You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by tu...@apache.org on 2015/08/27 14:27:19 UTC
[3/6] incubator-geode git commit: GEODE-77 : Integrated Security Code
Merge Review board url : https://reviews.apache.org/r/37209/
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
index aa1c38c..3801d66 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
@@ -1,187 +1,421 @@
package com.gemstone.gemfire.management.internal.security;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import com.gemstone.gemfire.cache.operations.OperationContext;
+/**
+ * This is base class for OperationContext for resource (JMX and CLI) operations
+ *
+ * @author tushark
+ *
+ * @since 9.0
+ */
public abstract class ResourceOperationContext extends OperationContext {
-
- public static class ResourceOperationCode {
-
- private static final byte OP_LIST_DS = 1;
- private static final byte OP_READ_DS = 2;
- private static final byte OP_SET_DS = 3;
- private static final byte OP_ADMIN_DS = 4;
- private static final byte OP_CHANGE_ALERT_LEVEL_DS = 5;
- private static final byte OP_BACKUP_DS = 6;
- private static final byte OP_REMOVE_DISKSTORE_DS = 7;
- private static final byte OP_SHUTDOWN_DS = 8;
- private static final byte OP_QUERYDATA_DS = 9;
- private static final byte OP_REBALANCE_DS = 10;
-
- private static final byte OP_EXPORT_DATA_REGION = 11;
- private static final byte OP_IMPORT_DATA_REGION = 12 ;
- private static final byte OP_PUT_REGION = 13;
- private static final byte OP_LOCATE_ENTRY_REGION = 14;
-
- private static final byte OP_PULSE_DASHBOARD = 15;
- private static final byte OP_PULSE_DATABROWSER = 16;
- private static final byte OP_PULSE_WEBGFSH = 17;
- private static final byte OP_PULSE_ADMIN_V1 = 18;
-
-
- private static final ResourceOperationCode[] VALUES = new ResourceOperationCode[20];
- private static final Map OperationNameMap = new HashMap();
-
- public static final ResourceOperationCode LIST_DS = new ResourceOperationCode(ResourceConstants.LIST_DS, OP_LIST_DS);
- public static final ResourceOperationCode READ_DS = new ResourceOperationCode(ResourceConstants.READ_DS, OP_READ_DS);
- public static final ResourceOperationCode SET_DS = new ResourceOperationCode(ResourceConstants.SET_DS, OP_SET_DS);
-
- public static final ResourceOperationCode CHANGE_ALERT_LEVEL_DS = new ResourceOperationCode(ResourceConstants.CHANGE_ALERT_LEVEL_DS, OP_CHANGE_ALERT_LEVEL_DS);
- public static final ResourceOperationCode BACKUP_DS = new ResourceOperationCode(ResourceConstants.BACKUP_DS, OP_BACKUP_DS);
- public static final ResourceOperationCode REMOVE_DISKSTORE_DS = new ResourceOperationCode(ResourceConstants.REMOVE_DISKSTORE_DS, OP_REMOVE_DISKSTORE_DS);
- public static final ResourceOperationCode SHUTDOWN_DS = new ResourceOperationCode(ResourceConstants.SHUTDOWN_DS, OP_SHUTDOWN_DS);
- public static final ResourceOperationCode QUERYDATA_DS = new ResourceOperationCode(ResourceConstants.QUERYDATA_DS, OP_QUERYDATA_DS);
- public static final ResourceOperationCode REBALANCE_DS = new ResourceOperationCode(ResourceConstants.REBALANCE, OP_REBALANCE_DS);
-
- public static final ResourceOperationCode EXPORT_DATA_REGION = new ResourceOperationCode(ResourceConstants.EXPORT_DATA, OP_EXPORT_DATA_REGION);
- public static final ResourceOperationCode IMPORT_DATA_REGION = new ResourceOperationCode(ResourceConstants.IMPORT_DATA, OP_IMPORT_DATA_REGION);
- public static final ResourceOperationCode PUT_REGION = new ResourceOperationCode(ResourceConstants.PUT, OP_PUT_REGION);
- public static final ResourceOperationCode LOCATE_ENTRY_REGION = new ResourceOperationCode(ResourceConstants.LOCATE_ENTRY, OP_LOCATE_ENTRY_REGION);
-
- public static final ResourceOperationCode PULSE_DASHBOARD = new ResourceOperationCode(ResourceConstants.PULSE_DASHBOARD, OP_PULSE_DASHBOARD);
- public static final ResourceOperationCode PULSE_DATABROWSER = new ResourceOperationCode(ResourceConstants.PULSE_DATABROWSER, OP_PULSE_DATABROWSER);
- public static final ResourceOperationCode PULSE_WEBGFSH = new ResourceOperationCode(ResourceConstants.PULSE_WEBGFSH, OP_PULSE_WEBGFSH);
- public static final ResourceOperationCode PULSE_ADMIN_V1 = new ResourceOperationCode(ResourceConstants.PULSE_ADMIN_V1, OP_PULSE_ADMIN_V1);
-
- public static final ResourceOperationCode ADMIN_DS = new ResourceOperationCode(ResourceConstants.ADMIN_DS, OP_ADMIN_DS,
- new ResourceOperationCode[]{
- CHANGE_ALERT_LEVEL_DS,
- BACKUP_DS,
- REMOVE_DISKSTORE_DS,
- SHUTDOWN_DS,
- QUERYDATA_DS,
- REBALANCE_DS,
- PULSE_DASHBOARD,
- PULSE_DATABROWSER,
- PULSE_WEBGFSH,
- PULSE_ADMIN_V1
- });
-
-
- private final String name;
- private final byte opCode;
- private final ResourceOperationCode[] children;
-
- private ResourceOperationCode(String name, byte opCode) {
- this.name = name;
- this.opCode = opCode;
- VALUES[opCode] = this;
- OperationNameMap.put(name, this);
- this.children = null;
- }
-
- private ResourceOperationCode(String name, byte opCode, ResourceOperationCode[] children) {
- this.name = name;
- this.opCode = opCode;
- VALUES[opCode] = this;
- OperationNameMap.put(name, this);
- this.children = children;
- }
-
-
-
- public ResourceOperationCode[] getChildren() {
- return children;
+
+ private boolean isPostOperation=false;
+ private Object opResult = null;
+
+ public static class ResourceOperationCode {
+
+ private static final int OP_ALTER_REGION = 1;
+ private static final int OP_ALTER_RUNTIME = 2;
+ private static final int OP_BACKUP_DISKSTORE = 3;
+ private static final int OP_CHANGE_ALERT_LEVEL = 4;
+ private static final int OP_CLOSE_DURABLE_CLIENT = 5;
+ private static final int OP_CLOSE_DURABLE_CQ = 6;
+ private static final int OP_COMPACT_DISKSTORE = 7;
+ private static final int OP_CONFIGURE_PDX = 8;
+ private static final int OP_CREATE_AEQ = 9;
+ private static final int OP_CREATE_DISKSTORE = 10;
+ private static final int OP_CREATE_GW_RECEIVER = 11;
+ private static final int OP_CREATE_GW_SENDER = 12;
+ private static final int OP_CREATE_INDEX = 13;
+ private static final int OP_CREATE_REGION = 14;
+ private static final int OP_DEPLOY = 15;
+ private static final int OP_DESTROY_DISKSTORE = 16;
+ private static final int OP_DESTROY_FUNCTION = 17;
+ private static final int OP_DESTROY_INDEX = 18;
+ private static final int OP_DESTROY_REGION = 19;
+ private static final int OP_EXECUTE_FUNCTION = 20;
+ private static final int OP_EXPORT_CONFIG = 21;
+ private static final int OP_EXPORT_DATA = 22;
+ private static final int OP_EXPORT_LOGS = 23;
