You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/06/21 03:14:22 UTC
[1/9] incubator-geode git commit: GEODE-17: used new security
interface for integrated security.
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-1571 [created] 6cd2ff956
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
index b3eb186..41d6a5e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
@@ -16,6 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
+
package com.gemstone.gemfire.security;
import static com.gemstone.gemfire.cache30.ClientServerTestCase.*;
@@ -88,7 +89,6 @@ import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
/**
* Contains utility methods for setting up servers/clients for authentication
* and authorization tests.
- *
* @since GemFire 5.5
*/
public final class SecurityTestUtils {
@@ -170,7 +170,8 @@ public final class SecurityTestUtils {
String addr = getIPLiteral();
if (locatorString == null) {
locatorString = addr + "[" + locatorPort + ']';
- } else {
+ }
+ else {
locatorString += "," + addr + "[" + locatorPort + ']';
}
return locatorPort;
@@ -200,11 +201,24 @@ public final class SecurityTestUtils {
SecurityTestUtils.ignoredExceptions = expectedExceptions;
}
- protected static int createCacheServer(final Properties authProps, final Properties javaProps, final int locatorPort, final String locatorString, final int serverPort, final int expectedResult) {
+ protected static int createCacheServer(final Properties authProps,
+ final Properties javaProps,
+ final int locatorPort,
+ final String locatorString,
+ final int serverPort,
+ final int expectedResult)
+ {
return createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, false, expectedResult);
}
- protected static int createCacheServer(Properties authProps, final Properties javaProps, final int locatorPort, final String locatorString, final int serverPort, final boolean setupDynamicRegionFactory, final int expectedResult) {
+ protected static int createCacheServer(Properties authProps,
+ final Properties javaProps,
+ final int locatorPort,
+ final String locatorString,
+ final int serverPort,
+ final boolean setupDynamicRegionFactory,
+ final int expectedResult)
+ {
if (authProps == null) {
authProps = new Properties();
}
@@ -212,7 +226,8 @@ public final class SecurityTestUtils {
if (locatorString != null && locatorString.length() > 0) {
authProps.setProperty(LOCATORS, locatorString);
authProps.setProperty(START_LOCATOR, getIPLiteral() + "[" + locatorPort + ']');
- } else {
+ }
+ else {
authProps.setProperty(LOCATORS, "localhost[" + getDUnitLocatorPort() + "]");
}
authProps.setProperty(SECURITY_LOG_LEVEL, "finest");
@@ -223,27 +238,28 @@ public final class SecurityTestUtils {
SecurityTestUtils tmpInstance = new SecurityTestUtils("temp");
try {
tmpInstance.createSystem(authProps, javaProps);
- if (expectedResult != NO_EXCEPTION) {
- fail("Expected a security exception when starting peer");
- }
-
- } catch (AuthenticationRequiredException ex) {
+ }
+ catch (AuthenticationRequiredException ex) {
if (expectedResult == AUTHREQ_EXCEPTION) {
getLogWriter().info("Got expected exception when starting peer: " + ex);
return 0;
- } else {
+ }
+ else {
fail("Got unexpected exception when starting peer", ex);
}
- } catch (AuthenticationFailedException ex) {
+ }
+ catch (AuthenticationFailedException ex) {
if (expectedResult == AUTHFAIL_EXCEPTION) {
getLogWriter().info("Got expected exception when starting peer: " + ex);
return 0;
- } else {
+ }
+ else {
fail("Got unexpected exception when starting peer", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
fail("Got unexpected exception when starting peer", ex);
}
@@ -269,35 +285,81 @@ public final class SecurityTestUtils {
server1.setNotifyBySubscription(true);
try {
server1.start();
- } catch (Exception ex) {
- fail("Got unexpected exception when starting CacheServer", ex);
}
-
+ catch (AuthenticationRequiredException ex) {
+ if (expectedResult == AUTHREQ_EXCEPTION) {
+ getLogWriter().info("Got expected exception when starting server: " + ex);
+ return 0;
+ }
+ else {
+ fail("Got unexpected exception when starting server", ex);
+ }
+ }
+ catch (Exception ex) {
+ fail("Got unexpected exception when starting server", ex);
+ }
return server1.getPort();
}
// 1
- protected static void createCacheClient(final String authInitModule, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final int expectedResult) {
+ protected static void createCacheClient(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final int expectedResult)
+ {
createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, false, expectedResult);
}
// 2 a
- protected static void createCacheClient(final String authInitModule, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final int expectedResult) {
+ protected static void createCacheClient(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean multiUserMode,
+ final int expectedResult)
+ {
createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, false, multiUserMode, expectedResult);
}
// 3
- protected static void createCacheClientWithDynamicRegion(final String authInitModule, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean setupDynamicRegionFactory, final int expectedResult) {
+ protected static void createCacheClientWithDynamicRegion(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final int expectedResult)
+ {
createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, false, expectedResult);
}
// 4
- protected static void createCacheClient(final String authInitModule, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean setupDynamicRegionFactory, final boolean multiUserMode, final int expectedResult) {
+ protected static void createCacheClient(final String authInitModule,
+ final Properties authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final boolean multiUserMode,
+ final int expectedResult)
+ {
createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, multiUserMode, true, expectedResult);
}
// 5
- protected static void createCacheClient(final String authInitModule, Properties authProps, final Properties javaProps, int[] ports, final int numConnections, final boolean setupDynamicRegionFactory, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) {
+ protected static void createCacheClient(final String authInitModule,
+ Properties authProps,
+ final Properties javaProps,
+ int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final boolean multiUserMode,
+ final boolean subscriptionEnabled,
+ final int expectedResult)
+ {
multiUserAuthMode = multiUserMode;
if (authProps == null) {
@@ -317,10 +379,10 @@ public final class SecurityTestUtils {
AttributesFactory factory = new AttributesFactory();
int[] portsI = new int[ports.length];
- for(int z=0;z<ports.length;z++) {
+ for (int z = 0; z < ports.length; z++) {
portsI[z] = ports[z];
}
-
+
try {
PoolFactory poolFactory = PoolManager.createFactory();
poolFactory.setRetryAttempts(200);
@@ -341,15 +403,17 @@ public final class SecurityTestUtils {
tmpInstance.openCache();
try {
getLogWriter().info("multi-user mode " + multiUserAuthMode);
- proxyCaches[0] = (ProxyCache)((PoolImpl) pool).createAuthenticatedCacheView(authProps);
+ proxyCaches[0] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(authProps);
if (!multiUserAuthMode) {
fail("Expected a UnsupportedOperationException but got none in single-user mode");
}
- } catch (UnsupportedOperationException uoe) {
+ }
+ catch (UnsupportedOperationException uoe) {
if (!multiUserAuthMode) {
getLogWriter().info("Got expected UnsupportedOperationException in single-user mode");
- } else {
+ }
+ else {
fail("Got unexpected exception in multi-user mode ", uoe);
}
}
@@ -369,37 +433,61 @@ public final class SecurityTestUtils {
}
}
- } catch (AuthenticationRequiredException ex) {
+ }
+ catch (AuthenticationRequiredException ex) {
if (expectedResult == AUTHREQ_EXCEPTION || expectedResult == NOFORCE_AUTHREQ_EXCEPTION) {
- getLogWriter().info( "Got expected exception when starting client: " + ex);
- } else {
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
fail("Got unexpected exception when starting client", ex);
}
- } catch (AuthenticationFailedException ex) {
+ }
+ catch (AuthenticationFailedException ex) {
if (expectedResult == AUTHFAIL_EXCEPTION) {
getLogWriter().info("Got expected exception when starting client: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when starting client", ex);
}
- } catch (ServerRefusedConnectionException ex) {
+ }
+ catch (ServerRefusedConnectionException ex) {
if (expectedResult == CONNREFUSED_EXCEPTION) {
getLogWriter().info("Got expected exception when starting client: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when starting client", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
fail("Got unexpected exception when starting client", ex);
}
}
- protected static void createCacheClientForMultiUserMode(final int numOfUsers, final String authInitModule, final Properties[] authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean setupDynamicRegionFactory, final int expectedResult) {
+ protected static void createCacheClientForMultiUserMode(final int numOfUsers,
+ final String authInitModule,
+ final Properties[] authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final int expectedResult)
+ {
createCacheClientForMultiUserMode(numOfUsers, authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, null, expectedResult);
}
- protected static void createCacheClientForMultiUserMode(final int numOfUsers, final String authInitModule, final Properties[] authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean setupDynamicRegionFactory, final String durableClientId, final int expectedResult) {
+ protected static void createCacheClientForMultiUserMode(final int numOfUsers,
+ final String authInitModule,
+ final Properties[] authProps,
+ final Properties javaProps,
+ final int[] ports,
+ final int numConnections,
+ final boolean setupDynamicRegionFactory,
+ final String durableClientId,
+ final int expectedResult)
+ {
if (numOfUsers < 1) {
fail("Number of users cannot be less than one");
}
@@ -435,10 +523,10 @@ public final class SecurityTestUtils {
AttributesFactory factory = new AttributesFactory();
int[] portsI = new int[ports.length];
- for(int z=0;z<ports.length;z++) {
+ for (int z = 0; z < ports.length; z++) {
portsI[z] = ports[z];
}
-
+
try {
tmpInstance.openCache();
@@ -454,8 +542,8 @@ public final class SecurityTestUtils {
}
proxyCaches = new ProxyCache[numOfUsers];
- for (int i=0; i<numOfUsers; i++) {
- proxyCaches[i] = (ProxyCache)((PoolImpl) pool).createAuthenticatedCacheView(authProps[i]);
+ for (int i = 0; i < numOfUsers; i++) {
+ proxyCaches[i] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(authProps[i]);
}
factory.setScope(Scope.LOCAL);
@@ -470,28 +558,35 @@ public final class SecurityTestUtils {
}
}
- } catch (AuthenticationRequiredException ex) {
+ }
+ catch (AuthenticationRequiredException ex) {
if (expectedResult == AUTHREQ_EXCEPTION || expectedResult == NOFORCE_AUTHREQ_EXCEPTION) {
getLogWriter().info("Got expected exception when starting client: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when starting client", ex);
}
- } catch (AuthenticationFailedException ex) {
+ }
+ catch (AuthenticationFailedException ex) {
if (expectedResult == AUTHFAIL_EXCEPTION) {
getLogWriter().info("Got expected exception when starting client: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when starting client", ex);
}
- } catch (ServerRefusedConnectionException ex) {
+ }
+ catch (ServerRefusedConnectionException ex) {
if (expectedResult == CONNREFUSED_EXCEPTION) {
getLogWriter().info("Got expected exception when starting client: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when starting client", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
fail("Got unexpected exception when starting client", ex);
}
}
@@ -499,7 +594,7 @@ public final class SecurityTestUtils {
protected static void createProxyCache(final int[] userIndices, final Properties[] props) {
int j = 0;
for (int i : userIndices) {
- proxyCaches[i] = (ProxyCache)((PoolImpl) pool).createAuthenticatedCacheView(props[j]);
+ proxyCaches[i] = (ProxyCache) ((PoolImpl) pool).createAuthenticatedCacheView(props[j]);
j++;
}
}
@@ -527,7 +622,8 @@ public final class SecurityTestUtils {
locator = Locator.startLocatorAndDS(port, logFile, null, authProps);
- } catch (IOException ex) {
+ }
+ catch (IOException ex) {
fail("While starting locator on port " + port, ex);
}
}
@@ -537,7 +633,8 @@ public final class SecurityTestUtils {
locator.stop();
removeExpectedExceptions(expectedExceptions);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
fail("While stopping locator on port " + port, ex);
}
}
@@ -556,11 +653,13 @@ public final class SecurityTestUtils {
public boolean done() {
try {
return condition.call();
- } catch (Exception e) {
+ }
+ catch (Exception e) {
fail("Unexpected exception", e);
}
return false; // NOTREACHED
}
+
@Override
public String description() {
return null;
@@ -575,7 +674,7 @@ public final class SecurityTestUtils {
}
protected static void doProxyCacheClose() {
- for (int i = 0; i< proxyCaches.length; i++) {
+ for (int i = 0; i < proxyCaches.length; i++) {
proxyCaches[i].close();
}
}
@@ -589,7 +688,7 @@ public final class SecurityTestUtils {
region.putAll(map);
}
-
+
protected static void doPuts(final int num) {
doPutsP(num, NO_EXCEPTION, false);
}
@@ -648,7 +747,7 @@ public final class SecurityTestUtils {
fail("SecurityTestUtils.doMultiUserRegionDestroys(): numOfUsers = " + numOfUsers + ", but expected results " + expectedResults.length);
}
- for (int i = numOfUsers-1; i >= 0; i--) {
+ for (int i = numOfUsers - 1; i >= 0; i--) {
getLogWriter().info("DESTROY: MultiUser# " + i);
doRegionDestroysP(i, expectedResults[i]);
}
@@ -768,10 +867,12 @@ public final class SecurityTestUtils {
fail("Expected " + expectedResult + " but found none in doSimpleGet()");
}
- } catch (Exception e) {
+ }
+ catch (Exception e) {
if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
fail("Expected " + expectedResult + " but found " + e.getClass().getSimpleName() + " in doSimpleGet()");
- } else {
+ }
+ else {
getLogWriter().fine("Got expected " + e.getClass().getSimpleName() + " in doSimpleGet()");
}
}
@@ -786,10 +887,12 @@ public final class SecurityTestUtils {
fail("Expected " + expectedResult + " but found none in doSimplePut()");
}
- } catch (Exception e) {
+ }
+ catch (Exception e) {
if (!e.getClass().getSimpleName().endsWith(expectedResult)) {
fail("Expected " + expectedResult + " but found " + e.getClass().getSimpleName() + " in doSimplePut()", e);
- } else {
+ }
+ else {
getLogWriter().fine("Got expected " + e.getClass().getSimpleName() + " in doSimplePut()");
}
}
@@ -808,9 +911,10 @@ public final class SecurityTestUtils {
Map<Field, Object> contextMap = getSSLFields(defaultServerFact, new Class[] { SSLContext.class, SSLContextSpi.class });
makeNullSSLFields(defaultServerFact, contextMap);
- for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext();) {
+ for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext(); ) {
Object contextObj = contextObjsIter.next();
- Map<Field, Object> contextObjsMap = getSSLFields(contextObj, new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
+ Map<Field, Object> contextObjsMap = getSSLFields(contextObj,
+ new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
makeNullSSLFields(contextObj, contextObjsMap);
}
@@ -821,9 +925,10 @@ public final class SecurityTestUtils {
contextMap = getSSLFields(defaultFact, new Class[] { SSLContext.class, SSLContextSpi.class });
makeNullSSLFields(defaultFact, contextMap);
- for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext();) {
+ for (Iterator contextObjsIter = contextMap.values().iterator(); contextObjsIter.hasNext(); ) {
Object contextObj = contextObjsIter.next();
- Map<Field, Object> contextObjsMap = getSSLFields(contextObj, new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
+ Map<Field, Object> contextObjsMap = getSSLFields(contextObj,
+ new Class[] { TrustManager.class, KeyManager.class, TrustManager[].class, KeyManager[].class });
makeNullSSLFields(contextObj, contextObjsMap);
}
@@ -865,9 +970,9 @@ public final class SecurityTestUtils {
private static void addJavaProperties(final Properties javaProps) {
if (javaProps != null) {
- for (Iterator iter = javaProps.entrySet().iterator(); iter.hasNext();) {
- Map.Entry entry = (Map.Entry)iter.next();
- System.setProperty((String)entry.getKey(), (String)entry.getValue());
+ for (Iterator iter = javaProps.entrySet().iterator(); iter.hasNext(); ) {
+ Map.Entry entry = (Map.Entry) iter.next();
+ System.setProperty((String) entry.getKey(), (String) entry.getValue());
}
}
}
@@ -876,7 +981,7 @@ public final class SecurityTestUtils {
if (javaProps != null) {
Properties props = System.getProperties();
- for (Iterator iter = javaProps.keySet().iterator(); iter.hasNext();) {
+ for (Iterator iter = javaProps.keySet().iterator(); iter.hasNext(); ) {
props.remove(iter.next());
}
@@ -896,15 +1001,18 @@ public final class SecurityTestUtils {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
regionRef = region;
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing puts: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing puts", ex);
}
}
@@ -913,22 +1021,26 @@ public final class SecurityTestUtils {
try {
if (newVals) {
region.put(KEYS[index], NVALUES[index]);
- } else {
+ }
+ else {
region.put(KEYS[index], VALUES[index]);
}
if (expectedResult != NO_EXCEPTION) {
fail("Expected a NotAuthorizedException while doing puts");
}
- } catch(NoAvailableServersException ex) {
- if(expectedResult == NO_AVAILABLE_SERVERS) {
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing puts: " + ex.getCause());
continue;
- } else {
+ }
+ else {
fail("Got unexpected exception when doing puts", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing puts: " + ex.getCause());
continue;
@@ -942,16 +1054,20 @@ public final class SecurityTestUtils {
if ((expectedResult == AUTHFAIL_EXCEPTION) && (ex.getCause() instanceof AuthenticationFailedException)) {
getLogWriter().info("Got expected AuthenticationFailedException when doing puts: " + ex.getCause());
continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing puts: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing puts", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing puts: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing puts", ex);
}
}
@@ -980,7 +1096,8 @@ public final class SecurityTestUtils {
resultFields.put(field, fieldObj);
}
- } catch (IllegalAccessException ex) {
+ }
+ catch (IllegalAccessException ex) {
getLogWriter().warning("Exception while getting SSL fields.", ex);
}
}
@@ -988,7 +1105,7 @@ public final class SecurityTestUtils {
}
private static void makeNullSSLFields(final Object obj, final Map<Field, Object> fieldMap) {
- for (Iterator<Map.Entry<Field, Object>> fieldIter = fieldMap.entrySet().iterator(); fieldIter.hasNext();) {
+ for (Iterator<Map.Entry<Field, Object>> fieldIter = fieldMap.entrySet().iterator(); fieldIter.hasNext(); ) {
Map.Entry<Field, Object> entry = fieldIter.next();
Field field = entry.getKey();
Object fieldObj = entry.getValue();
@@ -999,7 +1116,8 @@ public final class SecurityTestUtils {
field.set(obj, null);
assertNull(field.get(obj));
- } catch (IllegalAccessException ex) {
+ }
+ catch (IllegalAccessException ex) {
getLogWriter().warning("Exception while clearing SSL fields.", ex);
}
}
@@ -1020,15 +1138,18 @@ public final class SecurityTestUtils {
field.setBoolean(null, false);
assertFalse(field.getBoolean(null));
- } else if (sslClass.isInstance(field.get(null))) {
+ }
+ else if (sslClass.isInstance(field.get(null))) {
field.set(null, null);
assertNull(field.get(null));
}
}
- } catch (IllegalAccessException ex) {
+ }
+ catch (IllegalAccessException ex) {
getLogWriter().warning("Exception while clearing static SSL field.", ex);
- } catch (ClassCastException ex) {
+ }
+ catch (ClassCastException ex) {
getLogWriter().warning("Exception while clearing static SSL field.", ex);
}
}
@@ -1039,15 +1160,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing query: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing query", ex);
}
}
@@ -1058,36 +1182,44 @@ public final class SecurityTestUtils {
if (multiUserAuthMode) {
query = proxyCaches[multiUserIndex].getQueryService().newQuery(queryString);
- } else {
+ }
+ else {
region.getCache().getQueryService().newQuery(queryString);
}
- SelectResults result = (SelectResults)query.execute();
+ SelectResults result = (SelectResults) query.execute();
if (expectedResult != NO_EXCEPTION) {
fail("Expected a NotAuthorizedException while executing function");
}
assertEquals(expectedValue, result.asList().size());
- } catch (NoAvailableServersException ex) {
+ }
+ catch (NoAvailableServersException ex) {
if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when executing query: " + ex.getCause());
- } else {
+ }
+ else {
fail("Got unexpected exception when executing query", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when executing query: " + ex.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing query: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing query", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing query: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing query", ex);
}
}
@@ -1098,15 +1230,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing function: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing function", ex);
}
}
@@ -1118,17 +1253,21 @@ public final class SecurityTestUtils {
if ("region".equals(method)) {
execution = FunctionService.onRegion(region);
- } else if ("server".equals(method)) {
+ }
+ else if ("server".equals(method)) {
if (multiUserAuthMode) {
execution = FunctionService.onServer(proxyCaches[multiUserIndex]);
- } else {
+ }
+ else {
execution = FunctionService.onServer(pool);
}
- } else { // if ("servers".equals(method)) {
+ }
+ else { // if ("servers".equals(method)) {
if (multiUserAuthMode) {
execution = FunctionService.onServers(proxyCaches[multiUserIndex]);
- } else {
+ }
+ else {
execution = FunctionService.onServers(pool);
}
}
@@ -1138,36 +1277,47 @@ public final class SecurityTestUtils {
fail("Expected a NotAuthorizedException while executing function");
}
- } catch (NoAvailableServersException ex) {
+ }
+ catch (NoAvailableServersException ex) {
if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when executing function: " + ex.getCause());
- } else {
+ }
+ else {
fail("Got unexpected exception when executing function", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when executing function: " + ex.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing function: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing function", ex);
}
- } catch (FunctionException ex) {
+ }
+ catch (FunctionException ex) {
// if NOTAUTHZ_EXCEPTION AND (cause is NotAuthorizedException OR (cause is ServerOperationException AND cause.cause is NotAuthorizedException))
- if (expectedResult == NOTAUTHZ_EXCEPTION && (ex.getCause() instanceof NotAuthorizedException || (ex.getCause() instanceof ServerOperationException && ex.getCause().getCause() instanceof NotAuthorizedException)) ) {
+ if (expectedResult == NOTAUTHZ_EXCEPTION && (ex.getCause() instanceof NotAuthorizedException || (ex.getCause() instanceof ServerOperationException && ex
+ .getCause().getCause() instanceof NotAuthorizedException))) {
getLogWriter().info("Got expected NotAuthorizedException when executing function: " + ex.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing function: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing function", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when executing function: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when executing function", ex);
}
}
@@ -1178,15 +1328,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing queries: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing queries", ex);
}
}
@@ -1200,35 +1353,45 @@ public final class SecurityTestUtils {
fail("Expected a NotAuthorizedException while doing queries");
}
- } catch (NoAvailableServersException ex) {
+ }
+ catch (NoAvailableServersException ex) {
if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing queries: " + ex.getCause());
- } else {
+ }
+ else {
fail("Got unexpected exception when doing queries", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing queries: " + ex.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing queries: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing queries", ex);
}
- } catch (QueryInvocationTargetException qite) {
+ }
+ catch (QueryInvocationTargetException qite) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (qite.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing queries: " + qite.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing queries: " + qite);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing queries", qite);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing queries: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing queries", ex);
}
}
@@ -1241,15 +1404,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing containsKey: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing containsKey", ex);
}
}
@@ -1263,28 +1429,35 @@ public final class SecurityTestUtils {
fail("Expected a NotAuthorizedException while doing containsKey");
}
- } catch(NoAvailableServersException ex) {
- if(expectedResult == NO_AVAILABLE_SERVERS) {
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing containsKey: " + ex.getCause());
continue;
- } else {
+ }
+ else {
fail("Got unexpected exception when doing containsKey", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing containsKey: " + ex.getCause());
continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing containsKey: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing containsKey", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing containsKey: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing containsKey", ex);
}
}
@@ -1300,15 +1473,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing invalidates: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing invalidates", ex);
}
}
@@ -1320,28 +1496,35 @@ public final class SecurityTestUtils {
fail("Expected a NotAuthorizedException while doing invalidates");
}
- } catch(NoAvailableServersException ex) {
+ }
+ catch (NoAvailableServersException ex) {
if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing invalidates: " + ex.getCause());
continue;
- } else {
+ }
+ else {
fail("Got unexpected exception when doing invalidates", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing invalidates: " + ex.getCause());
continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing invalidates: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing invalidates", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing invalidates: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing invalidates", ex);
}
}
@@ -1355,15 +1538,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing destroys: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing destroys", ex);
}
}
@@ -1375,28 +1561,35 @@ public final class SecurityTestUtils {
fail("Expected a NotAuthorizedException while doing destroys");
}
- } catch(NoAvailableServersException ex) {
- if(expectedResult == NO_AVAILABLE_SERVERS) {
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing destroys: " + ex.getCause());
continue;
- } else {
+ }
+ else {
fail("Got unexpected exception when doing destroys", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing destroys: " + ex.getCause());
continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing destroys: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing destroys", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing destroys: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing destroys", ex);
}
}
@@ -1408,15 +1601,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing region destroy: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing region destroy", ex);
}
}
@@ -1429,31 +1625,39 @@ public final class SecurityTestUtils {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNull(region);
- } catch (NoAvailableServersException ex) {
+ }
+ catch (NoAvailableServersException ex) {
if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing region destroy: " + ex.getCause());
- } else {
+ }
+ else {
fail("Got unexpected exception when doing region destroy", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing region destroy: " + ex.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing region destroy: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing region destroy", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing region destroy: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing region destroy", ex);
}
}
@@ -1488,15 +1692,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing getAll: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing getAll", ex);
}
}
@@ -1523,32 +1730,40 @@ public final class SecurityTestUtils {
if ((expectedResult == NOTAUTHZ_EXCEPTION)) {
assertEquals(0, entries.size());
- } else if ((expectedResult == NO_EXCEPTION)) {
+ }
+ else if ((expectedResult == NO_EXCEPTION)) {
assertEquals(2, entries.size());
assertEquals("value1", entries.get("key1"));
assertEquals("value2", entries.get("key2"));
}
- } catch (NoAvailableServersException ex) {
+ }
+ catch (NoAvailableServersException ex) {
if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing getAll: " + ex.getCause());
- } else {
+ }
+ else {
fail("Got unexpected exception when doing getAll", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing getAll: " + ex.getCause());
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing getAll: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing getAll", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing getAll: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing getAll", ex);
}
}
@@ -1565,15 +1780,18 @@ public final class SecurityTestUtils {
try {
if (multiUserAuthMode) {
region = proxyCaches[multiUserIndex].getRegion(REGION_NAME);
- } else {
+ }
+ else {
region = getCache().getRegion(REGION_NAME);
}
assertNotNull(region);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing gets: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing gets", ex);
}
}
@@ -1584,7 +1802,8 @@ public final class SecurityTestUtils {
try {
region.localInvalidate(KEYS[index]);
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
}
value = region.get(KEYS[index]);
@@ -1592,28 +1811,35 @@ public final class SecurityTestUtils {
fail("Expected a NotAuthorizedException while doing gets");
}
- } catch(NoAvailableServersException ex) {
- if(expectedResult == NO_AVAILABLE_SERVERS) {
+ }
+ catch (NoAvailableServersException ex) {
+ if (expectedResult == NO_AVAILABLE_SERVERS) {
getLogWriter().info("Got expected NoAvailableServers when doing gets: " + ex.getCause());
continue;
- } else {
+ }
+ else {
fail("Got unexpected exception when doing gets", ex);
}
- } catch (ServerConnectivityException ex) {
+ }
+ catch (ServerConnectivityException ex) {
if ((expectedResult == NOTAUTHZ_EXCEPTION) && (ex.getCause() instanceof NotAuthorizedException)) {
getLogWriter().info("Got expected NotAuthorizedException when doing gets: " + ex.getCause());
continue;
- } else if (expectedResult == OTHER_EXCEPTION) {
+ }
+ else if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing gets: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing gets", ex);
}
- } catch (Exception ex) {
+ }
+ catch (Exception ex) {
if (expectedResult == OTHER_EXCEPTION) {
getLogWriter().info("Got expected exception when doing gets: " + ex);
- } else {
+ }
+ else {
fail("Got unexpected exception when doing gets", ex);
}
}
@@ -1622,7 +1848,8 @@ public final class SecurityTestUtils {
if (newVals) {
assertEquals(NVALUES[index], value);
- } else {
+ }
+ else {
assertEquals(VALUES[index], value);
}
}
@@ -1656,9 +1883,10 @@ public final class SecurityTestUtils {
private String fname;
private String lname;
- public Employee() {}
+ public Employee() {
+ }
- public Employee(Long id, String fn, String ln){
+ public Employee(Long id, String fn, String ln) {
this.Id = id;
this.fname = fn;
this.lname = ln;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/excludedClasses.txt
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/excludedClasses.txt b/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/excludedClasses.txt
index 61a5937..0ebf1c9 100644
--- a/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/excludedClasses.txt
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/codeAnalysis/excludedClasses.txt
@@ -144,4 +144,6 @@ com/gemstone/gemfire/cache/operations/StopCQOperationContext
com/gemstone/gemfire/cache/operations/UnregisterInterestOperationContext
com/gemstone/gemfire/cache/operations/internal/GetOperationContextImpl
com/gemstone/gemfire/internal/cache/operations/ContainsKeyOperationContext
-com/gemstone/gemfire/management/internal/security/ResourceOperationContext
\ No newline at end of file
+com/gemstone/gemfire/security/GeodePermission
+com/gemstone/gemfire/security/GeodePermission$Operation
+com/gemstone/gemfire/security/GeodePermission$Resource
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
index 245e89c..cae2269 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/Server.java
@@ -18,6 +18,24 @@
*/
package com.vmware.gemfire.tools.pulse.tests;
+import java.io.IOException;
+import java.lang.management.ManagementFactory;
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.HashMap;
+import java.util.Map;
+import javax.management.InstanceAlreadyExistsException;
+import javax.management.MBeanRegistrationException;
+import javax.management.MBeanServer;
+import javax.management.MalformedObjectNameException;
+import javax.management.NotCompliantMBeanException;
+import javax.management.ObjectName;
+import javax.management.remote.JMXConnectorServer;
+import javax.management.remote.JMXConnectorServerFactory;
+import javax.management.remote.JMXServiceURL;
+
import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
import com.gemstone.gemfire.management.internal.security.AccessControlMBean;
@@ -25,27 +43,12 @@ import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
import com.gemstone.gemfire.management.internal.security.MBeanServerWrapper;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.vmware.gemfire.tools.pulse.internal.data.PulseConstants;
+
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
-import javax.management.*;
-import javax.management.remote.JMXConnectorServer;
-import javax.management.remote.JMXConnectorServerFactory;
-import javax.management.remote.JMXServiceURL;
-import java.io.IOException;
-import java.lang.management.ManagementFactory;
-import java.net.Inet4Address;
-import java.net.Inet6Address;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
public class Server {
private static final String DEFAULT_HOST = "127.0.0.1"; //"localhost"
private static final int DEFAULT_PORT = 9999;
@@ -64,14 +67,11 @@ public class Server {
if (jsonAuthFile != null) {
System.setProperty("spring.profiles.active", "pulse.authentication.gemfire");
- Properties props = new Properties();
- props.put(SECURITY_CLIENT_AUTHENTICATOR, JSONAuthorization.class.getName() + ".create");
- //props.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create");
JSONAuthorization.setUpWithJsonFile(jsonAuthFile);
Map<String, Object> env = new HashMap<String, Object>();
// set up Shiro Security Manager
- Realm realm = new CustomAuthRealm(props);
+ Realm realm = new CustomAuthRealm(JSONAuthorization.class.getName() + ".create");
SecurityManager securityManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
[9/9] incubator-geode git commit: GEODE-1571: adding integrated
security to client-server and fix the tests
Posted by ji...@apache.org.
