You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by hi...@apache.org on 2016/09/13 22:56:15 UTC
[13/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java
deleted file mode 100644
index c222e6c..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestCase.java
+++ /dev/null
@@ -1,1325 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.internal.AvailablePort.*;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.Host.*;
-import static com.gemstone.gemfire.test.dunit.Wait.*;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Random;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.InterestResultPolicy;
-import com.gemstone.gemfire.cache.Operation;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.Region.Entry;
-import com.gemstone.gemfire.cache.RegionDestroyedException;
-import com.gemstone.gemfire.cache.client.ServerConnectivityException;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.cache.query.CqAttributes;
-import com.gemstone.gemfire.cache.query.CqAttributesFactory;
-import com.gemstone.gemfire.cache.query.CqEvent;
-import com.gemstone.gemfire.cache.query.CqException;
-import com.gemstone.gemfire.cache.query.CqListener;
-import com.gemstone.gemfire.cache.query.CqQuery;
-import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
-import com.gemstone.gemfire.cache.query.QueryService;
-import com.gemstone.gemfire.cache.query.SelectResults;
-import com.gemstone.gemfire.cache.query.Struct;
-import com.gemstone.gemfire.internal.AvailablePort.*;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.cache.AbstractRegionEntry;
-import com.gemstone.gemfire.internal.cache.LocalRegion;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator.ClassCode;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
-import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.WaitCriterion;
-import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
-
-/**
- * Base class for tests for authorization from client to server. It contains
- * utility functions for the authorization tests from client to server.
- *
- * @since GemFire 5.5
- */
-public abstract class ClientAuthorizationTestCase extends JUnit4DistributedTestCase {
-
- private static final int PAUSE = 5 * 1000;
-
- protected static VM server1 = null;
- protected static VM server2 = null;
- protected static VM client1 = null;
- protected static VM client2 = null;
-
- protected static final String regionName = REGION_NAME; // TODO: remove
- protected static final String SUBREGION_NAME = "AuthSubregion";
-
- private static final String[] serverIgnoredExceptions = {
- "Connection refused",
- AuthenticationRequiredException.class.getName(),
- AuthenticationFailedException.class.getName(),
- NotAuthorizedException.class.getName(),
- GemFireSecurityException.class.getName(),
- RegionDestroyedException.class.getName(),
- ClassNotFoundException.class.getName()
- };
-
- private static final String[] clientIgnoredExceptions = {
- AuthenticationFailedException.class.getName(),
- NotAuthorizedException.class.getName(),
- RegionDestroyedException.class.getName()
- };
-
- @Override
- public final void preSetUp() throws Exception {
- }
-
- @Override
- public final void postSetUp() throws Exception {
- preSetUpClientAuthorizationTestBase();
- setUpClientAuthorizationTestBase();
- postSetUpClientAuthorizationTestBase();
- }
-
- private final void setUpClientAuthorizationTestBase() throws Exception {
- server1 = getHost(0).getVM(0);
- server2 = getHost(0).getVM(1);
- client1 = getHost(0).getVM(2);
- client2 = getHost(0).getVM(3);
- setUpIgnoredExceptions();
- }
-
- private final void setUpIgnoredExceptions() {
- Set<String> serverExceptions = new HashSet<>();
- serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions()));
- if (serverExceptions.isEmpty()) {
- serverExceptions.addAll(Arrays.asList(serverIgnoredExceptions));
- }
-
- String[] serverExceptionsArray = serverExceptions.toArray(new String[serverExceptions.size()]);
- server1.invoke(() -> registerExpectedExceptions(serverExceptionsArray));
- server2.invoke(() -> registerExpectedExceptions(serverExceptionsArray));
-
- Set<String> clientExceptions = new HashSet<>();
- clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions()));
- if (clientExceptions.isEmpty()) {
- clientExceptions.addAll(Arrays.asList(clientIgnoredExceptions));
- }
-
- String[] clientExceptionsArray = serverExceptions.toArray(new String[clientExceptions.size()]);
- client2.invoke(() -> registerExpectedExceptions(clientExceptionsArray));
- registerExpectedExceptions(clientExceptionsArray);
- }
-
- protected String[] serverIgnoredExceptions() {
- return new String[]{};
- }
-
- protected String[] clientIgnoredExceptions() {
- return new String[]{};
- }
-
- protected void preSetUpClientAuthorizationTestBase() throws Exception {
- }
-
- protected void postSetUpClientAuthorizationTestBase() throws Exception {
- }
-
- @Override
- public final void preTearDown() throws Exception {
- preTearDownClientAuthorizationTestBase();
- tearDownClientAuthorizationTestBase();
- postTearDownClientAuthorizationTestBase();
- }
-
- @Override
- public final void postTearDown() throws Exception {
- }
-
- private final void tearDownClientAuthorizationTestBase() throws Exception {
- // close the clients first
- client1.invoke(() -> closeCache());
- client2.invoke(() -> closeCache());
- // then close the servers
- server1.invoke(() -> closeCache());
- server2.invoke(() -> closeCache());
- }
-
- protected void preTearDownClientAuthorizationTestBase() throws Exception {
- }
-
- protected void postTearDownClientAuthorizationTestBase() throws Exception {
- }
-
- protected static Properties buildProperties(final String authenticator, final String accessor, final boolean isAccessorPP, final Properties extraAuthProps, final Properties extraAuthzProps) {
- Properties authProps = new Properties();
- if (authenticator != null) {
- authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
- }
- if (accessor != null) {
- if (isAccessorPP) {
- authProps.setProperty(SECURITY_CLIENT_ACCESSOR_PP, accessor);
- } else {
- authProps.setProperty(SECURITY_CLIENT_ACCESSOR, accessor);
- }
- }
- return concatProperties(new Properties[] { authProps, extraAuthProps, extraAuthzProps });
- }
-
- protected static Integer createCacheServer(int locatorPort, final Properties authProps, final Properties javaProps) {
- if (locatorPort == 0) {
- locatorPort = getRandomAvailablePort(SOCKET);
- }
- return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, 0, true, NO_EXCEPTION);
- }
-
- protected static int createCacheServer(int locatorPort, final int serverPort, final Properties authProps, final Properties javaProps) {
- if (locatorPort == 0) {
- locatorPort = getRandomAvailablePort(SOCKET);
- }
- return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, null, serverPort, true, NO_EXCEPTION);
- }
-
- protected static Region getRegion() {
- return getCache().getRegion(regionName);
- }
-
- protected static Region getSubregion() {
- return getCache().getRegion(regionName + '/' + SUBREGION_NAME);
- }
-
- private static Region createSubregion(final Region region) {
- Region subregion = getSubregion();
- if (subregion == null) {
- subregion = region.createSubregion(SUBREGION_NAME, region.getAttributes());
- }
- return subregion;
- }
-
- protected static String indicesToString(final int[] indices) {
- String str = "";
- if (indices != null && indices.length > 0) {
- str += indices[0];
- for (int index = 1; index < indices.length; ++index) {
- str += ",";
- str += indices[index];
- }
- }
- return str;
- }
-
- protected static void doOp(OperationCode op, final int[] indices, final int flagsI, final int expectedResult) throws InterruptedException {
- boolean operationOmitted = false;
- final int flags = flagsI;