+ private static final int OP_EXPORT_OFFLINE_DISKSTORE = 24;
+ private static final int OP_EXPORT_STACKTRACE = 25;
+ private static final int OP_GC = 26;
+ private static final int OP_GET = 27;
+ private static final int OP_IMPORT_CONFIG = 28;
+ private static final int OP_IMPORT_DATA = 29;
+ private static final int OP_LIST_DS = 30;
+ private static final int OP_LOAD_BALANCE_GW_SENDER = 31;
+ private static final int OP_LOCATE_ENTRY = 32;
+ private static final int OP_NETSTAT = 33;
+ private static final int OP_PAUSE_GW_SENDER = 34;
+ private static final int OP_PUT = 35;
+ private static final int OP_QUERY = 36;
+ private static final int OP_REBALANCE = 37;
+ private static final int OP_REMOVE = 38;
+ private static final int OP_RENAME_PDX = 39;
+ private static final int OP_RESUME_GW_SENDER = 40;
+ private static final int OP_REVOKE_MISSING_DISKSTORE = 41;
+ private static final int OP_SHOW_DEADLOCKS = 42;
+ private static final int OP_SHOW_LOG = 43;
+ private static final int OP_SHOW_METRICS = 44;
+ private static final int OP_SHOW_MISSING_DISKSTORES = 45;
+ private static final int OP_SHOW_SUBSCRIPTION_QUEUE_SIZE = 46;
+ private static final int OP_SHUTDOWN = 47;
+ private static final int OP_STOP_GW_RECEIVER = 48;
+ private static final int OP_STOP_GW_SENDER = 49;
+ private static final int OP_UNDEPLOY = 50;
+ private static final int OP_BACKUP_MEMBERS = 51;
+ private static final int OP_ROLL_DISKSTORE = 52;
+ private static final int OP_FORCE_COMPACTION = 53;
+ private static final int OP_FORCE_ROLL = 54;
+ private static final int OP_FLUSH_DISKSTORE = 55;
+ private static final int OP_START_GW_RECEIVER = 56;
+ private static final int OP_START_GW_SENDER = 57;
+ private static final int OP_BECOME_LOCK_GRANTOR = 58;
+ private static final int OP_START_MANAGER = 59;
+ private static final int OP_STOP_MANAGER = 60;
+ private static final int OP_CREATE_MANAGER = 61;
+ private static final int OP_STOP_CONTINUOUS_QUERY = 62;
+ private static final int OP_SET_DISK_USAGE = 63;
+ private static final int OP_CREATE_HDFS_STORE = 64;
+ private static final int OP_ALTER_HDFS_STORE = 65;
+ private static final int OP_DESTROY_HDFS_STORE = 66;
+
+
+ private static final int OP_PULSE_DASHBOARD = 92;
+ private static final int OP_PULSE_DATABROWSER = 93;
+ private static final int OP_PULSE_WEBGFSH = 94;
+ private static final int OP_PULSE_ADMIN_V1 = 95;
+
+ private static final int OP_DATA_READ = 96;
+ private static final int OP_DATA_WRITE = 97;
+ private static final int OP_MONITOR = 98;
+ private static final int OP_ADMIN = 99;
+
+ private static final ResourceOperationCode[] VALUES = new ResourceOperationCode[100];
+ private static final Map<String, ResourceOperationCode> OperationNameMap = new HashMap<String, ResourceOperationCode>();
+
+
+ public static final ResourceOperationCode ALTER_REGION = new ResourceOperationCode(ResourceConstants.ALTER_REGION, OP_ALTER_REGION);
+ public static final ResourceOperationCode ALTER_RUNTIME = new ResourceOperationCode(ResourceConstants.ALTER_RUNTIME, OP_ALTER_RUNTIME);
+ public static final ResourceOperationCode BACKUP_DISKSTORE = new ResourceOperationCode(ResourceConstants.BACKUP_DISKSTORE, OP_BACKUP_DISKSTORE);
+ public static final ResourceOperationCode CHANGE_ALERT_LEVEL = new ResourceOperationCode(ResourceConstants.CHANGE_ALERT_LEVEL, OP_CHANGE_ALERT_LEVEL);
+ public static final ResourceOperationCode CLOSE_DURABLE_CLIENT = new ResourceOperationCode(ResourceConstants.CLOSE_DURABLE_CLIENT, OP_CLOSE_DURABLE_CLIENT);
+ public static final ResourceOperationCode CLOSE_DURABLE_CQ = new ResourceOperationCode(ResourceConstants.CLOSE_DURABLE_CQ, OP_CLOSE_DURABLE_CQ);
+ public static final ResourceOperationCode COMPACT_DISKSTORE = new ResourceOperationCode(ResourceConstants.COMPACT_DISKSTORE, OP_COMPACT_DISKSTORE);
+ public static final ResourceOperationCode CONFIGURE_PDX = new ResourceOperationCode(ResourceConstants.CONFIGURE_PDX, OP_CONFIGURE_PDX);
+ public static final ResourceOperationCode CREATE_AEQ = new ResourceOperationCode(ResourceConstants.CREATE_AEQ, OP_CREATE_AEQ);
+ public static final ResourceOperationCode CREATE_DISKSTORE = new ResourceOperationCode(ResourceConstants.CREATE_DISKSTORE, OP_CREATE_DISKSTORE);
+ public static final ResourceOperationCode CREATE_GW_RECEIVER = new ResourceOperationCode(ResourceConstants.CREATE_GW_RECEIVER, OP_CREATE_GW_RECEIVER);
+ public static final ResourceOperationCode CREATE_GW_SENDER = new ResourceOperationCode(ResourceConstants.CREATE_GW_SENDER, OP_CREATE_GW_SENDER);
+ public static final ResourceOperationCode CREATE_INDEX = new ResourceOperationCode(ResourceConstants.CREATE_INDEX, OP_CREATE_INDEX);
+ public static final ResourceOperationCode CREATE_REGION = new ResourceOperationCode(ResourceConstants.CREATE_REGION, OP_CREATE_REGION);
+ public static final ResourceOperationCode DEPLOY = new ResourceOperationCode(ResourceConstants.DEPLOY, OP_DEPLOY);
+ public static final ResourceOperationCode DESTROY_DISKSTORE = new ResourceOperationCode(ResourceConstants.DESTROY_DISKSTORE, OP_DESTROY_DISKSTORE);
+ public static final ResourceOperationCode DESTROY_FUNCTION = new ResourceOperationCode(ResourceConstants.DESTROY_FUNCTION, OP_DESTROY_FUNCTION);
+ public static final ResourceOperationCode DESTROY_INDEX = new ResourceOperationCode(ResourceConstants.DESTROY_INDEX, OP_DESTROY_INDEX);
+ public static final ResourceOperationCode DESTROY_REGION = new ResourceOperationCode(ResourceConstants.DESTROY_REGION, OP_DESTROY_REGION);
+ public static final ResourceOperationCode EXECUTE_FUNCTION = new ResourceOperationCode(ResourceConstants.EXECUTE_FUNCTION, OP_EXECUTE_FUNCTION);
+ public static final ResourceOperationCode EXPORT_CONFIG = new ResourceOperationCode(ResourceConstants.EXPORT_CONFIG, OP_EXPORT_CONFIG);
+ public static final ResourceOperationCode EXPORT_DATA = new ResourceOperationCode(ResourceConstants.EXPORT_DATA, OP_EXPORT_DATA);
+ public static final ResourceOperationCode EXPORT_LOGS = new ResourceOperationCode(ResourceConstants.EXPORT_LOGS, OP_EXPORT_LOGS);
+ public static final ResourceOperationCode EXPORT_OFFLINE_DISKSTORE = new ResourceOperationCode(ResourceConstants.EXPORT_OFFLINE_DISKSTORE, OP_EXPORT_OFFLINE_DISKSTORE);
+ public static final ResourceOperationCode EXPORT_STACKTRACE = new ResourceOperationCode(ResourceConstants.EXPORT_STACKTRACE, OP_EXPORT_STACKTRACE);
+ public static final ResourceOperationCode GC = new ResourceOperationCode(ResourceConstants.GC, OP_GC);