GEODE-1571: adding integrated security to client-server and fix the tests
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/6cd2ff95
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/6cd2ff95
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/6cd2ff95
Branch: refs/heads/feature/GEODE-1571
Commit: 6cd2ff956bb7b2fb71a3f6e00cd333b08628c2b4
Parents: ea9a585
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Mon Jun 20 19:59:54 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Mon Jun 20 20:08:58 2016 -0700
----------------------------------------------------------------------
.../internal/cache/tier/sockets/ClientUserAuths.java | 7 +++++--
.../cache/tier/sockets/ServerConnection.java | 4 ----
.../cache/tier/sockets/ServerHandShakeProcessor.java | 3 +--
.../gemfire/internal/security/GeodeSecurityUtil.java | 3 +++
.../internal/security/CliCommandsSecurityTest.java | 2 +-
.../GeodeSecurityUtilWithIniFileJUnitTest.java | 14 +++++++-------
.../internal/security/GfshCommandsSecurityTest.java | 2 +-
.../security/IntegratedClientAuthDUnitTest.java | 15 +++++++--------
8 files changed, 25 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
index 840bbfc..27f7fa8 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
@@ -21,14 +21,17 @@ import java.util.Map;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+
+import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import org.apache.shiro.subject.Subject;
-
public class ClientUserAuths
{
+ private static Logger logger = LogService.getLogger();
// private AtomicLong counter = new AtomicLong(1);
private Random uniqueIdGenerator = null;
private int m_seed;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
index 39c4cc7..27cb62a 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
@@ -413,10 +413,6 @@ public class ServerConnection implements Runnable {
public Version getClientVersion() {
return this.handshake.getVersion();
}
-
- public ClientUserAuths getClientUserAuths(){
- return this.clientUserAuths;
- }
protected void setProxyId(ClientProxyMembershipID proxyId) {
this.proxyId = proxyId;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
index eef147a..d697338 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
@@ -313,8 +313,7 @@ public class ServerHandShakeProcessor {
long uniqueId;
if(principal instanceof Subject){
- uniqueId = connection.getClientUserAuths().putSubject((Subject)principal);
- logger.info("Put subject in Map: "+uniqueId+" for "+ ((Subject)principal).getPrincipal());
+ uniqueId = connection.getClientUserAuths(connection.getProxyID()).putSubject((Subject)principal);
}
else {
//this sets principal in map as well....
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 17bfec0..e1b29bc 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -108,6 +108,9 @@ public class GeodeSecurityUtil {
return null;
}
+ // this makes sure it starts with a clean user object
+ ThreadContext.remove();
+
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token =
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index 55284b4..abcafaf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -73,7 +73,7 @@ public class CliCommandsSecurityTest {
}
catch(NotAuthorizedException e){
assertTrue(e.getMessage()+" should contain "+command.getPermission(),
- e.getMessage().contains("["+command.getPermission().toString()+"]"));
+ e.getMessage().contains(command.getPermission().toString()));
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index c44e364..f71b0f8 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -22,18 +22,18 @@ import static org.assertj.core.api.Assertions.*;
import java.util.Properties;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodePermission;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
import org.apache.shiro.util.ThreadContext;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.GeodePermission;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
/**
* this test and ShiroUtilCustomRealmJUunitTest uses the same test body, but initialize the SecurityUtils differently.
* If you change shiro.ini, remmber to change the shiro-ini.json to match the changes as well.
@@ -141,7 +141,7 @@ public class GeodeSecurityUtilWithIniFileJUnitTest {
}
private void assertNotAuthorized(GeodePermission context){
- assertThatThrownBy(()-> GeodeSecurityUtil.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining("["+context.toString()+"]");
+ assertThatThrownBy(()-> GeodeSecurityUtil.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining(context.toString());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index dda844e..6d42aa8 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -168,7 +168,7 @@ public class GfshCommandsSecurityTest {
assertEquals(ResultBuilder.ERRORCODE_UNAUTHORIZED, ((ErrorResultData) result.getResultData()).getErrorCode());
String resultMessage = result.getContent().toString();
String permString = other.getPermission().toString();
- assertTrue(resultMessage+" does not contain "+permString,resultMessage.contains("["+permString+"]"));
+ assertTrue(resultMessage+" does not contain "+permString,resultMessage.contains(permString));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/6cd2ff95/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index dbd88a9..6aef2a1 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -85,13 +85,13 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
keys.add("key1");
keys.add("key2");
-// // have one client log in as authorized user to put some data in the regions first.
-// client2.invoke(()->{
-// Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
-// final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
-// region.putAll(allValues);
-// cache.close();
-// });
+ // have one client log in as authorized user to put some data in the regions first.
+ client2.invoke(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ region.putAll(allValues);
+ cache.close();
+ });
// client1 connects to server as a user not authorized to do any operations
AsyncInvocation ai1 = client1.invokeAsync(()->{
@@ -162,7 +162,6 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
});
ai1.join();
-
ai2.join();
ai3.join();
[7/9] incubator-geode git commit: client server
Posted by ji...@apache.org.
client server
client server
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/c6e7a3bd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/c6e7a3bd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/c6e7a3bd
Branch: refs/heads/feature/GEODE-1571
Commit: c6e7a3bd207a273898db901c048540339a58f3ee
Parents: f447023
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Wed Jun 15 14:37:42 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Mon Jun 20 12:13:55 2016 -0700
----------------------------------------------------------------------
.../client/internal/CloseConnectionOp.java | 4 +-
.../cache/tier/sockets/CacheClientNotifier.java | 134 +++--
.../internal/cache/tier/sockets/HandShake.java | 141 +++--
.../cache/tier/sockets/ServerConnection.java | 108 ++--
.../tier/sockets/ServerHandShakeProcessor.java | 88 +--
.../cache/tier/sockets/command/Get70.java | 15 +-
.../cache/tier/sockets/command/GetAll.java | 23 +-
.../cache/tier/sockets/command/GetAll651.java | 16 +-
.../cache/tier/sockets/command/GetAll70.java | 30 +-
.../cache/tier/sockets/command/KeySet.java | 25 +-
.../cache/tier/sockets/command/Put.java | 271 ++++-----
.../cache/tier/sockets/command/Put65.java | 592 +++++++++----------
.../cache/tier/sockets/command/PutAll80.java | 5 +-
.../cache/tier/sockets/command/Query.java | 42 +-
.../internal/security/GeodeSecurityUtil.java | 69 ++-
.../security/shiro/CustomAuthRealm.java | 16 +-
.../internal/cli/commands/DataCommands.java | 21 +-
.../cli/functions/DataCommandFunction.java | 23 +-
.../gemfire/security/GeodePermission.java | 41 +-
.../gemfire/security/PostProcessor.java | 26 +
.../templates/SampleJsonAuthorization.java | 20 +-
.../security/templates/SamplePostProcessor.java | 44 ++
.../internal/cli/GfshParserJUnitTest.java | 15 +-
.../security/CliCommandsSecurityTest.java | 13 +-
.../security/GfshCommandsPostProcessorTest.java | 70 +++
.../security/GfshCommandsSecurityTest.java | 26 +-
.../security/GfshShellConnectionRule.java | 4 +
.../JsonAuthorizationCacheStartRule.java | 24 +-
.../internal/security/MultiUserDUnitTest.java | 30 +-
.../security/IntegratedClientAuthDUnitTest.java | 179 ++++++
.../gemfire/security/SecurityTestUtils.java | 33 +-
.../com/gemstone/gemfire/test/dunit/Invoke.java | 22 +-
.../internal/JUnit4DistributedTestCase.java | 44 +-
.../internal/security/clientServer.json | 160 +++++
34 files changed, 1546 insertions(+), 828 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
index c8990f4..2845ef9 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/client/internal/CloseConnectionOp.java
@@ -16,11 +16,11 @@
*/
package com.gemstone.gemfire.cache.client.internal;
+import java.io.EOFException;
+
import com.gemstone.gemfire.internal.cache.tier.MessageType;
import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
-import java.io.EOFException;
-
/**
* Tell a server that a connection is being closed
* @since GemFire 5.7
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
index 30ab4a4..11d3405 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/CacheClientNotifier.java
@@ -17,8 +17,50 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
-import com.gemstone.gemfire.*;
-import com.gemstone.gemfire.cache.*;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.BufferedOutputStream;
+import java.io.DataInput;
+import java.io.DataInputStream;
+import java.io.DataOutput;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.CopyOnWriteArraySet;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+
+import org.apache.logging.log4j.Logger;
+
+import com.gemstone.gemfire.CancelException;
+import com.gemstone.gemfire.DataSerializer;
+import com.gemstone.gemfire.Instantiator;
+import com.gemstone.gemfire.InternalGemFireError;
+import com.gemstone.gemfire.StatisticsFactory;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheEvent;
+import com.gemstone.gemfire.cache.CacheException;
+import com.gemstone.gemfire.cache.InterestRegistrationEvent;
+import com.gemstone.gemfire.cache.InterestRegistrationListener;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionDestroyedException;
+import com.gemstone.gemfire.cache.RegionExistsException;
+import com.gemstone.gemfire.cache.UnsupportedVersionException;
import com.gemstone.gemfire.cache.client.internal.PoolImpl;
import com.gemstone.gemfire.cache.client.internal.PoolImpl.PoolTask;
import com.gemstone.gemfire.cache.query.CqException;
@@ -29,11 +71,45 @@ import com.gemstone.gemfire.cache.query.internal.cq.ServerCQ;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.internal.*;
-import com.gemstone.gemfire.internal.*;
-import com.gemstone.gemfire.internal.cache.*;
+import com.gemstone.gemfire.distributed.internal.DM;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionManager;
+import com.gemstone.gemfire.distributed.internal.HighPriorityDistributionMessage;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.MessageWithReply;
+import com.gemstone.gemfire.distributed.internal.ReplyMessage;
+import com.gemstone.gemfire.distributed.internal.ReplyProcessor21;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.DummyStatisticsFactory;
+import com.gemstone.gemfire.internal.InternalDataSerializer;
+import com.gemstone.gemfire.internal.InternalInstantiator;
+import com.gemstone.gemfire.internal.SocketCloser;
+import com.gemstone.gemfire.internal.SystemTimer;
+import com.gemstone.gemfire.internal.Version;
+import com.gemstone.gemfire.internal.VersionedDataInputStream;
+import com.gemstone.gemfire.internal.VersionedDataOutputStream;
+import com.gemstone.gemfire.internal.cache.CacheClientStatus;
+import com.gemstone.gemfire.internal.cache.CacheDistributionAdvisor;
+import com.gemstone.gemfire.internal.cache.CacheServerImpl;
+import com.gemstone.gemfire.internal.cache.ClientRegionEventImpl;
+import com.gemstone.gemfire.internal.cache.ClientServerObserver;
+import com.gemstone.gemfire.internal.cache.ClientServerObserverHolder;
+import com.gemstone.gemfire.internal.cache.Conflatable;
+import com.gemstone.gemfire.internal.cache.DistributedRegion;
+import com.gemstone.gemfire.internal.cache.EntryEventImpl;
+import com.gemstone.gemfire.internal.cache.EnumListenerEvent;
+import com.gemstone.gemfire.internal.cache.EventID;
+import com.gemstone.gemfire.internal.cache.FilterProfile;
import com.gemstone.gemfire.internal.cache.FilterRoutingInfo.FilterInfo;
-import com.gemstone.gemfire.internal.cache.ha.*;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.InternalCacheEvent;
+import com.gemstone.gemfire.internal.cache.LocalRegion;
+import com.gemstone.gemfire.internal.cache.RegionEventImpl;
+import com.gemstone.gemfire.internal.cache.ha.HAContainerMap;
+import com.gemstone.gemfire.internal.cache.ha.HAContainerRegion;
+import com.gemstone.gemfire.internal.cache.ha.HAContainerWrapper;
+import com.gemstone.gemfire.internal.cache.ha.HARegionQueue;
+import com.gemstone.gemfire.internal.cache.ha.ThreadIdentifier;
import com.gemstone.gemfire.internal.cache.tier.Acceptor;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
import com.gemstone.gemfire.internal.cache.versions.VersionTag;
@@ -44,17 +120,6 @@ import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.security.AccessControl;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
-import org.apache.logging.log4j.Logger;
-
-import java.io.*;
-import java.lang.reflect.Method;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.security.Principal;
-import java.util.*;
-import java.util.concurrent.*;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
/**
* Class <code>CacheClientNotifier</code> works on the server and manages
@@ -344,26 +409,27 @@ public class CacheClientNotifier {
if (securityLogWriter.fineEnabled()) {
securityLogWriter.fine("CacheClientNotifier: verifying credentials for proxyID: " + proxyID);
}
- Principal principal = HandShake.verifyCredentials(authenticator,
+ Object subject = HandShake.verifyCredentials(authenticator,
credentials, system.getSecurityProperties(), this.logWriter,
this.securityLogWriter, member);
- if (securityLogWriter.fineEnabled()) {
- securityLogWriter.fine("CacheClientNotifier: successfully verified credentials for proxyID: " + proxyID + " having principal: " + principal.getName());
- }
- String postAuthzFactoryName = sysProps
- .getProperty(SECURITY_CLIENT_ACCESSOR_PP);
- if (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) {
- if (principal == null) {
- securityLogWriter.warning(
- LocalizedStrings.CacheClientNotifier_CACHECLIENTNOTIFIER_POST_PROCESS_AUTHORIZATION_CALLBACK_ENABLED_BUT_AUTHENTICATION_CALLBACK_0_RETURNED_WITH_NULL_CREDENTIALS_FOR_PROXYID_1,
- new Object[] {
- SECURITY_CLIENT_AUTHENTICATOR, proxyID });
+ if(subject instanceof Principal){
+ Principal principal = (Principal) subject;
+ if (securityLogWriter.fineEnabled()) {
+ securityLogWriter.fine("CacheClientNotifier: successfully verified credentials for proxyID: " + proxyID + " having principal: " + principal.getName());
+ }
+
+ String postAuthzFactoryName = sysProps
+ .getProperty(SECURITY_CLIENT_ACCESSOR_PP);
+ if (postAuthzFactoryName != null && postAuthzFactoryName.length() > 0) {
+ if (principal == null) {
+ securityLogWriter.warning(LocalizedStrings.CacheClientNotifier_CACHECLIENTNOTIFIER_POST_PROCESS_AUTHORIZATION_CALLBACK_ENABLED_BUT_AUTHENTICATION_CALLBACK_0_RETURNED_WITH_NULL_CREDENTIALS_FOR_PROXYID_1, new Object[] {
+ SECURITY_CLIENT_AUTHENTICATOR, proxyID
+ });
+ }
+ Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
+ authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
+ authzCallback.init(principal, member, this.getCache());
}
- Method authzMethod = ClassLoadUtil
- .methodFromName(postAuthzFactoryName);
- authzCallback = (AccessControl)authzMethod.invoke(null,
- (Object[])null);
- authzCallback.init(principal, member, this.getCache());
}
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index a926772..89a3fa8 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -17,6 +17,52 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.DataOutput;
+import java.io.DataOutputStream;
+import java.io.EOFException;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.Method;
+import java.math.BigInteger;
+import java.net.Socket;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.Signature;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyAgreement;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.DHParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.net.ssl.SSLSocket;
+
+import org.apache.logging.log4j.Logger;
+
import com.gemstone.gemfire.CancelCriterion;
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.InternalGemFireException;
@@ -26,37 +72,32 @@ import com.gemstone.gemfire.cache.client.ServerRefusedConnectionException;
import com.gemstone.gemfire.cache.client.internal.Connection;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.distributed.internal.*;
+import com.gemstone.gemfire.distributed.internal.DM;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.LonerDistributionManager;
+import com.gemstone.gemfire.distributed.internal.ServerLocation;
import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
-import com.gemstone.gemfire.internal.*;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.HeapDataOutputStream;
+import com.gemstone.gemfire.internal.InternalDataSerializer;
+import com.gemstone.gemfire.internal.InternalInstantiator;
+import com.gemstone.gemfire.internal.Version;
+import com.gemstone.gemfire.internal.VersionedDataInputStream;
+import com.gemstone.gemfire.internal.VersionedDataOutputStream;
import com.gemstone.gemfire.internal.cache.tier.Acceptor;
import com.gemstone.gemfire.internal.cache.tier.ClientHandShake;
import com.gemstone.gemfire.internal.cache.tier.ConnectionProxy;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.pdx.internal.PeerTypeRegistration;
-import com.gemstone.gemfire.security.*;
-import org.apache.logging.log4j.Logger;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyAgreement;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.DHParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import javax.net.ssl.SSLSocket;
-import java.io.*;
-import java.lang.reflect.Method;
-import java.math.BigInteger;
-import java.net.Socket;
-import java.security.*;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.*;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.AuthenticationRequiredException;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.GemFireSecurityException;
public class HandShake implements ClientHandShake
{
@@ -1747,40 +1788,54 @@ public class HandShake implements ClientHandShake
}
return credentials;
}
-
- public static Principal verifyCredentials(String authenticatorMethod,
+
+ /**
+ * this could return either a Subject or a Principal depending on if it's integrated security or not
+ * @param authenticatorMethod
+ * @param credentials
+ * @param securityProperties
+ * @param logWriter
+ * @param securityLogWriter
+ * @param member
+ * @return
+ * @throws AuthenticationRequiredException
+ * @throws AuthenticationFailedException
+ */
+ public static Object verifyCredentials(String authenticatorMethod,
Properties credentials, Properties securityProperties, InternalLogWriter logWriter,
InternalLogWriter securityLogWriter, DistributedMember member)
throws AuthenticationRequiredException, AuthenticationFailedException {
+ if (authenticatorMethod == null || authenticatorMethod.length() == 0) {
+ return null;
+ }
+
Authenticator auth = null;
try {
- if (authenticatorMethod == null || authenticatorMethod.length() == 0) {
- return null;
+ if(AcceptorImpl.isIntegratedSecurity()){
+ String username = credentials.getProperty("security-username");
+ String password = credentials.getProperty("security-password");
+ return GeodeSecurityUtil.login(username, password);
+ }
+ else {
+ Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorMethod);
+ auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null);
+ auth.init(securityProperties, logWriter, securityLogWriter);
+ return auth.authenticate(credentials, member);
}
- Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorMethod);
- auth = (Authenticator)instanceGetter.invoke(null, (Object[])null);
- }
- catch (Exception ex) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
}
- if (auth == null) {
- throw new AuthenticationFailedException(
- LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
+ catch(AuthenticationFailedException ex){
+ throw ex;
}
- auth.init(securityProperties, logWriter, securityLogWriter);
- Principal principal;
- try {
- principal = auth.authenticate(credentials, member);
+ catch (Exception ex) {
+ throw new AuthenticationFailedException(ex.getMessage(), ex);
}
finally {
- auth.close();
+ if(auth!=null) auth.close();
}
- return principal;
}
- public Principal verifyCredentials() throws AuthenticationRequiredException,
+ public Object verifyCredentials() throws AuthenticationRequiredException,
AuthenticationFailedException {
String methodName = this.system.getProperties().getProperty(
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
index 7bb35da..3a6cadb 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
@@ -35,6 +35,10 @@ import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.LinkedBlockingQueue;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
+
import com.gemstone.gemfire.CancelException;
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.SystemFailure;
@@ -67,10 +71,6 @@ import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import org.apache.logging.log4j.Logger;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.util.ThreadState;
-
/**
* Provides an implementation for the server socket end of the hierarchical
* cache connection. Each server connection runs in its own thread to maximize
@@ -413,6 +413,10 @@ public class ServerConnection implements Runnable {
public Version getClientVersion() {
return this.handshake.getVersion();
}
+
+ public ClientUserAuths getClientUserAuths(){
+ return this.clientUserAuths;
+ }
protected void setProxyId(ClientProxyMembershipID proxyId) {
this.proxyId = proxyId;
@@ -429,14 +433,6 @@ public class ServerConnection implements Runnable {
protected void setPrincipal(Principal principal) {
this.principal = principal;
}
-
- protected void setAuthorizeRequest(AuthorizeRequest authzRequest) {
- this.authzRequest = authzRequest;
- }
-
- protected void setPostAuthorizeRequest(AuthorizeRequestPP postAuthzRequest) {
- this.postAuthzRequest = postAuthzRequest;
- }
//hitesh:this is for backward compability
public long setUserAuthorizeAndPostAuthorizeRequest(
@@ -456,23 +452,6 @@ public class ServerConnection implements Runnable {
throw npe;
}
}
- //this is backward compability only, if any race condition happens.
- //where server is unregistering the client and client is creating new connection.
- private void resetUserAuthorizeAndPostAuthorizeRequest()
- {
- if (AcceptorImpl.isAuthenticationRequired()
- && (this.handshake.getVersion().compareTo(Version.GFE_65) < 0
- || this.getCommunicationMode() == Acceptor.GATEWAY_TO_GATEWAY))
- {
- ClientUserAuths cua = proxyIdVsClientUserAuths.get(this.proxyId);
- if (cua != this.clientUserAuths)
- {
- UserAuthAttributes uaa = this.clientUserAuths.getUserAuthAttributes(this.userAuthId);
- initializeClientUserAuths();
- this.userAuthId = this.clientUserAuths.putUserAuth(uaa);
- }
- }
- }
public InternalLogWriter getSecurityLogWriter() {
return this.securityLogWriter;
@@ -806,10 +785,14 @@ public class ServerConnection implements Runnable {
}
// if a subject exists for this uniqueId, binds the subject to this thread so that we can do authorization later
- if(AcceptorImpl.isIntegratedSecurity()) {
+ if(AcceptorImpl.isIntegratedSecurity() && !isInternalMessage()) {
long uniqueId = getUniqueId();
+ logger.info(command + " received with uniqueId "+uniqueId);
Subject subject = this.clientUserAuths.getSubject(uniqueId);
- threadState = GeodeSecurityUtil.bindSubject(subject);
+ if(subject!=null) {
+ threadState = GeodeSecurityUtil.bindSubject(subject);
+ logger.info("binding " + subject.getPrincipal() + " to the current thread");
+ }
}
command.execute(msg, this);
@@ -1061,30 +1044,27 @@ public class ServerConnection implements Runnable {
DataInputStream dinp = new DataInputStream(bis);
Properties credentials = DataSerializer.readProperties(dinp);
- String username = credentials.getProperty("security-username");
- String password = credentials.getProperty("security-password");
-
// When here, security is enfored on server, if login returns a subject, then it's the newly integrated security, otherwise, do it the old way.
long uniqueId;
- Subject subject = GeodeSecurityUtil.login(username, password);
- if(subject!=null){
+
+ DistributedSystem system = this.getDistributedSystem();
+ String methodName = system.getProperties().getProperty(
+ SECURITY_CLIENT_AUTHENTICATOR);
+
+ Object principal = HandShake.verifyCredentials(methodName, credentials,
+ system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(), (InternalLogWriter) system
+ .getSecurityLogWriter(), this.proxyId.getDistributedMember());
+ if(principal instanceof Subject){
+ Subject subject = (Subject)principal;
uniqueId = this.clientUserAuths.putSubject(subject);
+ logger.info("Put subject in Map: "+uniqueId+" for "+ subject.getPrincipal());
}
else {
- DistributedSystem system = this.getDistributedSystem();
- String methodName = system.getProperties().getProperty(
- SECURITY_CLIENT_AUTHENTICATOR);
-
- Principal principal = HandShake.verifyCredentials(methodName, credentials,
- system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(), (InternalLogWriter) system
- .getSecurityLogWriter(), this.proxyId.getDistributedMember());
-
//this sets principal in map as well....
- uniqueId = ServerHandShakeProcessor.getUniqueId(this, principal);
+ uniqueId = ServerHandShakeProcessor.getUniqueId(this, (Principal)principal);
}
-
- //create secure part which will be send in respones
-
+
+ //create secure part which will be send in respones
return encryptId(uniqueId, this);
} catch (AuthenticationFailedException afe) {
throw afe;
@@ -1124,11 +1104,25 @@ public class ServerConnection implements Runnable {
&& this.handshake.getVersion().compareTo(Version.GFE_65) >= 0
&& (this.communicationMode != Acceptor.GATEWAY_TO_GATEWAY)
&& (!this.requestMsg.getAndResetIsMetaRegion())
- && (!(this.requestMsg.msgType == MessageType.CLIENT_READY
+ && (!isInternalMessage())) {
+ setSecurityPart();
+ return this.securePart;
+ }
+ else {
+ if (AcceptorImpl.isAuthenticationRequired() && logger.isDebugEnabled()) {
+ logger.debug("ServerConnection.updateAndGetSecurityPart() not adding security part for msg type {}",
+ MessageType.getString(this.requestMsg.msgType));
+ }
+ }
+ return null;
+ }
+
+ private boolean isInternalMessage(){
+ return (this.requestMsg.msgType == MessageType.CLIENT_READY
|| this.requestMsg.msgType == MessageType.CLOSE_CONNECTION
|| this.requestMsg.msgType == MessageType.GETCQSTATS_MSG_TYPE
|| this.requestMsg.msgType == MessageType.GET_CLIENT_PARTITION_ATTRIBUTES
- || this.requestMsg.msgType == MessageType.GET_CLIENT_PR_METADATA
+ || this.requestMsg.msgType == MessageType.GET_CLIENT_PR_METADATA
|| this.requestMsg.msgType == MessageType.INVALID
|| this.requestMsg.msgType == MessageType.MAKE_PRIMARY
|| this.requestMsg.msgType == MessageType.MONITORCQ_MSG_TYPE
@@ -1150,18 +1144,8 @@ public class ServerConnection implements Runnable {
|| this.requestMsg.msgType == MessageType.GET_PDX_TYPES
|| this.requestMsg.msgType == MessageType.GET_PDX_ENUMS
|| this.requestMsg.msgType == MessageType.COMMIT
- || this.requestMsg.msgType == MessageType.ROLLBACK))) {
- setSecurityPart();
- return this.securePart;
- }
- else {
- if (AcceptorImpl.isAuthenticationRequired() && logger.isDebugEnabled()) {
- logger.debug("ServerConnection.updateAndGetSecurityPart() not adding security part for msg type {}",
- MessageType.getString(this.requestMsg.msgType));
- }
- }
- return null;
- }
+ || this.requestMsg.msgType == MessageType.ROLLBACK);
+ }
public void run() {
setOwner();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
index 425b4bd..b24b00c 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
@@ -17,6 +17,23 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.DataOutputStream;
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.net.SocketAddress;
+import java.net.SocketException;
+import java.net.SocketTimeoutException;
+import java.security.Principal;
+import java.util.Properties;
+
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.cache.IncompatibleVersionException;
import com.gemstone.gemfire.cache.UnsupportedVersionException;
@@ -36,17 +53,6 @@ import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
-import org.apache.logging.log4j.Logger;
-
-import java.io.*;
-import java.net.Socket;
-import java.net.SocketAddress;
-import java.net.SocketException;
-import java.net.SocketTimeoutException;
-import java.security.Principal;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
/**
* A <code>ServerHandShakeProcessor</code> verifies the client's version compatibility with server.