- Region region = getRegion();
-
- if ((flags & OpFlags.USE_SUBREGION) > 0) {
- assertNotNull(region);
- Region subregion = null;
-
- if ((flags & OpFlags.NO_CREATE_SUBREGION) > 0) {
- if ((flags & OpFlags.CHECK_NOREGION) > 0) {
- // Wait for some time for DRF update to come
- waitForCondition(() -> getSubregion() == null);
- subregion = getSubregion();
- assertNull(subregion);
- return;
-
- } else {
- // Wait for some time for DRF update to come
- waitForCondition(() -> getSubregion() != null);
- subregion = getSubregion();
- assertNotNull(subregion);
- }
-
- } else {
- subregion = createSubregion(region);
- }
-
- assertNotNull(subregion);
- region = subregion;
-
- } else if ((flags & OpFlags.CHECK_NOREGION) > 0) {
- // Wait for some time for region destroy update to come
- waitForCondition(() -> getRegion() == null);
- region = getRegion();
- assertNull(region);
- return;
-
- } else {
- assertNotNull(region);
- }
-
- final String[] keys = KEYS;
- final String[] vals;
- if ((flags & OpFlags.USE_NEWVAL) > 0) {
- vals = NVALUES;
- }
- else {
- vals = VALUES;
- }
-
- InterestResultPolicy policy = InterestResultPolicy.KEYS_VALUES;
- if ((flags & OpFlags.REGISTER_POLICY_NONE) > 0) {
- policy = InterestResultPolicy.NONE;
- }
-
- final int numOps = indices.length;
- System.out.println("Got doOp for op: " + op.toString() + ", numOps: " + numOps + ", indices: " + indicesToString(indices) + ", expect: " + expectedResult);
- boolean exceptionOccured = false;
- boolean breakLoop = false;
-
- if (op.isGet() || op.isContainsKey() || op.isKeySet() || op.isQuery() || op.isExecuteCQ()) {
- Thread.sleep(PAUSE);
- }
-
- for (int indexIndex = 0; indexIndex < numOps; ++indexIndex) {
- if (breakLoop) {
- break;
- }
- int index = indices[indexIndex];
-
- try {
- final Object key = keys[index];
- final Object expectedVal = vals[index];
-
- if (op.isGet()) {
- Object value = null;
- // this is the case for testing GET_ALL
- if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
- breakLoop = true;
- List keyList = new ArrayList(numOps);
- Object searchKey;
-
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- searchKey = keys[keyNum];
- keyList.add(searchKey);
-
- // local invalidate some KEYS to force fetch of those KEYS from server
- if ((flags & OpFlags.CHECK_NOKEY) > 0) {
- AbstractRegionEntry entry = (AbstractRegionEntry)((LocalRegion)region).getRegionEntry(searchKey);
- System.out.println(""+keyNum+": key is " + searchKey + " and entry is " + entry);
- assertFalse(region.containsKey(searchKey));
- } else {
- if (keyNumIndex % 2 == 1) {
- assertTrue(region.containsKey(searchKey));
- region.localInvalidate(searchKey);
- }
- }
- }
-
- Map entries = region.getAll(keyList);
-
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- searchKey = keys[keyNum];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(entries.containsKey(searchKey));
- } else {
- assertTrue(entries.containsKey(searchKey));
- value = entries.get(searchKey);
- assertEquals(vals[keyNum], value);
- }
- }
-
- break;
- }
-
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- Callable<Boolean> condition = new Callable<Boolean>() {
- private Region region;
-
- @Override
- public Boolean call() throws Exception {
- Object value = getLocalValue(region, key);
- return (flags & OpFlags.CHECK_FAIL) > 0 ? !expectedVal.equals(value) : expectedVal.equals(value);
- }
-
- public Callable<Boolean> init(Region region) {
- this.region = region;
- return this;
- }
- }.init(region);
- waitForCondition(condition);
-
- value = getLocalValue(region, key);
-
- } else if ((flags & OpFlags.USE_GET_ENTRY_IN_TX) > 0) {
- getCache().getCacheTransactionManager().begin();
- Entry e = region.getEntry(key);
-
- // Also, check getAll()
- ArrayList a = new ArrayList();
- a.addAll(a);
- region.getAll(a);
-
- getCache().getCacheTransactionManager().commit();
- value = e.getValue();
-
- } else {
- if ((flags & OpFlags.CHECK_NOKEY) > 0) {
- assertFalse(region.containsKey(key));
- } else {
- assertTrue(region.containsKey(key) || ((LocalRegion)region).getRegionEntry(key).isTombstone());
- region.localInvalidate(key);
- }
- value = region.get(key);
- }
-
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(expectedVal.equals(value));
- } else {
- assertNotNull(value);
- assertEquals(expectedVal, value);
- }
-
- } else if (op.isPut()) {
- region.put(key, expectedVal);
-
- } else if (op.isPutAll()) {
- HashMap map = new HashMap();
- for (int i=0; i<indices.length; i++) {
- map.put(keys[indices[i]], vals[indices[i]]);
- }
- region.putAll(map);
- breakLoop = true;
-
- } else if (op.isDestroy()) {
- // if (!region.containsKey(key)) {
- // // Since DESTROY will fail unless the value is present
- // // in the local cache, this is a workaround for two cases:
- // // 1. When the operation is supposed to succeed then in
- // // the current AuthzCredentialGenerators the clients having
- // // DESTROY permission also has CREATE/UPDATE permission
- // // so that calling region.put() will work for that case.
- // // 2. When the operation is supposed to fail with
- // // NotAuthorizedException then in the current
- // // AuthzCredentialGenerators the clients not
- // // having DESTROY permission are those with reader role that have
- // // GET permission.
- // //
- // // If either of these assumptions fails, then this has to be
- // // adjusted or reworked accordingly.
- // if ((flags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- // Object value = region.get(key);
- // assertNotNull(value);
- // assertIndexDetailsEquals(vals[index], value);
- // }
- // else {
- // region.put(key, vals[index]);
- // }
- // }
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localDestroy(key);
- }
- else {
- region.destroy(key);
- }
-
- } else if (op.isInvalidate()) {
- if (region.containsKey(key)) {
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localInvalidate(key);
- } else {
- region.invalidate(key);
- }
- }
-
- } else if (op.isContainsKey()) {
- boolean result;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- result = region.containsKey(key);
- } else {
- result = region.containsKeyOnServer(key);
- }
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(result);
- } else {
- assertTrue(result);
- }
-
- } else if (op.isRegisterInterest()) {
- if ((flags & OpFlags.USE_LIST) > 0) {
- breakLoop = true;
- // Register interest list in this case
- List keyList = new ArrayList(numOps);
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- keyList.add(keys[keyNum]);
- }
- region.registerInterest(keyList, policy);
-
- } else if ((flags & OpFlags.USE_REGEX) > 0) {
- breakLoop = true;
- region.registerInterestRegex("key[1-" + numOps + ']', policy);
-
- } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
- breakLoop = true;
- region.registerInterest("ALL_KEYS", policy);
-
- } else {
- region.registerInterest(key, policy);
- }
-
- } else if (op.isUnregisterInterest()) {
- if ((flags & OpFlags.USE_LIST) > 0) {
- breakLoop = true;
- // Register interest list in this case
- List keyList = new ArrayList(numOps);
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- keyList.add(keys[keyNum]);
- }
- region.unregisterInterest(keyList);
-
- } else if ((flags & OpFlags.USE_REGEX) > 0) {
- breakLoop = true;
- region.unregisterInterestRegex("key[1-" + numOps + ']');
-
- } else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
- breakLoop = true;
- region.unregisterInterest("ALL_KEYS");
-
- } else {
- region.unregisterInterest(key);
- }
-
- } else if (op.isKeySet()) {
- breakLoop = true;
- Set keySet;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- keySet = region.keySet();
- } else {
- keySet = region.keySetOnServer();
- }
-
- assertNotNull(keySet);
- if ((flags & OpFlags.CHECK_FAIL) == 0) {
- assertEquals(numOps, keySet.size());