+ public static final ResourceOperationCode GET = new ResourceOperationCode(ResourceConstants.GET, OP_GET);
+ public static final ResourceOperationCode IMPORT_CONFIG = new ResourceOperationCode(ResourceConstants.IMPORT_CONFIG, OP_IMPORT_CONFIG);
+ public static final ResourceOperationCode IMPORT_DATA = new ResourceOperationCode(ResourceConstants.IMPORT_DATA, OP_IMPORT_DATA);
+ public static final ResourceOperationCode LIST_DS = new ResourceOperationCode(ResourceConstants.LIST_DS, OP_LIST_DS);
+ public static final ResourceOperationCode LOAD_BALANCE_GW_SENDER = new ResourceOperationCode(ResourceConstants.LOAD_BALANCE_GW_SENDER, OP_LOAD_BALANCE_GW_SENDER);
+ public static final ResourceOperationCode LOCATE_ENTRY = new ResourceOperationCode(ResourceConstants.LOCATE_ENTRY, OP_LOCATE_ENTRY);
+ public static final ResourceOperationCode NETSTAT = new ResourceOperationCode(ResourceConstants.NETSTAT, OP_NETSTAT);
+ public static final ResourceOperationCode PAUSE_GW_SENDER = new ResourceOperationCode(ResourceConstants.PAUSE_GW_SENDER, OP_PAUSE_GW_SENDER);
+ public static final ResourceOperationCode PUT = new ResourceOperationCode(ResourceConstants.PUT, OP_PUT);
+ public static final ResourceOperationCode QUERY = new ResourceOperationCode(ResourceConstants.QUERY, OP_QUERY);
+ public static final ResourceOperationCode REBALANCE = new ResourceOperationCode(ResourceConstants.REBALANCE, OP_REBALANCE);
+ public static final ResourceOperationCode REMOVE = new ResourceOperationCode(ResourceConstants.REMOVE, OP_REMOVE);
+ public static final ResourceOperationCode RENAME_PDX = new ResourceOperationCode(ResourceConstants.RENAME_PDX, OP_RENAME_PDX);
+ public static final ResourceOperationCode RESUME_GW_SENDER = new ResourceOperationCode(ResourceConstants.RESUME_GW_SENDER, OP_RESUME_GW_SENDER);
+ public static final ResourceOperationCode REVOKE_MISSING_DISKSTORE = new ResourceOperationCode(ResourceConstants.REVOKE_MISSING_DISKSTORE, OP_REVOKE_MISSING_DISKSTORE);
+ public static final ResourceOperationCode SHOW_DEADLOCKS = new ResourceOperationCode(ResourceConstants.SHOW_DEADLOCKS, OP_SHOW_DEADLOCKS);
+ public static final ResourceOperationCode SHOW_LOG = new ResourceOperationCode(ResourceConstants.SHOW_LOG, OP_SHOW_LOG);
+ public static final ResourceOperationCode SHOW_METRICS = new ResourceOperationCode(ResourceConstants.SHOW_METRICS, OP_SHOW_METRICS);
+ public static final ResourceOperationCode SHOW_MISSING_DISKSTORES = new ResourceOperationCode(ResourceConstants.SHOW_MISSING_DISKSTORES, OP_SHOW_MISSING_DISKSTORES);
+ public static final ResourceOperationCode SHOW_SUBSCRIPTION_QUEUE_SIZE = new ResourceOperationCode(ResourceConstants.SHOW_SUBSCRIPTION_QUEUE_SIZE, OP_SHOW_SUBSCRIPTION_QUEUE_SIZE);
+ public static final ResourceOperationCode SHUTDOWN = new ResourceOperationCode(ResourceConstants.SHUTDOWN, OP_SHUTDOWN);
+ public static final ResourceOperationCode STOP_GW_RECEIVER = new ResourceOperationCode(ResourceConstants.STOP_GW_RECEIVER, OP_STOP_GW_RECEIVER);
+ public static final ResourceOperationCode STOP_GW_SENDER = new ResourceOperationCode(ResourceConstants.STOP_GW_SENDER, OP_STOP_GW_SENDER);
+ public static final ResourceOperationCode UNDEPLOY = new ResourceOperationCode(ResourceConstants.UNDEPLOY, OP_UNDEPLOY);
+ public static final ResourceOperationCode BACKUP_MEMBERS = new ResourceOperationCode(ResourceConstants.BACKUP_MEMBERS, OP_BACKUP_MEMBERS);
+ public static final ResourceOperationCode ROLL_DISKSTORE = new ResourceOperationCode(ResourceConstants.ROLL_DISKSTORE, OP_ROLL_DISKSTORE);
+ public static final ResourceOperationCode FORCE_COMPACTION = new ResourceOperationCode(ResourceConstants.FORCE_COMPACTION, OP_FORCE_COMPACTION);
+ public static final ResourceOperationCode FORCE_ROLL = new ResourceOperationCode(ResourceConstants.FORCE_ROLL, OP_FORCE_ROLL);
+ public static final ResourceOperationCode FLUSH_DISKSTORE = new ResourceOperationCode(ResourceConstants.FLUSH_DISKSTORE, OP_FLUSH_DISKSTORE);
+ public static final ResourceOperationCode START_GW_RECEIVER = new ResourceOperationCode(ResourceConstants.START_GW_RECEIVER, OP_START_GW_RECEIVER);
+ public static final ResourceOperationCode START_GW_SENDER = new ResourceOperationCode(ResourceConstants.START_GW_SENDER, OP_START_GW_SENDER);
+ public static final ResourceOperationCode BECOME_LOCK_GRANTOR = new ResourceOperationCode(ResourceConstants.BECOME_LOCK_GRANTOR, OP_BECOME_LOCK_GRANTOR);
+ public static final ResourceOperationCode START_MANAGER = new ResourceOperationCode(ResourceConstants.START_MANAGER, OP_START_MANAGER);
+ public static final ResourceOperationCode STOP_MANAGER = new ResourceOperationCode(ResourceConstants.STOP_MANAGER, OP_STOP_MANAGER);
+ public static final ResourceOperationCode CREATE_MANAGER = new ResourceOperationCode(ResourceConstants.CREATE_MANAGER, OP_CREATE_MANAGER);
+ public static final ResourceOperationCode STOP_CONTINUOUS_QUERY = new ResourceOperationCode(ResourceConstants.STOP_CONTINUOUS_QUERY, OP_STOP_CONTINUOUS_QUERY);
+ public static final ResourceOperationCode SET_DISK_USAGE = new ResourceOperationCode(ResourceConstants.SET_DISK_USAGE, OP_SET_DISK_USAGE);
+ public static final ResourceOperationCode CREATE_HDFS_STORE = new ResourceOperationCode(ResourceConstants.CREATE_HDFS_STORE, OP_CREATE_HDFS_STORE);
+ public static final ResourceOperationCode ALTER_HDFS_STORE = new ResourceOperationCode(ResourceConstants.ALTER_HDFS_STORE, OP_ALTER_HDFS_STORE);
+ public static final ResourceOperationCode DESTROY_HDFS_STORE = new ResourceOperationCode(ResourceConstants.DESTROY_HDFS_STORE, OP_DESTROY_HDFS_STORE);
+
+
+ public static final ResourceOperationCode PULSE_DASHBOARD = new ResourceOperationCode(
+ ResourceConstants.PULSE_DASHBOARD, OP_PULSE_DASHBOARD);
+ public static final ResourceOperationCode PULSE_DATABROWSER = new ResourceOperationCode(
+ ResourceConstants.PULSE_DATABROWSER, OP_PULSE_DATABROWSER);
+ public static final ResourceOperationCode PULSE_WEBGFSH = new ResourceOperationCode(
+ ResourceConstants.PULSE_WEBGFSH, OP_PULSE_WEBGFSH);
+ public static final ResourceOperationCode PULSE_ADMIN_V1 = new ResourceOperationCode(
+ ResourceConstants.PULSE_ADMIN_V1, OP_PULSE_ADMIN_V1);
+
+ public static final ResourceOperationCode DATA_READ = new ResourceOperationCode(ResourceConstants.DATA_READ,
+ OP_DATA_READ,
+ new ResourceOperationCode[]{
+ LIST_DS,
+ PULSE_DASHBOARD
+ });
+
+ public static final ResourceOperationCode DATA_WRITE = new ResourceOperationCode(ResourceConstants.DATA_WRITE,