@@ -219,55 +225,11 @@ public class ServerHandShakeProcessor {
ClientProxyMembershipID proxyId = handshake.getMembership();
connection.setProxyId(proxyId);
//hitesh: it gets principals
- //Hitesh:for older version we should set this
+ //Hitesh:for older version we should set this
if (clientVersion.compareTo(Version.GFE_65) < 0
|| connection.getCommunicationMode() == Acceptor.GATEWAY_TO_GATEWAY) {
- /* Principal principal = handshake.verifyCredentials();
- connection.setPrincipal(principal);
- if (principal != null) {
- if (connection.getSecurityLogger().fineEnabled())
- securityLogger.fine(connection.getName()
- + ": successfully verified credentials for proxyID [" + proxyId
- + "] having principal: " + principal.getName());
- } else if (socket instanceof SSLSocket) {
- // Test whether we are using SSL connection in mutual authentication
- // mode and use its principal.
- SSLSocket sslSocket = (SSLSocket) socket;
- SSLSession sslSession = sslSocket.getSession();
- if (!sslSession.getCipherSuite().equals("SSL_NULL_WITH_NULL_NULL")
- && sslSocket.getNeedClientAuth()) {
- try {
- Certificate[] certs = sslSession.getPeerCertificates();
- if (certs[0] instanceof X509Certificate) {
- principal = ((X509Certificate) certs[0])
- .getSubjectX500Principal();
- if (securityLogger.fineEnabled())
- securityLogger.fine(connection.getName()
- + ": successfully verified credentials for proxyID ["
- + proxyId
- + "] using SSL mutual authentication with principal: "
- + principal.getName());
- } else {
- if (securityLogger.warningEnabled())
- securityLogger.warning(
- LocalizedStrings.ServerHandShakeProcessor_0_UNEXPECTED_CERTIFICATE_TYPE_1_FOR_PROXYID_2,
- new Object[] {connection.getName(), certs[0].getType(), proxyId});
- }
- } catch (SSLPeerUnverifiedException ex) {
- // this is the case where client has not verified itself
- // i.e. not in mutual authentication mode
- if (securityLogger.errorEnabled())
- securityLogger.error(
- LocalizedStrings.ServerHandShakeProcessor_SSL_EXCEPTION_SHOULD_NOT_HAVE_HAPPENED,
- ex);
- connection.setPrincipal(null);//TODO:hitesh ??
- }
- }
- }
- */
long uniqueId = setAuthAttributes(connection);
connection.setUserAuthId(uniqueId);//for older clients < 6.5
-
}
}
catch (SocketTimeoutException timeout) {
@@ -347,9 +309,17 @@ public class ServerHandShakeProcessor {
throws Exception{
try {
logger.debug("setAttributes()");
- Principal principal = ((HandShake)connection.getHandshake()).verifyCredentials();
- connection.setPrincipal(principal);//TODO:hitesh is this require now ???
- return getUniqueId(connection, principal);
+ Object principal = ((HandShake)connection.getHandshake()).verifyCredentials();
+
+ long uniqueId;
+ if(principal instanceof Subject){
+ uniqueId = connection.getClientUserAuths().putSubject((Subject)principal);
+ }
+ else {
+ //this sets principal in map as well....
+ uniqueId = getUniqueId(connection, (Principal)principal);
+ }
+ return uniqueId;
}catch(Exception ex) {
throw ex;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
index 5154652..f6e17ae 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
@@ -145,7 +145,7 @@ public class Get70 extends BaseCommand {
}
// for integrated security
- GeodeSecurityUtil.authorizeRegionRead(regionName);
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
Region region = crHelper.getRegion(regionName);
if (region == null) {
@@ -189,7 +189,6 @@ public class Get70 extends BaseCommand {
VersionTag versionTag = entry.versionTag;
boolean keyNotPresent = entry.keyNotPresent;
-
try {
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
if (postAuthzRequest != null) {
@@ -216,11 +215,13 @@ public class Get70 extends BaseCommand {
servConn.setAsTrue(RESPONDED);
return;
}
- {
- long oldStart = start;
- start = DistributionStats.getStatTime();
- stats.incProcessGetTime(start - oldStart);
- }
+
+ // post process
+ data = GeodeSecurityUtil.postProcess(regionName, key, data);
+
+ long oldStart = start;
+ start = DistributionStats.getStatTime();
+ stats.incProcessGetTime(start - oldStart);
if (region instanceof PartitionedRegion) {
PartitionedRegion pr = (PartitionedRegion) region;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
index 9f2a8e2..a807440 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll.java
@@ -17,24 +17,29 @@
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ObjectPartList;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.Set;
-
public class GetAll extends BaseCommand {
private final static GetAll singleton = new GetAll();
@@ -156,6 +161,7 @@ public class GetAll extends BaseCommand {
allKeysIter = allKeys.iterator();
numKeys = allKeys.size();
}
+
ObjectPartList values = new ObjectPartList(maximumChunkSize, keys == null);
AuthorizeRequest authzRequest = servConn.getAuthzRequest();
AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
@@ -195,6 +201,8 @@ public class GetAll extends BaseCommand {
}
}
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
@@ -230,6 +238,9 @@ public class GetAll extends BaseCommand {
}
}
+ // post process
+ value = GeodeSecurityUtil.postProcess(regionName, key, value);
+
if (logger.isDebugEnabled()) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
index ad61c69..9cea674 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll651.java
@@ -17,9 +17,12 @@
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
@@ -34,12 +37,9 @@ import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.Set;
-
public class GetAll651 extends BaseCommand {
private final static GetAll651 singleton = new GetAll651();
@@ -200,6 +200,8 @@ public class GetAll651 extends BaseCommand {
}
}
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
@@ -236,13 +238,13 @@ public class GetAll651 extends BaseCommand {
}
}
+ value = GeodeSecurityUtil.postProcess(regionName, key, value);
+
if (isDebugEnabled) {
logger.debug("{}: Returning value for key={}: {}", servConn.getName(), key, value);
}
// Add the value to the list of values
-
-
if(keyNotPresent) {
if (logger.isDebugEnabled()) {
logger.debug("{}: key={} is not present on server.", servConn.getName(), key);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
index 4c79a27..007d583 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/GetAll70.java
@@ -17,16 +17,25 @@
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
import com.gemstone.gemfire.cache.operations.internal.GetOperationContextImpl;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ObjectPartList;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
+import com.gemstone.gemfire.internal.cache.tier.sockets.VersionedObjectList;
import com.gemstone.gemfire.internal.cache.versions.VersionTag;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
@@ -34,12 +43,9 @@ import com.gemstone.gemfire.internal.offheap.OffHeapHelper;
import com.gemstone.gemfire.internal.offheap.annotations.Retained;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import java.io.IOException ;
-import java.util.Iterator;
-import java.util.Set;
-
public class GetAll70 extends BaseCommand {
private final static GetAll70 singleton = new GetAll70();
@@ -210,6 +216,15 @@ public class GetAll70 extends BaseCommand {
}
}
+ try {
+ GeodeSecurityUtil.authorizeRegionRead(regionName, key.toString());
+ }
+ catch (NotAuthorizedException ex) {
+ logger.warn(LocalizedMessage.create(LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1, new Object[]{servConn.getName(), key}), ex);
+ values.addExceptionPart(key, ex);
+ continue;
+ }
+
// Get the value and update the statistics. Do not deserialize
// the value if it is a byte[].
// Getting a value in serialized form is pretty nasty. I split this out
@@ -248,6 +263,9 @@ public class GetAll70 extends BaseCommand {
}
}
}
+
+ data = GeodeSecurityUtil.postProcess(regionName, key, data);
+
// Add the entry to the list that will be returned to the client
if (keyNotPresent) {
values.addObjectPartForAbsentKey(key, data, versionTag);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
index cf8d483..8da7af9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/KeySet.java
@@ -19,25 +19,29 @@
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
-import com.gemstone.gemfire.i18n.LogWriterI18n;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.operations.KeySetOperationContext;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ChunkedMessage;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
-import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.operations.KeySetOperationContext;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
public class KeySet extends BaseCommand {
@@ -161,6 +165,7 @@ public class KeySet extends BaseCommand {
final boolean isTraceEnabled = logger.isTraceEnabled();
for (Iterator it = keySet.iterator(); it.hasNext();) {
Object entryKey = it.next();
+ GeodeSecurityUtil.authorizeRegionRead(regionName, entryKey.toString());
keyList.add(entryKey);
if (isTraceEnabled) {
logger.trace("{}: fillAndSendKeySetResponseKey <{}>; list size was {}; region: {}", servConn.getName(), entryKey, keyList.size(), region.getFullPath());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
index 21c1b02..54c4a6c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put.java
@@ -15,31 +15,35 @@
* limitations under the License.
*/
/**
- *
+ *
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
-import com.gemstone.gemfire.internal.cache.EntryEventImpl;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.RegionDestroyedException;
+import com.gemstone.gemfire.cache.ResourceException;
+import com.gemstone.gemfire.cache.operations.PutOperationContext;
+import com.gemstone.gemfire.distributed.internal.DistributionStats;
+import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.cache.EventID;
import com.gemstone.gemfire.internal.cache.EventIDHolder;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
import com.gemstone.gemfire.internal.cache.tier.Command;
import com.gemstone.gemfire.internal.cache.tier.MessageType;
-import com.gemstone.gemfire.internal.cache.tier.sockets.*;
+import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
+import com.gemstone.gemfire.internal.cache.tier.sockets.CacheServerStats;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
+import com.gemstone.gemfire.internal.cache.tier.sockets.Part;
+import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.cache.DynamicRegionFactory;
-import com.gemstone.gemfire.cache.RegionDestroyedException;
-import com.gemstone.gemfire.cache.ResourceException;
-import com.gemstone.gemfire.cache.operations.PutOperationContext;
-import com.gemstone.gemfire.distributed.internal.DistributionStats;
-import com.gemstone.gemfire.i18n.StringId;
-
-import java.io.IOException;
-import java.nio.ByteBuffer;
public class Put extends BaseCommand {
@@ -53,8 +57,7 @@ public class Put extends BaseCommand {
}
@Override
- public void cmdExecute(Message msg, ServerConnection servConn, long start)
- throws IOException, InterruptedException {
+ public void cmdExecute(Message msg, ServerConnection servConn, long start) throws IOException, InterruptedException {
Part regionNamePart = null, keyPart = null, valuePart = null, callbackArgPart = null;
String regionName = null;
Object callbackArg = null, key = null;
@@ -67,11 +70,9 @@ public class Put extends BaseCommand {
boolean interrupted = Thread.interrupted();
try {
Thread.sleep(crHelper.emulateSlowServer());
- }
- catch (InterruptedException ugh) {
+ } catch (InterruptedException ugh) {
interrupted = true;
- }
- finally {
+ } finally {
if (interrupted) {
Thread.currentThread().interrupt();
}
@@ -91,13 +92,12 @@ public class Put extends BaseCommand {
keyPart = msg.getPart(1);
valuePart = msg.getPart(2);
eventPart = msg.getPart(3);
-// callbackArgPart = null; (redundant assignment)
+ // callbackArgPart = null; (redundant assignment)
if (msg.getNumberOfParts() > 4) {
callbackArgPart = msg.getPart(4);
try {
callbackArg = callbackArgPart.getObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
@@ -107,15 +107,15 @@ public class Put extends BaseCommand {
try {
key = keyPart.getStringOrObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
if (logger.isTraceEnabled()) {
- logger.trace("{}: Received put request ({} bytes) from {} for region {} key {} value {}", servConn.getName(), msg.getPayloadLength(), servConn.getSocketString(), regionName, key, valuePart);
+ logger.trace("{}: Received put request ({} bytes) from {} for region {} key {} value {}", servConn.getName(), msg.getPayloadLength(), servConn
+ .getSocketString(), regionName, key, valuePart);
}
// Process the put request
@@ -125,138 +125,123 @@ public class Put extends BaseCommand {
errMessage = LocalizedStrings.Put_THE_INPUT_KEY_FOR_THE_PUT_REQUEST_IS_NULL.toLocalizedString();
}
if (regionName == null) {
- logger.warn(LocalizedMessage.create(LocalizedStrings.Put_0_THE_INPUT_REGION_NAME_FOR_THE_PUT_REQUEST_IS_NULL, servConn.getName()));
+ logger.warn(LocalizedMessage.create(LocalizedStrings.Put_0_THE_INPUT_REGION_NAME_FOR_THE_PUT_REQUEST_IS_NULL, servConn
+ .getName()));
errMessage = LocalizedStrings.Put_THE_INPUT_REGION_NAME_FOR_THE_PUT_REQUEST_IS_NULL.toLocalizedString();
}
- writeErrorResponse(msg, MessageType.PUT_DATA_ERROR,
- errMessage.toString(), servConn);
+ writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage.toString(), servConn);
servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ LocalRegion region = (LocalRegion) crHelper.getRegion(regionName);
+ if (region == null) {
+ String reason = LocalizedStrings.Put_REGION_WAS_NOT_FOUND_DURING_PUT_REQUEST.toLocalizedString();
+ writeRegionDestroyedEx(msg, regionName, reason, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
}
- else {
- LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
- if (region == null) {
- String reason = LocalizedStrings.Put_REGION_WAS_NOT_FOUND_DURING_PUT_REQUEST.toLocalizedString();
- writeRegionDestroyedEx(msg, regionName, reason, servConn);
- servConn.setAsTrue(RESPONDED);
- }
- else if (valuePart.isNull() && region.containsKey(key)) {
- // Invalid to 'put' a null value in an existing key
- logger.info(LocalizedMessage.create(LocalizedStrings.Put_0_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_1, new Object[] {servConn.getName(), key}));
- errMessage = LocalizedStrings.Put_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_0.toLocalizedString();
- writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage,
- servConn);
- servConn.setAsTrue(RESPONDED);
- }
- else {
- // try {
- // this.eventId = (EventID)eventPart.getObject();
- ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart
- .getSerializedForm());
- long threadId = EventID
- .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
- long sequenceId = EventID
- .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
- EventID eventId = new EventID(servConn.getEventMemberIDByteArray(),
- threadId, sequenceId);
- // } catch (Exception e) {
- // writeException(msg, e, false);
- // responded = true;
- // continue;
- // }
- try {
- byte[] value = valuePart.getSerializedForm();
- boolean isObject = valuePart.isObject();
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- // TODO SW: This is to handle DynamicRegionFactory create
- // calls. Rework this when the semantics of DynamicRegionFactory are
- // cleaned up.
- if (DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- authzRequest.createRegionAuthorize((String)key);
- }
- // Allow PUT operations on meta regions (bug #38961)
- else if (!region.isUsedForMetaRegion()) {
- PutOperationContext putContext = authzRequest.putAuthorize(
- regionName, key, value, isObject, callbackArg);
- value = putContext.getSerializedValue();
- isObject = putContext.isObject();
- callbackArg = putContext.getCallbackArg();
- }
- }
- // If the value is 1 byte and the byte represents null,
- // attempt to create the entry. This test needs to be
- // moved to DataSerializer or DataSerializer.NULL needs
- // to be publicly accessible.
- boolean result = false;
- if (value == null) {
- // Create the null entry. Since the value is null, the value of the
- // isObject
- // the true after null doesn't matter and is not used.
- result = region.basicBridgeCreate(key, null, true, callbackArg,
- servConn.getProxyID(), true, new EventIDHolder(eventId), false);
- }
- else {
- // Put the entry
- result = region.basicBridgePut(key, value, null, isObject, callbackArg,
- servConn.getProxyID(), true, new EventIDHolder(eventId));
- }
- if (result) {
- servConn.setModificationInfo(true, regionName, key);
- }
- else {
- StringId message = LocalizedStrings.PUT_0_FAILED_TO_PUT_ENTRY_FOR_REGION_1_KEY_2_VALUE_3;
- Object[] messageArgs = new Object[] {servConn.getName(), regionName, key, valuePart};
- String s = message.toLocalizedString(messageArgs);
- logger.info(s);
- throw new Exception(s);
- }
- }
- catch (RegionDestroyedException rde) {
- writeException(msg, rde, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- catch (ResourceException re) {
- writeException(msg, re, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- catch (Exception ce) {
- // If an interrupted exception is thrown , rethrow it
- checkForInterrupt(servConn, ce);
- // If an exception occurs during the put, preserve the connection
- writeException(msg, ce, false, servConn);
- servConn.setAsTrue(RESPONDED);
- if (ce instanceof GemFireSecurityException) {
- // Fine logging for security exceptions since these are already
- // logged by the security logger
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Unexpected Security exception", servConn.getName(), ce);
- }
- }
- else {
- logger.warn(LocalizedMessage.create(LocalizedStrings.PUT_0_UNEXPECTED_EXCEPTION, servConn.getName()), ce);
- }
- return;
+ if (valuePart.isNull() && region.containsKey(key)) {
+ // Invalid to 'put' a null value in an existing key
+ logger.info(LocalizedMessage.create(LocalizedStrings.Put_0_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_1, new Object[] {
+ servConn.getName(),
+ key
+ }));
+ errMessage = LocalizedStrings.Put_ATTEMPTED_TO_PUT_A_NULL_VALUE_FOR_EXISTING_KEY_0.toLocalizedString();
+ writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ GeodeSecurityUtil.authorizeRegionWrite(regionName, key.toString());
+
+ ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart.getSerializedForm());
+ long threadId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+ long sequenceId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+ EventID eventId = new EventID(servConn.getEventMemberIDByteArray(), threadId, sequenceId);
+
+ try {
+ byte[] value = valuePart.getSerializedForm();
+ boolean isObject = valuePart.isObject();
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ // TODO SW: This is to handle DynamicRegionFactory create
+ // calls. Rework this when the semantics of DynamicRegionFactory are
+ // cleaned up.
+ if (DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ authzRequest.createRegionAuthorize((String) key);
}
- finally {
- long oldStart = start;
- start = DistributionStats.getStatTime();
- stats.incProcessPutTime(start - oldStart);
+ // Allow PUT operations on meta regions (bug #38961)
+ else if (!region.isUsedForMetaRegion()) {
+ PutOperationContext putContext = authzRequest.putAuthorize(regionName, key, value, isObject, callbackArg);
+ value = putContext.getSerializedValue();
+ isObject = putContext.isObject();
+ callbackArg = putContext.getCallbackArg();
}
+ }
+ // If the value is 1 byte and the byte represents null,
+ // attempt to create the entry. This test needs to be
+ // moved to DataSerializer or DataSerializer.NULL needs
+ // to be publicly accessible.
+ boolean result = false;
+ if (value == null) {
+ // Create the null entry. Since the value is null, the value of the
+ // isObject
+ // the true after null doesn't matter and is not used.
+ result = region.basicBridgeCreate(key, null, true, callbackArg, servConn.getProxyID(), true, new EventIDHolder(eventId), false);
+ } else {
+ // Put the entry
+ result = region.basicBridgePut(key, value, null, isObject, callbackArg, servConn.getProxyID(), true, new EventIDHolder(eventId));
+ }
+ if (result) {
+ servConn.setModificationInfo(true, regionName, key);
+ } else {
+ StringId message = LocalizedStrings.PUT_0_FAILED_TO_PUT_ENTRY_FOR_REGION_1_KEY_2_VALUE_3;
+ Object[] messageArgs = new Object[] { servConn.getName(), regionName, key, valuePart };
+ String s = message.toLocalizedString(messageArgs);
+ logger.info(s);
+ throw new Exception(s);
+ }
+ } catch (RegionDestroyedException rde) {
+ writeException(msg, rde, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ } catch (ResourceException re) {
+ writeException(msg, re, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ } catch (Exception ce) {
+ // If an interrupted exception is thrown , rethrow it
+ checkForInterrupt(servConn, ce);
- // Increment statistics and write the reply
- writeReply(msg, servConn);
-
- servConn.setAsTrue(RESPONDED);
+ // If an exception occurs during the put, preserve the connection
+ writeException(msg, ce, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ if (ce instanceof GemFireSecurityException) {
+ // Fine logging for security exceptions since these are already
+ // logged by the security logger
if (logger.isDebugEnabled()) {
- logger.debug("{}: Sent put response back to {} for region {} key {} value {}", servConn.getName(), servConn.getSocketString(), regionName, key, valuePart);
+ logger.debug("{}: Unexpected Security exception", servConn.getName(), ce);
}
- stats.incWritePutResponseTime(DistributionStats.getStatTime() - start);
+ } else {
+ logger.warn(LocalizedMessage.create(LocalizedStrings.PUT_0_UNEXPECTED_EXCEPTION, servConn.getName()), ce);
}
+ return;
+ } finally {
+ long oldStart = start;
+ start = DistributionStats.getStatTime();
+ stats.incProcessPutTime(start - oldStart);
}
+ // Increment statistics and write the reply
+ writeReply(msg, servConn);
+
+ servConn.setAsTrue(RESPONDED);
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Sent put response back to {} for region {} key {} value {}", servConn.getName(), servConn.getSocketString(), regionName, key, valuePart);
+ }
+ stats.incWritePutResponseTime(DistributionStats.getStatTime() - start);
}
}
[3/9] incubator-geode git commit: GEODE-17: used new security
interface for integrated security.
Posted by ji...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
index 3fdeb2a..4975513 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.util.Map;
import javax.management.ObjectName;
@@ -26,6 +24,8 @@ import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management operations for a
@@ -72,7 +72,7 @@ import com.gemstone.gemfire.management.internal.security.ResourceOperation;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface DistributedSystemMXBean {
/**
@@ -152,7 +152,7 @@ public interface DistributedSystemMXBean {
* Minimum level for alerts to be delivered.
* Must be one of: WARNING, ERROR, SEVERE or NONE.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.WRITE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.WRITE)
public void changeAlertLevel(String alertLevel) throws Exception;
/**
@@ -235,7 +235,7 @@ public interface DistributedSystemMXBean {
* path of the directory for baseline backup.
* @return The results of the backup request.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.READ)
public DiskBackupStatus backupAllMembers(String targetDirPath, String baselineDirPath)
throws Exception;
@@ -320,7 +320,7 @@ public interface DistributedSystemMXBean {
*
* @return List of names of all distributed members that were shutdown.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public String[] shutDownAllMembers() throws Exception;
/**
@@ -340,7 +340,7 @@ public interface DistributedSystemMXBean {
* UUID of the disk store to remove
* @return True if the request is successful, false otherwise.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public boolean revokeMissingDiskStores(String diskStoreId)
throws Exception;
@@ -618,7 +618,7 @@ public interface DistributedSystemMXBean {
* will be set.
* @return a JSON formated string containing data and its type
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.READ)
public String queryData(String queryString, String members, int limit) throws Exception;
/**
@@ -648,7 +648,7 @@ public interface DistributedSystemMXBean {
* will be set.
* @return a byte[] which is a compressed JSON string.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.READ)
public byte[] queryDataForCompressedResult(String queryString, String members, int limit) throws Exception;
@@ -674,7 +674,7 @@ public interface DistributedSystemMXBean {
*/
public int getQueryResultSetLimit();
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void setQueryResultSetLimit(int queryResultSetLimit);
/**
@@ -684,6 +684,6 @@ public interface DistributedSystemMXBean {
*/
public int getQueryCollectionsDepth();
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void setQueryCollectionsDepth(int queryCollectionsDepth);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
index 7779fc0..f0b34ba 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
@@ -18,9 +18,8 @@ package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.wan.GatewayReceiver;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -29,7 +28,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface GatewayReceiverMXBean {
/**
@@ -92,13 +91,13 @@ public interface GatewayReceiverMXBean {
/**
* Starts the gateway receiver.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void start() throws Exception;
/**
* Stops the gateway receiver.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void stop() throws Exception;
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
index 2b6f6cd..769795d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
@@ -18,9 +18,8 @@ package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.wan.GatewaySender;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -29,7 +28,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface GatewaySenderMXBean {
/**
@@ -175,31 +174,31 @@ public interface GatewaySenderMXBean {
* configuration cannot be changed.
*
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void start();
/**
* Stops this GatewaySender.
*/
- @ResourceOperation(resource=Resource.DATA, operation=OperationCode.MANAGE)
+ @ResourceOperation(resource=Resource.DATA, operation=Operation.MANAGE)
public void stop();
/**
* Pauses this GatewaySender.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void pause();
/**
* Resumes this paused GatewaySender.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void resume();
/**
* Rebalances this GatewaySender.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void rebalance();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
index edeb302..64db8f4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LocatorMXBean.java
@@ -16,11 +16,10 @@
*/
package com.gemstone.gemfire.management;
-import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.distributed.Locator;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -28,7 +27,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
*
* @since GemFire 7.0
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationContext.OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface LocatorMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
index 41f75f9..b2fc1ee 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
@@ -16,13 +16,12 @@
*/
package com.gemstone.gemfire.management;
-import com.gemstone.gemfire.distributed.internal.locks.DLockService;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
import java.util.Map;
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.distributed.internal.locks.DLockService;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -32,7 +31,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface LockServiceMXBean {
/**
@@ -73,7 +72,7 @@ public interface LockServiceMXBean {
/**
* Requests that this member become the granter.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void becomeLockGrantor();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
index 5fab26a..99c5cad 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
@@ -16,13 +16,12 @@
*/
package com.gemstone.gemfire.management;
-import com.gemstone.gemfire.management.internal.Manager;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
import javax.management.JMException;
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.management.internal.Manager;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -31,7 +30,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface ManagerMXBean {
/**
@@ -46,7 +45,7 @@ public interface ManagerMXBean {
*
* @return True if the manager service was successfully started, false otherwise.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public boolean start() throws JMException;
/**
@@ -54,7 +53,7 @@ public interface ManagerMXBean {
*
* @return True if the manager service was successfully stopped, false otherwise.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public boolean stop() throws JMException;
/**
@@ -68,7 +67,7 @@ public interface ManagerMXBean {
* @param pulseURL
* The URL for the Pulse application.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.WRITE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.WRITE)
public void setPulseURL(String pulseURL);
/**
@@ -85,6 +84,6 @@ public interface ManagerMXBean {
* @param message
* The status message.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.WRITE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.WRITE)
public void setStatusMessage(String message);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
index 0f695a3..3ed7930 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
@@ -16,12 +16,12 @@
*/
package com.gemstone.gemfire.management;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.util.Map;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -138,7 +138,7 @@ import com.gemstone.gemfire.management.internal.security.ResourceOperation;
*
* @since GemFire 7.0
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface MemberMXBean {
/**
@@ -162,7 +162,7 @@ public interface MemberMXBean {
*
* @return A list of names of the disk stores that were compacted.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public String[] compactAllDiskStores();
/**
@@ -170,14 +170,14 @@ public interface MemberMXBean {
*
* @return True if the Manager MBean was successfully created, false otherwise.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public boolean createManager();
/**
* Shuts down the member. This is an asynchronous call and it will
* return immediately without waiting for a result.
