You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2017/10/20 23:09:08 UTC
[geode] 01/02: Initial commit to to clean up Authentication +
Authorzation issues
This is an automated email from the ASF dual-hosted git repository.
udo pushed a commit to branch feature/GEODE-3705
in repository https://gitbox.apache.org/repos/asf/geode.git
commit 7b1efca19efd096b3d0610f74185b6d8aa49a1d2
Author: kohlmu-pivotal <uk...@pivotal.io>
AuthorDate: Thu Oct 19 15:46:21 2017 -0700
Initial commit to to clean up Authentication + Authorzation issues
---
.../internal/cache/tier/sockets/AcceptorImpl.java | 119 +++++++++----------
.../cache/tier/sockets/ClientProtocolService.java | 2 +
.../sockets/GenericProtocolServerConnection.java | 8 +-
.../tier/sockets/ClientProtocolMessageHandler.java | 4 +-
.../tier/sockets/MessageExecutionContext.java | 15 ++-
.../internal/protocol/ProtobufCachePipeline.java | 19 ++-
.../internal/protocol/ProtobufLocatorPipeline.java | 6 +-
.../internal/protocol/ProtobufProtocolService.java | 61 +++-------
.../ClientProtocolHandshaker.java} | 22 ++--
.../internal/protocol/protobuf/Handshaker.java | 60 ++++++++++
.../protocol/protobuf/ProtobufOpsProcessor.java | 6 +-
.../protocol/protobuf/ProtobufStreamProcessor.java | 6 +-
.../protocol/protobuf/ProtocolErrorCode.java | 1 +
.../HandshakerRequestOperationHandler.java | 59 ++++++++++
.../security/InvalidConfigAuthenticator.java | 12 +-
.../security/ProtobufShiroAuthenticator.java | 17 ++-
.../protobuf/security/ProtobufShiroAuthorizer.java | 6 +-
.../statistics/ProtobufClientStatisticsImpl.java | 15 ++-
.../protobuf/utilities/ProtobufUtilities.java | 6 -
.../registry/OperationContextRegistry.java | 2 +-
.../AuthenticationLookupService.java} | 31 ++---
.../{protobuf => }/security/Authenticator.java | 7 +-
.../AuthorizationLookupService.java} | 34 +++---
.../{protobuf => }/security/Authorizer.java | 4 +-
.../{protobuf => }/security/NoOpAuthenticator.java | 6 +-
.../{protobuf => }/security/NoOpAuthorizer.java | 4 +-
.../{protobuf => }/statistics/NoOpStatistics.java | 4 +-
.../ProtocolClientStatistics.java} | 8 +-
.../Authorizer.java => proto/handshake_API.proto} | 23 +++-
.../protocol/ProtobufProtocolServiceJUnitTest.java | 6 +-
.../acceptance/CacheConnectionJUnitTest.java | 6 +-
.../acceptance/CacheOperationsJUnitTest.java | 5 +-
.../acceptance/LocatorConnectionDUnitTest.java | 5 +-
.../internal/protocol/protobuf/HandshakerTest.java | 128 +++++++++++++++++++++
.../ProtobufShiroAuthenticatorJUnitTest.java | 13 +--
.../protobuf/ProtobufStreamProcessorTest.java | 4 +-
.../protobuf/ProtobufTestExecutionContext.java | 9 +-
.../protocol/protobuf/ProtobufTestUtilities.java | 60 ++++++++++
...tAvailableServersOperationHandlerJUnitTest.java | 2 +-
39 files changed, 548 insertions(+), 257 deletions(-)
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
index 59ef466..2dea63e 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
@@ -336,72 +336,24 @@ public class AcceptorImpl implements Acceptor, Runnable, CommBufferPool {
this.isGatewayReceiver = isGatewayReceiver;
this.gatewayTransportFilters = transportFilter;
this.serverConnectionFactory = serverConnectionFactory;
- {
- int tmp_maxConnections = maxConnections;
- if (tmp_maxConnections < MINIMUM_MAX_CONNECTIONS) {
- tmp_maxConnections = MINIMUM_MAX_CONNECTIONS;
- }
- this.maxConnections = tmp_maxConnections;
- }
- {
- int tmp_maxThreads = maxThreads;
- if (maxThreads == CacheServer.DEFAULT_MAX_THREADS) {
- // consult system properties for 5.0.2 backwards compatibility
- if (DEPRECATED_SELECTOR) {
- tmp_maxThreads = DEPRECATED_SELECTOR_POOL_SIZE;
- }
- }
- if (tmp_maxThreads < 0) {
- tmp_maxThreads = 0;
- } else if (tmp_maxThreads > this.maxConnections) {
- tmp_maxThreads = this.maxConnections;
- }
- boolean isWindows = false;
- String os = System.getProperty("os.name");
- if (os != null) {
- if (os.indexOf("Windows") != -1) {
- isWindows = true;
- }
- }
- if (tmp_maxThreads > 0 && isWindows) {
- // bug #40472 and JDK bug 6230761 - NIO can't be used with IPv6 on Windows
- if (getBindAddress() instanceof Inet6Address) {
- logger.warn(LocalizedMessage
- .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_JROCKIT_NIO_BUG));
- tmp_maxThreads = 0;
- }
- // bug #40198 - Selector.wakeup() hangs if VM starts to exit
- if (isJRockit) {
- logger.warn(LocalizedMessage
- .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_WINDOWS_IPV6_BUG));
- tmp_maxThreads = 0;
- }
- }
- this.maxThreads = tmp_maxThreads;
- }
- {
- Selector tmp_s = null;
- // Selector tmp2_s = null;
- LinkedBlockingQueue tmp_q = null;
- LinkedBlockingQueue tmp_commQ = null;
- HashSet tmp_hs = null;
- SystemTimer tmp_timer = null;
- if (isSelector()) {
- tmp_s = Selector.open(); // no longer catch ex to fix bug 36907
- // tmp2_s = Selector.open(); // workaround for bug 39624
- tmp_q = new LinkedBlockingQueue();
- tmp_commQ = new LinkedBlockingQueue();
- tmp_hs = new HashSet(512);
- tmp_timer = new SystemTimer(internalCache.getDistributedSystem(), true);
- }
- this.selector = tmp_s;
- // this.tmpSel = tmp2_s;
- this.selectorQueue = tmp_q;
- this.commBufferQueue = tmp_commQ;
- this.selectorRegistrations = tmp_hs;
- this.hsTimer = tmp_timer;
- this.tcpNoDelay = tcpNoDelay;
+
+ this.maxConnections = Math.min(maxConnections, MINIMUM_MAX_CONNECTIONS);
+ this.maxThreads = calculateMaxThreads(maxThreads);
+
+ if (isSelector()) {
+ this.selector = Selector.open();
+ this.selectorQueue = new LinkedBlockingQueue();
+ this.commBufferQueue = new LinkedBlockingQueue();
+ this.selectorRegistrations = new HashSet(512);
+ this.hsTimer = new SystemTimer(internalCache.getDistributedSystem(), true);
+ } else {
+ this.selector = null;
+ this.selectorQueue = null;
+ this.commBufferQueue = null;
+ this.selectorRegistrations = null;
+ this.hsTimer = null;
}
+ this.tcpNoDelay = tcpNoDelay;
{
if (!isGatewayReceiver) {
@@ -633,6 +585,43 @@ public class AcceptorImpl implements Acceptor, Runnable, CommBufferPool {
(postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) ? true : false;
}
+ private int calculateMaxThreads(int maxThreads) throws IOException {