+ OP_DATA_WRITE,
+ new ResourceOperationCode[]{
+ DATA_READ,
+ QUERY,
+ BECOME_LOCK_GRANTOR,
+ PUT,
+ REMOVE,
+ EXECUTE_FUNCTION,
+ PULSE_DATABROWSER
+ });
+
+ public static final ResourceOperationCode MONITOR = new ResourceOperationCode(ResourceConstants.MONITOR,
+ OP_MONITOR,
+ new ResourceOperationCode[] {
+ DATA_READ,
+ EXPORT_CONFIG,
+ EXPORT_DATA,
+ EXPORT_LOGS,
+ EXPORT_OFFLINE_DISKSTORE,
+ EXPORT_STACKTRACE,
+ SHOW_DEADLOCKS,
+ SHOW_LOG,
+ SHOW_METRICS,
+ SHOW_MISSING_DISKSTORES,
+ SHOW_SUBSCRIPTION_QUEUE_SIZE
+ });
+
+ public static final ResourceOperationCode ADMIN = new ResourceOperationCode(ResourceConstants.ADMIN,
+ OP_ADMIN,
+ new ResourceOperationCode[] {
+ DATA_WRITE,
+ MONITOR,
+ ALTER_REGION,
+ ALTER_RUNTIME,
+ BACKUP_DISKSTORE,
+ CHANGE_ALERT_LEVEL,
+ CLOSE_DURABLE_CLIENT,
+ CLOSE_DURABLE_CQ,
+ COMPACT_DISKSTORE,
+ CONFIGURE_PDX,
+ CREATE_AEQ,
+ CREATE_DISKSTORE,
+ CREATE_GW_RECEIVER,
+ CREATE_GW_SENDER,
+ CREATE_INDEX,
+ CREATE_REGION,
+ DEPLOY,
+ DESTROY_DISKSTORE,
+ DESTROY_FUNCTION,
+ DESTROY_INDEX,
+ DESTROY_REGION,
+ GC,
+ GET,
+ IMPORT_CONFIG,
+ IMPORT_DATA,
+ LIST_DS,
+ LOAD_BALANCE_GW_SENDER,
+ LOCATE_ENTRY,
+ NETSTAT,
+ PAUSE_GW_SENDER,
+ REBALANCE,
+ RENAME_PDX,
+ RESUME_GW_SENDER,
+ REVOKE_MISSING_DISKSTORE,
+ SHUTDOWN,
+ STOP_GW_RECEIVER,
+ STOP_GW_SENDER,
+ UNDEPLOY,
+ BACKUP_MEMBERS,
+ ROLL_DISKSTORE,
+ FORCE_COMPACTION,
+ FORCE_ROLL,
+ FLUSH_DISKSTORE,
+ START_GW_RECEIVER,
+ START_GW_SENDER,
+ START_MANAGER,
+ STOP_MANAGER,
+ CREATE_MANAGER,
+ STOP_CONTINUOUS_QUERY,
+ SET_DISK_USAGE,
+ PULSE_WEBGFSH,
+ PULSE_ADMIN_V1
+ });
+
+
+ private final String name;
+ private final int opCode;
+ private final List<ResourceOperationCode> children;
+
+ private ResourceOperationCode(String name, int opCode) {
+ this.name = name;
+ this.opCode = opCode;
+ VALUES[opCode] = this;
+ OperationNameMap.put(name, this);
+ this.children = null;
+ }
+
+ private ResourceOperationCode(String name, int opCode, ResourceOperationCode[] children) {
+ this.name = name;
+ this.opCode = opCode;
+ VALUES[opCode] = this;
+ OperationNameMap.put(name, this);
+ this.children = new ArrayList<ResourceOperationCode>();
+ for(ResourceOperationCode code : children) {
+ this.children.add(code);
}
+ }
+
+ public List<ResourceOperationCode> getChildren() {
+ return Collections.unmodifiableList(children);
+ }
+
+ public void addChild(ResourceOperationCode code) {
+ this.children.add(code);
+ }
+
+ /**
+ * Returns the <code>OperationCode</code> represented by specified int.
+ */
+ public static ResourceOperationCode fromOrdinal(int opCode) {
+ return VALUES[opCode];
+ }
+
+ /**
+ * Returns the <code>OperationCode</code> represented by specified string.
+ */
+ public static ResourceOperationCode parse(String operationName) {
+ return OperationNameMap.get(operationName);
+ }
+
+ /**
+ * Returns the int representing this operation code.
+ *
+ * @return a int representing this operation.
+ */
+ public int toOrdinal() {
+ return this.opCode;
+ }
+
+ /**
+ * Returns a string representation for this operation.
+ *
+ * @return the name of this operation.
+ */
+ @Override
+ final public String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ final public boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ResourceOperationCode)) {
+ return false;
+ }
+ final ResourceOperationCode other = (ResourceOperationCode) obj;
+ return (other.opCode == this.opCode);
+ }
+
+ /**
+ * Indicates whether other <code>OperationCode</code> is same as this one.
+ *
+ * @return true if other <code>OperationCode</code> is same as this one.
+ */
+ final public boolean equals(final ResourceOperationCode opCode) {
+ return (opCode != null && opCode.opCode == this.opCode);
+ }
+
+ /**
+ * Returns a hash code value for this <code>OperationCode</code> which is
+ * the same as the int representing its operation type.
+ *
+ * @return the hashCode of this operation.
+ */
+ @Override
+ final public int hashCode() {
+ return this.opCode;
+ }
+
+ /**
+ * Returns true if passed operation is same or any one of its
+ * children
+ *
+ * @param op
+ * @return true if <code>OperationCode</code> matches
+ */
+ public boolean allowedOp(ResourceOperationCode op) {
+ if(this.equals(op))
+ return true;
+ else {
+ if(children!=null) {
+ for(ResourceOperationCode child : children) {
+ if(child.allowedOp(op))
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+ }
+
+ public abstract ResourceOperationCode getResourceOperationCode();
+
+ @Override
+ public boolean isClientUpdate() {
+ return false;
+ }
+
+ @Override
+ public boolean isPostOperation() {
+ return isPostOperation;
+ }
+
+ public void setPostOperationResult(Object result) {
+ this.isPostOperation = true;
+ this.opResult = result;
+ }
+
+ public Object getOperationResult() {
+ return this.opResult;
+ }
- /**
- * Returns the <code>OperationCode</code> represented by specified byte.
- */
- public static ResourceOperationCode fromOrdinal(byte opCode) {
- return VALUES[opCode];
- }
-
- /**
- * Returns the <code>OperationCode</code> represented by specified string.
- */
- public static ResourceOperationCode parse(String operationName) {
- return (ResourceOperationCode)OperationNameMap.get(operationName);
- }
-
- /**
- * Returns the byte representing this operation code.
- *
- * @return a byte representing this operation.
- */
- public byte toOrdinal() {
- return this.opCode;
- }
-
- /**
- * Returns a string representation for this operation.
- *
- * @return the name of this operation.
- */
- @Override
- final public String toString() {
- return this.name;
- }
-
- /**
- * Indicates whether other object is same as this one.
- *
- * @return true if other object is same as this one.
- */
- @Override
- final public boolean equals(final Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof ResourceOperationCode)) {
- return false;
- }
- final ResourceOperationCode other = (ResourceOperationCode)obj;
- return (other.opCode == this.opCode);
- }
-
- /**
- * Indicates whether other <code>OperationCode</code> is same as this one.
- *
- * @return true if other <code>OperationCode</code> is same as this one.
- */
- final public boolean equals(final ResourceOperationCode opCode) {
- return (opCode != null && opCode.opCode == this.opCode);
- }
-
- /**
- * Returns a hash code value for this <code>OperationCode</code> which is
- * the same as the byte representing its operation type.
- *
- * @return the hashCode of this operation.