*/
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public void shutDownMember();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
index 8becc8d..260edd6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/RegionMXBean.java
@@ -20,10 +20,9 @@ import com.gemstone.gemfire.cache.CacheListener;
import com.gemstone.gemfire.cache.CacheWriter;
import com.gemstone.gemfire.cache.EvictionAlgorithm;
import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -34,7 +33,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationContext.OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface RegionMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
index 42f8040..9413d31 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
@@ -17,6 +17,16 @@
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import javax.management.ObjectName;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
import com.gemstone.gemfire.cache.execute.FunctionService;
@@ -37,24 +47,14 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import javax.management.ObjectName;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
*
* @since GemFire 8.0
@@ -68,7 +68,7 @@ public class ClientCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_CLIENTS, help = CliStrings.LIST_CLIENT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_LIST })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listClient() {
Result result = null;
@@ -152,7 +152,7 @@ public class ClientCommands implements CommandMarker {
@CliCommand(value = CliStrings.DESCRIBE_CLIENT, help = CliStrings.DESCRIBE_CLIENT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_LIST })
- @ResourceOperation(resource = Resource.CLUSTER, operation= OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation= Operation.READ)
public Result describeClient(
@CliOption(key = CliStrings.DESCRIBE_CLIENT__ID, mandatory = true, help = CliStrings.DESCRIBE_CLIENT__ID__HELP) String clientId) {
Result result = null;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
index d16414c..b046a46 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
@@ -18,6 +18,18 @@ package com.gemstone.gemfire.management.internal.cli.commands;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.TreeSet;
+
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.cache.CacheClosedException;
import com.gemstone.gemfire.cache.execute.FunctionInvocationTargetException;
@@ -36,24 +48,25 @@ import com.gemstone.gemfire.management.internal.cli.functions.CliFunctionResult;
import com.gemstone.gemfire.management.internal.cli.functions.ExportConfigFunction;
import com.gemstone.gemfire.management.internal.cli.functions.GetMemberConfigInformationFunction;
import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
-import com.gemstone.gemfire.management.internal.cli.result.*;
+import com.gemstone.gemfire.management.internal.cli.result.CommandResultException;
+import com.gemstone.gemfire.management.internal.cli.result.CompositeResultData;
import com.gemstone.gemfire.management.internal.cli.result.CompositeResultData.SectionResultData;
+import com.gemstone.gemfire.management.internal.cli.result.ErrorResultData;
+import com.gemstone.gemfire.management.internal.cli.result.InfoResultData;
+import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
+import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.io.File;
-import java.io.IOException;
-import java.util.*;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/****
* @since GemFire 7.0
*
@@ -68,8 +81,8 @@ public class ConfigCommands implements CommandMarker {
}
@CliCommand(value = { CliStrings.DESCRIBE_CONFIG }, help = CliStrings.DESCRIBE_CONFIG__HELP)
- @CliMetaData(shellOnly = false, relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG })
- @ResourceOperation(resource = Resource.CLUSTER, operation= OperationCode.READ)
+ @CliMetaData(shellOnly = false, relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG})
+ @ResourceOperation(resource = Resource.CLUSTER, operation= Operation.READ)
public Result describeConfig(
@CliOption (key = CliStrings.DESCRIBE_CONFIG__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -182,8 +195,8 @@ public class ConfigCommands implements CommandMarker {
* @return Results of the attempt to write the configuration
*/
@CliCommand(value = { CliStrings.EXPORT_CONFIG }, help = CliStrings.EXPORT_CONFIG__HELP)
- @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ConfigCommands$Interceptor", relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ConfigCommands$Interceptor", relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG})
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result exportConfig(
@CliOption(key = { CliStrings.EXPORT_CONFIG__MEMBER },
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -238,8 +251,8 @@ public class ConfigCommands implements CommandMarker {
@CliCommand(value = { CliStrings.ALTER_RUNTIME_CONFIG }, help = CliStrings.ALTER_RUNTIME_CONFIG__HELP)
- @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG})
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public Result alterRuntimeConfig(
@CliOption (key = {CliStrings.ALTER_RUNTIME_CONFIG__MEMBER},
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
index 741da25..7c0726b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
@@ -80,6 +78,8 @@ import com.gemstone.gemfire.management.internal.cli.util.RegionPath;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
@@ -109,7 +109,7 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
@CliCommand (value = CliStrings.CREATE_REGION, help = CliStrings.CREATE_REGION__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEODE_REGION, writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result createRegion(
@CliOption (key = CliStrings.CREATE_REGION__REGION,
mandatory = true,
@@ -998,7 +998,7 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
@CliCommand(value = { CliStrings.DESTROY_REGION }, help = CliStrings.DESTROY_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEODE_REGION, writesToSharedConfiguration = true)
- @ResourceOperation(resource=Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource=Resource.DATA, operation = Operation.MANAGE)
public Result destroyRegion(
@CliOption(key = CliStrings.DESTROY_REGION__REGION,
optionContext = ConverterHint.REGIONPATH,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
index bbf2b02..cd802a9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
@@ -49,6 +47,7 @@ import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.cache.partition.PartitionRebalanceInfo;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.DistributedRegionMXBean;
import com.gemstone.gemfire.management.ManagementService;
import com.gemstone.gemfire.management.cli.CliMetaData;
@@ -73,7 +72,8 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
@@ -96,9 +96,8 @@ public class DataCommands implements CommandMarker {
@CliCommand(value = CliStrings.REBALANCE, help = CliStrings.REBALANCE__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_DATA,
- CliStrings.TOPIC_GEODE_REGION
- })
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ CliStrings.TOPIC_GEODE_REGION })
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result rebalance(
@CliOption(key = CliStrings.REBALANCE__INCLUDEREGION, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.REBALANCE__INCLUDEREGION__HELP) String[] includeRegions,
@CliOption(key = CliStrings.REBALANCE__EXCLUDEREGION, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.REBALANCE__EXCLUDEREGION__HELP) String[] excludeRegions,
@@ -1126,7 +1125,7 @@ public class DataCommands implements CommandMarker {
CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION
})
@CliCommand(value = { CliStrings.REMOVE }, help = CliStrings.REMOVE__HELP)
- @ResourceOperation(resource=Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource=Resource.DATA, operation = Operation.MANAGE)
public Result remove(
@CliOption(key = { CliStrings.REMOVE__KEY }, help = CliStrings.REMOVE__KEY__HELP) String key,
@CliOption(key = { CliStrings.REMOVE__REGION }, mandatory = true, help = CliStrings.REMOVE__REGION__HELP, optionContext = ConverterHint.REGIONPATH) String regionPath,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
index e320383..29eac2f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
@@ -16,6 +16,13 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.text.DecimalFormat;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.distributed.DistributedMember;
@@ -38,20 +45,14 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.text.DecimalFormat;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
/**
* Commands for deploying, un-deploying and listing files deployed using the command line shell.
@@ -77,8 +78,8 @@ public final class DeployCommands extends AbstractCommandsSupport implements Com
* @return The result of the attempt to deploy
*/
@CliCommand(value = { CliStrings.DEPLOY }, help = CliStrings.DEPLOY__HELP)
- @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.DeployCommands$Interceptor", relatedTopic={CliStrings.TOPIC_GEODE_CONFIG }, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.DeployCommands$Interceptor", relatedTopic={CliStrings.TOPIC_GEODE_CONFIG}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public final Result deploy(
@CliOption(key = { CliStrings.DEPLOY__GROUP }, help = CliStrings.DEPLOY__GROUP__HELP, optionContext=ConverterHint.MEMBERGROUP)
@CliMetaData (valueSeparator = ",")
@@ -160,8 +161,8 @@ public final class DeployCommands extends AbstractCommandsSupport implements Com
* @return The result of the attempt to undeploy
*/
@CliCommand(value = { CliStrings.UNDEPLOY }, help = CliStrings.UNDEPLOY__HELP)
- @CliMetaData(relatedTopic={CliStrings.TOPIC_GEODE_CONFIG }, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(relatedTopic={CliStrings.TOPIC_GEODE_CONFIG}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public final Result undeploy(
@CliOption(key = { CliStrings.UNDEPLOY__GROUP },
help = CliStrings.UNDEPLOY__GROUP__HELP,
@@ -231,8 +232,8 @@ public final class DeployCommands extends AbstractCommandsSupport implements Com
* @return List of deployed JAR files
*/
@CliCommand(value = { CliStrings.LIST_DEPLOYED }, help = CliStrings.LIST_DEPLOYED__HELP)
- @CliMetaData(relatedTopic={CliStrings.TOPIC_GEODE_CONFIG })
- @ResourceOperation(resource = Resource.CLUSTER, operation= OperationCode.READ)
+ @CliMetaData(relatedTopic={CliStrings.TOPIC_GEODE_CONFIG})
+ @ResourceOperation(resource = Resource.CLUSTER, operation= Operation.READ)
public final Result listDeployed(
@CliOption(key = { CliStrings.LIST_DEPLOYED__GROUP },
help = CliStrings.LIST_DEPLOYED__GROUP__HELP)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
index eba9d3b..a543a4b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
@@ -16,6 +16,25 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.PrintStream;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
import com.gemstone.gemfire.GemFireIOException;
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.admin.BackupStatus;
@@ -72,31 +91,13 @@ import com.gemstone.gemfire.management.internal.configuration.SharedConfiguratio
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.messages.CompactRequest;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.PrintStream;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
/**
* The DiskStoreCommands class encapsulates all GemFire Disk Store commands in Gfsh.
@@ -120,7 +121,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.BACKUP_DISK_STORE, help=CliStrings.BACKUP_DISK_STORE__HELP)
@CliMetaData(relatedTopic={ CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.READ)
public Result backupDiskStore(
@CliOption(key=CliStrings.BACKUP_DISK_STORE__DISKDIRS,
@@ -215,7 +216,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.LIST_DISK_STORE, help = CliStrings.LIST_DISK_STORE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listDiskStore() {
try {
Set<DistributedMember> dataMembers = getNormalMembers(getCache());
@@ -283,8 +284,8 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
}
@CliCommand(value=CliStrings.CREATE_DISK_STORE, help=CliStrings.CREATE_DISK_STORE__HELP)
- @CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE }, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result createDiskStore(@CliOption(key=CliStrings.CREATE_DISK_STORE__NAME,
mandatory=true,
optionContext = ConverterHint.DISKSTORE_ALL,
@@ -424,8 +425,8 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.COMPACT_DISK_STORE, help=CliStrings.COMPACT_DISK_STORE__HELP)
- @CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE})
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result compactDiskStore(@CliOption(key=CliStrings.COMPACT_DISK_STORE__NAME,
mandatory=true,
optionContext = ConverterHint.DISKSTORE_ALL,
@@ -867,7 +868,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.DESCRIBE_DISK_STORE, help = CliStrings.DESCRIBE_DISK_STORE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result describeDiskStore(@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__MEMBER, mandatory = true, optionContext = ConverterHint.MEMBERIDNAME, help = CliStrings.DESCRIBE_DISK_STORE__MEMBER__HELP)
final String memberName,
@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__NAME, mandatory = true, optionContext = ConverterHint.DISKSTORE_ALL, help = CliStrings.DESCRIBE_DISK_STORE__NAME__HELP)
@@ -994,7 +995,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.REVOKE_MISSING_DISK_STORE, help = CliStrings.REVOKE_MISSING_DISK_STORE__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result revokeMissingDiskStore(
@CliOption(key = CliStrings.REVOKE_MISSING_DISK_STORE__ID, mandatory = true, help = CliStrings.REVOKE_MISSING_DISK_STORE__ID__HELP)
String id) {
@@ -1021,7 +1022,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.SHOW_MISSING_DISK_STORE, help = CliStrings.SHOW_MISSING_DISK_STORE__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result showMissingDiskStore() {
try {
@@ -1367,8 +1368,8 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
}
@CliCommand(value=CliStrings.DESTROY_DISK_STORE, help=CliStrings.DESTROY_DISK_STORE__HELP)
- @CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE }, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result destroyDiskStore(
@CliOption (key=CliStrings.DESTROY_DISK_STORE__NAME,
mandatory=true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
index 7c32d8c..20b15b6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
@@ -16,6 +16,13 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+
import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.management.cli.CliMetaData;
@@ -36,20 +43,13 @@ import com.gemstone.gemfire.management.internal.cli.result.InfoResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
* The DurableClientCommands class encapsulates all GemFire shell (Gfsh) commands related to
* durable clients and cqs defined in GemFire.
@@ -65,7 +65,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.LIST_DURABLE_CQS, help = CliStrings.LIST_DURABLE_CQS__HELP)
@CliMetaData(shellOnly = false)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listDurableClientCqs(
@CliOption (key = CliStrings.LIST_DURABLE_CQS__DURABLECLIENTID,
mandatory=true,
@@ -142,7 +142,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.COUNT_DURABLE_CQ_EVENTS, help = CliStrings.COUNT_DURABLE_CQ_EVENTS__HELP)
@CliMetaData(shellOnly = false)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result countDurableCqEvents(
@CliOption (key = CliStrings.COUNT_DURABLE_CQ_EVENTS__DURABLE__CLIENT__ID,
mandatory=true,
@@ -194,7 +194,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CLOSE_DURABLE_CLIENTS, help = CliStrings.CLOSE_DURABLE_CLIENTS__HELP)
@CliMetaData(shellOnly = false)
- @ResourceOperation(resource = Resource.DATA, operation= OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation= Operation.MANAGE)
public Result closeDurableClient(
@CliOption (key = CliStrings.CLOSE_DURABLE_CLIENTS__CLIENT__ID,
mandatory=true,
@@ -233,7 +233,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CLOSE_DURABLE_CQS, help = CliStrings.CLOSE_DURABLE_CQS__HELP)
@CliMetaData(shellOnly = false)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result closeDurableCqs(
@CliOption (key = CliStrings.CLOSE_DURABLE_CQS__DURABLE__CLIENT__ID,
mandatory=true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
index b830fff..16cba87 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
@@ -16,6 +16,14 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
@@ -36,21 +44,13 @@ import com.gemstone.gemfire.management.internal.cli.result.InfoResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/****
* Commands for the shared configuration
*
@@ -63,8 +63,8 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
private final LoadSharedConfigurationFunction loadSharedConfiguration = new LoadSharedConfigurationFunction();
@CliCommand(value = { CliStrings.EXPORT_SHARED_CONFIG }, help = CliStrings.EXPORT_SHARED_CONFIG__HELP)
- @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ExportInterceptor", readsSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ExportInterceptor", readsSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG})
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result exportSharedConfig(
@CliOption(key = { CliStrings.EXPORT_SHARED_CONFIG__FILE},
mandatory = true,
@@ -114,8 +114,8 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
}
@CliCommand(value = { CliStrings.IMPORT_SHARED_CONFIG }, help = CliStrings.IMPORT_SHARED_CONFIG__HELP)
- @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ImportInterceptor", writesToSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ImportInterceptor", writesToSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEODE_CONFIG})
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
@SuppressWarnings("unchecked")
public Result importSharedConfig(
@CliOption(key = { CliStrings.IMPORT_SHARED_CONFIG__ZIP},
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
index ae3d0aa..22676a6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
@@ -16,6 +16,15 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
@@ -51,23 +60,14 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
*
* @since GemFire 7.0
@@ -82,7 +82,7 @@ public class FunctionCommands implements CommandMarker {
@CliCommand(value = CliStrings.EXECUTE_FUNCTION, help = CliStrings.EXECUTE_FUNCTION__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_FUNCTION })
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.WRITE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.WRITE)
public Result executeFunction(
//TODO: Add optioncontext for functionID
@CliOption(key = CliStrings.EXECUTE_FUNCTION__ID,
@@ -455,7 +455,7 @@ public class FunctionCommands implements CommandMarker {
@CliCommand(value = CliStrings.DESTROY_FUNCTION, help = CliStrings.DESTROY_FUNCTION__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_FUNCTION } ,
interceptor = "com.gemstone.gemfire.management.internal.cli.commands.FunctionCommands$Interceptor")
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
//TODO: Add optioncontext for functionId
public Result destroyFunction(
@CliOption(key = CliStrings.DESTROY_FUNCTION__ID,
@@ -579,7 +579,7 @@ public class FunctionCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_FUNCTION, help = CliStrings.LIST_FUNCTION__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_FUNCTION })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listFunction(
@CliOption(key = CliStrings.LIST_FUNCTION__MATCHES,
help = CliStrings.LIST_FUNCTION__MATCHES__HELP)String matches,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
index dde31a6..c9cb647 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -59,6 +57,8 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
@@ -87,8 +87,8 @@ public class IndexCommands extends AbstractCommandsSupport {
}
@CliCommand(value = CliStrings.LIST_INDEX, help = CliStrings.LIST_INDEX__HELP)
- @CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA})
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listIndex(@CliOption(key = CliStrings.LIST_INDEX__STATS,
mandatory = false,
specifiedDefaultValue = "true",
@@ -533,8 +533,8 @@ public class IndexCommands extends AbstractCommandsSupport {
}
@CliCommand(value = CliStrings.CREATE_DEFINED_INDEXES, help = CliStrings.CREATE_DEFINED__HELP)
- @CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA }, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
//TODO : Add optionContext for indexName
public Result createDefinedIndexes(
@@ -634,8 +634,8 @@ public class IndexCommands extends AbstractCommandsSupport {
}
@CliCommand(value = CliStrings.CLEAR_DEFINED_INDEXES, help = CliStrings.CLEAR_DEFINED__HELP)
- @CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA }, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_DATA}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
//TODO : Add optionContext for indexName
public Result clearDefinedIndexes() {
indexDefinitions.clear();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
index 6979ed8..261163a 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
@@ -16,9 +16,44 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.awt.Desktop;
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileFilter;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.InetAddress;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.EmptyStackException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+import java.util.Stack;
+import java.util.TreeSet;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicReference;
+import javax.management.MalformedObjectNameException;
+import javax.management.ObjectName;
+import javax.management.Query;
+import javax.management.QueryExp;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
+
import com.gemstone.gemfire.GemFireException;
import com.gemstone.gemfire.SystemFailure;
-import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.distributed.AbstractLauncher;
import com.gemstone.gemfire.distributed.AbstractLauncher.ServiceState;
@@ -39,9 +74,13 @@ import com.gemstone.gemfire.internal.lang.ClassUtils;
import com.gemstone.gemfire.internal.lang.ObjectUtils;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.lang.SystemUtils;
-import com.gemstone.gemfire.internal.process.*;
+import com.gemstone.gemfire.internal.process.ClusterConfigurationNotAvailableException;
+import com.gemstone.gemfire.internal.process.ProcessLauncherContext;
+import com.gemstone.gemfire.internal.process.ProcessStreamReader;
import com.gemstone.gemfire.internal.process.ProcessStreamReader.InputListener;
import com.gemstone.gemfire.internal.process.ProcessStreamReader.ReadingMode;
+import com.gemstone.gemfire.internal.process.ProcessType;
+import com.gemstone.gemfire.internal.process.ProcessUtils;
import com.gemstone.gemfire.internal.process.signal.SignalEvent;
import com.gemstone.gemfire.internal.process.signal.SignalListener;
import com.gemstone.gemfire.internal.util.IOUtils;
@@ -63,35 +102,20 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.shell.JmxOperationInvoker;
import com.gemstone.gemfire.management.internal.cli.shell.OperationInvoker;
-import com.gemstone.gemfire.management.internal.cli.util.*;
+import com.gemstone.gemfire.management.internal.cli.util.CauseFinder;
+import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.management.internal.cli.util.ConnectionEndpoint;
+import com.gemstone.gemfire.management.internal.cli.util.JConsoleNotFoundException;
+import com.gemstone.gemfire.management.internal.cli.util.VisualVmNotFoundException;
import com.gemstone.gemfire.management.internal.configuration.domain.SharedConfigurationStatus;
import com.gemstone.gemfire.management.internal.configuration.messages.SharedConfigurationStatusRequest;
import com.gemstone.gemfire.management.internal.configuration.messages.SharedConfigurationStatusResponse;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.security.AuthenticationFailedException;
+
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import javax.management.MalformedObjectNameException;
-import javax.management.ObjectName;
-import javax.management.Query;
-import javax.management.QueryExp;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLHandshakeException;
-import java.awt.*;
-import java.io.*;
-import java.net.InetAddress;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.UnknownHostException;
-import java.util.*;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicReference;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
/**
* The LauncherLifecycleCommands class encapsulates all GemFire launcher commands for GemFire tools (like starting
* GemFire Monitor (GFMon) and Visual Statistics Display (VSD)) as well external tools (like jconsole).
@@ -783,7 +807,6 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.STOP_LOCATOR, help = CliStrings.STOP_LOCATOR__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEODE_LOCATOR, CliStrings.TOPIC_GEODE_LIFECYCLE })
- @ResourceOperation(resource = OperationContext.Resource.CLUSTER, operation = OperationContext.OperationCode.MANAGE)
public Result stopLocator(@CliOption(key = CliStrings.STOP_LOCATOR__MEMBER,
optionContext = ConverterHint.LOCATOR_MEMBER_IDNAME,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -1867,7 +1890,6 @@ public class LauncherLifecycleCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.STOP_SERVER, help = CliStrings.STOP_SERVER__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GEODE_SERVER, CliStrings.TOPIC_GEODE_LIFECYCLE })
- @ResourceOperation(resource = OperationContext.Resource.CLUSTER, operation = OperationContext.OperationCode.MANAGE)
public Result stopServer(@CliOption(key = CliStrings.STOP_SERVER__MEMBER,
optionContext = ConverterHint.MEMBERIDNAME,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
index 08e36a4..9fe59ac 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
@@ -16,6 +16,12 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeSet;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheClosedException;
import com.gemstone.gemfire.cache.CacheFactory;
@@ -37,20 +43,14 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-import java.util.TreeSet;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/***
*
*
@@ -64,7 +64,7 @@ public class MemberCommands implements CommandMarker {
@CliCommand(value = { CliStrings.LIST_MEMBER }, help = CliStrings.LIST_MEMBER__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEODE_SERVER)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listMember(
@CliOption(key = { CliStrings.LIST_MEMBER__GROUP },
unspecifiedDefaultValue = "",
@@ -109,7 +109,7 @@ public class MemberCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_MEMBER }, help = CliStrings.DESCRIBE_MEMBER__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEODE_SERVER)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result describeMember(
@CliOption(key = CliStrings.DESCRIBE_MEMBER__IDENTIFIER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
index 2f48e22..5359561 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
@@ -16,6 +16,42 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.sql.Time;
+import java.text.MessageFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+import java.util.zip.DataFormatException;
+import java.util.zip.GZIPInputStream;
+import javax.management.ObjectName;
+
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
@@ -76,50 +112,14 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.MergeLogs;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import javax.management.ObjectName;
-import java.io.BufferedInputStream;
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.PrintWriter;
-import java.sql.Time;
-import java.text.MessageFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.TimeoutException;
-import java.util.zip.DataFormatException;
-import java.util.zip.GZIPInputStream;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
*
* @since GemFire 7.0
@@ -185,7 +185,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHUTDOWN, help = CliStrings.SHUTDOWN__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_LIFECYCLE },
interceptor = "com.gemstone.gemfire.management.internal.cli.commands.MiscellaneousCommands$Interceptor")
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public Result shutdown(
@CliOption(key = CliStrings.SHUTDOWN__TIMEOUT, unspecifiedDefaultValue = DEFAULT_TIME_OUT,
help = CliStrings.SHUTDOWN__TIMEOUT__HELP) int userSpecifiedTimeout,
@@ -326,7 +326,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.GC, help = CliStrings.GC__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.MANAGE)
public Result gc(
@CliOption(key = CliStrings.GC__GROUP, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.GC__GROUP__HELP)
String[] groups,
@@ -417,7 +417,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.NETSTAT, help = CliStrings.NETSTAT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEODE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
//TODO : Verify the auto-completion for multiple values.
public Result netstat(
@CliOption(key = CliStrings.NETSTAT__MEMBER,
@@ -571,7 +571,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_DEADLOCK, help = CliStrings.SHOW_DEADLOCK__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result showDeadlock(
@CliOption(key = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE,
help = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE__HELP,
@@ -621,7 +621,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_LOG, help = CliStrings.SHOW_LOG_HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result showLog(
@CliOption(key = CliStrings.SHOW_LOG_MEMBER, optionContext = ConverterHint.ALL_MEMBER_IDNAME, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.SHOW_LOG_MEMBER_HELP, mandatory = true) String memberNameOrId,
@CliOption(key = CliStrings.SHOW_LOG_LINE_NUM, unspecifiedDefaultValue = "0", help = CliStrings.SHOW_LOG_LINE_NUM_HELP, mandatory = false) int numberOfLines) {
@@ -769,7 +769,7 @@ public class MiscellaneousCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.EXPORT_LOGS, help = CliStrings.EXPORT_LOGS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_SERVER, CliStrings.TOPIC_GEODE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result exportLogs(
@CliOption(key = CliStrings.EXPORT_LOGS__DIR,
help = CliStrings.EXPORT_LOGS__DIR__HELP, mandatory=true) String dirName,
@@ -991,7 +991,7 @@ public class MiscellaneousCommands implements CommandMarker {
*/
@CliCommand(value = CliStrings.EXPORT_STACKTRACE, help = CliStrings.EXPORT_STACKTRACE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result exportStackTrace(
@CliOption(key = CliStrings.EXPORT_STACKTRACE__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -1092,7 +1092,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_METRICS, help = CliStrings.SHOW_METRICS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_STATISTICS })
- @ResourceOperation(resource = Resource.CLUSTER, operation= OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation= Operation.READ)
public Result showMetrics(
@CliOption(key = { CliStrings.SHOW_METRICS__MEMBER }, optionContext = ConverterHint.ALL_MEMBER_IDNAME, help = CliStrings.SHOW_METRICS__MEMBER__HELP) String memberNameOrId,
@CliOption(key = { CliStrings.SHOW_METRICS__REGION }, optionContext = ConverterHint.REGIONPATH, help = CliStrings.SHOW_METRICS__REGION__HELP) String regionName,
@@ -1996,7 +1996,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.CHANGE_LOGLEVEL, help = CliStrings.CHANGE_LOGLEVEL__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_CHANGELOGLEVEL })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.WRITE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.WRITE)
public Result changeLogLevel(
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__MEMBER, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__MEMBER__HELP) String[] memberIds,
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__GROUPS, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__GROUPS__HELP) String[] grps,
[2/9] incubator-geode git commit: GEODE-17: used new security
interface for integrated security.
Posted by ji...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
index b9ffd02..7c82f8d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
@@ -16,6 +16,14 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.Arrays;
+import java.util.Collection;
+
import com.gemstone.gemfire.internal.cache.CacheConfig;
import com.gemstone.gemfire.internal.cache.DiskStoreImpl;
import com.gemstone.gemfire.internal.cache.xmlcache.CacheCreation;
@@ -33,27 +41,19 @@ import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.pdx.ReflectionBasedAutoSerializer;
import com.gemstone.gemfire.pdx.internal.EnumInfo;
import com.gemstone.gemfire.pdx.internal.PdxType;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.PrintStream;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.util.Arrays;
-import java.util.Collection;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.CONFIGURE_PDX, help = CliStrings.CONFIGURE_PDX__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEODE_REGION, writesToSharedConfiguration = true)
- @ResourceOperation( resource=Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation( resource= Resource.DATA, operation = Operation.MANAGE)
public Result configurePDX(
@CliOption (key = CliStrings.CONFIGURE_PDX__READ__SERIALIZED,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -174,8 +174,8 @@ public class PDXCommands extends AbstractCommandsSupport{
}
@CliCommand (value = CliStrings.PDX_RENAME, help = CliStrings.PDX_RENAME__HELP)
- @CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE })
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE})
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result pdxRename(
@CliOption (key = CliStrings.PDX_RENAME_OLD,
mandatory=true,
@@ -227,63 +227,7 @@ public class PDXCommands extends AbstractCommandsSupport{
}
}
-
- // The pdx delete-field command has been disabled until it has native client support.
-// @CliCommand (value = CliStrings.PDX_DELETE_FIELD, help = CliStrings.PDX_DELETE_FIELD__HELP)
-// @CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEODE_DISKSTORE})
-// public Result pdxDeleteField(
-// @CliOption (key = CliStrings.PDX_CLASS,
-// mandatory=true,
-// help = CliStrings.PDX_CLASS__HELP)
-// String className,
-//
-// @CliOption (key = CliStrings.PDX_FIELD,
-// mandatory=true,
-// help = CliStrings.PDX_FIELD__HELP)
-// String fieldName,
-//
-// @CliOption (key = CliStrings.PDX_DISKSTORE,
-// mandatory=true,
-// help = CliStrings.PDX_DISKSTORE__HELP)
-// String diskStore,
-//
-// @CliOption (key = CliStrings.PDX_DISKDIR,
-// mandatory=true,
-// help = CliStrings.PDX_DISKDIR__HELP)
-// @CliMetaData (valueSeparator = ",")
-// String[] diskDirs){
-//
-// try {
-// final File[] dirs = new File[diskDirs.length];
-// for (int i = 0; i < diskDirs.length; i++) {
-// dirs[i] = new File((diskDirs[i]));
-// }
-//
-// Collection<PdxType> results = DiskStoreImpl.pdxDeleteField(diskStore, dirs, className, fieldName);
-//
-// if(results.isEmpty()) {
-// return ResultBuilder.createGemFireErrorResult(CliStrings.format(CliStrings.PDX_DELETE__EMPTY));
-// }
-//
-// ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
-// PrintStream printStream = new PrintStream(outputStream);
-// for(PdxType p : results) {
-// p.toStream(printStream, false);
-// }
-// String resultString = CliStrings.format(CliStrings.PDX_DELETE_FIELD__SUCCESS, outputStream.toString());
-// return ResultBuilder.createInfoResult(resultString);
-//
-// } catch (Exception e) {
-// return ResultBuilder.createGemFireErrorResult(CliStrings.format(CliStrings.PDX_DELETE_FIELD__ERROR, e.getMessage()));
-// }
-//
-// }
-//
-// @CliAvailabilityIndicator({CliStrings.PDX_DELETE_FIELD})
-// public boolean pdxDeleteFieldCommandsAvailable() {
-// return true;
-// }
-
+
@CliAvailabilityIndicator({CliStrings.PDX_RENAME})
public boolean pdxRenameCommandsAvailable() {
return true;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
index c321a0d..466cb86 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
@@ -16,6 +16,11 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.distributed.DistributedMember;
@@ -37,20 +42,14 @@ import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
* The QueueCommands class encapsulates all GemFire Queue commands in Gfsh.