+ int tmp_maxThreads = maxThreads;
+ if (maxThreads == CacheServer.DEFAULT_MAX_THREADS) {
+ // consult system properties for 5.0.2 backwards compatibility
+ if (DEPRECATED_SELECTOR) {
+ tmp_maxThreads = DEPRECATED_SELECTOR_POOL_SIZE;
+ }
+ }
+ if (tmp_maxThreads < 0) {
+ tmp_maxThreads = 0;
+ } else if (tmp_maxThreads > this.maxConnections) {
+ tmp_maxThreads = this.maxConnections;
+ }
+ boolean isWindows = false;
+ String os = System.getProperty("os.name");
+ if (os != null) {
+ if (os.indexOf("Windows") != -1) {
+ isWindows = true;
+ }
+ }
+ if (tmp_maxThreads > 0 && isWindows) {
+ // bug #40472 and JDK bug 6230761 - NIO can't be used with IPv6 on Windows
+ if (getBindAddress() instanceof Inet6Address) {
+ logger.warn(LocalizedMessage
+ .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_JROCKIT_NIO_BUG));
+ tmp_maxThreads = 0;
+ }
+ // bug #40198 - Selector.wakeup() hangs if VM starts to exit
+ if (isJRockit) {
+ logger.warn(LocalizedMessage
+ .create(LocalizedStrings.AcceptorImpl_IGNORING_MAX_THREADS_DUE_TO_WINDOWS_IPV6_BUG));
+ tmp_maxThreads = 0;
+ }
+ }
+ return tmp_maxThreads;
+ }
+
public long getAcceptorId() {
return this.acceptorId;
}
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java
index 544f286..79a33a4 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolService.java
@@ -15,6 +15,8 @@
package org.apache.geode.internal.cache.tier.sockets;
+import java.util.Map;
+
import org.apache.geode.StatisticsFactory;
import org.apache.geode.cache.Cache;
import org.apache.geode.distributed.internal.InternalLocator;
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java
index 5be6cac..2671cbe 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/GenericProtocolServerConnection.java
@@ -38,7 +38,7 @@ import org.apache.geode.internal.security.SecurityService;
*/
public class GenericProtocolServerConnection extends ServerConnection {
// The new protocol lives in a separate module and gets loaded when this class is instantiated.
- private final ClientProtocolProcessor protocolPipeline;
+ private final ClientProtocolProcessor protocolProcessor;
private boolean cleanedUp;
private ClientProxyMembershipID clientProxyMembershipID;
@@ -52,7 +52,7 @@ public class GenericProtocolServerConnection extends ServerConnection {
SecurityService securityService) {
super(socket, c, helper, stats, hsTimeout, socketBufferSize, communicationModeStr,
communicationMode, acceptor, securityService);
- this.protocolPipeline = clientProtocolProcessor;
+ this.protocolProcessor = clientProtocolProcessor;
setClientProxyMembershipId();
@@ -66,7 +66,7 @@ public class GenericProtocolServerConnection extends ServerConnection {
InputStream inputStream = socket.getInputStream();
OutputStream outputStream = socket.getOutputStream();
- protocolPipeline.processMessage(inputStream, outputStream);
+ protocolProcessor.processMessage(inputStream, outputStream);
} catch (EOFException e) {
this.setFlagProcessMessagesAsFalse();
setClientDisconnectedException(e);
@@ -94,7 +94,7 @@ public class GenericProtocolServerConnection extends ServerConnection {
synchronized (this) {
if (!cleanedUp) {
cleanedUp = true;
- protocolPipeline.close();
+ protocolProcessor.close();
}
}
return super.cleanup();
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java
index 1d86d70..4de279b 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientProtocolMessageHandler.java
@@ -19,7 +19,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import org.apache.geode.Statistics;
import org.apache.geode.StatisticsFactory;
@@ -30,6 +29,9 @@ import org.apache.geode.StatisticsFactory;
* Currently, only one {@link ClientProtocolMessageHandler} at a time can be used in a Geode
* instance. It gets wired into {@link ServerConnectionFactory} to create all instances of
* {@link GenericProtocolServerConnection}.
+ *
+ * Implementors of this interface are expected to be able to be used for any number of connections
+ * at a time (stateless except for the statistics).
*/
public interface ClientProtocolMessageHandler {
void receiveMessage(InputStream inputStream, OutputStream outputStream,
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java
index b205b33..0978e41 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/cache/tier/sockets/MessageExecutionContext.java
@@ -20,10 +20,9 @@ import org.apache.geode.cache.Cache;
import org.apache.geode.distributed.Locator;
import org.apache.geode.distributed.internal.InternalLocator;
import org.apache.geode.internal.exception.InvalidExecutionContextException;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
-import org.apache.geode.internal.protocol.protobuf.security.Authorizer;
-import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer;
-import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
+import org.apache.geode.internal.protocol.security.Authorizer;
+import org.apache.geode.internal.protocol.security.NoOpAuthorizer;
@Experimental
public class MessageExecutionContext {
@@ -31,18 +30,18 @@ public class MessageExecutionContext {
private Locator locator;
private final Authorizer authorizer;
private final Object authenticatedSubject;
- private final ProtobufClientStatistics statistics;
+ private final ProtocolClientStatistics statistics;
public MessageExecutionContext(Cache cache, Authorizer streamAuthorizer,
- Object authenticatedSubject, ProtobufClientStatistics statistics) {
+ Object authenticatedSubject, ProtocolClientStatistics statistics) {
this.cache = cache;
this.authorizer = streamAuthorizer;
this.authenticatedSubject = authenticatedSubject;
this.statistics = statistics;
}
- public MessageExecutionContext(InternalLocator locator, ProtobufClientStatistics statistics) {
+ public MessageExecutionContext(InternalLocator locator, ProtocolClientStatistics statistics) {
this.locator = locator;
// set a no-op authorizer until such time as locators implement authentication
// and authorization checks
@@ -98,7 +97,7 @@ public class MessageExecutionContext {
* Returns the statistics for recording operation stats. In a unit test environment this may not
* be a protocol-specific statistics implementation.