- */
- @Override
- final public int hashCode() {
- return this.opCode;
- }
-
-
- }
-
-
- public abstract ResourceOperationCode getResourceOperationCode();
-
- /*
- @Override
- public OperationCode getOperationCode() {
- // TODO Auto-generated method stub
- return null;
- }*/
-
- @Override
- public boolean isPostOperation() {
- return false;
- }
-
-}
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java
new file mode 100644
index 0000000..33f4ad9
--- /dev/null
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/SetAttributesOperationContext.java
@@ -0,0 +1,39 @@
+package com.gemstone.gemfire.management.internal.security;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Used to encapsulate Context passed AccessControl Plugin for each of the
+ * attributes in attribute list passed to setAttributes call on given MBean
+ *
+ * @author tushark
+ * @since 9.0
+ */
+public class SetAttributesOperationContext extends ResourceOperationContext {
+
+ private Map<String,ResourceOperationContext> contextMap = null;
+
+ public SetAttributesOperationContext(){
+ contextMap = new HashMap<String,ResourceOperationContext>();
+ }
+
+ public void addAttribute(String attr, ResourceOperationContext setterContext) {
+ this.contextMap.put(attr, setterContext);
+ }
+
+ public Map<String,ResourceOperationContext> getAttributesContextMap(){
+ return contextMap;
+ }
+
+ @Override
+ public ResourceOperationCode getResourceOperationCode() {
+ return null;
+ }
+
+ @Override
+ public OperationCode getOperationCode() {
+ return null;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
index 73ce926..0aa614f 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
@@ -8,35 +8,53 @@
package com.gemstone.gemfire.management.internal.web.controllers;
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.ACCESS_DENIED_MESSAGE;
+
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.management.ManagementFactory;
import java.net.URI;
+import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
+import java.util.Properties;
import java.util.Set;
+
import javax.management.JMX;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.management.Query;
import javax.management.QueryExp;
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.logging.log4j.LogMarker;
import com.gemstone.gemfire.internal.util.ArrayUtils;
import com.gemstone.gemfire.management.DistributedSystemMXBean;
+import com.gemstone.gemfire.management.ManagementService;
import com.gemstone.gemfire.management.MemberMXBean;
import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
import com.gemstone.gemfire.management.internal.ManagementConstants;
+import com.gemstone.gemfire.management.internal.SystemManagementService;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.security.CLIOperationContext;
+import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
import com.gemstone.gemfire.management.internal.web.controllers.support.MemberMXBeanAdapter;
import com.gemstone.gemfire.management.internal.web.util.UriUtils;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.Authenticator;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
@@ -46,6 +64,7 @@ import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
@@ -71,6 +90,27 @@ public abstract class AbstractCommandsController {
protected static final String REST_API_VERSION = "/v1";
private MemberMXBean managingMemberMXBeanProxy;
+
+
+
+ private Class accessControlKlass;
+
+ private GemFireCacheImpl cache;
+
+ // Convert a predefined exception to an HTTP Status code
+ @ResponseStatus(value=HttpStatus.UNAUTHORIZED, reason="Not authenticated") // 401
+ @ExceptionHandler(com.gemstone.gemfire.security.AuthenticationFailedException.class)
+ public void authenticate() {
+
+ }
+
+ // Convert a predefined exception to an HTTP Status code
+ @ResponseStatus(value=HttpStatus.FORBIDDEN, reason="Access Denied") // 403
+ @ExceptionHandler(java.lang.SecurityException.class)
+ public void authorize() {
+
+ }
+
/**
* Asserts the argument is valid, as determined by the caller passing the result of an evaluated expression to this
@@ -401,8 +441,8 @@ public abstract class AbstractCommandsController {
final DistributedSystemMXBean distributedSystemMXBean = JMX.newMXBeanProxy(platformMBeanServer,
MBeanJMXAdapter.getDistributedSystemName(), DistributedSystemMXBean.class);
- //managingMemberMXBeanProxy = createMemberMXBeanForManagerUsingAdapter(platformMBeanServer,
- // distributedSystemMXBean.getMemberObjectName());
+ /*managingMemberMXBeanProxy = createMemberMXBeanForManagerUsingAdapter(platformMBeanServer,
+ distributedSystemMXBean.getMemberObjectName());*/
managingMemberMXBeanProxy = createMemberMXBeanForManagerUsingProxy(platformMBeanServer,
distributedSystemMXBean.getMemberObjectName());
@@ -410,6 +450,15 @@ public abstract class AbstractCommandsController {
return managingMemberMXBeanProxy;
}
+
+ protected synchronized ObjectName getMemberObjectName() {
+ final MBeanServer platformMBeanServer = getMBeanServer();
+
+ final DistributedSystemMXBean distributedSystemMXBean = JMX.newMXBeanProxy(platformMBeanServer,
+ MBeanJMXAdapter.getDistributedSystemName(), DistributedSystemMXBean.class);
+
+ return distributedSystemMXBean.getMemberObjectName();
+ }
/**
* Creates an Adapter using the Platform MBeanServer and ObjectName to invoke operations on the GemFire Manager's
@@ -449,7 +498,6 @@ public abstract class AbstractCommandsController {
*/
protected Map<String, String> getEnvironment() {
final Map<String, String> environment = new HashMap<String, String>();
-
environment.putAll(EnvironmentVariablesHandlerInterceptor.getEnvironment());
environment.put(Gfsh.ENV_APP_NAME, Gfsh.GFSH_APP_NAME);
@@ -505,6 +553,13 @@ public abstract class AbstractCommandsController {
protected String processCommand(final String command) {
return processCommand(command, getEnvironment(), null);
}
+
+ protected String processCommandWithCredentials(final String command, Properties credentials) {
+ if (credentials != null) {
+ EnvironmentVariablesHandlerInterceptor.CREDENTIALS.set(credentials);
+ }
+ return processCommand(command, getEnvironment(), null);
+ }
/**
* Executes the specified command as entered by the user using the GemFire Shell (Gfsh). Note, Gfsh performs
@@ -522,6 +577,13 @@ public abstract class AbstractCommandsController {
protected String processCommand(final String command, final byte[][] fileData) {
return processCommand(command, getEnvironment(), fileData);
}
+
+ protected String processCommandWithCredentials(final String command, final byte[][] fileData, Properties credentials) {
+ if (credentials != null) {
+ EnvironmentVariablesHandlerInterceptor.CREDENTIALS.set(credentials);
+ }
+ return processCommand(command, getEnvironment(), fileData);
+ }
/**
* Executes the specified command as entered by the user using the GemFire Shell (Gfsh). Note, Gfsh performs
@@ -556,11 +618,42 @@ public abstract class AbstractCommandsController {
* @see com.gemstone.gemfire.management.MemberMXBean#processCommand(String, java.util.Map, Byte[][])
*/
protected String processCommand(final String command, final Map<String, String> environment, final byte[][] fileData) {
- logger.info(LogMarker.CONFIG, "Processing Command ({}) with Environment ({}) having File Data ({})...",
- command, environment, (fileData != null));
+ logger.info(LogMarker.CONFIG, "Processing Command ({}) with Environment ({}) having File Data ({})...", command,
+ environment, (fileData != null));
+
+ ResourceOperationContext ctx = authorize(command);
+
+ String result = getManagingMemberMXBean().processCommand(command, environment, ArrayUtils.toByteArray(fileData));
+
+ ctx = postAuthorize(command, ctx, result);
+
+ return result;
+ }
+
+ protected ResourceOperationContext authorize(final String command) {
+
- return getManagingMemberMXBean().processCommand(command, environment, ArrayUtils.toByteArray(fileData));
+ SystemManagementService service = (SystemManagementService) ManagementService
+ .getExistingManagementService(CacheFactory.getAnyInstance());
+ Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+ CLIOperationContext context = new CLIOperationContext(command);
+ service.getAuthManager().authorize(credentials, context);
+ return context;
+ }
+
+ protected ResourceOperationContext postAuthorize(final String command, ResourceOperationContext context, Object result) {
+
+ context.setPostOperationResult(result);
+ SystemManagementService service = (SystemManagementService) ManagementService
+ .getExistingManagementService(CacheFactory.getAnyInstance());
+ Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
+ service.getAuthManager().postAuthorize(credentials, context);
+ return context;
}
+
+
+
/**
* The MemberMXBeanProxy class is a proxy for the MemberMXBean interface transforming an operation on the member
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
index 517d942..04197c5 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
@@ -8,11 +8,13 @@
package com.gemstone.gemfire.management.internal.web.controllers;
import java.io.IOException;
+import java.util.Properties;
import java.util.concurrent.Callable;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
import com.gemstone.gemfire.management.internal.web.util.ConvertUtils;
import org.springframework.http.HttpStatus;
@@ -160,9 +162,11 @@ public class ConfigCommandsController extends AbstractMultiPartCommandsControlle
command.addOption(CliStrings.EXPORT_CONFIG__DIR, decode(directory));
}
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
@@ -179,9 +183,11 @@ public class ConfigCommandsController extends AbstractMultiPartCommandsControlle
command.addOption(CliStrings.EXPORT_SHARED_CONFIG__DIR, directory);
}
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
@@ -195,9 +201,11 @@ public class ConfigCommandsController extends AbstractMultiPartCommandsControlle
command.addOption(CliStrings.IMPORT_SHARED_CONFIG__ZIP, zipFileName);
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString(), ConvertUtils.convert(zipFileResources)), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), ConvertUtils.convert(zipFileResources), credentials), HttpStatus.OK);
}
};
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