- }
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(keySet.contains(keys[keyNum]));
- } else {
- assertTrue(keySet.contains(keys[keyNum]));
- }
- }
-
- } else if (op.isQuery()) {
- breakLoop = true;
- SelectResults queryResults = region.query("SELECT DISTINCT * FROM " + region.getFullPath());
- assertNotNull(queryResults);
- Set queryResultSet = queryResults.asSet();
- if ((flags & OpFlags.CHECK_FAIL) == 0) {
- assertEquals(numOps, queryResultSet.size());
- }
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(queryResultSet.contains(vals[keyNum]));
- } else {
- assertTrue(queryResultSet.contains(vals[keyNum]));
- }
- }
-
- } else if (op.isExecuteCQ()) {
- breakLoop = true;
- QueryService queryService = getCache().getQueryService();
- CqQuery cqQuery;
- if ((cqQuery = queryService.getCq("cq1")) == null) {
- CqAttributesFactory cqFact = new CqAttributesFactory();
- cqFact.addCqListener(new AuthzCqListener());
- CqAttributes cqAttrs = cqFact.create();
- cqQuery = queryService.newCq("cq1", "SELECT * FROM " + region.getFullPath(), cqAttrs);
- }
-
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- // Interpret this as testing results using CqListener
- final AuthzCqListener listener = (AuthzCqListener)cqQuery.getCqAttributes().getCqListener();
- WaitCriterion ev = new WaitCriterion() {
- @Override
- public boolean done() {
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- return 0 == listener.getNumUpdates();
- } else {
- return numOps == listener.getNumUpdates();
- }
- }
- @Override
- public String description() {
- return null;
- }
- };
- waitForCriterion(ev, 3 * 1000, 200, true);
-
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertEquals(0, listener.getNumUpdates());
- } else {
- assertEquals(numOps, listener.getNumUpdates());
- listener.checkPuts(vals, indices);
- }
-
- assertEquals(0, listener.getNumCreates());
- assertEquals(0, listener.getNumDestroys());
- assertEquals(0, listener.getNumOtherOps());
- assertEquals(0, listener.getNumErrors());
-
- } else {
- SelectResults cqResults = cqQuery.executeWithInitialResults();
- assertNotNull(cqResults);
- Set cqResultValues = new HashSet();
- for (Object o : cqResults.asList()) {
- Struct s = (Struct)o;
- cqResultValues.add(s.get("value"));
- }
-
- Set cqResultSet = cqResults.asSet();
- if ((flags & OpFlags.CHECK_FAIL) == 0) {
- assertEquals(numOps, cqResultSet.size());
- }
-
- for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
- int keyNum = indices[keyNumIndex];
- if ((flags & OpFlags.CHECK_FAIL) > 0) {
- assertFalse(cqResultValues.contains(vals[keyNum]));
- } else {
- assertTrue(cqResultValues.contains(vals[keyNum]));
- }
- }
- }
-
- } else if (op.isStopCQ()) {
- breakLoop = true;
- CqQuery cqQuery = getCache().getQueryService().getCq("cq1");
- ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
- cqQuery.stop();
-
- } else if (op.isCloseCQ()) {
- breakLoop = true;
- CqQuery cqQuery = getCache().getQueryService().getCq("cq1");
- ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
- cqQuery.close();
-
- } else if (op.isRegionClear()) {
- breakLoop = true;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localClear();
- } else {
- region.clear();
- }
-
- } else if (op.isRegionCreate()) {
- breakLoop = true;
- // Region subregion = createSubregion(region);
- // subregion.createRegionOnServer();
- // Create region on server using the DynamicRegionFactory
- // Assume it has been already initialized
- DynamicRegionFactory drf = DynamicRegionFactory.get();
- Region subregion = drf.createDynamicRegion(regionName, SUBREGION_NAME);
- assertEquals('/' + regionName + '/' + SUBREGION_NAME, subregion.getFullPath());
-
- } else if (op.isRegionDestroy()) {
- breakLoop = true;
- if ((flags & OpFlags.LOCAL_OP) > 0) {
- region.localDestroyRegion();
-
- } else {
- if ((flags & OpFlags.USE_SUBREGION) > 0) {
- try {
- DynamicRegionFactory.get().destroyDynamicRegion(region.getFullPath());
- } catch (RegionDestroyedException ex) {
- // harmless to ignore this
- System.out.println("doOp: sub-region " + region.getFullPath() + " already destroyed");
- operationOmitted = true;
- }
- } else {
- region.destroyRegion();
- }
- }
-
- } else {
- fail("doOp: Unhandled operation " + op);
- }
-
- if (expectedResult != NO_EXCEPTION) {
- if (!operationOmitted && !op.isUnregisterInterest()) {
- fail("Expected an exception while performing operation op =" + op + "flags = " + OpFlags.description(flags));
- }
- }
-
- } catch (Exception ex) {
- exceptionOccured = true;
- if ((ex instanceof ServerConnectivityException || ex instanceof QueryInvocationTargetException || ex instanceof CqException)
- && (expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
- System.out.println("doOp: Got expected NotAuthorizedException when doing operation [" + op + "] with flags " + OpFlags.description(flags) + ": " + ex.getCause());
- continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
- System.out.println("doOp: Got expected exception when doing operation: " + ex.toString());
- continue;
- } else {
- fail("doOp: Got unexpected exception when doing operation. Policy = " + policy + " flags = " + OpFlags.description(flags), ex);
- }
- }
- }
- if (!exceptionOccured && !operationOmitted && expectedResult != NO_EXCEPTION) {
- fail("Expected an exception while performing operation: " + op + " flags = " + OpFlags.description(flags));
- }
- }
-
- protected void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
- for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = opIter.next();
- OperationCode opCode = currentOp.getOperationCode();
- int opFlags = currentOp.getFlags();
- int clientNum = currentOp.getClientNum();
- VM clientVM = null;
- boolean useThisVM = false;
-
- switch (clientNum) {
- case 1:
- clientVM = client1;
- break;
- case 2:
- clientVM = client2;
- break;
- case 3:
- useThisVM = true;
- break;
- default:
- fail("executeOpBlock: Unknown client number " + clientNum);
- break;
- }
-
- System.out.println("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
- if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
- Properties opCredentials;
- int newRnd = random.nextInt(100) + 1;
- String currentRegionName = '/' + regionName;
- if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
- currentRegionName += ('/' + SUBREGION_NAME);
- }
-
- String credentialsTypeStr;
- OperationCode authOpCode = currentOp.getAuthzOperationCode();
- int[] indices = currentOp.getIndices();
- CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
- final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
-
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
- opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " unauthorized " + authOpCode;
- } else {
- opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] { opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " authorized " + authOpCode;
- }
-
- Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
- // Start the client with valid credentials but allowed or disallowed to perform an operation
- System.out.println("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
- boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
-
- if (useThisVM) {
- SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
- } else {
- clientVM.invoke("SecurityTestUtils.createCacheClientWithDynamicRegion",
- () -> SecurityTestUtils.createCacheClientWithDynamicRegion(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
- }
- }
-
- int expectedResult;
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- expectedResult = NOTAUTHZ_EXCEPTION;
- } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
- expectedResult = OTHER_EXCEPTION;
- } else {
- expectedResult = NO_EXCEPTION;
- }
-
- // Perform the operation from selected client
- if (useThisVM) {