*/
- public ProtobufClientStatistics getStatistics() {
+ public ProtocolClientStatistics getStatistics() {
return statistics;
}
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java
index 90c9895..3b6d2e5 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufCachePipeline.java
@@ -21,46 +21,43 @@ import java.io.OutputStream;
import org.apache.geode.annotations.Experimental;
import org.apache.geode.cache.Cache;
-import org.apache.geode.cache.IncompatibleVersionException;
import org.apache.geode.internal.cache.tier.sockets.ClientProtocolProcessor;
import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
import org.apache.geode.internal.protocol.protobuf.ProtobufStreamProcessor;
-import org.apache.geode.internal.protocol.protobuf.security.Authenticator;
-import org.apache.geode.internal.protocol.protobuf.security.Authorizer;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.security.Authenticator;
+import org.apache.geode.internal.protocol.security.Authorizer;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.AuthenticationFailedException;
@Experimental
public final class ProtobufCachePipeline implements ClientProtocolProcessor {
- private final ProtobufClientStatistics statistics;
+ private final ProtocolClientStatistics statistics;
private final Cache cache;
private final Authorizer authorizer;
- private final SecurityService securityService;
private final ProtobufStreamProcessor streamProcessor;
private final Authenticator authenticator;
private Object authenticatorToken;
ProtobufCachePipeline(ProtobufStreamProcessor protobufStreamProcessor,
- ProtobufClientStatistics statistics, Cache cache, Authenticator authenticator,
- Authorizer authorizer, SecurityService securityService) {
+ ProtocolClientStatistics statistics, Cache cache, Authenticator authenticator,
+ Authorizer authorizer) {
this.streamProcessor = protobufStreamProcessor;
this.statistics = statistics;
this.cache = cache;
this.authenticator = authenticator;
this.authorizer = authorizer;
- this.securityService = securityService;
this.statistics.clientConnected();
}
@Override
public void processMessage(InputStream inputStream, OutputStream outputStream)
- throws IOException, IncompatibleVersionException {
+ throws IOException {
if (authenticatorToken == null) {
try {
- authenticatorToken = authenticator.authenticate(inputStream, outputStream, securityService);
+ authenticatorToken = authenticator.authenticate(inputStream, outputStream);
} catch (AuthenticationFailedException ex) {
statistics.incAuthenticationFailures();
throw new IOException(ex);
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java
index f4ed9e2..bc0bf6a 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufLocatorPipeline.java
@@ -25,16 +25,16 @@ import org.apache.geode.distributed.internal.InternalLocator;
import org.apache.geode.internal.cache.tier.sockets.ClientProtocolProcessor;
import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
import org.apache.geode.internal.protocol.protobuf.ProtobufStreamProcessor;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
@Experimental
public final class ProtobufLocatorPipeline implements ClientProtocolProcessor {
- private final ProtobufClientStatistics statistics;
+ private final ProtocolClientStatistics statistics;
private final InternalLocator locator;
private final ProtobufStreamProcessor streamProcessor;
ProtobufLocatorPipeline(ProtobufStreamProcessor protobufStreamProcessor,
- ProtobufClientStatistics statistics, InternalLocator locator) {
+ ProtocolClientStatistics statistics, InternalLocator locator) {
this.streamProcessor = protobufStreamProcessor;
this.statistics = statistics;
this.locator = locator;
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java
index 7c14852..97570db 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/ProtobufProtocolService.java
@@ -19,28 +19,28 @@ import org.apache.geode.cache.Cache;
import org.apache.geode.distributed.internal.InternalLocator;
import org.apache.geode.internal.cache.tier.sockets.ClientProtocolProcessor;
import org.apache.geode.internal.cache.tier.sockets.ClientProtocolService;
-import org.apache.geode.internal.protocol.protobuf.security.Authorizer;
-import org.apache.geode.internal.protocol.protobuf.security.InvalidConfigAuthenticator;
-import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer;
-import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthenticator;
import org.apache.geode.internal.protocol.protobuf.ProtobufStreamProcessor;
-import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthorizer;
-import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.statistics.NoOpStatistics;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatisticsImpl;
+import org.apache.geode.internal.protocol.security.AuthenticationLookupService;
+import org.apache.geode.internal.protocol.security.Authenticator;
+import org.apache.geode.internal.protocol.security.AuthorizationLookupService;
+import org.apache.geode.internal.protocol.security.Authorizer;
import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.internal.protocol.protobuf.security.Authenticator;
-import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthenticator;
public class ProtobufProtocolService implements ClientProtocolService {
- private volatile ProtobufClientStatistics statistics;
+ private volatile ProtocolClientStatistics statistics;
private final ProtobufStreamProcessor protobufStreamProcessor = new ProtobufStreamProcessor();
+ private final AuthenticationLookupService authenticationLookupService =
+ new AuthenticationLookupService();
+ private final AuthorizationLookupService authorizationLookupService =
+ new AuthorizationLookupService();
@Override
public synchronized void initializeStatistics(String statisticsName, StatisticsFactory factory) {
if (statistics == null) {
- statistics = new ProtobufClientStatisticsImpl(factory, statisticsName,
- ProtobufClientStatistics.PROTOBUF_STATS_NAME);
+ statistics = new ProtobufClientStatisticsImpl(factory, statisticsName);
}
}
@@ -49,18 +49,18 @@ public class ProtobufProtocolService implements ClientProtocolService {
SecurityService securityService) {
assert (statistics != null);
- Authenticator authenticator = getAuthenticator(securityService);
- Authorizer authorizer = getAuthorizer(securityService);
+ Authenticator authenticator = authenticationLookupService.getAuthenticator(securityService);
+ Authorizer authorizer = authorizationLookupService.getAuthorizer(securityService);
return new ProtobufCachePipeline(protobufStreamProcessor, getStatistics(), cache, authenticator,
- authorizer, securityService);
+ authorizer);
}
/**
* For internal use. This is necessary because the statistics may get initialized in another
* thread.
*/
- ProtobufClientStatistics getStatistics() {
+ ProtocolClientStatistics getStatistics() {
if (statistics == null) {
return new NoOpStatistics();
}
@@ -71,33 +71,4 @@ public class ProtobufProtocolService implements ClientProtocolService {
public ClientProtocolProcessor createProcessorForLocator(InternalLocator locator) {
return new ProtobufLocatorPipeline(protobufStreamProcessor, getStatistics(), locator);
}
-
- private Authenticator getAuthenticator(SecurityService securityService) {
- if (securityService.isIntegratedSecurity()) {
- // Simple authenticator...normal shiro
- return new ProtobufShiroAuthenticator();
- }
- if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) {
- // Failing authentication...legacy security
- return new InvalidConfigAuthenticator();
- } else {
- // Noop authenticator...no security
- return new NoOpAuthenticator();
- }
- }
-
- private Authorizer getAuthorizer(SecurityService securityService) {
- if (securityService.isIntegratedSecurity()) {
- // Simple authenticator...normal shiro
- return new ProtobufShiroAuthorizer(securityService);
- }
- if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) {
- // Failing authentication...legacy security
- // This should never be called.