index 6767ec1..d11a380 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
@@ -7,11 +7,13 @@
*/
package com.gemstone.gemfire.management.internal.web.controllers;
+import java.util.Properties;
import java.util.concurrent.Callable;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -129,9 +131,11 @@ public class DataCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.EXPORT_DATA__REGION, decode(regionNamePath));
command.addOption(CliStrings.EXPORT_DATA__FILE, decode(file));
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
@@ -147,9 +151,11 @@ public class DataCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.IMPORT_DATA__REGION, decode(regionNamePath));
command.addOption(CliStrings.IMPORT_DATA__FILE, decode(file));
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
@@ -194,9 +200,11 @@ public class DataCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.QUERY__STEPNAME, stepName);
command.addOption(CliStrings.QUERY__INTERACTIVE, String.valueOf(Boolean.TRUE.equals(interactive)));
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
@@ -222,9 +230,11 @@ public class DataCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.REBALANCE__SIMULATE, String.valueOf(simulate));
command.addOption(CliStrings.REBALANCE__TIMEOUT, String.valueOf(timeout));
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
index 2df3432..3cbffe4 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
@@ -7,11 +7,14 @@
*/
package com.gemstone.gemfire.management.internal.web.controllers;
+import java.util.Properties;
import java.util.concurrent.Callable;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.security.CLIOperationContext;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -60,9 +63,11 @@ public class DiskStoreCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.BACKUP_DISK_STORE__BASELINEDIR, decode(baselineDir));
}
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
@@ -79,9 +84,11 @@ public class DiskStoreCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.COMPACT_DISK_STORE__GROUP, StringUtils.concat(groups, StringUtils.COMMA_DELIMITER));
}
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
index de81543..3001778 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
@@ -7,11 +7,13 @@
*/
package com.gemstone.gemfire.management.internal.web.controllers;
+import java.util.Properties;
import java.util.concurrent.Callable;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -102,9 +104,12 @@ public class FunctionCommandsController extends AbstractCommandsController {
command.addOption(CliStrings.EXECUTE_FUNCTION__RESULTCOLLECTOR, resultCollector);
}
+
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
index 66d344f..67c4b11 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
@@ -7,11 +7,13 @@
*/
package com.gemstone.gemfire.management.internal.web.controllers;
+import java.util.Properties;
import java.util.concurrent.Callable;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.web.controllers.support.EnvironmentVariablesHandlerInterceptor;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -78,10 +80,12 @@ public class MiscellaneousCommandsController extends AbstractCommandsController
if (hasValue(endTime)) {
command.addOption(CliStrings.EXPORT_LOGS__ENDTIME, endTime);
}
-
+
+ final Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
+
return new Callable<ResponseEntity<String>>() {
@Override public ResponseEntity<String> call() throws Exception {
- return new ResponseEntity<String>(processCommand(command.toString()), HttpStatus.OK);
+ return new ResponseEntity<String>(processCommandWithCredentials(command.toString(), credentials), HttpStatus.OK);
}
};
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
index 97f9bbe..6e2bb40 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
@@ -257,7 +257,7 @@ public class WanCommandsController extends AbstractCommandsController {
@RequestParam(value = CliStrings.RESUME_GATEWAYSENDER__GROUP, required = false) final String[] groups,
@RequestParam(value = CliStrings.RESUME_GATEWAYSENDER__MEMBER, required = false) final String[] members)
{
- CommandStringBuilder command = new CommandStringBuilder(CliStrings.RESUME_GATEWAYSENDER__ID);
+ CommandStringBuilder command = new CommandStringBuilder(CliStrings.RESUME_GATEWAYSENDER);
command.addOption(CliStrings.RESUME_GATEWAYSENDER__ID, decode(gatewaySenderId));
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej
new file mode 100644
index 0000000..f8ce82a
--- /dev/null
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java.rej
@@ -0,0 +1,10 @@
+diff a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java (rejected hunks)
+@@ -298,7 +298,7 @@ public class WanCommandsController extends AbstractCommandsController {
+ @RequestParam(value = CliStrings.START_GATEWAYSENDER__GROUP, required = false) final String[] groups,
+ @RequestParam(value = CliStrings.START_GATEWAYSENDER__MEMBER, required = false) final String[] members)
+ {
+- CommandStringBuilder command = new CommandStringBuilder(CliStrings.START_GATEWAYRECEIVER);
++ CommandStringBuilder command = new CommandStringBuilder(CliStrings.START_GATEWAYSENDER);
+
+ command.addOption(CliStrings.START_GATEWAYSENDER__ID, gatewaySenderId);
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
index 8ebed02..47a58d7 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
@@ -7,15 +7,47 @@
*/
package com.gemstone.gemfire.management.internal.web.controllers.support;
+import java.lang.reflect.Method;
+import java.security.Principal;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.Map.Entry;
+
+import javax.management.remote.JMXPrincipal;
+import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
+import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.internal.SystemManagementService;
+import com.gemstone.gemfire.management.internal.security.CLIOperationContext;
+import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.AuthenticationRequiredException;
+import com.gemstone.gemfire.security.Authenticator;
+
+import org.apache.logging.log4j.Logger;
+
/**
* The GetEnvironmentHandlerInterceptor class handles extracting Gfsh environment variables encoded in the HTTP request
* message as request parameters.
@@ -29,6 +61,16 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@SuppressWarnings("unused")
public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAdapter {
+ private static final Logger logger = LogService.getLogger();
+
+ private Cache cache;
+
+ private Authenticator auth = null;
+
+
+ public static final ThreadLocal<Properties> CREDENTIALS = new ThreadLocal<Properties>();
+
+
private static final ThreadLocal<Map<String, String>> ENV = new ThreadLocal<Map<String, String>>() {
@Override
protected Map<String, String> initialValue() {
@@ -37,6 +79,8 @@ public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAd
};
protected static final String ENVIRONMENT_VARIABLE_REQUEST_PARAMETER_PREFIX = "vf.gf.env.";
+
+ protected static final String SECURITY_VARIABLE_REQUEST_HEADER_PREFIX = "security-";
public static Map<String, String> getEnvironment() {
return ENV.get();
@@ -46,6 +90,7 @@ public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAd
public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler)
throws Exception
{
+
final Map<String, String> requestParameterValues = new HashMap<String, String>();
for (Enumeration<String> requestParameters = request.getParameterNames(); requestParameters.hasMoreElements(); ) {
@@ -56,11 +101,52 @@ public class EnvironmentVariablesHandlerInterceptor extends HandlerInterceptorAd
request.getParameter(requestParameter));
}
}
+
+
+
+ for (Enumeration<String> requestHeaders = request.getHeaderNames(); requestHeaders.hasMoreElements();) {
+ final String requestHeader = requestHeaders.nextElement();
+
+ if (requestHeader.startsWith(SECURITY_VARIABLE_REQUEST_HEADER_PREFIX)) {
+ requestParameterValues.put(requestHeader, request.getHeader(requestHeader));
+ }
+
+ }
+
+ securityCheck(requestParameterValues);
+
ENV.set(requestParameterValues);
return true;
}
+
+
+
+ protected void securityCheck(final Map<String, String> environment) {
+
+ Properties credentials = new Properties();
+
+ Iterator<Entry<String, String>> it = environment.entrySet().iterator();
+ while (it.hasNext()) {
+ Entry<String, String> entry = it.next();
+ if (entry.getKey().startsWith(SECURITY_VARIABLE_REQUEST_HEADER_PREFIX)) {
+ credentials.put(entry.getKey(), entry.getValue());
+ }
+
+ }
+ GemFireCacheImpl instance = GemFireCacheImpl.getInstance();
+ if(instance != null){
+ SystemManagementService service = (SystemManagementService) ManagementService
+ .getExistingManagementService(instance);
+ service.getAuthManager().verifyCredentials(credentials);
+ CREDENTIALS.set(credentials);
+ }
+
+
+ }
+
+
@Override
public void afterCompletion(final HttpServletRequest request,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
index 8bd9d37..7a83271 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
@@ -7,13 +7,33 @@
*/
package com.gemstone.gemfire.management.internal.web.http.support;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.net.URI;
+import java.util.Map;
+import java.util.Properties;
import java.util.Set;
+import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.ClientHttpRequest;
+import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.web.client.RequestCallback;
+import org.springframework.web.client.ResponseErrorHandler;
+import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;
+import com.gemstone.gemfire.internal.lang.StringUtils;
+import com.gemstone.gemfire.internal.util.IOUtils;
+import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+
+
/**
* The SimpleHttpRequester class is a Adapter/facade for the Spring RestTemplate class for abstracting HTTP requests
* and operations.
@@ -29,13 +49,18 @@ public class SimpleHttpRequester {
protected static final int DEFAULT_CONNECT_TIMEOUT = (30 * 1000); // 30 seconds
private final RestTemplate restTemplate;
+
+ private String user;
+
+ private String pwd;
+ private Map<String,String> securityProperties;
/**
* Default constructor to create an instance of the SimpleHttpRequester class using the default connection timeout
* of 30 seconds.