* </p>
@@ -64,7 +63,7 @@ public class QueueCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_ASYNC_EVENT_QUEUE, help = CliStrings.CREATE_ASYNC_EVENT_QUEUE__HELP)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result createAsyncEventQueue(
@CliOption(key = CliStrings.CREATE_ASYNC_EVENT_QUEUE__ID,
mandatory = true,
@@ -216,7 +215,7 @@ public class QueueCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.LIST_ASYNC_EVENT_QUEUES, help = CliStrings.LIST_ASYNC_EVENT_QUEUES__HELP)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listAsyncEventQueues() {
try {
TabularResultData tabularData = ResultBuilder.createTabularResultData();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
index 63f0ea2..d7fb1cc 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
@@ -52,6 +50,8 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.RegionAttributesNames;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
@@ -77,7 +77,7 @@ public class RegionCommands implements CommandMarker {
@CliCommand(value = { CliStrings.LIST_REGION }, help = CliStrings.LIST_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEODE_REGION)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listRegion(
@CliOption(key = { CliStrings.LIST_REGION__GROUP },
optionContext = ConverterHint.MEMBERGROUP,
@@ -155,7 +155,7 @@ public class RegionCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_REGION }, help = CliStrings.DESCRIBE_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEODE_REGION, CliStrings.TOPIC_GEODE_CONFIG } )
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result describeRegion(
@CliOption(key = CliStrings.DESCRIBE_REGION__NAME,
optionContext = ConverterHint.REGIONPATH,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
index ba4b0ac..5306aff 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
@@ -16,6 +16,10 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.execute.ResultCollector;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
@@ -30,17 +34,13 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.domain.SharedConfigurationStatus;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
public class StatusCommands extends AbstractCommandsSupport implements CommandMarker {
static final FetchSharedConfigurationStatusFunction fetchSharedConfigStatusFunction = new FetchSharedConfigurationStatusFunction();
@@ -48,7 +48,7 @@ public class StatusCommands extends AbstractCommandsSupport implements CommandMa
@SuppressWarnings("unchecked")
@CliCommand (value = CliStrings.STATUS_SHARED_CONFIG, help = CliStrings.STATUS_SHARED_CONFIG_HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEODE_LOCATOR)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result statusSharedConfiguration() {
final GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
final Set<DistributedMember> locators = new HashSet<DistributedMember>(cache.getDistributionManager().getAllHostedLocatorsWithSharedConfiguration().keySet());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
index 47b547d..ccce8e4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
@@ -16,6 +16,21 @@
*/
package com.gemstone.gemfire.management.internal.cli.commands;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.atomic.AtomicInteger;
+import javax.management.ObjectName;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
import com.gemstone.gemfire.cache.execute.ResultCollector;
@@ -45,29 +60,14 @@ import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import javax.management.ObjectName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.concurrent.Callable;
-import java.util.concurrent.ExecutionException;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.Future;
-import java.util.concurrent.ThreadFactory;
-import java.util.concurrent.atomic.AtomicInteger;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
public class WanCommands implements CommandMarker {
private Gfsh getGfsh() {
@@ -76,7 +76,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_GATEWAYSENDER, help = CliStrings.CREATE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result createGatewaySender(
@CliOption(key = CliStrings.CREATE_GATEWAYSENDER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -193,7 +193,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.START_GATEWAYSENDER, help = CliStrings.START_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result startGatewaySender(
@CliOption(key = CliStrings.START_GATEWAYSENDER__ID,
mandatory = true,
@@ -336,7 +336,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.PAUSE_GATEWAYSENDER, help = CliStrings.PAUSE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result pauseGatewaySender(
@CliOption(key = CliStrings.PAUSE_GATEWAYSENDER__ID,
mandatory = true,
@@ -429,7 +429,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.RESUME_GATEWAYSENDER, help = CliStrings.RESUME_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource=Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource=Resource.DATA, operation = Operation.MANAGE)
public Result resumeGatewaySender(
@CliOption(key = CliStrings.RESUME_GATEWAYSENDER__ID,
mandatory = true,
@@ -569,7 +569,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STOP_GATEWAYSENDER, help = CliStrings.STOP_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result stopGatewaySender(
@CliOption(key = CliStrings.STOP_GATEWAYSENDER__ID,
mandatory = true,
@@ -645,7 +645,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_GATEWAYRECEIVER, help = CliStrings.CREATE_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation( resource=Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation( resource=Resource.DATA, operation = Operation.MANAGE)
public Result createGatewayReceiver(
@CliOption(key = CliStrings.CREATE_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -725,7 +725,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.LOAD_BALANCE_GATEWAYSENDER, help = CliStrings.LOAD_BALANCE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result loadBalanceGatewaySender(
@CliOption(key = CliStrings.LOAD_BALANCE_GATEWAYSENDER__ID,
mandatory = true,
@@ -791,7 +791,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.START_GATEWAYRECEIVER, help = CliStrings.START_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result startGatewayReceiver(
@CliOption(key = CliStrings.START_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -853,7 +853,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STOP_GATEWAYRECEIVER, help = CliStrings.STOP_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public Result stopGatewayReceiver(
@CliOption(key = CliStrings.STOP_GATEWAYRECEIVER__GROUP,
@@ -927,7 +927,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_GATEWAY, help = CliStrings.LIST_GATEWAY__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result listGateway(
@CliOption(key = CliStrings.LIST_GATEWAY__MEMBER,
optionContext = ConverterHint.MEMBERIDNAME,
@@ -1018,7 +1018,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STATUS_GATEWAYSENDER, help = CliStrings.STATUS_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result statusGatewaySender(
@CliOption(key = CliStrings.STATUS_GATEWAYSENDER__ID,
mandatory = true,
@@ -1085,7 +1085,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STATUS_GATEWAYRECEIVER, help = CliStrings.STATUS_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEODE_WAN)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result statusGatewayReceiver(
@CliOption(key = CliStrings.STATUS_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
index efbc1f1..8943dfb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
@@ -47,6 +47,7 @@ import javax.management.remote.MBeanServerForwarder;
import com.gemstone.gemfire.management.internal.ManagementConstants;
import com.gemstone.gemfire.security.GemFireSecurityException;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.security.GeodePermission;
/**
* This class intercepts all MBean requests for GemFire MBeans and passed it to
@@ -56,15 +57,8 @@ import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
*/
public class MBeanServerWrapper implements MBeanServerForwarder {
private MBeanServer mbs;
-
- public MBeanServerWrapper(){
- }
-
- private void doAuthorizationPost(ResourceOperationContext context){
- if(context == null)
- return;
- //interceptor.postAuthorize(context);
+ public MBeanServerWrapper(){
}
private void checkDomain(ObjectName name){
@@ -117,7 +111,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
}
@Override
- public ObjectInstance getObjectInstance(ObjectName name) throws InstanceNotFoundException {
+ public ObjectInstance getObjectInstance(ObjectName name) throws InstanceNotFoundException {
return mbs.getObjectInstance(name);
}
@@ -145,14 +139,14 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
}
@Override
- public Integer getMBeanCount() {
+ public Integer getMBeanCount() {
return mbs.getMBeanCount();
}
@Override
public Object getAttribute(ObjectName name, String attribute) throws MBeanException, InstanceNotFoundException,
ReflectionException {
- ResourceOperationContext ctx = getOperationContext(name, attribute, false);
+ GeodePermission ctx = getOperationContext(name, attribute, false);
GeodeSecurityUtil.authorize(ctx);
Object result;
try {
@@ -160,10 +154,6 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
} catch (AttributeNotFoundException nex) {
return null;
}
- if (ctx != null) {
- ctx.setPostOperationResult(result);
- }
- doAuthorizationPost(ctx);
return result;
}
@@ -186,7 +176,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
@Override
public void setAttribute(ObjectName name, Attribute attribute) throws InstanceNotFoundException,
AttributeNotFoundException, InvalidAttributeValueException, MBeanException, ReflectionException {
- ResourceOperationContext ctx = getOperationContext(name, attribute.getName(), false);
+ GeodePermission ctx = getOperationContext(name, attribute.getName(), false);
GeodeSecurityUtil.authorize(ctx);
mbs.setAttribute(name, attribute);
}
@@ -209,18 +199,16 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
public Object invoke(ObjectName name, String operationName, Object[] params, String[] signature)
throws InstanceNotFoundException, MBeanException, ReflectionException {
- ResourceOperationContext ctx = getOperationContext(name, operationName, true);
+ GeodePermission ctx = getOperationContext(name, operationName, true);
GeodeSecurityUtil.authorize(ctx);
Object result = mbs.invoke(name, operationName, params, signature);
- if(ctx!=null)
- ctx.setPostOperationResult(result);
- doAuthorizationPost(ctx);
+
return result;
}
// TODO: cache this
- private ResourceOperationContext getOperationContext(ObjectName objectName, String featureName, boolean isOp)
+ private GeodePermission getOperationContext(ObjectName objectName, String featureName, boolean isOp)
throws InstanceNotFoundException, ReflectionException {
MBeanInfo beanInfo = null;
try {
@@ -229,7 +217,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
throw new GemFireSecurityException("error getting beanInfo of "+objectName, e);
}
// If there is no annotation defined either in the class level or method level, we should consider this operation/attribute freely accessible
- ResourceOperationContext result = null;
+ GeodePermission result = null;
// find the context in the beanInfo if defined in the class level
result = getOperationContext(beanInfo.getDescriptor(), result);
@@ -252,11 +240,11 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
return result;
}
- private ResourceOperationContext getOperationContext(Descriptor descriptor, ResourceOperationContext defaultValue){
+ private GeodePermission getOperationContext(Descriptor descriptor, GeodePermission defaultValue){
String resource = (String)descriptor.getFieldValue("resource");
String operationCode = (String)descriptor.getFieldValue("operation");
if(resource!=null && operationCode!=null){
- return new ResourceOperationContext(resource, operationCode, null);
+ return new GeodePermission(resource, operationCode);
}
return defaultValue;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
index 8b50183..9f62d0d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
-
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
@@ -25,6 +23,9 @@ import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import javax.management.DescriptorKey;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@@ -33,5 +34,5 @@ public @interface ResourceOperation {
Resource resource() default Resource.NULL;
@DescriptorKey("operation")
- OperationCode operation() default OperationCode.NULL;
+ Operation operation() default Operation.NULL;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
deleted file mode 100644
index 99da1f1..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.management.internal.security;
-
-import com.gemstone.gemfire.cache.operations.OperationContext;
-
-/**
- * This is base class for OperationContext for resource (JMX and CLI) operations
- */
-public class ResourceOperationContext extends OperationContext {
-
- private boolean isPostOperation = false;
- private Object opResult = null;
-
- // these default values are used when creating a lock around an operation
- private Resource resource = Resource.NULL;
- private OperationCode operation = OperationCode.NULL;
- private String regionName = OperationContext.ALL_REGIONS;
-
- public ResourceOperationContext() {
- this(null, null, null);
- }
-
- // When only specified a resource and operation, it's assumed that you need access to all regions in order to perform the operations
- // guarded by this ResourceOperationConext
- public ResourceOperationContext(String resource, String operation) {
- this(resource, operation, OperationContext.ALL_REGIONS);
- }
-
- public ResourceOperationContext(String resource, String operation, String regionName) {
- if (resource != null) this.resource = Resource.valueOf(resource);
- if (operation != null) this.operation = OperationCode.valueOf(operation);
- if (regionName !=null ) this.regionName = regionName;
-
- setParts(this.resource.name()+":"+this.operation.name()+":"+this.regionName, true);
- }
-
- @Override
- public boolean isClientUpdate() {
- return false;
- }
-
- @Override
- public OperationCode getOperationCode() {
- return operation;
- }
-
- @Override
- public Resource getResource() {
- return resource;
- }
-
- @Override
- public String getRegionName(){
- return this.regionName;
- }
-
- @Override
- public boolean isPostOperation() {
- return isPostOperation;
- }
-
- public void setPostOperationResult(Object result) {
- this.isPostOperation = true;
- this.opResult = result;
- }
-
- public Object getOperationResult() {
- return this.opResult;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
index eff2a62..4faff72 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
@@ -17,14 +17,13 @@
package com.gemstone.gemfire.security;
+import java.security.Principal;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.cache.CacheFactory;
import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.distributed.DistributedMember;
-import java.security.Principal;
-
/**
* Specifies the interface to authorize operations at the cache or region level
* for clients or servers. Implementations should register name of the static
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/security/ExternalSecurity.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/ExternalSecurity.java b/geode-core/src/main/java/com/gemstone/gemfire/security/ExternalSecurity.java
new file mode 100644
index 0000000..133eba2
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/ExternalSecurity.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+public interface ExternalSecurity {
+
+ void init(Properties securityProps);
+
+ Principal authenticate(Properties props) throws AuthenticationFailedException;
+
+ default boolean authorize(Principal principal, GeodePermission permission) {
+ return true;
+ }
+
+ //post-processing as well if we can find a good way to support it
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
new file mode 100644
index 0000000..95ef2c8
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import org.apache.shiro.authz.permission.WildcardPermission;
+
+public class GeodePermission extends WildcardPermission {
+
+ public static String ALL_REGIONS = "*";
+
+ public enum Resource {
+ NULL,
+ CLUSTER,
+ DATA
+ }
+
+ public enum Operation {
+ NULL,
+ MANAGE,
+ WRITE,
+ READ;
+ }
+
+ public Resource getResource() {
+ return resource;
+ }
+
+ public Operation getOperation() {
+ return operation;
+ }
+
+ public String getRegionName() {
+ return regionName;
+ }
+
+ // these default values are used when creating a lock around an operation
+ private Resource resource = Resource.NULL;
+ private Operation operation = Operation.NULL;
+ private String regionName = ALL_REGIONS;
+
+ public GeodePermission() {
+ this(Resource.NULL, Operation.NULL);
+ }
+
+ public GeodePermission(String resource, String operation) {
+ this(Resource.valueOf(resource), Operation.valueOf(operation));
+ }
+
+ public GeodePermission(Resource resource, Operation operation){
+ this(resource, operation, ALL_REGIONS);
+ }
+
+ public GeodePermission(String resource, String operation, String regionName) {
+ if(resource != null) this.resource = Resource.valueOf(resource);
+ if(operation != null) this.operation = Operation.valueOf(operation);
+ if(regionName != null) this.regionName = regionName;
+
+ setParts(this.resource+":"+this.operation+":"+this.regionName, true);
+ }
+
+ public GeodePermission(Resource resource, Operation operation, String regionName){
+ if(resource != null) this.resource = resource;
+ if(operation != null) this.operation = operation;
+ if(regionName != null) this.regionName = regionName;
+
+ setParts(this.resource+":"+this.operation+":"+this.regionName, true);
+ }
+
+ @Override
+ public String toString() {
+ if (ALL_REGIONS.equals(getRegionName())) {
+ return getResource() + ":" + getOperation();
+ } else {
+ return getResource() + ":" + getOperation() + ":" + getRegionName();
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
index 63c8536..3922d99 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
@@ -16,22 +16,6 @@
*/
package com.gemstone.gemfire.security.templates;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.Authenticator;
-import com.gemstone.gemfire.security.NotAuthorizedException;
-import org.apache.commons.io.IOUtils;
-
-import javax.management.remote.JMXPrincipal;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
@@ -47,6 +31,21 @@ import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
+import javax.management.remote.JMXPrincipal;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.ExternalSecurity;
+import com.gemstone.gemfire.security.GeodePermission;
+import com.gemstone.gemfire.security.NotAuthorizedException;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.shiro.authz.Permission;
/**
* This class provides a sample implementation for authentication and authorization via the {@link AccessControl}
@@ -96,10 +95,10 @@ import java.util.stream.StreamSupport;
* }
* </pre>
*/
-public class SampleJsonAuthorization implements AccessControl, Authenticator {
+public class SampleJsonAuthorization implements ExternalSecurity {
public static class Role {
- List<OperationContext> permissions = new ArrayList<>();
+ List<GeodePermission> permissions = new ArrayList<>();
String name;
String serverGroup;
}
@@ -181,7 +180,7 @@ public class SampleJsonAuthorization implements AccessControl, Authenticator {
String resourcePart = (parts.length > 0) ? parts[0] : null;
String operationPart = (parts.length > 1) ? parts[1] : null;
String regionPart = (regionNames != null) ? regionNames : "*";
- role.permissions.add(new ResourceOperationContext(resourcePart, operationPart, regionPart));
+ role.permissions.add(new GeodePermission(resourcePart, operationPart, regionPart));
}
roleMap.put(role.name, role);
@@ -199,12 +198,9 @@ public class SampleJsonAuthorization implements AccessControl, Authenticator {
private Principal principal = null;
- @Override
- public void close() {
- }
@Override
- public boolean authorizeOperation(String region, OperationContext context) {
+ public boolean authorize(Principal principal, GeodePermission context) {
if (principal == null) return false;
User user = acl.get(principal.getName());
@@ -212,7 +208,7 @@ public class SampleJsonAuthorization implements AccessControl, Authenticator {
// check if the user has this permission defined in the context
for (Role role : acl.get(user.name).roles) {
- for (OperationContext permitted : role.permissions) {
+ for (Permission permitted : role.permissions) {
if (permitted.implies(context)) {
return true;
}
@@ -223,12 +219,11 @@ public class SampleJsonAuthorization implements AccessControl, Authenticator {
}
@Override
- public void init(Principal principal, DistributedMember arg1, Cache arg2) throws NotAuthorizedException {
- this.principal = principal;
+ public void init(Properties props) throws NotAuthorizedException {
}
@Override
- public Principal authenticate(Properties props, DistributedMember arg1) throws AuthenticationFailedException {
+ public Principal authenticate(Properties props) throws AuthenticationFailedException {
String user = props.getProperty(ResourceConstants.USER_NAME);
String pwd = props.getProperty(ResourceConstants.PASSWORD);
@@ -245,10 +240,6 @@ public class SampleJsonAuthorization implements AccessControl, Authenticator {
return new JMXPrincipal(user);
}
- @Override
- public void init(Properties arg0, LogWriter arg1, LogWriter arg2) throws AuthenticationFailedException {
- }
-
protected static String readFile(String name) throws IOException {
File file = new File(name);
FileReader reader = new FileReader(file);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
index 2c20e23..de57807 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
@@ -17,6 +17,9 @@
package com.gemstone.gemfire.internal.cache.extension.mock;
+import java.util.List;
+import java.util.Set;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
import com.gemstone.gemfire.cache.Region;
@@ -33,16 +36,13 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import java.util.List;
-import java.util.Set;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
* Mock Extension gfsh commands.
*
@@ -81,7 +81,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = CREATE_MOCK_REGION_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result createMockRegionExtension(@CliOption(key = OPTION_REGION_NAME, mandatory = true) final String regionName,
@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(CreateMockRegionExtensionFunction.INSTANCE, true,
@@ -102,7 +102,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = ALTER_MOCK_REGION_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result alterMockRegionExtension(@CliOption(key = OPTION_REGION_NAME, mandatory = true) final String regionName,
@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(AlterMockRegionExtensionFunction.INSTANCE, true,
@@ -121,7 +121,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = DESTROY_MOCK_REGION_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result destroyMockRegionExtension(@CliOption(key = OPTION_REGION_NAME, mandatory = true) final String regionName) {
return executeFunctionOnAllMembersTabulateResultPersist(DestroyMockRegionExtensionFunction.INSTANCE, true,
DestroyMockRegionExtensionFunction.toArgs(regionName));
@@ -138,7 +138,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = CREATE_MOCK_CACHE_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result createMockCacheExtension(@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(CreateMockCacheExtensionFunction.INSTANCE, true, CreateMockCacheExtensionFunction.toArgs(value));
}
@@ -153,7 +153,7 @@ public class MockExtensionCommands implements CommandMarker {
* @since GemFire 8.1
*/
@CliCommand(value = ALTER_MOCK_CACHE_EXTENSION)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
@CliMetaData(writesToSharedConfiguration = true)
public Result alterMockCacheExtension(@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(AlterMockCacheExtensionFunction.INSTANCE, true, AlterMockCacheExtensionFunction.toArgs(value));
@@ -166,7 +166,7 @@ public class MockExtensionCommands implements CommandMarker {
* @since GemFire 8.1
*/
@CliCommand(value = DESTROY_MOCK_CACHE_EXTENSION)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
@CliMetaData(writesToSharedConfiguration = true)
public Result destroyMockCacheExtension() {
return executeFunctionOnAllMembersTabulateResultPersist(DestroyMockCacheExtensionFunction.INSTANCE, false);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
index 69d99d8..dc2f497 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
@@ -16,7 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.cli;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
import static org.junit.Assert.*;
import java.lang.annotation.Annotation;
@@ -25,17 +24,6 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
-import org.junit.After;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.springframework.shell.core.CommandMarker;
-import org.springframework.shell.core.Completion;
-import org.springframework.shell.core.Converter;
-import org.springframework.shell.core.MethodTarget;
-import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
-import org.springframework.shell.core.annotation.CliCommand;
-import org.springframework.shell.core.annotation.CliOption;
-
import com.gemstone.gemfire.management.cli.CliMetaData;
import com.gemstone.gemfire.management.cli.ConverterHint;
import com.gemstone.gemfire.management.cli.Result;
@@ -45,8 +33,21 @@ import com.gemstone.gemfire.management.internal.cli.parser.AvailabilityTarget;
import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget;
import com.gemstone.gemfire.management.internal.cli.parser.Option;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
+import org.junit.After;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.springframework.shell.core.CommandMarker;
+import org.springframework.shell.core.Completion;
+import org.springframework.shell.core.Converter;
+import org.springframework.shell.core.MethodTarget;
+import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
+import org.springframework.shell.core.annotation.CliCommand;
+import org.springframework.shell.core.annotation.CliOption;
+
/**
* CommandManagerTest - Includes tests to check the CommandManager functions
*/
@@ -239,7 +240,7 @@ public class CommandManagerJUnitTest {
@CliCommand(value = { COMMAND1_NAME, COMMAND1_NAME_ALIAS }, help = COMMAND1_HELP)
@CliMetaData(shellOnly = true, relatedTopic = { "relatedTopicOfCommand1" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static String command1(
@CliArgument(name = ARGUMENT1_NAME, argumentContext = ARGUMENT1_CONTEXT, help = ARGUMENT1_HELP, mandatory = true)
String argument1,
@@ -255,13 +256,13 @@ public class CommandManagerJUnitTest {
}
@CliCommand(value = { COMMAND2_NAME })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static String command2() {
return null;
}
@CliCommand(value = { "testParamConcat" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result testParamConcat(
@CliOption(key = { "string" })
String string,
@@ -278,7 +279,7 @@ public class CommandManagerJUnitTest {
}
@CliCommand(value = { "testMultiWordArg" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result testMultiWordArg(@CliArgument(name = "arg1")
String arg1, @CliArgument(name = "arg2")
String arg2) {
@@ -333,7 +334,7 @@ public class CommandManagerJUnitTest {
public static class MockPluginCommand implements CommandMarker {
@CliCommand(value = "mock plugin command")
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result mockPluginCommand() {
return null;
}
@@ -341,7 +342,7 @@ public class CommandManagerJUnitTest {
public static class MockPluginCommandUnlisted implements CommandMarker {
@CliCommand(value = "mock plugin command unlisted")
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result mockPluginCommandUnlisted() {
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
index 088a6a1..c6ec2db 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
@@ -16,19 +16,10 @@
*/
package com.gemstone.gemfire.management.internal.cli.shell;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
import static org.junit.Assert.*;
import java.util.List;
-import org.junit.After;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.springframework.shell.core.CommandMarker;
-import org.springframework.shell.core.annotation.CliCommand;
-import org.springframework.shell.core.annotation.CliOption;
-import org.springframework.shell.event.ParseResult;
-
import com.gemstone.gemfire.management.cli.CliMetaData;
import com.gemstone.gemfire.management.cli.ConverterHint;
import com.gemstone.gemfire.management.cli.Result;
@@ -37,8 +28,18 @@ import com.gemstone.gemfire.management.internal.cli.GfshParser;
import com.gemstone.gemfire.management.internal.cli.annotation.CliArgument;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
+import org.junit.After;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.springframework.shell.core.CommandMarker;
+import org.springframework.shell.core.annotation.CliCommand;
+import org.springframework.shell.core.annotation.CliOption;
+import org.springframework.shell.event.ParseResult;
+
/**
* GfshExecutionStrategyTest - Includes tests to for GfshExecutionStrategyTest
*/
@@ -103,20 +104,20 @@ public class GfshExecutionStrategyJUnitTest {
@CliCommand(value = { COMMAND1_NAME, COMMAND1_NAME_ALIAS }, help = COMMAND1_HELP)
@CliMetaData(shellOnly = true )
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result command1() {
return ResultBuilder.createInfoResult(COMMAND1_SUCESS);
}
@CliCommand(value = { COMMAND2_NAME })
@CliMetaData(shellOnly = false )
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result command2() {
return ResultBuilder.createInfoResult(COMMAND2_SUCESS);
}
@CliCommand(value = { "testParamConcat" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result testParamConcat(
@CliOption(key = { "string" })
String string,
@@ -133,7 +134,7 @@ public class GfshExecutionStrategyJUnitTest {
}
@CliCommand(value = { "testMultiWordArg" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result testMultiWordArg(@CliArgument(name = "arg1")
String arg1, @CliArgument(name = "arg2")
String arg2) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index 6a12d70..cf2a739 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -47,7 +47,6 @@ public class CacheServerMBeanAuthenticationJUnitTest {
@JMXConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.removeIndex("foo");
- bean.executeContinuousQuery("bar");
bean.fetchLoadProbe();
bean.getActiveCQCount();
bean.stopContinuousQuery("bar");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
new file mode 100644
index 0000000..1a74865
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.management.internal.security;
+
+import static org.junit.Assert.*;
+
+import com.gemstone.gemfire.security.GeodePermission;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class GeodePermissionJUnitTest {
+
+ private GeodePermission context;
+
+ @Test
+ public void testEmptyConstructor(){
+ context = new GeodePermission();
+ assertEquals(Resource.NULL, context.getResource());
+ assertEquals(Operation.NULL, context.getOperation());
+ assertEquals(GeodePermission.ALL_REGIONS, context.getRegionName());
+ }
+
+ @Test
+ public void testIsPermission(){
+ context = new GeodePermission();
+ assertTrue(context instanceof WildcardPermission);
+ }
+
+ @Test
+ public void testConstructor(){
+ context = new GeodePermission();
+ assertEquals(Resource.NULL, context.getResource());
+ assertEquals(Operation.NULL, context.getOperation());
+ assertEquals(GeodePermission.ALL_REGIONS, context.getRegionName());
+
+ context = new GeodePermission();
+ assertEquals(Resource.NULL, context.getResource());
+ assertEquals(Operation.NULL, context.getOperation());
+ assertEquals(GeodePermission.ALL_REGIONS, context.getRegionName());
+
+ context = new GeodePermission("DATA", null, null);
+ assertEquals(Resource.DATA, context.getResource());
+ assertEquals(Operation.NULL, context.getOperation());
+ assertEquals(GeodePermission.ALL_REGIONS, context.getRegionName());
+
+ context = new GeodePermission("CLUSTER", null, null);
+ assertEquals(Resource.CLUSTER, context.getResource());
+ assertEquals(Operation.NULL, context.getOperation());
+ assertEquals(GeodePermission.ALL_REGIONS, context.getRegionName());
+
+ context = new GeodePermission(null, "MANAGE", "REGIONA");
+ assertEquals(Resource.NULL, context.getResource());
+ assertEquals(Operation.MANAGE, context.getOperation());
+ assertEquals("REGIONA", context.getRegionName());
+
+ context = new GeodePermission("DATA", "MANAGE", "REGIONA");
+ assertEquals(Resource.DATA, context.getResource());
+ assertEquals(Operation.MANAGE, context.getOperation());
+ assertEquals("REGIONA", context.getRegionName());
+ }
+
+ @Test
+ public void testToString(){
+ context = new GeodePermission();
+ assertEquals("NULL:NULL", context.toString());
+
+ context = new GeodePermission("DATA", "MANAGE");
+ assertEquals("DATA:MANAGE", context.toString());
+
+ context = new GeodePermission("DATA", "MANAGE", "REGIONA");
+ assertEquals("DATA:MANAGE:REGIONA", context.toString());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index edcf998..c44e364 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -17,22 +17,23 @@
package com.gemstone.gemfire.management.internal.security;
-import com.gemstone.gemfire.cache.operations.OperationContext;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.assertj.core.api.Assertions.*;
+
+import java.util.Properties;
+
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.GeodePermission;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
import org.apache.shiro.util.ThreadContext;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-import java.util.Properties;
-
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
/**
* this test and ShiroUtilCustomRealmJUunitTest uses the same test body, but initialize the SecurityUtils differently.
* If you change shiro.ini, remmber to change the shiro-ini.json to match the changes as well.