- return null;
- } else {
- // Noop authenticator...no security
- return new NoOpAuthorizer();
- }
- }
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/handshaker/ClientProtocolHandshaker.java
similarity index 63%
copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java
copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/handshaker/ClientProtocolHandshaker.java
index a8070c7..da81325 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/handshaker/ClientProtocolHandshaker.java
@@ -12,20 +12,18 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.statistics;
+package org.apache.geode.internal.protocol.handshaker;
-public interface ProtobufClientStatistics {
- String PROTOBUF_STATS_NAME = "ProtobufStats";
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
- void clientConnected();
+import org.apache.geode.cache.IncompatibleVersionException;
+import org.apache.geode.internal.protocol.security.Authenticator;
- void clientDisconnected();
+public interface ClientProtocolHandshaker {
+ void processHandshake(InputStream inputStream, OutputStream outputStream)
+ throws IOException, IncompatibleVersionException;
- void messageReceived(int bytes);
-
- void messageSent(int bytes);
-
- void incAuthorizationViolations();
-
- void incAuthenticationFailures();
+ boolean completed();
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/Handshaker.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/Handshaker.java
new file mode 100644
index 0000000..1812f92
--- /dev/null
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/Handshaker.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.internal.protocol.protobuf;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import org.apache.logging.log4j.Logger;
+
+import org.apache.geode.cache.IncompatibleVersionException;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.protocol.handshaker.ClientProtocolHandshaker;
+import org.apache.geode.internal.protocol.protobuf.operations.handshaker.HandshakerRequestOperationHandler;
+
+public class Handshaker implements ClientProtocolHandshaker {
+ private static final Logger logger = LogService.getLogger();
+
+ private boolean succesfulHandshake = false;
+ private final HandshakerRequestOperationHandler handshakerRequestOperationHandler;
+
+ public Handshaker() {
+ handshakerRequestOperationHandler = new HandshakerRequestOperationHandler();
+ }
+
+ @Override
+ public void processHandshake(InputStream inputStream, OutputStream outputStream)
+ throws IOException, IncompatibleVersionException {
+ HandshakeAPI.HandshakeRequest handshakeRequest =
+ HandshakeAPI.HandshakeRequest.parseDelimitedFrom(inputStream);
+
+ // At this stage HandshakerRequestOperationHandler is not wired into the
+ // ProtobufOpsStreamProcesser.
+ // Thus passing in null serializationService and executionContext.
+ Result<HandshakeAPI.HandshakeResponse> result =
+ handshakerRequestOperationHandler.process(null, handshakeRequest, null);
+
+ HandshakeAPI.HandshakeResponse handshakeResponse = result.getMessage();
+ handshakeResponse.writeDelimitedTo(outputStream);
+ succesfulHandshake = handshakeResponse.getOk();
+ }
+
+ @Override
+ public boolean completed() {
+ return succesfulHandshake;
+ }
+}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java
index a8cde46..4fd1764 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufOpsProcessor.java
@@ -20,8 +20,8 @@ import org.apache.geode.annotations.Experimental;
import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
import org.apache.geode.internal.exception.InvalidExecutionContextException;
import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.protocol.protobuf.registry.OperationContextRegistry;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.registry.OperationContextRegistry;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufResponseUtilities;
import org.apache.geode.internal.serialization.SerializationService;
@@ -74,7 +74,7 @@ public class ProtobufOpsProcessor {
}
private void recordAuthorizationViolation(MessageExecutionContext context) {
- ProtobufClientStatistics statistics = context.getStatistics();
+ ProtocolClientStatistics statistics = context.getStatistics();
statistics.incAuthorizationViolations();
}
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java
index 89f02e3..9386ee7 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessor.java
@@ -26,9 +26,9 @@ import org.apache.geode.internal.cache.tier.sockets.ClientProtocolMessageHandler
import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.protocol.exception.InvalidProtocolMessageException;
-import org.apache.geode.internal.protocol.protobuf.registry.OperationContextRegistry;
+import org.apache.geode.internal.protocol.registry.OperationContextRegistry;
import org.apache.geode.internal.protocol.protobuf.serializer.ProtobufProtocolSerializer;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufUtilities;
/**
@@ -67,7 +67,7 @@ public class ProtobufStreamProcessor implements ClientProtocolMessageHandler {
logger.debug(errorMessage);
throw new EOFException(errorMessage);
}
- ProtobufClientStatistics statistics = executionContext.getStatistics();
+ ProtocolClientStatistics statistics = executionContext.getStatistics();
statistics.messageReceived(message.getSerializedSize());
ClientProtocol.Request request = message.getRequest();
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java
index 0e41d7a..2c895d3 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/ProtocolErrorCode.java
@@ -19,6 +19,7 @@ public enum ProtocolErrorCode {
VALUE_ENCODING_ERROR(1100),
UNSUPPORTED_VERSION(1101),
UNSUPPORTED_OPERATION(1102),
+ UNSUPPORTED_AUTHENTICATION_MODE(1103),
AUTHENTICATION_FAILED(1200),
AUTHORIZATION_FAILED(1201),
UNAUTHORIZED_REQUEST(1202),
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/operations/handshaker/HandshakerRequestOperationHandler.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/operations/handshaker/HandshakerRequestOperationHandler.java
new file mode 100644
index 0000000..b31247b
--- /dev/null
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/operations/handshaker/HandshakerRequestOperationHandler.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.protocol.protobuf.operations.handshaker;
+
+import static org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode.CONSTRAINT_VIOLATION;
+import static org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode.UNSUPPORTED_VERSION;
+
+import org.apache.logging.log4j.Logger;
+
+import org.apache.geode.cache.IncompatibleVersionException;
+import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
+import org.apache.geode.internal.exception.InvalidExecutionContextException;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.protocol.operations.OperationHandler;
+import org.apache.geode.internal.protocol.protobuf.BasicTypes;
+import org.apache.geode.internal.protocol.protobuf.ClientProtocol;
+import org.apache.geode.internal.protocol.protobuf.Failure;
+import org.apache.geode.internal.protocol.protobuf.HandshakeAPI;
+import org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode;
+import org.apache.geode.internal.protocol.protobuf.Result;
+import org.apache.geode.internal.protocol.protobuf.Success;
+import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufResponseUtilities;
+import org.apache.geode.internal.serialization.SerializationService;
+
+public class HandshakerRequestOperationHandler
+ implements OperationHandler<HandshakeAPI.HandshakeRequest, HandshakeAPI.HandshakeResponse> {
+ private static final int MAJOR_VERSION = 1;
+ private static final int MINOR_VERSION = 0;
+ private static final Logger logger =
+ LogService.getLogger(HandshakerRequestOperationHandler.class);
+
+ @Override
+ public Result<HandshakeAPI.HandshakeResponse> process(SerializationService serializationService,
+ HandshakeAPI.HandshakeRequest request, MessageExecutionContext executionContext) {
+ HandshakeAPI.Semver version = request.getVersion();
+ if (version.getMajor() != MAJOR_VERSION || version.getMinor() < MINOR_VERSION) {
+ logger.warn("Version mismatch: incompatible version. Supported version is: " + MAJOR_VERSION
+ + "." + MINOR_VERSION);
+ return Success.of(HandshakeAPI.HandshakeResponse.newBuilder().setOk(false)
+ .setError(BasicTypes.Error.newBuilder().setErrorCode(UNSUPPORTED_VERSION.codeValue)
+ .setMessage("Version mismatch: incompatible version. Supported version is: "
+ + MAJOR_VERSION + "." + MINOR_VERSION))
+ .build());
+ }
+ return Success.of(HandshakeAPI.HandshakeResponse.newBuilder().setOk(true).build());
+ }
+}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java
index bf3d669..e924bc6 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/InvalidConfigAuthenticator.java