*/
- public SimpleHttpRequester() {
- this(DEFAULT_CONNECT_TIMEOUT);
+ public SimpleHttpRequester(Gfsh gfsh,Map<String,String> securityProperties) {
+ this(gfsh, DEFAULT_CONNECT_TIMEOUT, securityProperties);
}
/**
@@ -44,12 +69,54 @@ public class SimpleHttpRequester {
* @param connectTimeout an integer value specifying the timeout value in milliseconds for establishing the HTTP
* connection to the HTTP server.
*/
- public SimpleHttpRequester(final int connectTimeout) {
+ public SimpleHttpRequester(final Gfsh gfsh, final int connectTimeout, Map<String,String> securityProperties) {
final SimpleClientHttpRequestFactory clientHttpRequestFactory = new SimpleClientHttpRequestFactory();
clientHttpRequestFactory.setConnectTimeout(connectTimeout);
+ this.securityProperties = securityProperties;
this.restTemplate = new RestTemplate(clientHttpRequestFactory);
+
+ this.restTemplate.setErrorHandler(new ResponseErrorHandler() {
+ @Override
+ public boolean hasError(final ClientHttpResponse response) throws IOException {
+ final HttpStatus status = response.getStatusCode();
+
+ switch (status) {
+ case BAD_REQUEST: // 400 *
+ case UNAUTHORIZED: // 401
+ case FORBIDDEN: // 403
+ case NOT_FOUND: // 404 *
+ case METHOD_NOT_ALLOWED: // 405 *
+ case NOT_ACCEPTABLE: // 406 *
+ case REQUEST_TIMEOUT: // 408
+ case CONFLICT: // 409
+ case REQUEST_ENTITY_TOO_LARGE: // 413
+ case REQUEST_URI_TOO_LONG: // 414
+ case UNSUPPORTED_MEDIA_TYPE: // 415 *
+ case TOO_MANY_REQUESTS: // 429
+ case INTERNAL_SERVER_ERROR: // 500 *
+ case NOT_IMPLEMENTED: // 501
+ case BAD_GATEWAY: // 502 ?
+ case SERVICE_UNAVAILABLE: // 503
+ return true;
+ default:
+ return false;
+ }
+ }
+
+ @Override
+ public void handleError(final ClientHttpResponse response) throws IOException {
+ final String message = String.format("The HTTP request failed with: %1$d - %2$s", response.getRawStatusCode(),
+ response.getStatusText());
+
+ throw new RuntimeException(message);
+
+ }
+
+
+ });
+
}
/**
@@ -118,7 +185,7 @@ public class SimpleHttpRequester {
}
/**
- * Performs an HTTP PUT operation on the requested resource identified/located by the specified URL.
+ * Performs an HTTP PUT operation on the requested resource identifiedR/located by the specified URL.
* <p/>
* @param url a String value identifying or locating the resource intended for the HTTP operation.
* @param urlVariables an array of variables to substitute in the URI/URL template.
@@ -127,5 +194,35 @@ public class SimpleHttpRequester {
public void put(final String url, final Object requestBody, final Object... urlVariables) {
getRestTemplate().put(url, requestBody, urlVariables);
}
+
+ /**
+ * Performs an HTTP GET operation on the requested resource identified/located
+ * by the specified URL.
+ * <p/>
+ *
+ * @param url
+ * a String value identifying or locating the resource intended for
+ * the HTTP operation.
+ * @param urlVariables
+ * an array of variables to substitute in the URI/URL template.
+ * @see org.springframework.web.client.RestTemplate#getForObject(String,
+ * Class, Object...)
+ */
+ public <T> T exchange(final String url, final Class<T> responseType, final Object... urlVariables) {
+ ResponseEntity<T> response = getRestTemplate().exchange(url, HttpMethod.GET, getRequestEntity(), responseType);
+ return response.getBody();
+ }
+
+ protected HttpEntity<?> getRequestEntity() {
+ HttpHeaders requestHeaders = new HttpHeaders();
+ if(this.securityProperties != null){
+ requestHeaders.setAll(securityProperties);
+ }
+
+ HttpEntity<?> requestEntity = new HttpEntity(requestHeaders);
+
+ return requestEntity;
+
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
index dac1271..d84f744 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
@@ -14,12 +14,15 @@ import java.io.InputStreamReader;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.Set;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
+
import javax.management.ObjectName;
import javax.management.QueryExp;
@@ -31,6 +34,7 @@ import com.gemstone.gemfire.management.DistributedSystemMXBean;
import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
import com.gemstone.gemfire.management.internal.ManagementConstants;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.management.internal.web.domain.Link;
import com.gemstone.gemfire.management.internal.web.domain.QueryParameterSource;
import com.gemstone.gemfire.management.internal.web.http.ClientHttpRequest;
@@ -105,6 +109,9 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
// the base URL of the GemFire Manager's embedded HTTP service and REST API interface
private final String baseUrl;
+
+
+ protected Map<String,String> securityProperties;
/**
* Default, public, no-arg constructor to create an instance of the AbstractHttpOperationInvoker class
@@ -124,11 +131,11 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
* @param gfsh a reference to the instance of the GemFire shell (Gfsh) using this HTTP-based OperationInvoker for
* command processing.
* @throws AssertionError if the reference to the Gfsh instance is null.
- * @see #AbstractHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String)
+ * @see #AbstractHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String, Map)
* @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
*/
- public AbstractHttpOperationInvoker(final Gfsh gfsh) {
- this(gfsh, REST_API_URL);
+ public AbstractHttpOperationInvoker(final Gfsh gfsh, Map<String,String> securityProperties) {
+ this(gfsh, REST_API_URL, securityProperties);
}
/**
@@ -143,12 +150,13 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
* @throws AssertionError if the reference to the Gfsh instance is null.
* @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
*/
- public AbstractHttpOperationInvoker(final Gfsh gfsh, final String baseUrl) {
+ public AbstractHttpOperationInvoker(final Gfsh gfsh, final String baseUrl, Map<String,String> securityProperties) {
assertNotNull(gfsh, "The reference to the GemFire shell (Gfsh) cannot be null!");
this.gfsh = gfsh;
this.baseUrl = StringUtils.defaultIfBlank(baseUrl, REST_API_URL);
-
+ this.securityProperties = securityProperties;
+
// constructs an instance of a single-threaded, scheduled Executor to send periodic HTTP requests to the Manager's
// HTTP service or Web Service to assess the "alive" state
this.executorService = Executors.newSingleThreadScheduledExecutor();
@@ -194,11 +202,12 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
final String message = String.format("The HTTP request failed with: %1$d - %2$s", response.getRawStatusCode(),
response.getStatusText());
- gfsh.logSevere(message, null);
+ //gfsh.logSevere(message, null);
if (gfsh.getDebug()) {
gfsh.logSevere(readBody(response), null);
}
+ throw new RuntimeException(message);
}
private String readBody(final ClientHttpResponse response) throws IOException {
@@ -350,6 +359,14 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
final ClientHttpRequest request = new ClientHttpRequest(link);
request.addHeaderValues(HttpHeader.USER_AGENT.getName(), USER_AGENT_HTTP_REQUEST_HEADER_VALUE);
request.getHeaders().setAccept(getAcceptableMediaTypes());
+
+ if(this.securityProperties != null){
+ Iterator<Entry<String, String>> it = this.securityProperties.entrySet().iterator();
+ while(it.hasNext()){
+ Entry<String,String> entry= it.next();
+ request.addHeaderValues(entry.getKey(), entry.getValue());
+ }
+ }
return request;
}
@@ -551,6 +568,8 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
printInfo("HTTP response headers: %1$s", response.getHeaders());
printInfo("HTTP response status: %1$d - %2$s", response.getStatusCode().value(),
response.getStatusCode().getReasonPhrase());
+
+ printInfo("HTTP response body: ", response.getBody());
}
return response;
@@ -788,5 +807,5 @@ public abstract class AbstractHttpOperationInvoker implements HttpOperationInvok
public String toString() {
return String.format("GemFire Manager HTTP service @ %1$s", getBaseUrl());
}
-
+
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
index 0dfbdbd..320214d 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
@@ -11,8 +11,10 @@ package com.gemstone.gemfire.management.internal.web.shell;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import com.gemstone.gemfire.internal.lang.Filter;
import com.gemstone.gemfire.internal.lang.Initable;
@@ -22,6 +24,7 @@ import com.gemstone.gemfire.internal.util.CollectionUtils;
import com.gemstone.gemfire.management.internal.cli.CommandRequest;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.management.internal.web.domain.Link;
import com.gemstone.gemfire.management.internal.web.domain.LinkIndex;
import com.gemstone.gemfire.management.internal.web.http.ClientHttpRequest;
@@ -65,6 +68,7 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
// the LinkIndex containing Links to all GemFire REST API web service endpoints
private final LinkIndex linkIndex;
+
/**
* Constructs an instance of the RestHttpOperationInvoker class initialized with the given link index containing links
* referencing all REST API web service endpoints. This constructor should only be used for testing purposes.