- doOp(opCode, currentOp.getIndices(), new Integer(opFlags), new Integer(expectedResult));
- } else {
- int[] indices = currentOp.getIndices();
- clientVM.invoke("ClientAuthorizationTestCase.doOp",
- () -> ClientAuthorizationTestCase.doOp( opCode, indices, new Integer(opFlags), new Integer(expectedResult) ));
- }
- }
- }
-
- protected AuthzCredentialGenerator getXmlAuthzGenerator(){
- AuthzCredentialGenerator authzGen = new XmlAuthzCredentialGenerator();
- CredentialGenerator cGen = new DummyCredentialGenerator();
- cGen.init();
- authzGen.init(cGen);
- return authzGen;
- }
-
- protected List<AuthzCredentialGenerator> getDummyGeneratorCombos() {
- List<AuthzCredentialGenerator> generators = new ArrayList<>();
- Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll().iterator();
-
- while (authzCodeIter.hasNext()) {
- ClassCode authzClassCode = (ClassCode) authzCodeIter.next();
- AuthzCredentialGenerator authzGen = AuthzCredentialGenerator.create(authzClassCode);
-
- if (authzGen != null) {
- CredentialGenerator cGen = new DummyCredentialGenerator();
- cGen.init();
- if (authzGen.init(cGen)) {
- generators.add(authzGen);
- }
- }
- }
-
- assertTrue(generators.size() > 0);
- return generators;
- }
-
- protected void runOpsWithFailOver(final OperationWithAction[] opCodes, final String testName) throws InterruptedException {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
- TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
-
- System.out.println(testName + ": Using authinit: " + authInit);
- System.out.println(testName + ": Using authenticator: " + authenticator);
- System.out.println(testName + ": Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- // Get ports for the servers
- List<Keeper> randomAvailableTCPPortKeepers = AvailablePortHelper.getRandomAvailableTCPPortKeepers(4);
- Keeper locator1PortKeeper = randomAvailableTCPPortKeepers.get(0);
- Keeper locator2PortKeeper = randomAvailableTCPPortKeepers.get(1);
- Keeper port1Keeper = randomAvailableTCPPortKeepers.get(2);
- Keeper port2Keeper = randomAvailableTCPPortKeepers.get(3);
- int locator1Port = locator1PortKeeper.getPort();
- int locator2Port = locator2PortKeeper.getPort();
- int port1 = port1Keeper.getPort();
- int port2 = port2Keeper.getPort();
-
- // Perform all the ops on the clients
- List opBlock = new ArrayList();
- Random rnd = new Random();
-
- for (int opNum = 0; opNum < opCodes.length; ++opNum) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = opCodes[opNum];
-
- if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- // End of current operation block; execute all the operations on the servers with/without failover
- if (opBlock.size() > 0) {
- locator1PortKeeper.release();
- port1Keeper.release();
-
- // Start the first server and execute the operation block
- server1.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator1Port, port1, serverProps, javaProps ));
- server2.invoke("closeCache", () -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
-
- if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- // Failover to the second server and run the block again
- locator2PortKeeper.release();
- port2Keeper.release();
-
- server2.invoke("createCacheServer", () -> ClientAuthorizationTestCase.createCacheServer(locator2Port, port2, serverProps, javaProps ));
- server1.invoke("closeCache", () -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
- }
- opBlock.clear();
- }
-
- } else {
- currentOp.setOpNum(opNum);
- opBlock.add(currentOp);
- }
- }
- }
-
- /**
- * Implements the {@link CqListener} interface and counts the number of
- * different operations and also queues up the received updates to precise
- * checking of each update.
- *
- * @since GemFire 5.5
- */
- private static class AuthzCqListener implements CqListener {
-
- private List<CqEvent> eventList;
- private int numCreates;
- private int numUpdates;
- private int numDestroys;
- private int numOtherOps;
- private int numErrors;
-
- public AuthzCqListener() {
- this.eventList = new ArrayList<>();
- reset();
- }
-
- public void reset() {
- this.eventList.clear();
- this.numCreates = 0;
- this.numUpdates = 0;
- this.numErrors = 0;
- }
-
- public void onEvent(final CqEvent aCqEvent) {
- Operation op = aCqEvent.getBaseOperation();
- if (op.isCreate()) {
- ++this.numCreates;
- } else if (op.isUpdate()) {
- ++this.numUpdates;
- } else if (op.isDestroy()) {
- ++this.numDestroys;
- } else {
- ++this.numOtherOps;
- }
- eventList.add(aCqEvent);
- }
-
- public void onError(final CqEvent aCqEvent) {
- ++this.numErrors;
- }
-
- public void close() {
- this.eventList.clear();
- }
-
- public int getNumCreates() {
- return this.numCreates;
- }
-
- public int getNumUpdates() {
- return this.numUpdates;
- }
-
- public int getNumDestroys() {
- return this.numDestroys;
- }
-
- public int getNumOtherOps() {
- return this.numOtherOps;
- }
-
- public int getNumErrors() {
- return this.numErrors;
- }
-
- public void checkPuts(final String[] vals, final int[] indices) {
- for (int indexIndex = 0; indexIndex < indices.length; ++indexIndex) {
- int index = indices[indexIndex];
- boolean foundKey = false;
-
- for (Iterator<CqEvent> eventIter = this.eventList.iterator(); eventIter.hasNext();) {
- CqEvent event = (CqEvent)eventIter.next();
- if (KEYS[index].equals(event.getKey())) {
- assertEquals(vals[index], event.getNewValue());
- foundKey = true;
- break;
- }
- }
-
- assertTrue(foundKey);
- }
- }
- }
-
- /**
- * This class specifies flags that can be used to alter the behaviour of
- * operations being performed by the <code>doOp</code> function.
- *
- * @since GemFire 5.5
- */
- protected static class OpFlags {
-
- /**
- * Default behaviour.
- */
- public static final int NONE = 0x0;
-
- /**
- * Check that the operation should fail.
- */
- public static final int CHECK_FAIL = 0x1;
-
- /**
- * Check that the operation should throw <code>NotAuthorizedException</code>.
- */
- public static final int CHECK_NOTAUTHZ = 0x2;
-
- /**
- * Check that the region should not be available.
- */
- public static final int CHECK_NOREGION = 0x4;
-
- /**
- * Check that the operation should throw an exception other than the
- * <code>NotAuthorizedException</code>.
- */
- public static final int CHECK_EXCEPTION = 0x8;
-
- /**
- * Check for nvalues[] instead of values[].
- */
- public static final int USE_NEWVAL = 0x10;
-
- /**
- * Register all KEYS. For GET operations indicates using getAll().
- */
- public static final int USE_ALL_KEYS = 0x20;
-
- /**
- * Register a regular expression.
- */
- public static final int USE_REGEX = 0x40;
-
- /**
- * Register a list of KEYS.
- */
- public static final int USE_LIST = 0x80;
-
- /**
- * Perform the local version of the operation.
- */
- public static final int LOCAL_OP = 0x100;
-
- /**
- * Check that the key for the operation should not be present.
- */
- public static final int CHECK_NOKEY = 0x200;
-
- /**
- * Use the sub-region for performing the operation.
- */
- public static final int USE_SUBREGION = 0x400;
-
- /**
- * Do not try to create the sub-region.
- */
- public static final int NO_CREATE_SUBREGION = 0x800;
-
- /**
- * Do not re-connect using new credentials rather use the previous
- * connection.
- */
- public static final int USE_OLDCONN = 0x1000;
-
- /**
- * Do the connection with unauthorized credentials but do not check that the
- * operation throws <code>NotAuthorizedException</code>.
- */
- public static final int USE_NOTAUTHZ = 0x2000;
-
- /**
- * Enable {@link DynamicRegionFactory} on the client.
- */
- public static final int ENABLE_DRF = 0x4000;
-
- /**
- * Use the {@link InterestResultPolicy#NONE} for register interest.
- */
- public static final int REGISTER_POLICY_NONE = 0x8000;
-
- /**
- * Use the {@link LocalRegion#getEntry} under transaction.