@@ -25,16 +25,20 @@ import org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode;
import org.apache.logging.log4j.Logger;
import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.protocol.protobuf.AuthenticationAPI;
+import org.apache.geode.internal.protocol.security.Authenticator;
import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.security.AuthenticationRequiredException;
public class InvalidConfigAuthenticator implements Authenticator {
private static final Logger logger = LogService.getLogger(InvalidConfigAuthenticator.class);
+ private final SecurityService securityService;
+
+ public InvalidConfigAuthenticator(SecurityService securityService) {
+ this.securityService = securityService;
+ }
@Override
- public Object authenticate(InputStream inputStream, OutputStream outputStream,
- SecurityService securityService) throws IOException {
+ public Object authenticate(InputStream inputStream, OutputStream outputStream)
+ throws IOException {
logger.warn(
"Attempting to authenticate incoming protobuf message using legacy security implementation. This is not supported. Failing authentication.");
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java
index ca47b94..6d6a497 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthenticator.java
@@ -20,6 +20,7 @@ import org.apache.geode.internal.protocol.protobuf.AuthenticationAPI;
import org.apache.geode.internal.protocol.protobuf.BasicTypes;
import org.apache.geode.internal.protocol.protobuf.ClientProtocol;
+import org.apache.geode.internal.protocol.security.Authenticator;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.AuthenticationFailedException;
@@ -31,13 +32,17 @@ import java.util.Properties;
import org.apache.shiro.subject.Subject;
public class ProtobufShiroAuthenticator implements Authenticator {
+ private static final String UNEXECPTED_REQUEST = "Expected to receive an authentication request";
- private static final String SHOULD_HAVE_AUTHED =
- "Got non-auth request while expecting authentication request";
+ private final SecurityService securityService;
+
+ public ProtobufShiroAuthenticator(SecurityService securityService) {
+ this.securityService = securityService;
+ }
@Override
- public Subject authenticate(InputStream inputStream, OutputStream outputStream,
- SecurityService securityService) throws IOException, AuthenticationFailedException {
+ public Subject authenticate(InputStream inputStream, OutputStream outputStream)
+ throws IOException, AuthenticationFailedException {
ClientProtocol.Message message = ClientProtocol.Message.parseDelimitedFrom(inputStream);
if (message.getRequest().getRequestAPICase()
@@ -79,9 +84,9 @@ public class ProtobufShiroAuthenticator implements Authenticator {
.setResponse(ClientProtocol.Response.newBuilder()
.setErrorResponse(ClientProtocol.ErrorResponse.newBuilder()
.setError(BasicTypes.Error.newBuilder()
- .setErrorCode(AUTHENTICATION_FAILED.codeValue).setMessage(SHOULD_HAVE_AUTHED))))
+ .setErrorCode(AUTHENTICATION_FAILED.codeValue).setMessage(UNEXECPTED_REQUEST))))
.build().writeDelimitedTo(outputStream);
- throw new IOException(SHOULD_HAVE_AUTHED);
+ throw new IOException(UNEXECPTED_REQUEST);
}
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java
index 78d51c0..b078e4b 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/ProtobufShiroAuthorizer.java
@@ -20,7 +20,7 @@ import org.apache.shiro.util.ThreadState;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
import org.apache.geode.security.ResourcePermission;
-import org.apache.geode.internal.protocol.protobuf.security.Authorizer;
+import org.apache.geode.internal.protocol.security.Authorizer;
public class ProtobufShiroAuthorizer implements Authorizer {
private final SecurityService securityService;
@@ -30,8 +30,8 @@ public class ProtobufShiroAuthorizer implements Authorizer {
}
@Override
- public boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested) {
- ThreadState threadState = securityService.bindSubject((Subject) authenticatedSubject);
+ public boolean authorize(Object authenticatedToken, ResourcePermission permissionRequested) {
+ ThreadState threadState = securityService.bindSubject((Subject) authenticatedToken);
try {
securityService.authorize(permissionRequested);
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java
index 24a3dbb..4868966 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatisticsImpl.java
@@ -18,8 +18,10 @@ import org.apache.geode.StatisticDescriptor;
import org.apache.geode.Statistics;
import org.apache.geode.StatisticsFactory;
import org.apache.geode.StatisticsType;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
-public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics {
+public class ProtobufClientStatisticsImpl implements ProtocolClientStatistics {
+ public static final String PROTOBUF_CLIENT_STATISTICS = "ProtobufProtocolStats";
private final StatisticsType statType;
private final Statistics stats;
private final int currentClientConnectionsId;
@@ -32,8 +34,7 @@ public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics {
private final int authorizationViolationsId;
private final int authenticationFailuresId;
- public ProtobufClientStatisticsImpl(StatisticsFactory statisticsFactory, String statisticsName,
- String typeName) {
+ public ProtobufClientStatisticsImpl(StatisticsFactory statisticsFactory, String statisticsName) {
StatisticDescriptor[] serverStatDescriptors = new StatisticDescriptor[] {
statisticsFactory.createIntGauge("currentClientConnections",
"Number of sockets accepted and used for client to server messaging.", "sockets"),
@@ -53,7 +54,7 @@ public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics {
"messages"),
statisticsFactory.createLongCounter("messagesSent", "Messages sent to clients.",
"messages")};
- statType = statisticsFactory.createType(typeName, "Protobuf client/server statistics",
+ statType = statisticsFactory.createType(getStatsName(), "Protobuf client/server statistics",
serverStatDescriptors);
this.stats = statisticsFactory.createAtomicStatistics(statType, statisticsName);
currentClientConnectionsId = this.stats.nameToId("currentClientConnections");
@@ -67,6 +68,12 @@ public class ProtobufClientStatisticsImpl implements ProtobufClientStatistics {
messagesSentId = this.stats.nameToId("messagesSent");
}
+
+ @Override
+ public String getStatsName() {
+ return PROTOBUF_CLIENT_STATISTICS;
+ }
+
@Override
public void clientConnected() {
stats.incInt(currentClientConnectionsId, 1);
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java
index a44bf74..320a10c 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/utilities/ProtobufUtilities.java
@@ -194,12 +194,6 @@ public abstract class ProtobufUtilities {
return protoRegionBuilder.build();
}
- public static ClientProtocol.Request createProtobufRequestWithGetRegionNamesRequest(
- RegionAPI.GetRegionNamesRequest getRegionNamesRequest) {
- return ClientProtocol.Request.newBuilder().setGetRegionNamesRequest(getRegionNamesRequest)
- .build();
- }
-
public static ClientProtocol.Request.Builder createProtobufRequestBuilder() {
return ClientProtocol.Request.newBuilder();
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/registry/OperationContextRegistry.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/registry/OperationContextRegistry.java
similarity index 98%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/registry/OperationContextRegistry.java
rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/registry/OperationContextRegistry.java
index 736fba5..dbf6259 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/registry/OperationContextRegistry.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/registry/OperationContextRegistry.java
@@ -13,7 +13,7 @@
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.registry;
+package org.apache.geode.internal.protocol.registry;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthenticationLookupService.java
similarity index 51%
copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java
copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthenticationLookupService.java
index 116d92c..f61a300 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthenticationLookupService.java
@@ -12,23 +12,24 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
+package org.apache.geode.internal.protocol.security;
+import org.apache.geode.internal.protocol.protobuf.security.InvalidConfigAuthenticator;
+import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthenticator;
import org.apache.geode.internal.security.SecurityService;
-/**
- * An implementation of {@link Authenticator} that doesn't use its parameters and always returns
- * true.