@@ -139,7 +140,7 @@ public class GeodeSecurityUtilWithIniFileJUnitTest {
GeodeSecurityUtil.logout();
}
- private void assertNotAuthorized(OperationContext context){
+ private void assertNotAuthorized(GeodePermission context){
assertThatThrownBy(()-> GeodeSecurityUtil.authorize(context)).isInstanceOf(GemFireSecurityException.class).hasMessageContaining("["+context.toString()+"]");
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
deleted file mode 100644
index 46c0e1d..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContextJUnitTest.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.management.internal.security;
-
-import static org.junit.Assert.*;
-
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
-import org.apache.shiro.authz.permission.WildcardPermission;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-@Category(UnitTest.class)
-public class ResourceOperationContextJUnitTest {
-
- private ResourceOperationContext context;
-
- @Test
- public void testEmptyConstructor(){
- context = new ResourceOperationContext();
- assertEquals(Resource.NULL, context.getResource());
- assertEquals(OperationCode.NULL, context.getOperationCode());
- assertEquals(OperationContext.ALL_REGIONS, context.getRegionName());
- }
-
- @Test
- public void testIsPermission(){
- context = new ResourceOperationContext();
- assertTrue(context instanceof WildcardPermission);
- }
-
- @Test
- public void testConstructor(){
- context = new ResourceOperationContext(null, null, null);
- assertEquals(Resource.NULL, context.getResource());
- assertEquals(OperationCode.NULL, context.getOperationCode());
- assertEquals(OperationContext.ALL_REGIONS, context.getRegionName());
-
- context = new ResourceOperationContext(null, null);
- assertEquals(Resource.NULL, context.getResource());
- assertEquals(OperationCode.NULL, context.getOperationCode());
- assertEquals(OperationContext.ALL_REGIONS, context.getRegionName());
-
- context = new ResourceOperationContext("DATA", null, null);
- assertEquals(Resource.DATA, context.getResource());
- assertEquals(OperationCode.NULL, context.getOperationCode());
- assertEquals(OperationContext.ALL_REGIONS, context.getRegionName());
-
- context = new ResourceOperationContext("CLUSTER", null, null);
- assertEquals(Resource.CLUSTER, context.getResource());
- assertEquals(OperationCode.NULL, context.getOperationCode());
- assertEquals(OperationContext.ALL_REGIONS, context.getRegionName());
-
- context = new ResourceOperationContext(null, "MANAGE", "REGIONA");
- assertEquals(Resource.NULL, context.getResource());
- assertEquals(OperationCode.MANAGE, context.getOperationCode());
- assertEquals("REGIONA", context.getRegionName());
-
- context = new ResourceOperationContext("DATA", "MANAGE", "REGIONA");
- assertEquals(Resource.DATA, context.getResource());
- assertEquals(OperationCode.MANAGE, context.getOperationCode());
- assertEquals("REGIONA", context.getRegionName());
- }
-
- @Test
- public void testToString(){
- context = new ResourceOperationContext();
- assertEquals("NULL:NULL", context.toString());
-
- context = new ResourceOperationContext("DATA", "MANAGE");
- assertEquals("DATA:MANAGE", context.toString());
-
- context = new ResourceOperationContext("DATA", "MANAGE", "REGIONA");
- assertEquals("DATA:MANAGE:REGIONA", context.toString());
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
index 2ddc6ee..f7ee8bb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/TestCommand.java
@@ -20,49 +20,49 @@ package com.gemstone.gemfire.management.internal.security;
import java.util.ArrayList;
import java.util.List;
-import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.security.GeodePermission;
import org.apache.shiro.authz.Permission;
public class TestCommand {
- public static OperationContext none = null;
- public static OperationContext everyOneAllowed = new ResourceOperationContext();
- public static OperationContext dataRead = new ResourceOperationContext("DATA", "READ");
- public static OperationContext dataWrite = new ResourceOperationContext("DATA", "WRITE");
- public static OperationContext dataManage = new ResourceOperationContext("DATA", "MANAGE");
+ public static GeodePermission none = null;
+ public static GeodePermission everyOneAllowed = new GeodePermission();
+ public static GeodePermission dataRead = new GeodePermission("DATA", "READ");
+ public static GeodePermission dataWrite = new GeodePermission("DATA", "WRITE");
+ public static GeodePermission dataManage = new GeodePermission("DATA", "MANAGE");
- public static OperationContext regionARead = new ResourceOperationContext("DATA", "READ", "RegionA");
- public static OperationContext regionAWrite = new ResourceOperationContext("DATA", "WRITE", "RegionA");
- public static OperationContext regionAManage = new ResourceOperationContext("DATA", "MANAGE", "RegionA");
+ public static GeodePermission regionARead = new GeodePermission("DATA", "READ", "RegionA");
+ public static GeodePermission regionAWrite = new GeodePermission("DATA", "WRITE", "RegionA");
+ public static GeodePermission regionAManage = new GeodePermission("DATA", "MANAGE", "RegionA");
- public static OperationContext clusterRead = new ResourceOperationContext("CLUSTER", "READ");
- public static OperationContext clusterWrite = new ResourceOperationContext("CLUSTER", "WRITE");
- public static OperationContext clusterManage = new ResourceOperationContext("CLUSTER", "MANAGE");
+ public static GeodePermission clusterRead = new GeodePermission("CLUSTER", "READ");
+ public static GeodePermission clusterWrite = new GeodePermission("CLUSTER", "WRITE");
+ public static GeodePermission clusterManage = new GeodePermission("CLUSTER", "MANAGE");
private static List<TestCommand> testCommands = new ArrayList<>();
static{
init();
}
-
+
private final String command;
- private final OperationContext permission;
-
- public TestCommand(String command, OperationContext permission) {
+ private final GeodePermission permission;
+
+ public TestCommand(String command, GeodePermission permission) {
this.command = command;
this.permission = permission;
}
-
- private static void createTestCommand(String command, OperationContext permission) {
+
+ private static void createTestCommand(String command, GeodePermission permission) {
TestCommand instance = new TestCommand(command, permission);
testCommands.add(instance);
}
-
+
public String getCommand() {
return this.command;
}
- public OperationContext getPermission() {
+ public GeodePermission getPermission() {
return this.permission;
}
@@ -72,8 +72,8 @@ public class TestCommand {
public static List<TestCommand> getPermittedCommands(Permission permission){
List<TestCommand> result = new ArrayList<>();
- for(TestCommand testCommand:testCommands){
- OperationContext cPerm = testCommand.getPermission();
+ for (TestCommand testCommand : testCommands) {
+ GeodePermission cPerm = testCommand.getPermission();
if(cPerm!=null && permission.implies(cPerm)){
result.add(testCommand);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
index d98d962..dbc782f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
@@ -18,14 +18,14 @@
*/
package com.gemstone.gemfire.security;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
import com.gemstone.gemfire.test.junit.categories.DistributedTest;
import com.gemstone.gemfire.test.junit.categories.FlakyTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
/**
* Test for authentication from client to server. This tests for both valid and
* invalid credentials/modules. It also checks for authentication
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
index 381bc33..f51431a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
@@ -277,22 +277,7 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest
int locPort1 = getLocatorPort();
String locString = getAndClearLocatorString();
- int port1 = server1.invoke(() -> createCacheServer(locPort1, locString, "com.gemstone.gemfire.none", extraProps, javaProps));
-
- // Trying to create the region on client should throw a security exception
- Properties credentials2 = gen.getValidCredentials(1);
- Properties javaProps2 = gen.getJavaProperties();
- getLogWriter().info("testInvalidAuthenticator: For first client credentials: " + credentials2 + " : " + javaProps2);
-
- client1.invoke(() -> createCacheClient(authInit, credentials2, javaProps2, port1, 0, AUTHFAIL_EXCEPTION));
- client1.invoke(() -> closeCache());
-
- // Also test with invalid credentials
- Properties credentials3 = gen.getInvalidCredentials(1);
- Properties javaProps3 = gen.getJavaProperties();
- getLogWriter().info("testInvalidAuthenticator: For first client credentials: " + credentials3 + " : " + javaProps3);
-
- client1.invoke(() -> createCacheClient(authInit, credentials3, javaProps3, port1, 0, AUTHFAIL_EXCEPTION));
+ server1.invoke(() -> createCacheServer(locPort1, locString, "com.gemstone.gemfire.none", extraProps, javaProps, AUTHREQ_EXCEPTION));
}
protected void doTestNoAuthenticatorWithCredentials(final boolean multiUser) throws Exception {
@@ -494,21 +479,6 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest
// throw a security exception
client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
- // Now start the servers with invalid authenticator method.
- // Skip this test for a scheme which does not have an authInit in the
- // first place (e.g. SSL) since that will fail with AuthReqEx before
- // authenticator is even invoked.
- if (authInit != null && authInit.length() > 0) {
- server1.invoke(() -> createCacheServer(locPort1, locString, port1, "com.gemstone.gemfire.none", extraProps, javaProps));
- server2.invoke(() -> createCacheServer(locPort2, locString, port2, "com.gemstone.gemfire.none", extraProps, javaProps));
-
- createClient2WithException(multiUser, authInit, port1, port2, credentials1, javaProps1, zeroConns);
- createClient1WithException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns);
-
- } else {
- getLogWriter().info("testCredentialsForNotifications: Skipping invalid authenticator for scheme [" + gen.classCode() + "] which has no authInit");
- }
-
// Try connection with null auth-init on clients.
// Skip this test for a scheme which does not have an authInit in the
// first place (e.g. SSL).
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
index 8a7a470..3073705 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestUtils.java
@@ -16,13 +16,13 @@
*/
package com.gemstone.gemfire.security;
-import com.gemstone.gemfire.cache.Region;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.security.SecurityTestUtils.*;
+import static org.junit.Assert.*;
import java.util.Properties;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.SECURITY_CLIENT_AUTHENTICATOR;
-import static com.gemstone.gemfire.security.SecurityTestUtils.*;
-import static org.junit.Assert.assertNotNull;
+import com.gemstone.gemfire.cache.Region;
/**
* Extracted from ClientAuthenticationDUnitTest
@@ -33,21 +33,18 @@ public abstract class ClientAuthenticationTestUtils {
}
protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps) {
- Properties authProps;
- if (extraProps == null) {
- authProps = new Properties();
- } else {
- authProps = extraProps;
- }
+ return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, NO_EXCEPTION);
+ }
- if (authenticator != null) {
- authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
- }
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps) {
+ return createCacheServer(locatorPort, locatorString, serverPort, authenticator, extraProps, javaProps, NO_EXCEPTION);
+ }
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final String authenticator, final Properties extraProps, final Properties javaProps, final int expectedResult) {
- return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, locatorString, 0, NO_EXCEPTION);
+ return createCacheServer(locatorPort, locatorString, 0, authenticator, extraProps, javaProps, expectedResult);
}
- protected static void createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps) {
+ protected static Integer createCacheServer(final int locatorPort, final String locatorString, final int serverPort, final String authenticator, final Properties extraProps, final Properties javaProps, int expectedResult) {
Properties authProps;
if (extraProps == null) {
authProps = new Properties();
@@ -58,7 +55,7 @@ public abstract class ClientAuthenticationTestUtils {
if (authenticator != null) {
authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticator);
}
- SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, NO_EXCEPTION);
+ return SecurityTestUtils.createCacheServer(authProps, javaProps, locatorPort, locatorString, serverPort, expectedResult);
}
protected static void createCacheClient(final String authInit, final Properties authProps, final Properties javaProps, final int[] ports, final int numConnections, final boolean multiUserMode, final boolean subscriptionEnabled, final int expectedResult) {
[8/9] incubator-geode git commit: client server
Posted by ji...@apache.org.
client server
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/ea9a5854
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/ea9a5854
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/ea9a5854
Branch: refs/heads/feature/GEODE-1571
Commit: ea9a5854412464d0d228b8272a26b317bd58fc5f
Parents: c6e7a3b
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Mon Jun 20 13:49:05 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Mon Jun 20 13:49:05 2016 -0700
----------------------------------------------------------------------
.../cache/tier/sockets/ServerConnection.java | 4 +--
.../tier/sockets/ServerHandShakeProcessor.java | 1 +
.../security/IntegratedClientAuthDUnitTest.java | 26 ++++++++++----------
3 files changed, 16 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ea9a5854/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
index 3a6cadb..39c4cc7 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
@@ -787,11 +787,10 @@ public class ServerConnection implements Runnable {
// if a subject exists for this uniqueId, binds the subject to this thread so that we can do authorization later
if(AcceptorImpl.isIntegratedSecurity() && !isInternalMessage()) {
long uniqueId = getUniqueId();
- logger.info(command + " received with uniqueId "+uniqueId);
Subject subject = this.clientUserAuths.getSubject(uniqueId);
if(subject!=null) {
threadState = GeodeSecurityUtil.bindSubject(subject);
- logger.info("binding " + subject.getPrincipal() + " to the current thread");
+ logger.info( command + " with " + uniqueId + ", binding " + subject.getPrincipal() + " to the current thread executing ");
}
}
@@ -1058,6 +1057,7 @@ public class ServerConnection implements Runnable {
Subject subject = (Subject)principal;
uniqueId = this.clientUserAuths.putSubject(subject);
logger.info("Put subject in Map: "+uniqueId+" for "+ subject.getPrincipal());
+ logger.info(this.clientUserAuths);
}
else {
//this sets principal in map as well....
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ea9a5854/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
index b24b00c..eef147a 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerHandShakeProcessor.java
@@ -314,6 +314,7 @@ public class ServerHandShakeProcessor {
long uniqueId;
if(principal instanceof Subject){
uniqueId = connection.getClientUserAuths().putSubject((Subject)principal);
+ logger.info("Put subject in Map: "+uniqueId+" for "+ ((Subject)principal).getPrincipal());
}
else {
//this sets principal in map as well....
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/ea9a5854/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
index 58f7d8f..dbd88a9 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -85,24 +85,24 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
keys.add("key1");
keys.add("key2");
- // have one client log in as authorized user to put some data in the regions first.
- client2.invoke(()->{
- Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
- final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- region.putAll(allValues);
- cache.close();
- });
+// // have one client log in as authorized user to put some data in the regions first.
+// client2.invoke(()->{
+// Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+// final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+// region.putAll(allValues);
+// cache.close();
+// });
// client1 connects to server as a user not authorized to do any operations
AsyncInvocation ai1 = client1.invokeAsync(()->{
Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- assertNotAuthorized(()->region.put("key3", "value3"), "[DATA:WRITE:AuthRegion:key3]");
- assertNotAuthorized(()->region.get("key3"), "[DATA:READ:AuthRegion:key3]");
+ assertNotAuthorized(()->region.put("key3", "value3"), "DATA:WRITE:AuthRegion:key3");
+ assertNotAuthorized(()->region.get("key3"), "DATA:READ:AuthRegion:key3");
//putall
- assertNotAuthorized(()->region.putAll(allValues), "[DATA:WRITE:AuthRegion]");
+ assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
// not authorized for either keys, get no record back
Map keyValues = region.getAll(keys);
@@ -145,10 +145,10 @@ public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
- assertNotAuthorized(()->region.put("key2", "value1"), "[DATA:WRITE:AuthRegion:key2]");
- assertNotAuthorized(()->region.get("key2"), "[DATA:READ:AuthRegion:key2]");
+ assertNotAuthorized(()->region.put("key2", "value1"), "DATA:WRITE:AuthRegion:key2");
+ assertNotAuthorized(()->region.get("key2"), "DATA:READ:AuthRegion:key2");
- assertNotAuthorized(()->region.putAll(allValues), "[DATA:WRITE:AuthRegion]");
+ assertNotAuthorized(()->region.putAll(allValues), "DATA:WRITE:AuthRegion");
// only authorized for one recrod
Map keyValues = region.getAll(keys);
[4/9] incubator-geode git commit: GEODE-17: used new security
interface for integrated security.
Posted by ji...@apache.org.
GEODE-17: used new security interface for integrated security.
* Create new interface for integrated security
* separate jmx and cli from client-server security
* client-server security using integrated security
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/f447023e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/f447023e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/f447023e
Branch: refs/heads/feature/GEODE-1571
Commit: f447023e7518f27217e95f22b80cb76e2670c9e8
Parents: b53d28f
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Tue Jun 7 11:51:12 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Mon Jun 20 10:00:28 2016 -0700
----------------------------------------------------------------------
.../cache/operations/OperationContext.java | 33 +-
.../internal/GetOperationContextImpl.java | 2 +-
.../cache/tier/sockets/AcceptorImpl.java | 70 ++-
.../cache/tier/sockets/ClientUserAuths.java | 24 +
.../cache/tier/sockets/ServerConnection.java | 501 +++++----------
.../cache/tier/sockets/command/Get70.java | 191 +++---
.../tier/sockets/command/RemoveUserAuth.java | 71 +--
.../internal/security/GeodeSecurityUtil.java | 192 ++++--
.../security/shiro/CustomAuthRealm.java | 146 +----
.../management/AsyncEventQueueMXBean.java | 7 +-
.../gemfire/management/CacheServerMXBean.java | 17 +-
.../gemfire/management/DiskStoreMXBean.java | 17 +-
.../DistributedLockServiceMXBean.java | 11 +-
.../management/DistributedRegionMXBean.java | 7 +-
.../management/DistributedSystemMXBean.java | 22 +-
.../management/GatewayReceiverMXBean.java | 11 +-
.../gemfire/management/GatewaySenderMXBean.java | 17 +-
.../gemfire/management/LocatorMXBean.java | 7 +-
.../gemfire/management/LockServiceMXBean.java | 13 +-
.../gemfire/management/ManagerMXBean.java | 19 +-
.../gemfire/management/MemberMXBean.java | 12 +-
.../gemfire/management/RegionMXBean.java | 7 +-
.../internal/cli/commands/ClientCommands.java | 30 +-
.../internal/cli/commands/ConfigCommands.java | 41 +-
.../CreateAlterDestroyRegionCommands.java | 8 +-
.../internal/cli/commands/DataCommands.java | 13 +-
.../internal/cli/commands/DeployCommands.java | 31 +-
.../cli/commands/DiskStoreCommands.java | 65 +-
.../cli/commands/DurableClientCommands.java | 28 +-
...ExportImportSharedConfigurationCommands.java | 30 +-
.../internal/cli/commands/FunctionCommands.java | 30 +-
.../internal/cli/commands/IndexCommands.java | 16 +-
.../cli/commands/LauncherLifecycleCommands.java | 72 ++-
.../internal/cli/commands/MemberCommands.java | 22 +-
.../cli/commands/MiscellaneousCommands.java | 96 +--
.../internal/cli/commands/PDXCommands.java | 86 +--
.../internal/cli/commands/QueueCommands.java | 19 +-
.../internal/cli/commands/RegionCommands.java | 8 +-
.../internal/cli/commands/StatusCommands.java | 16 +-
.../internal/cli/commands/WanCommands.java | 60 +-
.../internal/security/MBeanServerWrapper.java | 36 +-
.../internal/security/ResourceOperation.java | 7 +-
.../security/ResourceOperationContext.java | 85 ---
.../gemfire/security/AccessControl.java | 5 +-
.../gemfire/security/ExternalSecurity.java | 34 +
.../gemfire/security/GeodePermission.java | 93 +++
.../templates/SampleJsonAuthorization.java | 53 +-
.../extension/mock/MockExtensionCommands.java | 24 +-
.../internal/cli/CommandManagerJUnitTest.java | 37 +-
.../shell/GfshExecutionStrategyJUnitTest.java | 27 +-
...CacheServerMBeanAuthenticationJUnitTest.java | 1 -
.../security/GeodePermissionJUnitTest.java | 94 +++
.../GeodeSecurityUtilWithIniFileJUnitTest.java | 15 +-
.../ResourceOperationContextJUnitTest.java | 94 ---
.../internal/security/TestCommand.java | 44 +-
.../security/ClientAuthenticationDUnitTest.java | 8 +-
.../security/ClientAuthenticationTestCase.java | 32 +-
.../security/ClientAuthenticationTestUtils.java | 29 +-
.../gemfire/security/SecurityTestUtils.java | 622 +++++++++++++------
.../gemfire/codeAnalysis/excludedClasses.txt | 4 +-
.../gemfire/tools/pulse/tests/Server.java | 40 +-
61 files changed, 1741 insertions(+), 1711 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
index 20b528c..a8970bf 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
@@ -17,8 +17,6 @@
package com.gemstone.gemfire.cache.operations;
-import org.apache.shiro.authz.permission.WildcardPermission;
-
/**
* Encapsulates a cache operation and the data associated with it for both the
* pre-operation and post-operation cases. Implementations for specific
@@ -30,14 +28,7 @@ import org.apache.shiro.authz.permission.WildcardPermission;
*
* @since GemFire 5.5
*/
-public abstract class OperationContext extends WildcardPermission{
- public static String ALL_REGIONS="*";
-
- public enum Resource {
- NULL,
- CLUSTER,
- DATA
- };
+public abstract class OperationContext{
public enum OperationCode {
@Deprecated
@@ -77,11 +68,7 @@ public abstract class OperationContext extends WildcardPermission{
@Deprecated
EXECUTE_FUNCTION,
@Deprecated
- GET_DURABLE_CQS,
- NULL,
- MANAGE,
- WRITE,
- READ;
+ GET_DURABLE_CQS;
/**
* Check if this is an entry get operation.
@@ -300,14 +287,6 @@ public abstract class OperationContext extends WildcardPermission{
*/
public abstract OperationCode getOperationCode();
- public Resource getResource(){
- return Resource.NULL;
- }
-
- public String getRegionName(){
- return ALL_REGIONS;
- }
-
/**
* True if the context is for post-operation.
*
@@ -359,12 +338,4 @@ public abstract class OperationContext extends WildcardPermission{
|| opCode.isRegionDestroy() || opCode.isRegionClear());
}
- @Override
- public String toString(){
- if(ALL_REGIONS.equals(getRegionName()))
- return getResource()+":"+getOperationCode();
- else
- return getResource()+":"+getOperationCode()+":"+getRegionName();
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/internal/GetOperationContextImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/internal/GetOperationContextImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/internal/GetOperationContextImpl.java
index f664061..2904776 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/internal/GetOperationContextImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/internal/GetOperationContextImpl.java
@@ -32,7 +32,7 @@ import com.gemstone.gemfire.internal.offheap.annotations.Unretained;
public class GetOperationContextImpl extends GetOperationContext implements Releasable {
private boolean released;
-
+
public GetOperationContextImpl(Object key, boolean postOperation) {
super(key, postOperation);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
index ffcb8c5..6d0c5cb 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
@@ -17,6 +17,47 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.EOFException;
+import java.io.IOException;
+import java.io.InterruptedIOException;
+import java.net.BindException;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.net.SocketTimeoutException;
+import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
+import java.nio.channels.CancelledKeyException;
+import java.nio.channels.ClosedChannelException;
+import java.nio.channels.ClosedSelectorException;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.nio.channels.ServerSocketChannel;
+import java.nio.channels.SocketChannel;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.RejectedExecutionHandler;
+import java.util.concurrent.SynchronousQueue;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+import javax.net.ssl.SSLException;
+
import com.gemstone.gemfire.CancelException;
import com.gemstone.gemfire.SystemFailure;
import com.gemstone.gemfire.ToDataException;
@@ -25,7 +66,12 @@ import com.gemstone.gemfire.cache.RegionDestroyedException;
import com.gemstone.gemfire.cache.client.internal.PoolImpl;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.cache.wan.GatewayTransportFilter;
-import com.gemstone.gemfire.distributed.internal.*;
+import com.gemstone.gemfire.distributed.internal.DM;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.LonerDistributionManager;
+import com.gemstone.gemfire.distributed.internal.PooledExecutorWithDMStats;
+import com.gemstone.gemfire.distributed.internal.ReplyProcessor21;
import com.gemstone.gemfire.internal.SocketCreator;
import com.gemstone.gemfire.internal.SystemTimer;
import com.gemstone.gemfire.internal.cache.BucketAdvisor;
@@ -41,22 +87,11 @@ import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.logging.LoggingThreadGroup;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.tcp.ConnectionTable;
import com.gemstone.gemfire.internal.util.ArrayUtils;
-import org.apache.logging.log4j.Logger;
-
-import javax.net.ssl.SSLException;
-import java.io.EOFException;
-import java.io.IOException;
-import java.io.InterruptedIOException;
-import java.net.*;
-import java.nio.ByteBuffer;
-import java.nio.channels.*;
-import java.util.*;
-import java.util.concurrent.*;
-import java.util.concurrent.atomic.AtomicInteger;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import org.apache.logging.log4j.Logger;
/**
* Implements the acceptor thread on the bridge server. Accepts connections from
@@ -232,6 +267,7 @@ public class AcceptorImpl extends Acceptor implements Runnable
private long acceptorId;
private static boolean isAuthenticationRequired;
+ private static boolean isIntegratedSecurity;
private static boolean isPostAuthzCallbackPresent;
@@ -607,6 +643,8 @@ public class AcceptorImpl extends Acceptor implements Runnable
isAuthenticationRequired = (authenticator != null && authenticator.length() > 0) ? true
: false;
+ isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(authenticator);
+
String postAuthzFactoryName = this.cache.getDistributedSystem()
.getProperties().getProperty(SECURITY_CLIENT_ACCESSOR_PP);
@@ -1807,6 +1845,10 @@ public class AcceptorImpl extends Acceptor implements Runnable
return isAuthenticationRequired;
}
+ public static boolean isIntegratedSecurity(){
+ return isIntegratedSecurity;
+ }
+
public static boolean isPostAuthzCallbackPresent() {
return isPostAuthzCallbackPresent;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
index 383f0c6..840bbfc 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ClientUserAuths.java
@@ -25,6 +25,8 @@ import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
import com.gemstone.gemfire.security.NotAuthorizedException;
+import org.apache.shiro.subject.Subject;
+
public class ClientUserAuths
{
// private AtomicLong counter = new AtomicLong(1);
@@ -34,6 +36,7 @@ public class ClientUserAuths
private ConcurrentHashMap<Long, UserAuthAttributes> uniqueIdVsUserAuth = new ConcurrentHashMap<Long, UserAuthAttributes>();
private ConcurrentHashMap<String, UserAuthAttributes> cqNameVsUserAuth = new ConcurrentHashMap<String, UserAuthAttributes>();
+ private ConcurrentHashMap<Long, Subject> uniqueIdVsSubject = new ConcurrentHashMap<Long, Subject>();
public long putUserAuth(UserAuthAttributes userAuthAttr)
{
@@ -43,6 +46,12 @@ public class ClientUserAuths
uniqueIdVsUserAuth.put(newId, userAuthAttr);
return newId;
}
+
+ public long putSubject(Subject subject){
+ long newId = getNextID();
+ uniqueIdVsSubject.put(newId, subject);
+ return newId;
+ }
public ClientUserAuths(int clientProxyHashcode)
{
@@ -70,6 +79,19 @@ public class ClientUserAuths
{
return uniqueIdVsUserAuth.get(userId);
}
+
+ public Subject getSubject(long userId){
+ return uniqueIdVsSubject.get(userId);
+ }
+
+ public boolean removeSubject(long userId) {
+ Subject subject = uniqueIdVsSubject.remove(userId);
+ if(subject == null)
+ return false;
+
+ subject.logout();
+ return true;
+ }
public UserAuthAttributes getUserAuthAttributes(String cqName)
{
@@ -133,6 +155,8 @@ public class ClientUserAuths
}
return false;
}
+
+
public void cleanUserAuth(UserAuthAttributes userAuth)
{
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
index e7c102c..7bb35da 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/ServerConnection.java
@@ -17,6 +17,24 @@
package com.gemstone.gemfire.internal.cache.tier.sockets;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.nio.ByteBuffer;
+import java.nio.channels.SelectableChannel;
+import java.nio.channels.SelectionKey;
+import java.nio.channels.Selector;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Random;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.LinkedBlockingQueue;
+
import com.gemstone.gemfire.CancelException;
import com.gemstone.gemfire.DataSerializer;
import com.gemstone.gemfire.SystemFailure;
@@ -30,7 +48,12 @@ import com.gemstone.gemfire.internal.HeapDataOutputStream;
import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.cache.EventID;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-import com.gemstone.gemfire.internal.cache.tier.*;
+import com.gemstone.gemfire.internal.cache.tier.Acceptor;
+import com.gemstone.gemfire.internal.cache.tier.CachedRegionHelper;
+import com.gemstone.gemfire.internal.cache.tier.ClientHandShake;
+import com.gemstone.gemfire.internal.cache.tier.Command;
+import com.gemstone.gemfire.internal.cache.tier.InternalClientMembership;
+import com.gemstone.gemfire.internal.cache.tier.MessageType;
import com.gemstone.gemfire.internal.cache.tier.sockets.command.Default;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
@@ -38,29 +61,15 @@ import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.util.Breadcrumbs;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import org.apache.logging.log4j.Logger;
-
-import java.io.ByteArrayInputStream;
-import java.io.DataInputStream;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.nio.ByteBuffer;
-import java.nio.channels.SelectableChannel;
-import java.nio.channels.SelectionKey;
-import java.nio.channels.Selector;
-import java.security.Principal;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Random;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.LinkedBlockingQueue;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import org.apache.logging.log4j.Logger;
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.util.ThreadState;
/**
* Provides an implementation for the server socket end of the hierarchical
@@ -749,6 +758,7 @@ public class ServerConnection implements Runnable {
private void doNormalMsg() {
Message msg = null;
msg = BaseCommand.readRequest(this);
+ ThreadState threadState = null;
try {
if (msg != null) {
//this.logger.fine("donormalMsg() msgType " + msg.getMessageType());
@@ -794,6 +804,14 @@ public class ServerConnection implements Runnable {
if (command == null) {
command = Default.getCommand();
}
+
+ // if a subject exists for this uniqueId, binds the subject to this thread so that we can do authorization later
+ if(AcceptorImpl.isIntegratedSecurity()) {
+ long uniqueId = getUniqueId();
+ Subject subject = this.clientUserAuths.getSubject(uniqueId);
+ threadState = GeodeSecurityUtil.bindSubject(subject);
+ }
+
command.execute(msg, this);
}
}
@@ -802,6 +820,9 @@ public class ServerConnection implements Runnable {
// processed.
setNotProcessingMessage();
clearRequestMsg();
+ if(threadState!=null){
+ threadState.clear();
+ }
}
}
@@ -970,7 +991,14 @@ public class ServerConnection implements Runnable {
}
try {
- return this.clientUserAuths.removeUserId(aIds.getUniqueId(), keepalive);
+ // first try integrated security
+ boolean removed = this.clientUserAuths.removeSubject(aIds.getUniqueId());
+
+ // if not successfull, try the old way
+ if(!removed)
+ removed = this.clientUserAuths.removeUserId(aIds.getUniqueId(), keepalive);
+ return removed;
+
} catch (NullPointerException npe) {
// Bug #52023.
logger.debug("Exception {}", npe);
@@ -1008,7 +1036,7 @@ public class ServerConnection implements Runnable {
return new byte[0];
}
if (!msg.isSecureMode()) {
- //throw exception not authorized
+ throw new AuthenticationFailedException("Authentication failed");
}
byte [] secureBytes = msg.getSecureBytes();
@@ -1032,18 +1060,28 @@ public class ServerConnection implements Runnable {
ByteArrayInputStream bis = new ByteArrayInputStream(credBytes);
DataInputStream dinp = new DataInputStream(bis);
Properties credentials = DataSerializer.readProperties(dinp);
-
-
- DistributedSystem system = this.getDistributedSystem();
- String methodName = system.getProperties().getProperty(
+
+ String username = credentials.getProperty("security-username");
+ String password = credentials.getProperty("security-password");
+
+ // When here, security is enfored on server, if login returns a subject, then it's the newly integrated security, otherwise, do it the old way.