- */
- public static final int USE_GET_ENTRY_IN_TX = 0x10000;
-
- public static String description(int f) {
- StringBuffer sb = new StringBuffer();
- sb.append("[");
- if ((f & CHECK_FAIL) != 0) {
- sb.append("CHECK_FAIL,");
- }
- if ((f & CHECK_NOTAUTHZ) != 0) {
- sb.append("CHECK_NOTAUTHZ,");
- }
- if ((f & CHECK_NOREGION) != 0) {
- sb.append("CHECK_NOREGION,");
- }
- if ((f & CHECK_EXCEPTION) != 0) {
- sb.append("CHECK_EXCEPTION,");
- }
- if ((f & USE_NEWVAL) != 0) {
- sb.append("USE_NEWVAL,");
- }
- if ((f & USE_ALL_KEYS) != 0) {
- sb.append("USE_ALL_KEYS,");
- }
- if ((f & USE_REGEX) != 0) {
- sb.append("USE_REGEX,");
- }
- if ((f & USE_LIST) != 0) {
- sb.append("USE_LIST,");
- }
- if ((f & LOCAL_OP) != 0) {
- sb.append("LOCAL_OP,");
- }
- if ((f & CHECK_NOKEY) != 0) {
- sb.append("CHECK_NOKEY,");
- }
- if ((f & USE_SUBREGION) != 0) {
- sb.append("USE_SUBREGION,");
- }
- if ((f & NO_CREATE_SUBREGION) != 0) {
- sb.append("NO_CREATE_SUBREGION,");
- }
- if ((f & USE_OLDCONN) != 0) {
- sb.append("USE_OLDCONN,");
- }
- if ((f & USE_NOTAUTHZ) != 0) {
- sb.append("USE_NOTAUTHZ");
- }
- if ((f & ENABLE_DRF) != 0) {
- sb.append("ENABLE_DRF,");
- }
- if ((f & REGISTER_POLICY_NONE) != 0) {
- sb.append("REGISTER_POLICY_NONE,");
- }
- sb.append("]");
- return sb.toString();
- }
- }
-
- /**
- * This class encapsulates an {@link OperationCode} with associated flags, the
- * client to perform the operation, and the number of operations to perform.
- *
- * @since GemFire 5.5
- */
- protected static class OperationWithAction {
-
- /**
- * The operation to be performed.
- */
- private OperationCode opCode;
-
- /**
- * The operation for which authorized or unauthorized credentials have to be
- * generated. This is the same as {@link #opCode} when not specified.
- */
- private OperationCode authzOpCode;
-
- /**
- * The client number on which the operation has to be performed.
- */
- private int clientNum;
-
- /**
- * Bitwise or'd {@link OpFlags} integer to change/specify the behaviour of the operations.
- */
- private int flags;
-
- /**
- * Indices of the KEYS array to be used for operations.
- */
- private int[] indices;
-
- /**
- * An index for the operation used for logging.
- */
- private int opNum;
-
- /**
- * Indicates end of an operation block which can be used for testing with failover
- */
- public static final OperationWithAction OPBLOCK_END = new OperationWithAction(null, 4);
-
- /**
- * Indicates end of an operation block which should not be used for testing with failover
- */
- public static final OperationWithAction OPBLOCK_NO_FAILOVER = new OperationWithAction(null, 5);
-
- private void setIndices(int numOps) {
- this.indices = new int[numOps];
- for (int index = 0; index < numOps; ++index) {
- this.indices[index] = index;
- }
- }
-
- public OperationWithAction(final OperationCode opCode) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = 1;
- this.flags = OpFlags.NONE;
- setIndices(4);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final int clientNum) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = clientNum;
- this.flags = OpFlags.NONE;
- setIndices(4);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int numOps) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = clientNum;
- this.flags = flags;
- setIndices(numOps);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int numOps) {
- this.opCode = opCode;
- this.authzOpCode = deniedOpCode;
- this.clientNum = clientNum;
- this.flags = flags;
- setIndices(numOps);
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final int clientNum, final int flags, final int[] indices) {
- this.opCode = opCode;
- this.authzOpCode = opCode;
- this.clientNum = clientNum;
- this.flags = flags;
- this.indices = indices;
- this.opNum = 0;
- }
-
- public OperationWithAction(final OperationCode opCode, final OperationCode deniedOpCode, final int clientNum, final int flags, final int[] indices) {
- this.opCode = opCode;
- this.authzOpCode = deniedOpCode;
- this.clientNum = clientNum;
- this.flags = flags;
- this.indices = indices;
- this.opNum = 0;
- }
-
- public OperationCode getOperationCode() {
- return this.opCode;
- }
-
- public OperationCode getAuthzOperationCode() {
- return this.authzOpCode;
- }
-
- public int getClientNum() {
- return this.clientNum;
- }
-
- public int getFlags() {
- return this.flags;
- }
-
- public int[] getIndices() {
- return this.indices;
- }
-
- public int getOpNum() {
- return this.opNum;
- }
-
- public void setOpNum(int opNum) {
- this.opNum = opNum;
- }
-
- @Override
- public String toString() {
- return "opCode:" + this.opCode + ",authOpCode:" + this.authzOpCode + ",clientNum:" + this.clientNum + ",flags:" + this.flags + ",numOps:" + this.indices.length + ",indices:" + indicesToString(this.indices);
- }
- }
-
- /**
- * Simple interface to generate credentials with authorization based on key
- * indices also. This is utilized by the post-operation authorization tests
- * where authorization is based on key indices.
- *
- * @since GemFire 5.5
- */
- protected interface TestCredentialGenerator {
-
- /**
- * Get allowed credentials for the given set of operations in the given
- * regions and indices of KEYS in the <code>KEYS</code> array
- */
- public Properties getAllowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num);
-
- /**
- * Get disallowed credentials for the given set of operations in the given
- * regions and indices of KEYS in the <code>KEYS</code> array
- */
- public Properties getDisallowedCredentials(OperationCode[] opCodes, String[] regionNames, int[] keyIndices, int num);
-
- /**
- * Get the {@link CredentialGenerator} if any.
- */
- public CredentialGenerator getCredentialGenerator();
- }
-
- /**
- * Contains a {@link AuthzCredentialGenerator} and implements the
- * {@link TestCredentialGenerator} interface.
- *
- * @since GemFire 5.5
- */
- protected static class TestAuthzCredentialGenerator implements TestCredentialGenerator {
-
- private AuthzCredentialGenerator authzGen;
-
- public TestAuthzCredentialGenerator(final AuthzCredentialGenerator authzGen) {
- this.authzGen = authzGen;
- }
-
- public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) {
- return this.authzGen.getAllowedCredentials(opCodes, regionNames, num);
- }
-
- public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int[] keyIndices, final int num) {
- return this.authzGen.getDisallowedCredentials(opCodes, regionNames, num);
- }
-
- public CredentialGenerator getCredentialGenerator() {
- return authzGen.getCredentialGenerator();
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
deleted file mode 100644
index 38f9988..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
+++ /dev/null
@@ -1,345 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.Iterator;
-import java.util.Properties;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.execute.Function;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.internal.cache.execute.PRClientServerTestBase;
-import com.gemstone.gemfire.internal.cache.functions.TestFunction;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientMultiUserAuthzDUnitTest extends ClientAuthorizationTestCase {
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- /**
- * Tests with one user authorized to do puts/gets/containsKey/destroys and
- * another not authorized for the same.