- */
-public class NoOpAuthenticator implements Authenticator {
- @Override
- public Object authenticate(InputStream inputStream, OutputStream outputStream,
- SecurityService securityService) throws IOException {
- // this method needs to do nothing as it is a pass-through implementation
- return new Object();
+public class AuthenticationLookupService {
+ public Authenticator getAuthenticator(SecurityService securityService) {
+ if (securityService.isIntegratedSecurity()) {
+ // Simple authenticator...normal shiro
+ return new ProtobufShiroAuthenticator(securityService);
+ }
+ if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) {
+ // Failing authentication...legacy security
+ return new InvalidConfigAuthenticator(securityService);
+ } else {
+ // Noop authenticator...no security
+ return new NoOpAuthenticator();
+ }
}
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authenticator.java
similarity index 88%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authenticator.java
rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authenticator.java
index 2873933..f4234cd 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authenticator.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authenticator.java
@@ -12,7 +12,7 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
+package org.apache.geode.internal.protocol.security;
import java.io.IOException;
import java.io.InputStream;
@@ -34,10 +34,9 @@ public interface Authenticator {
*
* @param inputStream to read auth messages from.
* @param outputStream to send messages to.
- * @param securityService used for validating credentials.
* @return authenticated principal
* @throws IOException if EOF or if invalid input is received.
*/
- Object authenticate(InputStream inputStream, OutputStream outputStream,
- SecurityService securityService) throws IOException, AuthenticationFailedException;
+ Object authenticate(InputStream inputStream, OutputStream outputStream)
+ throws IOException, AuthenticationFailedException;
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthorizationLookupService.java
similarity index 50%
copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java
copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthorizationLookupService.java
index 116d92c..ed81ea6 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/AuthorizationLookupService.java
@@ -12,23 +12,29 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
+package org.apache.geode.internal.protocol.security;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.ServiceLoader;
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.internal.protocol.protobuf.security.ProtobufShiroAuthorizer;
import org.apache.geode.internal.security.SecurityService;
-/**
- * An implementation of {@link Authenticator} that doesn't use its parameters and always returns
- * true.
- */
-public class NoOpAuthenticator implements Authenticator {
- @Override
- public Object authenticate(InputStream inputStream, OutputStream outputStream,
- SecurityService securityService) throws IOException {
- // this method needs to do nothing as it is a pass-through implementation
- return new Object();
+public class AuthorizationLookupService {
+ public Authorizer getAuthorizer(SecurityService securityService) {
+ if (securityService.isIntegratedSecurity()) {
+ // Simple authenticator...normal shiro
+ return new ProtobufShiroAuthorizer(securityService);
+ }
+ if (securityService.isPeerSecurityRequired() || securityService.isClientSecurityRequired()) {
+ // Failing authentication...legacy security
+ // This should never be called.
+ return null;
+ } else {
+ // Noop authenticator...no security
+ return new NoOpAuthorizer();
+ }
}
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authorizer.java
similarity index 85%
copy from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java
copy to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authorizer.java
index 3cfb2db..525e42d 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/Authorizer.java
@@ -12,10 +12,10 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
+package org.apache.geode.internal.protocol.security;
import org.apache.geode.security.ResourcePermission;
public interface Authorizer {
- boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested);
+ boolean authorize(Object authenticatedToken, ResourcePermission permissionRequested);
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthenticator.java
similarity index 90%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java
rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthenticator.java
index 116d92c..d4f96e4 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthenticator.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthenticator.java
@@ -12,7 +12,7 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
+package org.apache.geode.internal.protocol.security;
import java.io.IOException;
import java.io.InputStream;
@@ -26,8 +26,8 @@ import org.apache.geode.internal.security.SecurityService;
*/
public class NoOpAuthenticator implements Authenticator {
@Override
- public Object authenticate(InputStream inputStream, OutputStream outputStream,
- SecurityService securityService) throws IOException {
+ public Object authenticate(InputStream inputStream, OutputStream outputStream)
+ throws IOException {
// this method needs to do nothing as it is a pass-through implementation
return new Object();
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthorizer.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthorizer.java
similarity index 86%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthorizer.java
rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthorizer.java
index 3add18c..61d0383 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/NoOpAuthorizer.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/security/NoOpAuthorizer.java
@@ -12,7 +12,7 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
+package org.apache.geode.internal.protocol.security;
import org.apache.geode.security.ResourcePermission;
@@ -21,7 +21,7 @@ import org.apache.geode.security.ResourcePermission;
*/
public class NoOpAuthorizer implements Authorizer {
@Override
- public boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested) {
+ public boolean authorize(Object authenticatedToken, ResourcePermission permissionRequested) {
return true;
}
}
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/NoOpStatistics.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/NoOpStatistics.java
similarity index 89%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/NoOpStatistics.java
rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/NoOpStatistics.java
index e06ea8d..8bacd32 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/NoOpStatistics.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/NoOpStatistics.java
@@ -12,9 +12,9 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.statistics;
+package org.apache.geode.internal.protocol.statistics;
-public class NoOpStatistics implements ProtobufClientStatistics {
+public class NoOpStatistics implements ProtocolClientStatistics {
@Override
public void clientConnected() {
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/ProtocolClientStatistics.java
similarity index 85%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java
rename to geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/ProtocolClientStatistics.java
index a8070c7..9b6ca63 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/statistics/ProtobufClientStatistics.java
+++ b/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/statistics/ProtocolClientStatistics.java
@@ -12,10 +12,12 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.statistics;
+package org.apache.geode.internal.protocol.statistics;
-public interface ProtobufClientStatistics {
- String PROTOBUF_STATS_NAME = "ProtobufStats";
+public interface ProtocolClientStatistics {
+ default String getStatsName() {
+ return "ClientProtocolStats";
+ }
void clientConnected();
diff --git a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java b/geode-protobuf/src/main/proto/handshake_API.proto
similarity index 66%
rename from geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java
rename to geode-protobuf/src/main/proto/handshake_API.proto
index 3cfb2db..17f7d40 100644
--- a/geode-protobuf/src/main/java/org/apache/geode/internal/protocol/protobuf/security/Authorizer.java
+++ b/geode-protobuf/src/main/proto/handshake_API.proto
@@ -1,7 +1,7 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
@@ -12,10 +12,23 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.internal.protocol.protobuf.security;
-import org.apache.geode.security.ResourcePermission;
+syntax = "proto3";
+package org.apache.geode.internal.protocol.protobuf;
-public interface Authorizer {
- boolean authorize(Object authenticatedSubject, ResourcePermission permissionRequested);
+import "basicTypes.proto";
+
+
+enum AuthenticationMode {
+ NONE = 0;
+ SIMPLE = 1;
}
+
+message HandshakeRequest {
+ Semver version = 1;
+}
+
+message HandshakeResponse {
+ bool ok = 1;
+ Error error = 2; // only set if not OK.