+ long uniqueId;
+ Subject subject = GeodeSecurityUtil.login(username, password);
+ if(subject!=null){
+ uniqueId = this.clientUserAuths.putSubject(subject);
+ }
+ else {
+ DistributedSystem system = this.getDistributedSystem();
+ String methodName = system.getProperties().getProperty(
SECURITY_CLIENT_AUTHENTICATOR);
-
- Principal principal = HandShake.verifyCredentials(methodName, credentials,
- system.getSecurityProperties(), (InternalLogWriter)system.getLogWriter(), (InternalLogWriter)system
- .getSecurityLogWriter(), this.proxyId.getDistributedMember());
-
- //this sets principal in map as well....
- long uniqueId = ServerHandShakeProcessor.getUniqueId(this, principal);
+
+ Principal principal = HandShake.verifyCredentials(methodName, credentials,
+ system.getSecurityProperties(), (InternalLogWriter) system.getLogWriter(), (InternalLogWriter) system
+ .getSecurityLogWriter(), this.proxyId.getDistributedMember());
+
+ //this sets principal in map as well....
+ uniqueId = ServerHandShakeProcessor.getUniqueId(this, principal);
+ }
//create secure part which will be send in respones
@@ -1356,185 +1394,11 @@ public class ServerConnection implements Runnable {
return LocalizedStrings.ServerConnection_ERROR_IN_GETSOCKETSTRING_0.toLocalizedString(e.getLocalizedMessage());
}
}
-
-
-
-
-
-
-
-
-
-
-
-
-// private void writePingReply(Message origMsg) throws IOException {
-// replyMsg.setMessageType(MessageType.REPLY);
-// replyMsg.setNumberOfParts(1);
-// replyMsg.setTransactionId(origMsg.getTransactionId());
-// replyMsg.addBytesPart(OK_BYTES);
-// replyMsg.send(logger, origMsg.getTransactionId());
-// if (logger.finerEnabled()) {
-// logger.finer(getName() + ": rpl tx: " + origMsg.getTransactionId());
-// }
-// }
-
-
-
-
-
-
-// private void writeBatchException(Message origMsg, String message, int index) throws IOException {
-// Exception be = new BatchException(message, index);
-// errorMsg.setMessageType(MessageType.EXCEPTION);
-// errorMsg.setNumberOfParts(2);
-// errorMsg.setTransactionId(origMsg.getTransactionId());
-// errorMsg.addObjPart(be);
-// errorMsg.addStringPart(be.toString());
-// errorMsg.send();
-// if (logger.fineEnabled()) {
-// logger.fine(this.name + ": Wrote batch exception: ", be);
-// }
-// }
-
void clearRequestMsg() {
requestMsg.clear();
}
-
-
-
-
-// /**
-// * Examine an entry, and build an InterestEvent for it
-// * @param region region we're fetching from
-// * @param entryKey entry key that we may want the event for
-// * @return the event or null if entry does not exist
-// */
-// private InterestEvent getInterestEvent(Region region, Object entryKey)
-// {
-// Region.Entry entry = null;
-// try {
-// entry = region.getEntry(entryKey);
-// } catch (Exception likelyAPartitionedRegion) { // ignore, change when a partitioned region supports getEntry
-// }
-// if (entry == null) {
-// return null;
-// }
-// if (entry instanceof LocalRegion.NonTXEntry) {
-// final LocalRegion.NonTXEntry regionEntry = (LocalRegion.NonTXEntry)entry;
-// boolean isDeserialized = true;
-// // Get the value in the VM
-// Object value = regionEntry.getRegionEntry().getValueInVM();
-// // If the value in the VM is a CachedDeserializable,
-// // get its value. If it is Token.REMOVED, Token.DESTROYED,
-// // Token.INVALID, or Token.LOCAL_INVALID
-// // set it to null. If it is NOT_AVAILABLE, get the value from
-// // disk. If it is already a byte[], set isObject to false.
-// if (value instanceof CachedDeserializable) {
-// value = ((CachedDeserializable)value).getValue();
-// isDeserialized = !(value instanceof byte[]);
-// }
-// else if (value == Token.REMOVED || value == Token.DESTROYED) {
-// return null;
-// }
-// else if (value == Token.INVALID || value == Token.LOCAL_INVALID) {
-// return null; // fix for bug 35884
-// }
-// else if (value instanceof byte[]) {
-// // key, value, and isDeserialized already set
-// }
-// else if (value == EntryEvent.NOT_AVAILABLE) {
-// // This will occur with a disk region entry where the value
-// // is on disk. Currently the getValue call will deserialize
-// // the value. This means that for disk regions, value classes
-// // must exist on the server. If this code is changed, look at
-// // the run method above for similar code to change.
-// value = regionEntry.getRegionEntry().getValue((LocalRegion)region);
-// if (value instanceof CachedDeserializable) {
-// value = ((CachedDeserializable)value).getValue();
-// isDeserialized = !(value instanceof byte[]);
-// }
-// }
-// return new InterestEvent(entryKey, value, isDeserialized);
-// } else {
-// return null;
-// }
-// }
-
-// /**
-// * Process an interest request of type {@link InterestType#FILTER_CLASS}
-// * @param region the region
-// * @param className the key
-// * @param policy the policy
-// * @throws IOException
-// */
-// private void handleFilter(LocalRegion region, String className,
-// InterestResultPolicy policy) throws IOException
-// {
-// ArrayList keyList = new ArrayList(this.maximumChunkSize);
-
-// // Handle the filtering class pattern
-
-// Class filterClass;
-// InterestFilter filter;
-// try {
-// filterClass = ClassLoadUtil.classFromName((String) className);
-// filter = (InterestFilter) filterClass.newInstance();
-// } catch(ClassNotFoundException cnfe) {
-// throw new RuntimeException("Class " + className + " not found in classpath.", cnfe);
-// } catch(Exception e) {
-// throw new RuntimeException("Class " + className + " could not be instantiated.", e);
-// }
-
-// // if(!(filter instanceof InterestFilter)) {
-// // throw new RuntimeException("Class " + key + " does not implement InterestFilter.");
-// // }
-
-// for (Iterator it = region.keys().iterator(); it.hasNext();) {
-// Object entryKey = it.next();
-// InterestEvent ie = getInterestEvent(region, entryKey);
-// if (ie == null) {
-// // key no longer existed so skip it
-// continue;
-// }
-// if(!filter.notifyOnRegister(ie)) {
-// //the filter does not want to know about this entry, so skip it.
-// continue;
-// }
-// appendInterestResponseKey(region, className, entryKey, keyList, "filter list");
-// }
-// // Send the last chunk (the only chunk for individual and list keys)
-// // always send it back, even if the list is of zero size.
-// sendRegisterInterestResponseChunk(region, className, keyList, true);
-// }
-
-
-
-// /**
-// * Process an interest request of type {@link InterestType#FILTER_CLASS}
-// * @param region the region
-// * @param className the key
-// * @param policy the policy
-// * @throws IOException
-// */
-// private void handleFilterPR(PartitionedRegion region, String className,
-// InterestResultPolicy policy) throws IOException
-// {
-// // this interest type isn't exposed to the customer yet
-// throw new UnsupportedOperationException("filter classes not yet supporeted");
-// }
-
-
-
-
-
-
-
-
-
-
public void incrementLatestBatchIdReplied(int justProcessed) {
// not synchronized because it only has a single caller
if(justProcessed-this.latestBatchIdReplied!=1) {
@@ -1630,17 +1494,6 @@ public class ServerConnection implements Runnable {
/*|| this.communicationMode == Acceptor.CLIENT_TO_SERVER_FOR_QUEUE*/) {
getAcceptor().decClientServerCnxCount();
}
-// if (logger.fineEnabled()) {
-// logger.fine (this.name + ": about to close socket");
-// }
-// try {
-// theSocket.shutdownInput();
-// } catch (Exception e) {
-// }
-// try {
-// theSocket.shutdownOutput();
-// } catch (Exception e) {
-// }
try {
theSocket.close();
} catch (Exception e) {
@@ -1944,146 +1797,116 @@ public class ServerConnection implements Runnable {
hdos.close();
}
}
-
- public AuthorizeRequest getAuthzRequest()
- throws AuthenticationRequiredException, IOException {
- //look client version and return authzrequest
- //for backward client it will be store in member variable userAuthId
- //for other look "requestMsg" here and get unique-id from this to get the authzrequest
-
- if (AcceptorImpl.isAuthenticationRequired()) {
- long uniqueId = 0;
-
- if (this.handshake.getVersion().compareTo(Version.GFE_65) < 0
- || this.communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
- uniqueId = this.userAuthId;
- } else {
- try {
- //this.logger.fine("getAuthzRequest() isSecureMode = " + this.requestMsg.isSecureMode());
- if (this.requestMsg.isSecureMode()) {
- //get uniqueID from message
- byte [] secureBytes = this.requestMsg.getSecureBytes();
-
- secureBytes = ((HandShake)this.handshake).decryptBytes(secureBytes);
- AuthIds aIds = new AuthIds(secureBytes);
-
- if ( /*this.connectionId != Connection.DEFAULT_CONNECTION_ID &&*/ this.connectionId != aIds.getConnectionId()) {
- throw new AuthenticationRequiredException(
- LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
- .toLocalizedString());
- } else {
- uniqueId = aIds.getUniqueId();
- }
-
- } else {
+
+ public long getUniqueId(){
+ long uniqueId = 0;
+
+ if (this.handshake.getVersion().compareTo(Version.GFE_65) < 0
+ || this.communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
+ uniqueId = this.userAuthId;
+ } else {
+ try {
+ //this.logger.fine("getAuthzRequest() isSecureMode = " + this.requestMsg.isSecureMode());
+ if (this.requestMsg.isSecureMode()) {
+ //get uniqueID from message
+ byte [] secureBytes = this.requestMsg.getSecureBytes();
+
+ secureBytes = ((HandShake)this.handshake).decryptBytes(secureBytes);
+ AuthIds aIds = new AuthIds(secureBytes);
+
+ if (this.connectionId != aIds.getConnectionId()) {
throw new AuthenticationRequiredException(
- LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
- .toLocalizedString());
- }
- } catch (AuthenticationRequiredException are) {
- throw are;
- }
- catch(Exception ex ) {
- throw new AuthenticationRequiredException(
LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
.toLocalizedString());
- }
- }
- UserAuthAttributes uaa = null;
- try {
- uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId);
- } catch (NullPointerException npe) {
- if (this.isTerminated()) {
- // Bug #52023.
- throw new IOException("Server connection is terminated.");
+ } else {
+ uniqueId = aIds.getUniqueId();
+ }
+
} else {
- logger.debug("Unexpected exception {}", npe);
+ throw new AuthenticationRequiredException(
+ LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
+ .toLocalizedString());
}
+ } catch (AuthenticationRequiredException are) {
+ throw are;
}
- if (uaa == null) {
+ catch(Exception ex ) {
throw new AuthenticationRequiredException(
- "User authorization attributes not found.");
+ LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
+ .toLocalizedString());
}
- AuthorizeRequest authReq = uaa.getAuthzRequest();
- if (logger.isDebugEnabled()) {
- logger.debug("getAuthzRequest() authrequest: {}", ((authReq == null) ? "NULL (only authentication is required)" : "not null"));
- }
-
- return authReq;
}
- else {
+ return uniqueId;
+ }
+
+ public AuthorizeRequest getAuthzRequest()
+ throws AuthenticationRequiredException, IOException {
+ //look client version and return authzrequest
+ //for backward client it will be store in member variable userAuthId
+ //for other look "requestMsg" here and get unique-id from this to get the authzrequest
+
+ if (!AcceptorImpl.isAuthenticationRequired())
return null;
+
+ if(AcceptorImpl.isIntegratedSecurity())
+ return null;
+
+ long uniqueId = getUniqueId();
+
+ UserAuthAttributes uaa = null;
+ try {
+ uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId);
+ } catch (NullPointerException npe) {
+ if (this.isTerminated()) {
+ // Bug #52023.
+ throw new IOException("Server connection is terminated.");
+ } else {
+ logger.debug("Unexpected exception {}", npe);
+ }
}
+ if (uaa == null) {
+ throw new AuthenticationRequiredException(
+ "User authorization attributes not found.");
+ }
+ AuthorizeRequest authReq = uaa.getAuthzRequest();
+ if (logger.isDebugEnabled()) {
+ logger.debug("getAuthzRequest() authrequest: {}", ((authReq == null) ? "NULL (only authentication is required)" : "not null"));
+ }
+ return authReq;
}
public AuthorizeRequestPP getPostAuthzRequest()
throws AuthenticationRequiredException, IOException {
- //look client version and return authzrequest
- //for backward client it will be store in member variable userAuthId
- //for other look "requestMsg" here and get unique-id from this to get the authzrequest
- if (AcceptorImpl.isAuthenticationRequired()) {
- long uniqueId = 0;
-
- if (this.handshake.getVersion().compareTo(Version.GFE_65) < 0
- || this.communicationMode == Acceptor.GATEWAY_TO_GATEWAY) {
- uniqueId = this.userAuthId;
+ if (!AcceptorImpl.isAuthenticationRequired())
+ return null;
+
+ if(AcceptorImpl.isIntegratedSecurity())
+ return null;
+
+ //look client version and return authzrequest
+ //for backward client it will be store in member variable userAuthId
+ //for other look "requestMsg" here and get unique-id from this to get the authzrequest
+ long uniqueId = getUniqueId();
+
+ UserAuthAttributes uaa = null;
+ try {
+ uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId);
+ } catch (NullPointerException npe) {
+ if (this.isTerminated()) {
+ // Bug #52023.
+ throw new IOException("Server connection is terminated.");
} else {
- try {
- //this.logger.fine("getPostAuthzRequest() isSecureMode = " + this.requestMsg.isSecureMode());
- if (this.requestMsg.isSecureMode()) {
- byte [] secureBytes = this.requestMsg.getSecureBytes();
-
- secureBytes = ((HandShake)this.handshake).decryptBytes(secureBytes);
-
- AuthIds aIds = new AuthIds(secureBytes);
- if ( /*this.connectionId != Connection.DEFAULT_CONNECTION_ID && */this.connectionId != aIds.getConnectionId()) {
- throw new AuthenticationRequiredException(
- LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
- .toLocalizedString());
- } else {
- uniqueId = aIds.getUniqueId();
- }
-
- }
- else{
- throw new AuthenticationRequiredException(
- LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
- .toLocalizedString());
- }
- } catch (AuthenticationRequiredException are) {
- throw are;
- }
- catch(Exception ex) {
- throw new AuthenticationRequiredException(
- LocalizedStrings.HandShake_NO_SECURITY_PROPERTIES_ARE_PROVIDED
- .toLocalizedString());
- }
+ logger.debug("Unexpected exception {}", npe);
}
-
- UserAuthAttributes uaa = null;
- try {
- uaa = this.clientUserAuths.getUserAuthAttributes(uniqueId);
- } catch (NullPointerException npe) {
- if (this.isTerminated()) {
- // Bug #52023.
- throw new IOException("Server connection is terminated.");
- } else {
- logger.debug("Unexpected exception {}", npe);
- }
- }
- if (uaa == null) {
- throw new AuthenticationRequiredException(
- "User authorization attributes not found.");
- }
-
- AuthorizeRequestPP postAuthReq = uaa.getPostAuthzRequest();
-
- return postAuthReq;
}
- else
- return null;
-
- //return this.postAuthzRequest;
+ if (uaa == null) {
+ throw new AuthenticationRequiredException(
+ "User authorization attributes not found.");
+ }
+
+ AuthorizeRequestPP postAuthReq = uaa.getPostAuthzRequest();
+
+ return postAuthReq;
}
/** returns the member ID byte array to be used for creating EventID objects */
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
index 55047c7..5154652 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Get70.java
@@ -19,13 +19,15 @@
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
+import java.io.IOException;
+
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.cache.client.internal.GetOp;
import com.gemstone.gemfire.cache.operations.GetOperationContext;
import com.gemstone.gemfire.cache.operations.internal.GetOperationContextImpl;
import com.gemstone.gemfire.distributed.internal.DistributionStats;
+import com.gemstone.gemfire.i18n.StringId;
import com.gemstone.gemfire.internal.cache.CachedDeserializable;
-import com.gemstone.gemfire.internal.cache.EntryEventImpl;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.cache.PartitionedRegion;
import com.gemstone.gemfire.internal.cache.Token;
@@ -46,10 +48,8 @@ import com.gemstone.gemfire.internal.offheap.annotations.Retained;
import com.gemstone.gemfire.internal.offheap.annotations.Unretained;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
import com.gemstone.gemfire.internal.security.AuthorizeRequestPP;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import com.gemstone.gemfire.i18n.StringId;
-
-import java.io.IOException;
public class Get70 extends BaseCommand {
@@ -140,111 +140,114 @@ public class Get70 extends BaseCommand {
String s = errMessage.toLocalizedString();
logger.warn("{}: {}", servConn.getName(), s);
writeErrorResponse(msg, MessageType.REQUESTDATAERROR, s, servConn);
- // responded = true;
servConn.setAsTrue(RESPONDED);
+ return;
}
- else {
- Region region = crHelper.getRegion(regionName);
- if (region == null) {
- String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
- writeRegionDestroyedEx(msg, regionName, reason, servConn);
- servConn.setAsTrue(RESPONDED);
+
+ // for integrated security
+ GeodeSecurityUtil.authorizeRegionRead(regionName);
+
+ Region region = crHelper.getRegion(regionName);
+ if (region == null) {
+ String reason = LocalizedStrings.Request__0_WAS_NOT_FOUND_DURING_GET_REQUEST.toLocalizedString(regionName);
+ writeRegionDestroyedEx(msg, regionName, reason, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ GetOperationContext getContext = null;
+ try {
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ getContext = authzRequest
+ .getAuthorize(regionName, key, callbackArg);
+ callbackArg = getContext.getCallbackArg();
}
- else {
-
- GetOperationContext getContext = null;
-
+ }
+ catch (NotAuthorizedException ex) {
+ writeException(msg, ex, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ // Get the value and update the statistics. Do not deserialize
+ // the value if it is a byte[].
+ Entry entry;
+ try {
+ entry = getEntry(region, key, callbackArg, servConn);
+ }
+ catch (Exception e) {
+ writeException(msg, e, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ @Retained final Object originalData = entry.value;
+ Object data = originalData;
+ try {
+ boolean isObject = entry.isObject;
+ VersionTag versionTag = entry.versionTag;
+ boolean keyNotPresent = entry.keyNotPresent;
+
+
+ try {
+ AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
+ if (postAuthzRequest != null) {
try {
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- getContext = authzRequest
- .getAuthorize(regionName, key, callbackArg);
- callbackArg = getContext.getCallbackArg();
+ getContext = postAuthzRequest.getAuthorize(regionName, key, data,
+ isObject, getContext);
+ GetOperationContextImpl gci = (GetOperationContextImpl) getContext;
+ Object newData = gci.getRawValue();
+ if (newData != data) {
+ // user changed the value
+ isObject = getContext.isObject();
+ data = newData;
}
}
- catch (NotAuthorizedException ex) {
- writeException(msg, ex, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
-
- // Get the value and update the statistics. Do not deserialize
- // the value if it is a byte[].
- Entry entry;
- try {
- entry = getEntry(region, key, callbackArg, servConn);
- }
- catch (Exception e) {
- writeException(msg, e, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
-
- @Retained final Object originalData = entry.value;
- Object data = originalData;
- try {
- boolean isObject = entry.isObject;
- VersionTag versionTag = entry.versionTag;
- boolean keyNotPresent = entry.keyNotPresent;
-
-
- try {
- AuthorizeRequestPP postAuthzRequest = servConn.getPostAuthzRequest();
- if (postAuthzRequest != null) {
- try {
- getContext = postAuthzRequest.getAuthorize(regionName, key, data,
- isObject, getContext);
- GetOperationContextImpl gci = (GetOperationContextImpl) getContext;
- Object newData = gci.getRawValue();
- if (newData != data) {
- // user changed the value
- isObject = getContext.isObject();
- data = newData;
- }
- } finally {
- if (getContext != null) {
- ((GetOperationContextImpl)getContext).release();
- }
+ finally {
+ if (getContext != null) {
+ ((GetOperationContextImpl) getContext).release();
}
}
}
- catch (NotAuthorizedException ex) {
- writeException(msg, ex, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- {
- long oldStart = start;
- start = DistributionStats.getStatTime();
- stats.incProcessGetTime(start - oldStart);
- }
-
- if (region instanceof PartitionedRegion) {
- PartitionedRegion pr = (PartitionedRegion)region;
- if (pr.isNetworkHop() != (byte)0) {
- writeResponseWithRefreshMetadata(data, callbackArg, msg, isObject,
- servConn, pr, pr.isNetworkHop(), versionTag, keyNotPresent);
- pr.setIsNetworkHop((byte)0);
- pr.setMetadataVersion(Byte.valueOf((byte)0));
- }
- else {
- writeResponse(data, callbackArg, msg, isObject, versionTag, keyNotPresent, servConn);
- }
+ }
+ catch (NotAuthorizedException ex) {
+ writeException(msg, ex, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+ {
+ long oldStart = start;
+ start = DistributionStats.getStatTime();
+ stats.incProcessGetTime(start - oldStart);
+ }
+
+ if (region instanceof PartitionedRegion) {
+ PartitionedRegion pr = (PartitionedRegion) region;
+ if (pr.isNetworkHop() != (byte) 0) {
+ writeResponseWithRefreshMetadata(data, callbackArg, msg, isObject,
+ servConn, pr, pr.isNetworkHop(), versionTag, keyNotPresent);
+ pr.setIsNetworkHop((byte) 0);
+ pr.setMetadataVersion(Byte.valueOf((byte) 0));
}
else {
writeResponse(data, callbackArg, msg, isObject, versionTag, keyNotPresent, servConn);
}
- } finally {
- OffHeapHelper.release(originalData);
- }
-
- servConn.setAsTrue(RESPONDED);
- if (logger.isDebugEnabled()) {
- logger.debug("{}: Wrote get response back to {} for region {} {}", servConn.getName(), servConn.getSocketString(), regionName, entry);
- }
- stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
+ }
+ else {
+ writeResponse(data, callbackArg, msg, isObject, versionTag, keyNotPresent, servConn);
}
}
+ finally {
+ OffHeapHelper.release(originalData);
+ }
+
+ servConn.setAsTrue(RESPONDED);
+ if (logger.isDebugEnabled()) {
+ logger.debug("{}: Wrote get response back to {} for region {} {}", servConn.getName(), servConn.getSocketString(), regionName, entry);
+ }
+ stats.incWriteGetResponseTime(DistributionStats.getStatTime() - start);
+
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveUserAuth.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveUserAuth.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveUserAuth.java
index ac6023a..bba1944 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveUserAuth.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/RemoveUserAuth.java
@@ -39,45 +39,42 @@ public class RemoveUserAuth extends BaseCommand {
throws IOException, ClassNotFoundException, InterruptedException {
boolean isSecureMode = msg.isSecureMode();
- // if (!isSecureMode)
- //client has not send secuirty header, need to send exception and log this in security (file)
-
- if (isSecureMode) {
+ if (!isSecureMode){
+ // need to throw exception
+ return;
+ }
- try {
- servConn.setAsTrue(REQUIRES_RESPONSE);
- Part keepalivePart = msg.getPart(0);
- byte[] keepaliveByte = keepalivePart.getSerializedForm();
- boolean keepalive = (keepaliveByte == null || keepaliveByte[0] == 0) ? false
- : true;
- servConn.getSecurityLogWriter().fine(
- "remove user auth keep alive " + keepalive);
- servConn.removeUserAuth(msg, keepalive);
- writeReply(msg, servConn);
- } catch (GemFireSecurityException gfse) {
- if (servConn.getSecurityLogWriter().warningEnabled()) {
- servConn.getSecurityLogWriter()
- .warning(
- LocalizedStrings.ONE_ARG,
- servConn.getName() + ": Security exception: "
- + gfse.getMessage());
- }
- writeException(msg, gfse, false, servConn);
- } catch (Exception ex) {
- // TODO Auto-generated catch block
- if (servConn.getLogWriter().warningEnabled()) {
- servConn
- .getLogWriter()
- .warning(
- LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1,
- new Object[] {servConn.getProxyID(), ""}, ex);
- }
- writeException(msg, ex, false, servConn);
- } finally {
- servConn.setAsTrue(RESPONDED);
+ try {
+ servConn.setAsTrue(REQUIRES_RESPONSE);
+ Part keepalivePart = msg.getPart(0);
+ byte[] keepaliveByte = keepalivePart.getSerializedForm();
+ boolean keepalive = (keepaliveByte == null || keepaliveByte[0] == 0) ? false
+ : true;
+ servConn.getSecurityLogWriter().fine(
+ "remove user auth keep alive " + keepalive);
+ servConn.removeUserAuth(msg, keepalive);
+ writeReply(msg, servConn);
+ } catch (GemFireSecurityException gfse) {
+ if (servConn.getSecurityLogWriter().warningEnabled()) {
+ servConn.getSecurityLogWriter()
+ .warning(
+ LocalizedStrings.ONE_ARG,
+ servConn.getName() + ": Security exception: "
+ + gfse.getMessage());
+ }
+ writeException(msg, gfse, false, servConn);
+ } catch (Exception ex) {
+ // TODO Auto-generated catch block
+ if (servConn.getLogWriter().warningEnabled()) {
+ servConn
+ .getLogWriter()
+ .warning(
+ LocalizedStrings.CacheClientNotifier_AN_EXCEPTION_WAS_THROWN_FOR_CLIENT_0_1,
+ new Object[] {servConn.getProxyID(), ""}, ex);
}
- } else {
- // need to throw exception
+ writeException(msg, ex, false, servConn);
+ } finally {
+ servConn.setAsTrue(RESPONDED);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 1a4f91b..fa499d9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -17,17 +17,14 @@
package com.gemstone.gemfire.internal.security;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
-import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-import com.gemstone.gemfire.management.internal.security.ResourceOperationContext;
-import com.gemstone.gemfire.security.AuthenticationFailedException;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.NotAuthorizedException;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
+import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.util.Properties;
+import java.util.Set;
+import java.util.concurrent.Callable;
+
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
@@ -40,14 +37,23 @@ import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.Subject;
+import org.apache.shiro.subject.support.SubjectThreadState;
import org.apache.shiro.util.ThreadContext;
+import org.apache.shiro.util.ThreadState;
-import java.security.AccessController;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.Callable;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.security.shiro.CustomAuthRealm;
+import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.AuthenticationRequiredException;
+import com.gemstone.gemfire.security.ExternalSecurity;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.GeodePermission;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
+import com.gemstone.gemfire.security.NotAuthorizedException;
public class GeodeSecurityUtil {
@@ -56,12 +62,12 @@ public class GeodeSecurityUtil {
/**
* It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to process operations from the same client.
* then it looks into Shiro's thead context.