- */
- @Test
- public void testOps1() throws Exception {
- for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
- AuthzCredentialGenerator gen = iter.next();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testOps1: Using authinit: " + authInit);
- getLogWriter().info("testOps1: Using authenticator: " + authenticator);
- getLogWriter().info("testOps1: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
- int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyPutsGets();
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyContainsKeyDestroys();
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.INVALIDATE, OperationCode.INVALIDATE}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyContainsKeyInvalidates();
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.GET, OperationCode.GET}, new OperationCode[] { OperationCode.REGION_DESTROY, OperationCode.REGION_DESTROY}, javaProps, authInit, port1, port2)) {
- continue;
- }
-
- verifyGetAllInTX();
- verifyGetAllRegionDestroys();
- }
- }
-
- /**
- * Test query/function execute
- */
- @Test
- public void testOps2() throws Exception {
- AuthzCredentialGenerator gen = getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testOps2: Using authinit: " + authInit);
- getLogWriter().info("testOps2: Using authenticator: " + authenticator);
- getLogWriter().info("testOps2: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
- int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
-
- // Start client1 with valid/invalid QUERY credentials
- Properties[] client1Credentials = new Properties[] {
- gen.getAllowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1),
- gen.getDisallowedCredentials(new OperationCode[] {OperationCode.PUT, OperationCode.QUERY}, new String[] {regionName}, 1)
- };
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps2: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]);
-
- final Properties finalJavaProps = javaProps;
- client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- // Start client2 with valid/invalid EXECUTE_FUNCTION credentials
- Properties[] client2Credentials = new Properties[] {
- gen.getAllowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 2),
- gen.getDisallowedCredentials(new OperationCode[] {OperationCode.EXECUTE_FUNCTION}, new String[] {regionName}, 9)
- };
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps2: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]);
-
- final Properties finalJavaProps2 = javaProps;
- client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- Function function = new TestFunction(true,TestFunction.TEST_FUNCTION1);
-
- server1.invoke(() -> PRClientServerTestBase.registerFunction(function));
-
- server2.invoke(() -> PRClientServerTestBase.registerFunction(function));
-
- // Perform some put operations before verifying queries
- client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
- client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
- client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
-
- // Verify that the FE succeeds/fails
- client2.invoke(() ->doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, false));
-
- // Failover
- server1.invoke(() -> closeCache());
- Thread.sleep(2000);
-
- client1.invoke(() -> doMultiUserPuts(4, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- client1.invoke(() -> doMultiUserQueries(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
- client1.invoke(() -> doMultiUserQueryExecute(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, 4));
-
- // Verify that the FE succeeds/fails
- client2.invoke(() -> doMultiUserFE(2, function, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true));
- }
-
- @Test
- public void testOpsWithClientsInDifferentModes() throws Exception {
- for (Iterator<AuthzCredentialGenerator> iter = getDummyGeneratorCombos().iterator(); iter.hasNext();) {
- AuthzCredentialGenerator gen = iter.next();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testOpsWithClientsInDifferentModes: Using authinit: " + authInit);
- getLogWriter().info("testOpsWithClientsInDifferentModes: Using authenticator: " + authenticator);
- getLogWriter().info("testOpsWithClientsInDifferentModes: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createCacheServerOnVM(server1, javaProps, serverProps);
- int port2 = createCacheServerOnVM(server2, javaProps, serverProps);
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.PUT}, new OperationCode[] { OperationCode.GET, OperationCode.GET}, javaProps, authInit, port1, port2, false, true)) {
- continue;
- }
-
- verifyPutsGets(false, true);
-
- if (!prepareClientsForOps(gen, cGen, new OperationCode[] { OperationCode.PUT, OperationCode.CONTAINS_KEY}, new OperationCode[] { OperationCode.DESTROY, OperationCode.DESTROY}, javaProps, authInit, port1, port2, false, false)) {
- continue;
- }
-
- verifyContainsKeyDestroys(false, false);
- }
- }
-
- private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, final Properties javaProps, final String authInit, final int port1, final int port2) {
- return prepareClientsForOps(gen, cGen, client1OpCodes, client2OpCodes, javaProps, authInit, port1, port2, true /* both clients in multiuser mode */, false /* unused */);
- }
-
- private boolean prepareClientsForOps(final AuthzCredentialGenerator gen, final CredentialGenerator cGen, final OperationCode[] client1OpCodes, final OperationCode[] client2OpCodes, Properties javaProps, final String authInit, final int port1, final int port2, final boolean bothClientsInMultiuserMode, final boolean allowOp) {
- // Start client1 with valid/invalid client1OpCodes credentials
- Properties[] client1Credentials = new Properties[] { gen.getAllowedCredentials(client1OpCodes, new String[] {regionName}, 1), gen.getDisallowedCredentials(new OperationCode[] {client1OpCodes[1]}, new String[] {regionName}, 1)};
-
- if (client1Credentials[0] == null || client1Credentials[0].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client1OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- if (client1Credentials[1] == null || client1Credentials[1].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client1OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps1: For first client credentials: " + client1Credentials[0] + "\n" + client1Credentials[1]);
- final Properties finalJavaProps = javaProps;
-
- client1.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client1Credentials, finalJavaProps, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- // Start client2 with valid/invalid client2OpCodes credentials
- Properties[] client2Credentials = new Properties[] { gen.getAllowedCredentials(client2OpCodes, new String[] {regionName}, 2), gen.getDisallowedCredentials(client2OpCodes, new String[] {regionName}, 9)};
-
- if (client2Credentials[0] == null || client2Credentials[0].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with " + client2OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- if (client2Credentials[1] == null || client2Credentials[1].size() == 0) {
- getLogWriter().info("testOps1: Unable to obtain valid credentials with no " + client2OpCodes[0].toString() + " permission; skipping this combination.");
- return false;
- }
-
- javaProps = cGen.getJavaProperties();
- getLogWriter().info("testOps1: For second client credentials: " + client2Credentials[0] + "\n" + client2Credentials[1]);
-
- if (bothClientsInMultiuserMode) {
- final Properties finalJavaProps2 = javaProps;
- client2.invoke(() -> createCacheClientForMultiUserMode(2, authInit, client2Credentials, finalJavaProps2, new int[] {port1, port2}, -1, false, NO_EXCEPTION));
-
- } else {
- int credentialsIndex = allowOp ? 0 : 1;
- final Properties finalJavaProps2 = javaProps;
- client2.invoke(() -> createCacheClient(authInit, client2Credentials[credentialsIndex], finalJavaProps2, new int[] {port1, port2}, -1, false, false, NO_EXCEPTION));
- }
-
- return true;
- }
-
- private void verifyPutsGets() throws Exception {
- verifyPutsGets(true, false /*unused */);
- }
-
- private void verifyPutsGets(final boolean isMultiuser, final boolean opAllowed) throws Exception {
- // Perform some put operations from client1
- client1.invoke(() -> doMultiUserPuts(2, 2, new int[] { NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- // Verify that the gets succeed/fail
- if (isMultiuser) {
- client2.invoke(() -> doMultiUserGets(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- } else {
- int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
- client2.invoke(() -> doMultiUserGets(1, 1, new int[] {expectedResult}));
- }
- }
-
- private void verifyContainsKeyDestroys() throws Exception {
- verifyContainsKeyDestroys(true, false /* unused */);
- }
-
- private void verifyContainsKeyDestroys(final boolean isMultiUser, final boolean opAllowed) throws Exception {