+}
\ No newline at end of file
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java
index d952f0f..91e133d 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/ProtobufProtocolServiceJUnitTest.java
@@ -19,7 +19,7 @@ import static org.junit.Assert.*;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.statistics.DummyStatisticsFactory;
import org.apache.geode.test.junit.categories.UnitTest;
@@ -29,9 +29,9 @@ public class ProtobufProtocolServiceJUnitTest {
public void initializeStatistics() {
ProtobufProtocolService service = new ProtobufProtocolService();
service.initializeStatistics("first", new DummyStatisticsFactory());
- ProtobufClientStatistics firstStatistics = service.getStatistics();
+ ProtocolClientStatistics firstStatistics = service.getStatistics();
service.initializeStatistics("second", new DummyStatisticsFactory());
- ProtobufClientStatistics secondStatistics = service.getStatistics();
+ ProtocolClientStatistics secondStatistics = service.getStatistics();
assertEquals(firstStatistics, secondStatistics);
}
}
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java
index a7d0313..4a76966 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheConnectionJUnitTest.java
@@ -34,7 +34,6 @@ import java.util.Collection;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
-import org.apache.geode.distributed.internal.SecurityConfig;
import org.awaitility.Awaitility;
import org.junit.After;
import org.junit.Before;
@@ -67,7 +66,8 @@ import org.apache.geode.internal.protocol.protobuf.ClientProtocol;
import org.apache.geode.internal.protocol.protobuf.ProtobufSerializationService;
import org.apache.geode.internal.protocol.protobuf.RegionAPI;
import org.apache.geode.internal.protocol.protobuf.serializer.ProtobufProtocolSerializer;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatisticsImpl;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.serialization.SerializationService;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.util.test.TestUtil;
@@ -170,7 +170,7 @@ public class CacheConnectionJUnitTest {
InternalDistributedSystem distributedSystem =
(InternalDistributedSystem) cache.getDistributedSystem();
Statistics[] protobufStats = distributedSystem.findStatisticsByType(
- distributedSystem.findType(ProtobufClientStatistics.PROTOBUF_STATS_NAME));
+ distributedSystem.findType(ProtobufClientStatisticsImpl.PROTOBUF_CLIENT_STATISTICS));
assertEquals(1, protobufStats.length);
Statistics statistics = protobufStats[0];
assertEquals(1, statistics.get("currentClientConnections"));
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java
index 08d648f..d5638ca 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/CacheOperationsJUnitTest.java
@@ -251,8 +251,9 @@ public class CacheOperationsJUnitTest {
RegionAPI.GetRegionNamesRequest getRegionNamesRequest =
ProtobufRequestUtilities.createGetRegionNamesRequest();
- ClientProtocol.Message getRegionsMessage = ProtobufUtilities.createProtobufMessage(
- ProtobufUtilities.createProtobufRequestWithGetRegionNamesRequest(getRegionNamesRequest));
+ ClientProtocol.Message getRegionsMessage =
+ ProtobufUtilities.createProtobufMessage(ClientProtocol.Request.newBuilder()
+ .setGetRegionNamesRequest(getRegionNamesRequest).build());
protobufProtocolSerializer.serialize(getRegionsMessage, outputStream);
validateGetRegionNamesResponse(socket, protobufProtocolSerializer);
}
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java
index b4be1b6..01dac04 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/acceptance/LocatorConnectionDUnitTest.java
@@ -40,7 +40,8 @@ import org.apache.geode.internal.protocol.protobuf.ClientProtocol;
import org.apache.geode.internal.protocol.protobuf.ProtocolErrorCode;
import org.apache.geode.internal.protocol.protobuf.ServerAPI;
import org.apache.geode.internal.protocol.protobuf.serializer.ProtobufProtocolSerializer;
-import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics;
+import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatisticsImpl;
+import org.apache.geode.internal.protocol.statistics.ProtocolClientStatistics;
import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufRequestUtilities;
import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufUtilities;
import org.apache.geode.test.dunit.DistributedTestUtils;
@@ -166,7 +167,7 @@ public class LocatorConnectionDUnitTest extends JUnit4CacheTestCase {
(InternalDistributedSystem) Locator.getLocator().getDistributedSystem();
Statistics[] protobufServerStats = distributedSystem.findStatisticsByType(
- distributedSystem.findType(ProtobufClientStatistics.PROTOBUF_STATS_NAME));
+ distributedSystem.findType(ProtobufClientStatisticsImpl.PROTOBUF_CLIENT_STATISTICS));
assertEquals(1, protobufServerStats.length);
return protobufServerStats[0];
}
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/HandshakerTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/HandshakerTest.java
new file mode 100644
index 0000000..6eba760
--- /dev/null
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/HandshakerTest.java
@@ -0,0 +1,128 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.internal.protocol.protobuf;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.IncompatibleVersionException;
+import org.apache.geode.internal.protocol.security.Authenticator;
+import org.apache.geode.internal.protocol.security.Authorizer;
+import org.apache.geode.security.AuthenticationFailedException;
+import org.apache.geode.security.AuthenticationRequiredException;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category(UnitTest.class)
+public class HandshakerTest {
+
+ private Map<String, Class<? extends Authenticator>> authenticatorMap;
+ private Handshaker handshaker;
+
+ private static class AuthenticatorMock implements Authenticator {
+
+ @Override
+ public Object authenticate(InputStream inputStream, OutputStream outputStream)
+ throws IOException, AuthenticationFailedException {
+ return null;
+ }
+ }
+
+ private static class SimpleMock extends AuthenticatorMock {
+ }
+
+ private static class NoopMock extends AuthenticatorMock {
+ }
+
+ @Before
+ public void setUp() {
+ handshaker = new Handshaker();
+ assertFalse(handshaker.completed());
+ }
+
+ @Test
+ public void version1_0IsSupported() throws Exception {
+ HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder()
+ .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(1))
+ .setAuthenticationMode(HandshakeAPI.AuthenticationMode.SIMPLE).build();
+
+ ByteArrayInputStream byteArrayInputStream =
+ ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest);
+
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+
+ handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream);
+ // assertTrue(actualAuthenticator instanceof NoopMock);
+
+ assertTrue(handshaker.completed());
+ }
+
+ @Test
+ public void version2NotSupported() throws Exception {
+ HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder()
+ .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(2).setMinor(0))
+ .setAuthenticationMode(HandshakeAPI.AuthenticationMode.NONE).build();
+
+ ByteArrayInputStream byteArrayInputStream =
+ ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest);
+
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+
+ handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream);
+ }
+
+ @Test
+ public void bogusAuthenticationMode() throws Exception {
+ HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder()
+ .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(0))
+ .setAuthenticationModeValue(-1).build();
+
+ ByteArrayInputStream byteArrayInputStream =
+ ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest);
+
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+
+ handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream);
+ }
+
+ @Test
+ public void simpleIsSupported() throws Exception {
+ HandshakeAPI.HandshakeRequest handshakeRequest = HandshakeAPI.HandshakeRequest.newBuilder()
+ .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(0))
+ .setAuthenticationMode(HandshakeAPI.AuthenticationMode.SIMPLE).build();
+
+ ByteArrayInputStream byteArrayInputStream =
+ ProtobufTestUtilities.messageToByteArrayInputStream(handshakeRequest);
+
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+
+ handshaker.processHandshake(byteArrayInputStream, byteArrayOutputStream);
+ // assertTrue(actualAuthenticator instanceof SimpleMock);
+
+ assertTrue(handshaker.completed());
+ }
+}
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java
index 1972e31..419d9fe 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufShiroAuthenticatorJUnitTest.java
@@ -41,7 +41,7 @@ public class ProtobufShiroAuthenticatorJUnitTest {
private static final String TEST_USERNAME = "user1";
private static final String TEST_PASSWORD = "hunter2";
private ByteArrayInputStream byteArrayInputStream; // initialized with an incoming request in
- // setUp.