@@ -87,12 +91,12 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
*
* @param linkIndex the LinkIndex containing Links to all REST API web service endpoints in GemFire' REST interface.
* @param gfsh a reference to the instance of the GemFire shell using this OperationInvoker to process commands.
- * @see #RestHttpOperationInvoker(com.gemstone.gemfire.management.internal.web.domain.LinkIndex, com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String)
+ * @see #RestHttpOperationInvoker(com.gemstone.gemfire.management.internal.web.domain.LinkIndex, com.gemstone.gemfire.management.internal.cli.shell.Gfsh, Map)
* @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
* @see com.gemstone.gemfire.management.internal.web.domain.LinkIndex
*/
- public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh) {
- this(linkIndex, gfsh, CliStrings.CONNECT__DEFAULT_BASE_URL);
+ public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh, Map<String,String> securityProperties) {
+ this(linkIndex, gfsh, CliStrings.CONNECT__DEFAULT_BASE_URL, securityProperties);
}
/**
@@ -108,11 +112,12 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
* @see com.gemstone.gemfire.management.internal.web.domain.LinkIndex
* @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
*/
- public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh, final String baseUrl) {
- super(gfsh, baseUrl);
+ public RestHttpOperationInvoker(final LinkIndex linkIndex, final Gfsh gfsh, final String baseUrl, Map<String,String> securityProperties) {
+ super(gfsh, baseUrl, securityProperties);
assertNotNull(linkIndex, "The Link Index resolving commands to REST API web service endpoints cannot be null!");
this.linkIndex = linkIndex;
- this.httpOperationInvoker = new SimpleHttpOperationInvoker(gfsh, baseUrl);
+ this.httpOperationInvoker = new SimpleHttpOperationInvoker(gfsh, baseUrl, securityProperties);
+
}
/**
@@ -142,6 +147,14 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
httpRequest.getHeaders().setAccept(getAcceptableMediaTypes());
httpRequest.getHeaders().setContentLength(0l);
+ if(securityProperties != null){
+ Iterator<Entry<String, String>> it = securityProperties.entrySet().iterator();
+ while(it.hasNext()){
+ Entry<String,String> entry= it.next();
+ httpRequest.getHeaders().add(entry.getKey(), entry.getValue());
+ }
+ }
+
ClientHttpResponse httpResponse = httpRequest.execute();
if (HttpStatus.NOT_FOUND.equals(httpResponse.getStatusCode())) {
@@ -229,6 +242,7 @@ public class RestHttpOperationInvoker extends AbstractHttpOperationInvoker imple
}
}
+
if (command.getFileData() != null) {
request.addParameterValues(RESOURCES_REQUEST_PARAMETER, (Object[]) ConvertUtils.convert(command.getFileData()));
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
index a122339..3f5f18b 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
@@ -9,6 +9,7 @@
package com.gemstone.gemfire.management.internal.web.shell;
import java.net.URI;
+import java.util.Map;
import com.gemstone.gemfire.management.internal.cli.CommandRequest;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
@@ -54,11 +55,11 @@ public class SimpleHttpOperationInvoker extends AbstractHttpOperationInvoker {
* using HTTP processing.
*
* @param gfsh a reference to the instance of the GemFire shell using this OperationInvoker to process commands.
- * @see #SimpleHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String)
+ * @see #SimpleHttpOperationInvoker(com.gemstone.gemfire.management.internal.cli.shell.Gfsh, String, Map)
* @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
*/
- public SimpleHttpOperationInvoker(final Gfsh gfsh) {
- this(gfsh, REST_API_URL);
+ public SimpleHttpOperationInvoker(final Gfsh gfsh, Map<String,String> securityProperties) {
+ this(gfsh, REST_API_URL, securityProperties);
}
/**
@@ -71,8 +72,8 @@ public class SimpleHttpOperationInvoker extends AbstractHttpOperationInvoker {
* @param baseUrl the base URL to the GemFire Manager's HTTP service.
* @see com.gemstone.gemfire.management.internal.cli.shell.Gfsh
*/
- public SimpleHttpOperationInvoker(final Gfsh gfsh, final String baseUrl) {
- super(gfsh, baseUrl);
+ public SimpleHttpOperationInvoker(final Gfsh gfsh, final String baseUrl, Map<String,String> securityProperties) {
+ super(gfsh, baseUrl, securityProperties);
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d511979e/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java b/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java
new file mode 100644
index 0000000..2eb2d9a
--- /dev/null
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/security/GeodeTokenService.java
@@ -0,0 +1,101 @@
+/**
+ *
+ */
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Random;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.ExpirationAction;
+import com.gemstone.gemfire.cache.ExpirationAttributes;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionFactory;
+import com.gemstone.gemfire.cache.RegionShortcut;
+
+/**
+ * This implementation provides a simple token service, generating and managing
+ * string tokens based on <code>java.util.Random</code>. The generated tokens
+ * are stored in a Geode <code>Region</code>. Older or idle tokens are expired
+ * periodically.
+ * <p>
+ * A new token is issued with each invocation of
+ * {@link GeodeTokenService#validateToken(String, Principal)}.
+ */
+public class GeodeTokenService implements TokenService {
+
+ private Region<String, Principal> tokenStore;
+
+ private Random tokenGenerator = null;
+
+ private int seedBase;
+
+ private long firstToken;
+
+ public GeodeTokenService() {
+ // Create a region with expiration attributes.
+ Cache cache = CacheFactory.getAnyInstance();
+ RegionFactory<String, Principal> rf = cache.createRegionFactory(RegionShortcut.REPLICATE);
+
+ // Remove a token after 30 minutes.
+ rf.setEntryTimeToLive(new ExpirationAttributes(30*60, ExpirationAction.DESTROY));
+ // Remove idle tokens after 5 minutes.
+ rf.setEntryIdleTimeout(new ExpirationAttributes(5*60, ExpirationAction.DESTROY));
+
+ this.tokenStore = rf.create("geode_token_store");
+
+ this.seedBase = cache.getDistributedSystem().getDistributedMember().hashCode();
+ initializeTokenGenerator();
+ }
+
+ private void initializeTokenGenerator() {
+ this.tokenGenerator = new Random(this.seedBase + System.currentTimeMillis());
+ this.firstToken = this.tokenGenerator.nextLong();
+ }
+
+ public static GeodeTokenService create() {
+ return new GeodeTokenService();
+ }
+
+ @Override
+ public String generateToken(Principal principal) {
+ String token = generateTokenString(principal);
+ this.tokenStore.put(token, principal);
+ return token;
+ }
+
+ @Override
+ public String validateToken(String token, Principal principal)
+ throws AuthenticationRequiredException, AuthenticationFailedException {
+ Principal savedPrincipal = this.tokenStore.get(token);
+
+ if (savedPrincipal != null && savedPrincipal.equals(principal)) {
+ // I know this guy. Refresh the token for this client.
+ this.tokenStore.remove(token);
+ token = generateTokenString(savedPrincipal);
+ this.tokenStore.put(token, savedPrincipal);
+ return token;
+ }
+
+ this.tokenStore.remove(token);
+ String msg = "Authentication failed.";
+
+ throw savedPrincipal == null ? new AuthenticationRequiredException(msg)
+ : new AuthenticationFailedException(msg);
+ }
+
+ private synchronized String generateTokenString(Principal principal) {
+ long token = this.tokenGenerator.nextLong();
+ if (token == this.firstToken) {
+ // We have run out of tokens. Re-initialise the token generator.
+ initializeTokenGenerator();
+ // Invalidate all the existing tokens and force authenticated REST clients
+ // to re-authenticate themselves.
+ this.tokenStore.clear();
+ token = this.tokenGenerator.nextLong();
+ }
+ return String.valueOf(token);
+ }
+
+}