- // Do puts before verifying containsKey
- client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION}));
- client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false}));
-
- // Verify that the destroys succeed/fail
- if (isMultiUser) {
- client2.invoke(() -> doMultiUserDestroys(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- } else {
- int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
- client2.invoke(() -> doMultiUserDestroys(1, 1, new int[] {expectedResult}));
- }
- }
-
- private void verifyContainsKeyInvalidates() throws Exception {
- verifyContainsKeyInvalidates(true, false /* unused */);
- }
-
- private void verifyContainsKeyInvalidates(final boolean isMultiUser, final boolean opAllowed) throws Exception {
- // Do puts before verifying containsKey
- client1.invoke(() -> doMultiUserPuts(2, 2, new int[] {NO_EXCEPTION, NO_EXCEPTION}));
- client1.invoke(() -> doMultiUserContainsKeys(1, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, new boolean[] {true, false}));
-
- // Verify that the invalidates succeed/fail
- if (isMultiUser) {
- client2.invoke(() -> doMultiUserInvalidates(2, 2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- } else {
- int expectedResult = (opAllowed) ? NO_EXCEPTION : NOTAUTHZ_EXCEPTION;
- client2.invoke(() -> doMultiUserInvalidates(1, 1, new int[] {expectedResult}));
- }
- }
-
- private void verifyGetAllInTX() {
- server1.invoke(() -> doPuts());
- client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}, true/*use TX*/));
- }
-
- private void verifyGetAllRegionDestroys() {
- server1.invoke(() -> doPuts());
- client1.invoke(() -> doMultiUserGetAll(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
-
- // Verify that the region destroys succeed/fail
- client2.invoke(() -> doMultiUserRegionDestroys(2, new int[] {NO_EXCEPTION, NOTAUTHZ_EXCEPTION}));
- }
-
- private void doPuts() {
- Region region = GemFireCacheImpl.getInstance().getRegion(REGION_NAME);
- region.put("key1", "value1");
- region.put("key2", "value2");
- }
-
- private int createCacheServerOnVM(final VM server, final Properties javaProps, final Properties serverProps) {
- return server.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
deleted file mode 100644
index 0efd3d6..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
+++ /dev/null
@@ -1,201 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.security.ClientAuthenticationTestUtils.createCacheClient;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.Properties;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.DeltaTestImpl;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * @since GemFire 6.1
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public final class DeltaClientAuthorizationDUnitTest extends ClientAuthorizationTestCase {
-
- private DeltaTestImpl[] deltas = new DeltaTestImpl[8];
-
- @Override
- protected final void preSetUpClientAuthorizationTestBase() throws Exception {
- setUpDeltas();
- }
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- @Test
- public void testAllowPutsGets() throws Exception {
- AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
-
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
-
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
-
- getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
- getLogWriter().info("testAllowPutsGets: Using authenticator: " + authenticator);
- getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, false, extraAuthProps, extraAuthzProps);
-
- int port1 = createServer1(javaProps, serverProps);
- int port2 = createServer2(javaProps, serverProps);
-
- // Start client1 with valid CREATE credentials
- Properties createCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.PUT }, new String[] { REGION_NAME }, 1);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testAllowPutsGets: For first client credentials: " + createCredentials);
-
- createClient1(javaProps, authInit, port1, port2, createCredentials);
-
- // Start client2 with valid GET credentials
- Properties getCredentials = gen.getAllowedCredentials(new OperationCode[] { OperationCode.GET }, new String[] { REGION_NAME }, 2);
- javaProps = cGen.getJavaProperties();
-
- getLogWriter().info("testAllowPutsGets: For second client credentials: " + getCredentials);
-
- createClient2(javaProps, authInit, port1, port2, getCredentials);
-
- // Perform some put operations from client1
- client1.invoke(() -> doPuts(2, NO_EXCEPTION));
-
- Thread.sleep(5000);
- assertTrue("Delta feature NOT used", client1.invoke(() -> DeltaTestImpl.toDeltaFeatureUsed()));
-
- // Verify that the gets succeed
- client2.invoke(() -> doGets(2, NO_EXCEPTION));
- }
-
- private void createClient2(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties getCredentials) {
- client2.invoke(() -> createCacheClient(authInit, getCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
- }
-
- private void createClient1(final Properties javaProps, final String authInit, final int port1, final int port2, final Properties createCredentials) {
- client1.invoke(() -> createCacheClient(authInit, createCredentials, javaProps, port1, port2, 0, NO_EXCEPTION));
- }
-
- private int createServer2(final Properties javaProps, final Properties serverProps) {
- return server2.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-
- private int createServer1(final Properties javaProps, final Properties serverProps) {
- return server1.invoke(() -> createCacheServer(getLocatorPort(), serverProps, javaProps));
- }
-
- private void doPuts(final int num, final int expectedResult) {
- assertTrue(num <= KEYS.length);
- Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
- for (int index = 0; index < num; ++index) {
- region.put(KEYS[index], deltas[0]);
- }
- for (int index = 0; index < num; ++index) {
- region.put(KEYS[index], deltas[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing puts");
- }
- }
- }
-
- private void doGets(final int num, final int expectedResult) {
- assertTrue(num <= KEYS.length);
-
- Region region = getCache().getRegion(REGION_NAME);
- assertNotNull(region);
-
- for (int index = 0; index < num; ++index) {
- region.localInvalidate(KEYS[index]);
- Object value = region.get(KEYS[index]);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a NotAuthorizedException while doing gets");
- }
- assertNotNull(value);
- assertEquals(deltas[index], value);
- }
- }
-
- private final void setUpDeltas() {
- for (int i = 0; i < 8; i++) {
- deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new TestObject1("0", 0));
- }
- deltas[1].setIntVar(5);
- deltas[2].setIntVar(5);
- deltas[3].setIntVar(5);
- deltas[4].setIntVar(5);
- deltas[5].setIntVar(5);
- deltas[6].setIntVar(5);
- deltas[7].setIntVar(5);
-
- deltas[2].resetDeltaStatus();
- deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
-
- deltas[3].resetDeltaStatus();
- deltas[3].setDoubleVar(new Double(5));
- deltas[4].setDoubleVar(new Double(5));
- deltas[5].setDoubleVar(new Double(5));
- deltas[6].setDoubleVar(new Double(5));
- deltas[7].setDoubleVar(new Double(5));
-
- deltas[4].resetDeltaStatus();
- deltas[4].setStr("str changed");
- deltas[5].setStr("str changed");
- deltas[6].setStr("str changed");
- //deltas[7].setStr("str changed");
-
- deltas[5].resetDeltaStatus();
- deltas[5].setIntVar(100);
- deltas[5].setTestObj(new TestObject1("CHANGED", 100));
- deltas[6].setTestObj(new TestObject1("CHANGED", 100));
- deltas[7].setTestObj(new TestObject1("CHANGED", 100));
-
- deltas[6].resetDeltaStatus();
- deltas[6].setByteArr(new byte[] { 1, 2, 3 });
- deltas[7].setByteArr(new byte[] { 1, 2, 3 });
-
- deltas[7].resetDeltaStatus();
- deltas[7].setStr("delta string");
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
deleted file mode 100644
index ff8d23d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static com.gemstone.gemfire.test.dunit.Assert.*;
-import static com.gemstone.gemfire.test.dunit.IgnoredException.*;
-import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Properties;
-import java.util.Random;
-
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import com.gemstone.gemfire.DeltaTestImpl;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest;
-import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
-import com.gemstone.gemfire.security.generator.CredentialGenerator;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-/**
- * @since GemFire 6.1
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class DeltaClientPostAuthorizationDUnitTest extends ClientAuthorizationTestCase {
-
- private static final int PAUSE = 5 * 1000; // TODO: replace with Awaitility
-
- private DeltaTestImpl[] deltas = new DeltaTestImpl[8];
-
- @Override
- public final void preSetUpClientAuthorizationTestBase() throws Exception {
- setUpDeltas();