+ // setUp.
private ByteArrayOutputStream byteArrayOutputStream;
private ProtobufShiroAuthenticator protobufShiroAuthenticator;
private SecurityService mockSecurityService;
@@ -70,13 +70,12 @@ public class ProtobufShiroAuthenticatorJUnitTest {
mockSecurityService = mock(SecurityService.class);
when(mockSecurityService.login(expectedAuthProperties)).thenReturn(mockSecuritySubject);
- protobufShiroAuthenticator = new ProtobufShiroAuthenticator();
+ protobufShiroAuthenticator = new ProtobufShiroAuthenticator(mockSecurityService);
}
@Test
public void successfulAuthentication() throws IOException {
- protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream,
- mockSecurityService);
+ protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream);
AuthenticationAPI.AuthenticationResponse authenticationResponse =
getSimpleAuthenticationResponse(byteArrayOutputStream);
@@ -89,8 +88,7 @@ public class ProtobufShiroAuthenticatorJUnitTest {
when(mockSecurityService.login(expectedAuthProperties))
.thenThrow(new AuthenticationFailedException("BOOM!"));
- protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream,
- mockSecurityService);
+ protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream);
}
@Test
@@ -99,8 +97,7 @@ public class ProtobufShiroAuthenticatorJUnitTest {
when(mockSecurityService.isClientSecurityRequired()).thenReturn(false);
when(mockSecurityService.isPeerSecurityRequired()).thenReturn(false);
- protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream,
- mockSecurityService);
+ protobufShiroAuthenticator.authenticate(byteArrayInputStream, byteArrayOutputStream);
AuthenticationAPI.AuthenticationResponse authenticationResponse =
getSimpleAuthenticationResponse(byteArrayOutputStream);
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java
index 54b4e54..a9578ff 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufStreamProcessorTest.java
@@ -16,8 +16,8 @@ package org.apache.geode.internal.protocol.protobuf;
import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
-import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer;
-import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics;
+import org.apache.geode.internal.protocol.security.NoOpAuthorizer;
+import org.apache.geode.internal.protocol.statistics.NoOpStatistics;
import org.apache.geode.test.junit.categories.UnitTest;
import org.junit.Test;
import org.junit.experimental.categories.Category;
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java
index 56beb0e..43b1efa 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestExecutionContext.java
@@ -14,15 +14,10 @@
*/
package org.apache.geode.internal.protocol.protobuf;
-import com.google.protobuf.GeneratedMessageV3;
import org.apache.geode.cache.Cache;
import org.apache.geode.internal.cache.tier.sockets.MessageExecutionContext;
-import org.apache.geode.internal.protocol.protobuf.security.NoOpAuthorizer;
-import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
+import org.apache.geode.internal.protocol.security.NoOpAuthorizer;
+import org.apache.geode.internal.protocol.statistics.NoOpStatistics;
public class ProtobufTestExecutionContext {
public static MessageExecutionContext getNoAuthExecutionContext(Cache cache) {
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestUtilities.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestUtilities.java
new file mode 100644
index 0000000..827599f
--- /dev/null
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/ProtobufTestUtilities.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.protocol.protobuf;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import com.google.protobuf.GeneratedMessageV3;
+
+public class ProtobufTestUtilities {
+ public static ByteArrayInputStream messageToByteArrayInputStream(GeneratedMessageV3 message)
+ throws IOException {
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+ message.writeDelimitedTo(byteArrayOutputStream);
+ return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
+ }
+
+
+ public static ClientProtocol.Request createProtobufRequestWithGetRegionNamesRequest(
+ RegionAPI.GetRegionNamesRequest getRegionNamesRequest) {
+ return ClientProtocol.Request.newBuilder().setGetRegionNamesRequest(getRegionNamesRequest)
+ .build();
+ }
+
+ public static void verifyHandshake(InputStream inputStream, OutputStream outputStream,
+ HandshakeAPI.AuthenticationMode authenticationMode) throws IOException {
+ buildHandshakeRequest(authenticationMode).writeDelimitedTo(outputStream);
+
+ HandshakeAPI.HandshakeResponse handshakeResponse =
+ HandshakeAPI.HandshakeResponse.parseDelimitedFrom(inputStream);
+
+ assertTrue(handshakeResponse.getOk());
+ assertFalse(handshakeResponse.hasError());
+ }
+
+ public static HandshakeAPI.HandshakeRequest buildHandshakeRequest(
+ HandshakeAPI.AuthenticationMode authenticationMode) {
+ return HandshakeAPI.HandshakeRequest.newBuilder()
+ .setVersion(HandshakeAPI.Semver.newBuilder().setMajor(1).setMinor(0))
+ .setAuthenticationMode(authenticationMode).build();
+ }
+}
diff --git a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java
index 5f724d6..393fab8 100644
--- a/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java
+++ b/geode-protobuf/src/test/java/org/apache/geode/internal/protocol/protobuf/operations/GetAvailableServersOperationHandlerJUnitTest.java
@@ -25,7 +25,7 @@ import org.apache.geode.internal.protocol.protobuf.Result;
import org.apache.geode.internal.protocol.protobuf.ServerAPI;
import org.apache.geode.internal.protocol.protobuf.ServerAPI.GetAvailableServersResponse;
import org.apache.geode.internal.protocol.protobuf.Success;
-import org.apache.geode.internal.protocol.protobuf.statistics.NoOpStatistics;
+import org.apache.geode.internal.protocol.statistics.NoOpStatistics;
import org.apache.geode.internal.protocol.protobuf.utilities.ProtobufRequestUtilities;
import org.apache.geode.test.junit.categories.UnitTest;
import org.junit.Before;
--
To stop receiving notification emails like this one, please contact
"commits@geode.apache.org" <co...@geode.apache.org>.