityService(SecurityService securityService) {
- this.securityService = securityService;
- }
-
-
@Override
public void afterCompletion(final HttpServletRequest request, final HttpServletResponse response,
final Object handler, final Exception ex) throws Exception {
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
index 707e3cf..bad58d8 100644
--- a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
@@ -28,7 +28,7 @@ public interface PostProcessor {
* Given the security props of the server, properly initialize the post processor for the server.
* Initialized at cache creation
*
- * @param securityProps
+ * @param securityProps security properties
*/
default void init(Properties securityProps) {}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java
index d0f5793..ee8b6fa 100755
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/ha/BlockingHARegionJUnitTest.java
@@ -390,7 +390,8 @@ public class BlockingHARegionJUnitTest {
}
} catch (Exception e) {
exceptionOccurred = true;
- exceptionString.append(" Exception occurred due to " + e);
+ exceptionString.append(" Exception occurred due to ").append(e);
+ break;
}
}
}
@@ -414,9 +415,13 @@ public class BlockingHARegionJUnitTest {
for (int i = 0; i < numberOfTakes; i++) {
try {
assertNotNull(this.regionQueue.take());
+ if (Thread.currentThread().isInterrupted()) {
+ break;
+ }
} catch (Exception e) {
exceptionOccurred = true;
- exceptionString.append(" Exception occurred due to " + e);
+ exceptionString.append(" Exception occurred due to ").append(e);
+ break;
}
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
index 3a6c2a3..5b71065 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
@@ -100,7 +100,7 @@ public class ContainsKey66Test {
public void noSecurityShouldSucceed() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(false);
- this.containsKey66.cmdExecute(this.message, this.serverConnection, 0);
+ this.containsKey66.cmdExecute(, this.message, 0);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -110,7 +110,7 @@ public class ContainsKey66Test {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- this.containsKey66.cmdExecute(this.message, this.serverConnection, 0);
+ this.containsKey66.cmdExecute(, this.message, 0);
verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
verify(this.responseMessage).send(this.serverConnection);
@@ -123,7 +123,7 @@ public class ContainsKey66Test {
doThrow(new NotAuthorizedException("")).when(this.securityService)
.authorizeRegionRead(eq(REGION_NAME), eq(KEY));
- this.containsKey66.cmdExecute(this.message, this.serverConnection, 0);
+ this.containsKey66.cmdExecute(, this.message, 0);
verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
verify(this.errorResponseMessage).send(eq(this.serverConnection));
@@ -134,7 +134,7 @@ public class ContainsKey66Test {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
- this.containsKey66.cmdExecute(this.message, this.serverConnection, 0);
+ this.containsKey66.cmdExecute(, this.message, 0);
verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY));
verify(this.responseMessage).send(this.serverConnection);
@@ -147,7 +147,7 @@ public class ContainsKey66Test {
doThrow(new NotAuthorizedException("")).when(this.authzRequest)
.containsKeyAuthorize(eq(REGION_NAME), eq(KEY));
- this.containsKey66.cmdExecute(this.message, this.serverConnection, 0);
+ this.containsKey66.cmdExecute(, this.message, 0);
verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY));
verify(this.errorResponseMessage).send(eq(this.serverConnection));
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
index bc1be3e..625d37a 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
@@ -88,7 +88,7 @@ public class ContainsKeyTest {
public void noSecurityShouldSucceed() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(false);
- containsKey.cmdExecute(this.message, this.serverConnection, 0);
+ containsKey.cmdExecute(, this.message, 0);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -98,7 +98,7 @@ public class ContainsKeyTest {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- containsKey.cmdExecute(this.message, this.serverConnection, 0);
+ containsKey.cmdExecute(, this.message, 0);
verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
verify(this.replyMessage).send(this.serverConnection);
@@ -111,7 +111,7 @@ public class ContainsKeyTest {
doThrow(new NotAuthorizedException("")).when(this.securityService)
.authorizeRegionRead(eq(REGION_NAME), eq(KEY));
- containsKey.cmdExecute(this.message, this.serverConnection, 0);
+ containsKey.cmdExecute(, this.message, 0);
verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
verify(this.errorResponseMessage).send(eq(this.serverConnection));
@@ -123,7 +123,7 @@ public class ContainsKeyTest {
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
- containsKey.cmdExecute(this.message, this.serverConnection, 0);
+ containsKey.cmdExecute(, this.message, 0);
verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY));
verify(this.replyMessage).send(this.serverConnection);
@@ -136,7 +136,7 @@ public class ContainsKeyTest {
doThrow(new NotAuthorizedException("")).when(this.authzRequest)
.containsKeyAuthorize(eq(REGION_NAME), eq(KEY));
- containsKey.cmdExecute(this.message, this.serverConnection, 0);
+ containsKey.cmdExecute(, this.message, 0);
verify(this.authzRequest).containsKeyAuthorize(eq(REGION_NAME), eq(KEY));
verify(this.errorResponseMessage).send(eq(this.serverConnection));
http://git-wip-us.apache.org/repos/asf/geode/blob/22f4a4f3/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
index c946e8a..3d8f264 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
@@ -98,7 +98,7 @@ public class CreateRegionTest {
public void noSecurityShouldSucceed() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(false);
- this.createRegion.cmdExecute(this.message, this.serverConnection, 0);
+ this.createRegion.cmdExecute(, this.message, 0);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -110,7 +110,7 @@ public class CreateRegionTest {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
// act
- this.createRegion.cmdExecute(this.message, this.serverConnection, 0);
+ this.createRegion.cmdExecute(, this.message, 0);
// assert
verify(this.securityService).authorizeDataManage();
@@ -123,7 +123,7 @@ public class CreateRegionTest {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataManage();
- this.createRegion.cmdExecute(this.message, this.serverConnection, 0);
+ this.createRegion.cmdExecute(, this.message, 0);
verify(this.securityService).authorizeDataManage();
verify(this.errorResponseMessage).send(eq(this.serverConnection));
@@ -134,7 +134,7 @@ public class CreateRegionTest {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(false);
- this.createRegion.cmdExecute(this.message, this.serverConnection, 0);
+ this.createRegion.cmdExecute(, this.message, 0);
verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
verify(this.responseMessage).send(this.serverConnection);
@@ -147,7 +147,7 @@ public class CreateRegionTest {
doThrow(new NotAuthorizedException("")).when(this.authzRequest)
.createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
- this.createRegion.cmdExecute(this.message, this.serverConnection, 0);
+ this.createRegion.cmdExecute(, this.message, 0);
verify(this.authzRequest).createRegionAuthorize(eq(PARENT_REGION_NAME + '/' + REGION_NAME));
verify(this.errorResponseMessage).send(eq(this.serverConnection));