- addIgnoredException("Unexpected IOException");
- addIgnoredException("SocketException");
- }
-
- @Override
- public final void preTearDownClientAuthorizationTestBase() throws Exception {
- closeCache();
- }
-
- @Test
- public void testPutPostOpNotifications() throws Exception {
- OperationWithAction[] allOps = allOps();
-
- AuthzCredentialGenerator gen = this.getXmlAuthzGenerator();
- CredentialGenerator cGen = gen.getCredentialGenerator();
- Properties extraAuthProps = cGen.getSystemProperties();
- Properties javaProps = cGen.getJavaProperties();
- Properties extraAuthzProps = gen.getSystemProperties();
- String authenticator = cGen.getAuthenticator();
- String authInit = cGen.getAuthInit();
- String accessor = gen.getAuthorizationCallback();
- TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
-
- getLogWriter().info("testAllOpsNotifications: Using authinit: " + authInit);
- getLogWriter().info("testAllOpsNotifications: Using authenticator: " + authenticator);
- getLogWriter().info("testAllOpsNotifications: Using accessor: " + accessor);
-
- // Start servers with all required properties
- Properties serverProps = buildProperties(authenticator, accessor, true, extraAuthProps, extraAuthzProps);
-
- // Get ports for the servers
- int[] randomAvailableTCPPorts = AvailablePortHelper.getRandomAvailableTCPPorts(2);
- int port1 = randomAvailableTCPPorts[0];
- int port2 = randomAvailableTCPPorts[1];
-
- // Perform all the ops on the clients
- List opBlock = new ArrayList();
- Random rnd = new Random();
-
- for (int opNum = 0; opNum < allOps.length; ++opNum) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = allOps[opNum];
- if (currentOp.equals(OperationWithAction.OPBLOCK_END) || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
-
- // End of current operation block; execute all the operations on the servers with failover
- if (opBlock.size() > 0) {
- // Start the first server and execute the operation block
- server1.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port1, serverProps, javaProps ));
- server2.invoke(() -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
-
- if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
- // Failover to the second server and run the block again
- server2.invoke(() -> ClientAuthorizationTestCase.createCacheServer(getLocatorPort(), port2, serverProps, javaProps ));
- server1.invoke(() -> closeCache());
-
- executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps, extraAuthzProps, tgen, rnd);
- }
-
- opBlock.clear();
- }
-
- } else {
- currentOp.setOpNum(opNum);
- opBlock.add(currentOp);
- }
- }
- }
-
- @Override
- protected final void executeOpBlock(final List<OperationWithAction> opBlock, final int port1, final int port2, final String authInit, final Properties extraAuthProps, final Properties extraAuthzProps, final TestCredentialGenerator credentialGenerator, final Random random) throws InterruptedException {
- for (Iterator<OperationWithAction> opIter = opBlock.iterator(); opIter.hasNext();) {
- // Start client with valid credentials as specified in OperationWithAction
- OperationWithAction currentOp = opIter.next();
- OperationCode opCode = currentOp.getOperationCode();
- int opFlags = currentOp.getFlags();
- int clientNum = currentOp.getClientNum();
- VM clientVM = null;
- boolean useThisVM = false;
-
- switch (clientNum) {
- case 1:
- clientVM = client1;
- break;
- case 2:
- clientVM = client2;
- break;
- case 3:
- useThisVM = true;
- break;
- default:
- fail("executeOpBlock: Unknown client number " + clientNum);
- break;
- }
-
- getLogWriter().info("executeOpBlock: performing operation number [" + currentOp.getOpNum() + "]: " + currentOp);
-
- if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
- Properties opCredentials;
- int newRnd = random.nextInt(100) + 1;
- String currentRegionName = '/' + regionName;
- if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
- currentRegionName += ('/' + SUBREGION_NAME);
- }
-
- String credentialsTypeStr;
- OperationCode authOpCode = currentOp.getAuthzOperationCode();
- int[] indices = currentOp.getIndices();
- CredentialGenerator cGen = credentialGenerator.getCredentialGenerator();
- final Properties javaProps = cGen == null ? null : cGen.getJavaProperties();
-
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0 || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
- opCredentials = credentialGenerator.getDisallowedCredentials(new OperationCode[] { authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " unauthorized " + authOpCode;
-
- } else {
- opCredentials = credentialGenerator.getAllowedCredentials(new OperationCode[] {opCode, authOpCode }, new String[] { currentRegionName }, indices, newRnd);
- credentialsTypeStr = " authorized " + authOpCode;
- }
-
- Properties clientProps = concatProperties(new Properties[] { opCredentials, extraAuthProps, extraAuthzProps });
-
- // Start the client with valid credentials but allowed or disallowed to perform an operation
- getLogWriter().info("executeOpBlock: For client" + clientNum + credentialsTypeStr + " credentials: " + opCredentials);
- boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
- if (useThisVM) {
- createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION);
-
- } else {
- clientVM.invoke(() -> createCacheClient(authInit, clientProps, javaProps, new int[] { port1, port2 }, 0, setupDynamicRegionFactory, NO_EXCEPTION));
- }
- }
-
- int expectedResult;
- if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
- expectedResult = NOTAUTHZ_EXCEPTION;
- } else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
- expectedResult = OTHER_EXCEPTION;
- } else {
- expectedResult = NO_EXCEPTION;
- }
-
- // Perform the operation from selected client
- if (useThisVM) {
- doOp(opCode, currentOp.getIndices(), new Integer(
- opFlags), new Integer(expectedResult));
- }
- else {
- int[] indices = currentOp.getIndices();
- clientVM.invoke(() -> DeltaClientPostAuthorizationDUnitTest.doOp(opCode,
- indices, new Integer(opFlags),
- new Integer(expectedResult) ));
- }
- }
- }
-
- private void setUpDeltas() {
- for (int i = 0; i < 8; i++) {
- deltas[i] = new DeltaTestImpl(0, "0", new Double(0), new byte[0], new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("0", 0));
- }
- deltas[1].setIntVar(5);
- deltas[2].setIntVar(5);
- deltas[3].setIntVar(5);
- deltas[4].setIntVar(5);
- deltas[5].setIntVar(5);
- deltas[6].setIntVar(5);
- deltas[7].setIntVar(5);
-
- deltas[2].resetDeltaStatus();
- deltas[2].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[3].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[4].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- deltas[5].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[6].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
- //deltas[7].setByteArr(new byte[] { 1, 2, 3, 4, 5 });
-
- deltas[3].resetDeltaStatus();
- deltas[3].setDoubleVar(new Double(5));
- deltas[4].setDoubleVar(new Double(5));
- deltas[5].setDoubleVar(new Double(5));
- deltas[6].setDoubleVar(new Double(5));
- deltas[7].setDoubleVar(new Double(5));
-
- deltas[4].resetDeltaStatus();
- deltas[4].setStr("str changed");
- deltas[5].setStr("str changed");
- deltas[6].setStr("str changed");
- //deltas[7].setStr("str changed");
-
- deltas[5].resetDeltaStatus();
- deltas[5].setIntVar(100);
- deltas[5].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
- deltas[6].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
- deltas[7].setTestObj(new PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1("CHANGED", 100));
-
- deltas[6].resetDeltaStatus();
- deltas[6].setByteArr(new byte[] { 1, 2, 3 });
- deltas[7].setByteArr(new byte[] { 1, 2, 3 });
-
- deltas[7].resetDeltaStatus();
- deltas[7].setStr("delta string");
- }
-
- private OperationWithAction[] allOps() {
- return new OperationWithAction[] {
- // Test CREATE and verify with a GET
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
- new OperationWithAction(OperationCode.PUT),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP, 4),
- new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.CHECK_FAIL, 4),
-
- // OPBLOCK_END indicates end of an operation block that needs to be executed on each server when doing failover
- OperationWithAction.OPBLOCK_END,
-
- // Test UPDATE and verify with a GET
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 2, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE, 8),
- new OperationWithAction(OperationCode.REGISTER_INTEREST, OperationCode.GET, 3, OpFlags.USE_REGEX | OpFlags.REGISTER_POLICY_NONE | OpFlags.USE_NOTAUTHZ, 8),
- new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL, 4),
- new OperationWithAction(OperationCode.GET, 3, OpFlags.USE_OLDCONN | OpFlags.LOCAL_OP | OpFlags.USE_NEWVAL | OpFlags.CHECK_FAIL, 4),
-
- OperationWithAction.OPBLOCK_END
- };
- }
-}