- *
* @return the shiro subject, null if security is not enabled
*/
- public static Subject getSubject(){
- if(!isSecured())
+ public static Subject getSubject() {
+ if (!isSecured()) {
return null;
+ }
Subject currentUser = null;
@@ -70,9 +76,9 @@ public class GeodeSecurityUtil {
javax.security.auth.Subject jmxSubject =
javax.security.auth.Subject.getSubject(AccessController.getContext());
- if(jmxSubject!=null){
+ if (jmxSubject != null) {
Set<ShiroPrincipal> principals = jmxSubject.getPrincipals(ShiroPrincipal.class);
- if(principals.size()>0){
+ if (principals.size() > 0) {
ShiroPrincipal principal = principals.iterator().next();
currentUser = principal.getSubject();
ThreadContext.bind(currentUser);
@@ -83,7 +89,7 @@ public class GeodeSecurityUtil {
// in other cases like admin rest call or pulse authorization
currentUser = SecurityUtils.getSubject();
- if(currentUser==null || currentUser.getPrincipal()==null){
+ if (currentUser == null || currentUser.getPrincipal() == null) {
throw new GemFireSecurityException("Error: Anonymous User");
}
@@ -91,23 +97,24 @@ public class GeodeSecurityUtil {
}
/**
- *
* @param username
* @param password
* @return null if security is not enabled, otherwise return a shiro subject
*/
- public static Subject login(String username, String password){
- if(!isSecured())
+ public static Subject login(String username, String password) {
+ if (!isSecured()) {
return null;
+ }
Subject currentUser = SecurityUtils.getSubject();
UsernamePasswordToken token =
new UsernamePasswordToken(username, password);
try {
- logger.info("Logging in "+username);
+ logger.info("Logging in " + username);
currentUser.login(token);
- } catch (ShiroException e) {
+ }
+ catch (ShiroException e) {
logger.info(e.getMessage(), e);
throw new AuthenticationFailedException("Authentication error. Please check your username/password.", e);
}
@@ -115,16 +122,17 @@ public class GeodeSecurityUtil {
return currentUser;
}
- public static void logout(){
+ public static void logout() {
Subject currentUser = getSubject();
- if(currentUser==null)
+ if (currentUser == null) {
return;
+ }
try {
- logger.info("Logging out "+currentUser.getPrincipal());
+ logger.info("Logging out " + currentUser.getPrincipal());
currentUser.logout();
}
- catch(ShiroException e){
+ catch (ShiroException e) {
logger.info(e.getMessage(), e);
throw new GemFireSecurityException(e.getMessage(), e);
}
@@ -132,93 +140,123 @@ public class GeodeSecurityUtil {
ThreadContext.remove();
}
- public static Callable associateWith(Callable callable){
+ public static Callable associateWith(Callable callable) {
Subject currentUser = getSubject();
- if(currentUser==null)
+ if (currentUser == null) {
return callable;
+ }
return currentUser.associateWith(callable);
}
+ /**
+ * this binds the passed-in subject to the executing thread, normally, you would do this:
+ * ThreadState state = null;
+ * try{
+ * state = GeodeSecurityUtil.bindSubject(subject);
+ * //do the rest of the work as this subject
+ * }
+ * finally{
+ * if(state!=null)
+ * state.clear();
+ * }
+ *
+ * @param subject
+ * @return
+ */
+ public static ThreadState bindSubject(Subject subject){
+ if (subject == null) {
+ return null;
+ }
+
+ ThreadState threadState = new SubjectThreadState(subject);
+ threadState.bind();
+ return threadState;
+ }
+
public static void authorize(ResourceOperation resourceOperation) {
- if(resourceOperation==null)
+ if (resourceOperation == null) {
return;
+ }
authorize(resourceOperation.resource().name(),
resourceOperation.operation().name(),
null);
}
- public static void authorizeClusterManage(){
+ public static void authorizeClusterManage() {
authorize("CLUSTER", "MANAGE");
}
- public static void authorizeClusterWrite(){
+ public static void authorizeClusterWrite() {
authorize("CLUSTER", "WRITE");
}
- public static void authorizeClusterRead(){
+ public static void authorizeClusterRead() {
authorize("CLUSTER", "READ");
}
- public static void authorizeDataManage(){
+ public static void authorizeDataManage() {
authorize("DATA", "MANAGE");
}
- public static void authorizeDataWrite(){
+ public static void authorizeDataWrite() {
authorize("DATA", "WRITE");
}
- public static void authorizeDataRead(){
+ public static void authorizeDataRead() {
authorize("DATA", "READ");
}
- public static void authorizeRegionManage(String regionName){
+ public static void authorizeRegionManage(String regionName) {
authorize("DATA", "MANAGE", regionName);
}
- public static void authorizeRegionWrite(String regionName){
+ public static void authorizeRegionWrite(String regionName) {
authorize("DATA", "WRITE", regionName);
}
- public static void authorizeRegionRead(String regionName){
+ public static void authorizeRegionRead(String regionName) {
authorize("DATA", "READ", regionName);
}
- public static void authorize(String resource, String operation){
+ public static void authorize(String resource, String operation) {
authorize(resource, operation, null);
}
- private static void authorize(String resource, String operation, String regionName){
+ private static void authorize(String resource, String operation, String regionName) {
regionName = StringUtils.stripStart(regionName, "/");
- authorize(new ResourceOperationContext(resource, operation, regionName));
+ authorize(new GeodePermission(resource, operation, regionName));
}
- public static void authorize(OperationContext context) {
- if(context==null)
+ public static void authorize(GeodePermission context) {
+ Subject currentUser = getSubject();
+ if (currentUser == null) {
return;
+ }
- if(context.getResource()== Resource.NULL && context.getOperationCode()== OperationCode.NULL)
+ if (context == null) {
return;
+ }
- Subject currentUser = getSubject();
- if(currentUser==null)
+ if (context.getResource() == Resource.NULL && context.getOperation() == Operation.NULL) {
return;
+ }
try {
currentUser.checkPermission(context);
}
- catch(ShiroException e){
+ catch (ShiroException e) {
logger.info(currentUser.getPrincipal() + " not authorized for " + context);
throw new NotAuthorizedException(e.getMessage(), e);
}
}
- private static boolean isSecured(){
- try{
+ private static boolean isSecured() {
+ try {
SecurityUtils.getSecurityManager();
}
- catch(UnavailableSecurityManagerException e){
+ catch (UnavailableSecurityManagerException e) {
return false;
}
return true;
@@ -228,33 +266,59 @@ public class GeodeSecurityUtil {
* initialize Shiro's Security Manager and Security Utilities
* @param securityProps
*/
- public static void initSecurity(Properties securityProps){
- if(securityProps==null)
+ public static void initSecurity(Properties securityProps) {
+ if (securityProps == null) {
return;
+ }
String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
- String customAuthenticator =securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+ String customAuthenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
+
+ Object auth = getAuthenticatorObject(customAuthenticator);
+
if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(shiroConfig)) {
- IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:"+shiroConfig);
+ IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
// we will need to make sure that shiro uses a case sensitive permission resolver
Section main = factory.getIni().addSection("main");
main.put("geodePermissionResolver", "com.gemstone.gemfire.internal.security.shiro.GeodePermissionResolver");
- if(!main.containsKey("iniRealm.permissionResolver")) {
+ if (!main.containsKey("iniRealm.permissionResolver")) {
main.put("iniRealm.permissionResolver", "$geodePermissionResolver");
}
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
}
- else if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(customAuthenticator)) {
- Realm realm = new CustomAuthRealm(securityProps);
+ // only set up shiro realm if user has implemented ExternalSecurity
+ else if (auth != null && auth instanceof ExternalSecurity) {
+ ExternalSecurity externalSecurity = (ExternalSecurity) auth;
+ externalSecurity.init(securityProps);
+ Realm realm = new CustomAuthRealm(externalSecurity);
SecurityManager securityManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
}
- else{
+ else {
SecurityUtils.setSecurityManager(null);
}
}
+ public static Object getAuthenticatorObject(String authenticatorFactoryName) {
+ if (StringUtils.isBlank(authenticatorFactoryName)) {
+ return null;
+ }
+
+ try {
+ Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorFactoryName);
+ return instanceGetter.invoke(null, (Object[]) null);
+ }
+ catch (Exception ex) {
+ throw new AuthenticationRequiredException(ex.toString(), ex);
+ }
+ }
+
+ public static boolean isIntegratedSecurity(String authenticatorFactoryName) {
+ Object auth = getAuthenticatorObject(authenticatorFactoryName);
+ return (auth instanceof ExternalSecurity);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index 6da9656..060878d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -16,56 +16,48 @@
*/
package com.gemstone.gemfire.internal.security.shiro;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.internal.ClassLoadUtil;
-import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
-import com.gemstone.gemfire.internal.lang.StringUtils;
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import com.gemstone.gemfire.security.AccessControl;
-import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.ExternalSecurity;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.GeodePermission;
+
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
-import org.apache.shiro.authc.*;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.Permission;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
-import javax.management.remote.JMXPrincipal;
-import javax.security.auth.Subject;
-import java.lang.reflect.Method;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Properties;
-import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.ConcurrentMap;
-
-import static com.gemstone.gemfire.management.internal.security.ResourceConstants.ACCESS_DENIED_MESSAGE;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
public class CustomAuthRealm extends AuthorizingRealm{
public static final String REALM_NAME = "CUSTOMAUTHREALM";
private static final Logger logger = LogManager.getLogger(CustomAuthRealm.class);
- private String authzFactoryName;
- private String postAuthzFactoryName;
- private String authenticatorFactoryName;
- private Properties securityProps = null;
- private ConcurrentMap<Principal, AccessControl> cachedAuthZCallback;
- private ConcurrentMap<Principal, AccessControl> cachedPostAuthZCallback;
-
- public CustomAuthRealm(Properties securityProps) {
- this.securityProps = securityProps;
- this.authzFactoryName = securityProps.getProperty(SECURITY_CLIENT_ACCESSOR);
- this.postAuthzFactoryName = securityProps.getProperty(SECURITY_CLIENT_ACCESSOR_PP);
- this.authenticatorFactoryName = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
- this.cachedAuthZCallback = new ConcurrentHashMap<>();
- this.cachedPostAuthZCallback = new ConcurrentHashMap<>();
+ private ExternalSecurity externalSecurity = null;
+
+ public CustomAuthRealm(ExternalSecurity auth) {
+ externalSecurity = auth;
}
- @Override
+
+ public CustomAuthRealm (String authenticatorFactory) {
+ Object auth = GeodeSecurityUtil.getAuthenticatorObject(authenticatorFactory);
+
+ if(!(auth instanceof ExternalSecurity)){
+ throw new GemFireSecurityException("Integrated Security requires ExternalSecurity interface.");
+ }
+ externalSecurity = (ExternalSecurity) auth;
+ }
+
+ @Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken authToken = (UsernamePasswordToken) token;
String username = authToken.getUsername();
@@ -75,7 +67,7 @@ public class CustomAuthRealm extends AuthorizingRealm{
credentialProps.put(ResourceConstants.USER_NAME, username);
credentialProps.put(ResourceConstants.PASSWORD, password);
- Principal principal = getAuthenticator(securityProps).authenticate(credentialProps);
+ Principal principal = externalSecurity.authenticate(credentialProps);
return new SimpleAuthenticationInfo(principal, authToken.getPassword(), REALM_NAME);
}
@@ -89,83 +81,9 @@ public class CustomAuthRealm extends AuthorizingRealm{
@Override
public boolean isPermitted(PrincipalCollection principals, Permission permission) {
- OperationContext context =(OperationContext)permission;
- Principal principal = (Principal)principals.getPrimaryPrincipal();
- // if no access control is specified, then we allow all
- if(StringUtils.isBlank(authzFactoryName))
- return true;
- AccessControl accessControl = getAccessControl(principal, false);
- return accessControl.authorizeOperation(context.getRegionName(), context);
- }
-
- public AccessControl getAccessControl(Principal principal, boolean isPost) {
- if (!isPost) {
- if (cachedAuthZCallback.containsKey(principal)) {
- return cachedAuthZCallback.get(principal);
- } else if (!StringUtils.isBlank(authzFactoryName)) {
- try {
- Method authzMethod = ClassLoadUtil.methodFromName(authzFactoryName);
- AccessControl authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
- authzCallback.init(principal, null);
- cachedAuthZCallback.put(principal, authzCallback);
- return authzCallback;
- } catch (Exception ex) {
- throw new AuthenticationException(
- ex.toString(), ex);
- }
- }
- } else {
- if (cachedPostAuthZCallback.containsKey(principal)) {
- return cachedPostAuthZCallback.get(principal);
- } else if (!StringUtils.isBlank(postAuthzFactoryName)) {
- try {
- Method authzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
- AccessControl postAuthzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
- postAuthzCallback.init(principal, null);
- cachedPostAuthZCallback.put(principal, postAuthzCallback);
- return postAuthzCallback;
- } catch (Exception ex) {
- throw new AuthenticationException(
- ex.toString(), ex);
- }
- }
- }
- return null;
- }
-
- private Authenticator getAuthenticator(Properties gfSecurityProperties) throws AuthenticationException {
- Authenticator auth;
- try {
- Method instanceGetter = ClassLoadUtil.methodFromName(this.authenticatorFactoryName);
- auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null);
- } catch (Exception ex) {
- throw new AuthenticationException(
- ex.toString(), ex);
- }
- if (auth == null) {
- throw new AuthenticationException(
- LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
- }
- auth.init(gfSecurityProperties);
- return auth;
- }
-
- public void postAuthorize(OperationContext context) {
- if (StringUtils.isBlank(postAuthzFactoryName)){
- return ;
- }
-
- AccessControlContext acc = AccessController.getContext();
- Subject subject = Subject.getSubject(acc);
- Set<JMXPrincipal> principals = subject.getPrincipals(JMXPrincipal.class);
- if (principals == null || principals.isEmpty()) {
- throw new SecurityException(ACCESS_DENIED_MESSAGE);
- }
- Principal principal = principals.iterator().next();
- AccessControl accessControl = getAccessControl(principal, true);
- if (!accessControl.authorizeOperation(null, context)) {
- throw new SecurityException(ACCESS_DENIED_MESSAGE);
- }
+ GeodePermission context = (GeodePermission) permission;
+ Principal principal = (Principal) principals.getPrimaryPrincipal();
+ return externalSecurity.authorize(principal, context);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
index b56012f..16df5f2 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/AsyncEventQueueMXBean.java
@@ -17,10 +17,9 @@
package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.asyncqueue.AsyncEventQueue;
-import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to an {@link AsyncEventQueue}.
@@ -28,7 +27,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationContext.OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface AsyncEventQueueMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
index e0e4803..deffc5d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
@@ -18,9 +18,8 @@ package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -56,7 +55,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface CacheServerMXBean {
/**
@@ -283,7 +282,7 @@ public interface CacheServerMXBean {
* @param indexName
* Name of the index to be removed.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void removeIndex(String indexName) throws Exception;
/**
@@ -301,7 +300,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.READ)
public void executeContinuousQuery(String queryName) throws Exception;
/**
@@ -315,7 +314,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void stopContinuousQuery(String queryName) throws Exception;
/**
@@ -328,7 +327,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void closeAllContinuousQuery(String regionName) throws Exception;
@@ -342,7 +341,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void closeContinuousQuery(String queryName) throws Exception;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
index a7878ec..7729505 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
@@ -18,9 +18,8 @@ package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.DiskStore;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -29,7 +28,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface DiskStoreMXBean {
/**
@@ -160,7 +159,7 @@ public interface DiskStoreMXBean {
* compaction is true then the application will wait for the other op-logs to
* be compacted and additional space is available.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void forceRoll();
/**
@@ -174,14 +173,14 @@ public interface DiskStoreMXBean {
* that no op-logs were ready to be compacted or that a compaction was
* already in progress.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public boolean forceCompaction();
/**
* Causes any data that is currently in the asynchronous queue to be written
* to disk. Does not return until the flush is complete.
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void flush();
/**
@@ -207,7 +206,7 @@ public interface DiskStoreMXBean {
*
* @param warningPercent the warning percent
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void setDiskUsageWarningPercentage(float warningPercent);
/**
@@ -215,6 +214,6 @@ public interface DiskStoreMXBean {
*
* @param criticalPercent the critical percent
*/
- @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = Operation.MANAGE)
public void setDiskUsageCriticalPercentage(float criticalPercent);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
index 73c8aae..b18723a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedLockServiceMXBean.java
@@ -16,13 +16,12 @@
*/
package com.gemstone.gemfire.management;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.distributed.DistributedLockService;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
import java.util.Map;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.distributed.DistributedLockService;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information for a named instance of {@link DistributedLockService}.
@@ -32,7 +31,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationContext.OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface DistributedLockServiceMXBean {
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/f447023e/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
index 2f71cea..6bf462e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedRegionMXBean.java
@@ -20,11 +20,10 @@ import com.gemstone.gemfire.cache.CacheListener;
import com.gemstone.gemfire.cache.CacheWriter;
import com.gemstone.gemfire.cache.EvictionAlgorithm;
import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.cache.wan.GatewaySender;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
-
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
/**
* MBean that provides access to information and management functionality for a
@@ -33,7 +32,7 @@ import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
* @since GemFire 7.0
*
*/
-@ResourceOperation(resource = Resource.CLUSTER, operation = OperationContext.OperationCode.READ)
+@ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public interface DistributedRegionMXBean {
/**
[5/9] incubator-geode git commit: client server
Posted by ji...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
new file mode 100644
index 0000000..58f7d8f
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/IntegratedClientAuthDUnitTest.java
@@ -0,0 +1,179 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.management.internal.security.JSONAuthorization;
+import com.gemstone.gemfire.test.dunit.AsyncInvocation;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+
+@Category(DistributedTest.class)
+public class IntegratedClientAuthDUnitTest extends JUnit4DistributedTestCase {
+
+ private VM server1 = null;
+ private VM client1 = null;
+ private VM client2 = null;
+ private VM client3 = null;
+ private int serverPort;
+
+ @Before
+ public void before(){
+ final Host host = Host.getHost(0);
+ server1 = host.getVM(0);
+ client1 = host.getVM(1);
+ client2 = host.getVM(2);
+ client3 = host.getVM(3);
+ serverPort = server1.invoke(() -> {
+ JSONAuthorization.setUpWithJsonFile("clientServer.json");
+ return SecurityTestUtils.createCacheServer(JSONAuthorization.class.getName()+".create");
+ });
+ }
+
+ @Test
+ public void testAuthentication(){
+ int port = serverPort;
+ client1.invoke("logging in super-user with correct password", () -> {
+ SecurityTestUtils.createCacheClient("super-user", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ });
+
+ client2.invoke("logging in super-user with wrong password", () -> {
+ SecurityTestUtils.createCacheClient("super-user", "wrong", port, SecurityTestUtils.AUTHFAIL_EXCEPTION);
+ });
+ }
+
+ @Test
+ public void testGetPutAuthorization() throws InterruptedException {
+ int port = serverPort;
+ Map<String, String> allValues = new HashMap<String, String>();
+ allValues.put("key1", "value1");
+ allValues.put("key2", "value2");
+
+ List<String> keys = new ArrayList<>();
+ keys.add("key1");
+ keys.add("key2");
+
+ // have one client log in as authorized user to put some data in the regions first.
+ client2.invoke(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+ region.putAll(allValues);
+ cache.close();
+ });
+
+ // client1 connects to server as a user not authorized to do any operations
+ AsyncInvocation ai1 = client1.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("stranger", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+
+ assertNotAuthorized(()->region.put("key3", "value3"), "[DATA:WRITE:AuthRegion:key3]");
+ assertNotAuthorized(()->region.get("key3"), "[DATA:READ:AuthRegion:key3]");
+
+ //putall
+ assertNotAuthorized(()->region.putAll(allValues), "[DATA:WRITE:AuthRegion]");
+
+ // not authorized for either keys, get no record back
+ Map keyValues = region.getAll(keys);
+ assertEquals(0, keyValues.size());
+
+ Set keySet = region.keySet();
+ assertEquals(0, keySet.size());
+
+// Query query = cache.getQueryService().newQuery("select * from /AuthRegion");
+// Object result = query.execute();
+
+ cache.close();
+ });
+
+
+ // client2 connects to user as a user authorized to use AuthRegion region
+ AsyncInvocation ai2 = client2.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("authRegionUser", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+
+ region.put("key3", "value3");
+ assertEquals("value3", region.get("key3"));
+
+ // put all
+ region.putAll(allValues);
+
+ // get all
+ Map keyValues = region.getAll(keys);
+ assertEquals(2, keyValues.size());
+
+ // keyset
+ Set keySet = region.keySet();
+ assertEquals(3, keySet.size());
+
+ cache.close();
+ });
+
+ // client3 connects to user as a user authorized to use key1 in AuthRegion region
+ AsyncInvocation ai3 = client3.invokeAsync(()->{
+ Cache cache = SecurityTestUtils.createCacheClient("key1User", "1234567", port, SecurityTestUtils.NO_EXCEPTION);
+ final Region region = cache.getRegion(SecurityTestUtils.REGION_NAME);
+
+ assertNotAuthorized(()->region.put("key2", "value1"), "[DATA:WRITE:AuthRegion:key2]");
+ assertNotAuthorized(()->region.get("key2"), "[DATA:READ:AuthRegion:key2]");
+
+ assertNotAuthorized(()->region.putAll(allValues), "[DATA:WRITE:AuthRegion]");
+
+ // only authorized for one recrod
+ Map keyValues = region.getAll(keys);
+ assertEquals(1, keyValues.size());
+
+ // keyset
+ Set keySet = region.keySet();
+ assertEquals(1, keySet.size());
+
+ cache.close();
+ });
+
+ ai1.join();
+
+ ai2.join();
+ ai3.join();
+
+ ai1.checkException();
+ ai2.checkException();
+ ai3.checkException();
+ }
+
+
+ public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString){
+ assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
index 41d6a5e..208e84a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
@@ -83,6 +83,7 @@ import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.pdx.PdxReader;
import com.gemstone.gemfire.pdx.PdxSerializable;
import com.gemstone.gemfire.pdx.PdxWriter;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
import com.gemstone.gemfire.test.dunit.WaitCriterion;
import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
@@ -201,6 +202,12 @@ public final class SecurityTestUtils {
SecurityTestUtils.ignoredExceptions = expectedExceptions;
}
+ protected static int createCacheServer(String authenticatorFactoryMethodName){
+ Properties authProps = new Properties();
+ authProps.setProperty(SECURITY_CLIENT_AUTHENTICATOR, authenticatorFactoryMethodName);
+ return createCacheServer(authProps, null, 0, null, 0, false, NO_EXCEPTION);
+ }
+
protected static int createCacheServer(final Properties authProps,
final Properties javaProps,
final int locatorPort,
@@ -301,6 +308,15 @@ public final class SecurityTestUtils {
return server1.getPort();
}
+ protected static Cache createCacheClient(String userName, String password, int serverPort, int expectedResult){
+ Properties authProps = new Properties();
+ authProps.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ authProps.setProperty(UserPasswordAuthInit.PASSWORD, password);
+ int[] ports = new int[1];
+ ports[0] = serverPort;
+ return createCacheClient(UserPasswordAuthInit.class.getName()+".create", authProps, null, ports, 0, false, false, true, expectedResult);
+ }
+
// 1
protected static void createCacheClient(final String authInitModule,
final Properties authProps,
@@ -333,7 +349,7 @@ public final class SecurityTestUtils {
final boolean setupDynamicRegionFactory,
final int expectedResult)
{
- createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, false, expectedResult);
+ createCacheClient(authInitModule, authProps, javaProps, ports, numConnections, setupDynamicRegionFactory, false, expectedResult);
}
// 4
@@ -350,7 +366,7 @@ public final class SecurityTestUtils {
}
// 5
- protected static void createCacheClient(final String authInitModule,
+ protected static Cache createCacheClient(final String authInitModule,
Properties authProps,
final Properties javaProps,
int[] ports,
@@ -425,13 +441,13 @@ public final class SecurityTestUtils {
RegionAttributes attrs = factory.create();
- cache.createRegion(REGION_NAME, attrs);
+ cache.createRegionFactory(attrs).create(REGION_NAME);
- if (expectedResult != NO_EXCEPTION && expectedResult != NOFORCE_AUTHREQ_EXCEPTION) {
- if (!multiUserAuthMode) {
- fail("Expected an exception when starting client");
- }
- }
+// if (expectedResult != NO_EXCEPTION && expectedResult != NOFORCE_AUTHREQ_EXCEPTION) {
+// if (!multiUserAuthMode) {
+// fail("Expected an exception when starting client");
+// }
+// }
}
catch (AuthenticationRequiredException ex) {
@@ -464,6 +480,7 @@ public final class SecurityTestUtils {
catch (Exception ex) {
fail("Got unexpected exception when starting client", ex);
}
+ return cache;
}
protected static void createCacheClientForMultiUserMode(final int numOfUsers,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/Invoke.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/Invoke.java b/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/Invoke.java
index 5a4ca15..26c894f 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/Invoke.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/Invoke.java
@@ -49,12 +49,19 @@ public class Invoke {
* @see VM#invoke(SerializableRunnableIF)
*/
public static void invokeInEveryVM(final SerializableRunnableIF runnable) {
+ invokeInEveryVM(null, runnable);
+ }
+
+ public static void invokeInEveryVM(String name, final SerializableRunnableIF runnable) {
for (int hostIndex = 0; hostIndex < Host.getHostCount(); hostIndex++) {
Host host = Host.getHost(hostIndex);
-
+
for (int vmIndex = 0; vmIndex < host.getVMCount(); vmIndex++) {
VM vm = host.getVM(vmIndex);
- vm.invoke(runnable);
+ if (name!=null)
+ vm.invoke(name, runnable);
+ else
+ vm.invoke(runnable);
}
}
}
@@ -94,6 +101,7 @@ public class Invoke {
}
}
+
/**
* Invokes a <code>SerializableCallable</code> in every VM that
* DUnit knows about.
@@ -102,12 +110,19 @@ public class Invoke {
* @see VM#invoke(SerializableCallableIF)
*/
public static <T> Map<VM, T> invokeInEveryVM(final SerializableCallableIF<T> callable) {
+ return invokeInEveryVM(null, callable);
+ }
+
+ public static <T> Map<VM, T> invokeInEveryVM(String name, final SerializableCallableIF<T> callable) {
Map<VM, T> ret = new HashMap<VM, T>();
for (int h = 0; h < Host.getHostCount(); h++) {
Host host = Host.getHost(h);
for (int v = 0; v < host.getVMCount(); v++) {
VM vm = host.getVM(v);
- ret.put(vm, vm.invoke(callable));
+ if(name != null)
+ ret.put(vm, vm.invoke(name, callable));
+ else
+ ret.put(vm, vm.invoke(callable));
}
}
return ret;
@@ -144,7 +159,6 @@ public class Invoke {
* its execution is repeated, until no assertion failure occurs or
* <code>repeatTimeoutMs</code> milliseconds have passed.
*
- * @see VM#invoke(RepeatableRunnable)
* @deprecated Please use {@link com.jayway.awaitility.Awaitility} with {@link #invokeInEveryVM(SerializableCallableIF)} instead.
*/
public static void invokeInEveryVMRepeatingIfNecessary(final RepeatableRunnable runnable, final long repeatTimeoutMs) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
index 9f962db..686779d 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
@@ -17,6 +17,21 @@
package com.gemstone.gemfire.test.dunit.internal;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+
+import java.io.Serializable;
+import java.text.DecimalFormat;
+import java.util.Iterator;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import org.apache.logging.log4j.Logger;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Rule;
import com.gemstone.gemfire.admin.internal.AdminDistributedSystemImpl;
import com.gemstone.gemfire.cache.Cache;
@@ -33,7 +48,11 @@ import com.gemstone.gemfire.distributed.internal.DistributionMessageObserver;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.internal.SocketCreator;
import com.gemstone.gemfire.internal.admin.ClientStatsManager;
-import com.gemstone.gemfire.internal.cache.*;
+import com.gemstone.gemfire.internal.cache.DiskStoreObserver;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+import com.gemstone.gemfire.internal.cache.HARegion;
+import com.gemstone.gemfire.internal.cache.InitialImageOperation;
+import com.gemstone.gemfire.internal.cache.PartitionedRegion;
import com.gemstone.gemfire.internal.cache.tier.InternalClientMembership;
import com.gemstone.gemfire.internal.cache.tier.sockets.CacheServerTestUtil;
import com.gemstone.gemfire.internal.cache.tier.sockets.ClientProxyMembershipID;
@@ -41,22 +60,13 @@ import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
import com.gemstone.gemfire.internal.cache.xmlcache.CacheCreation;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.management.internal.cli.LogWrapper;
-import com.gemstone.gemfire.test.dunit.*;
+import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.IgnoredException;
+import com.gemstone.gemfire.test.dunit.Invoke;
+import com.gemstone.gemfire.test.dunit.LogWriterUtils;
import com.gemstone.gemfire.test.dunit.standalone.DUnitLauncher;
import com.gemstone.gemfire.test.junit.rules.serializable.SerializableTestName;
-import org.apache.logging.log4j.Logger;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Rule;
-
-import java.io.Serializable;
-import java.text.DecimalFormat;
-import java.util.*;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.LOCATORS;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.MCAST_PORT;
-import static org.junit.Assert.assertNotNull;
/**
* This class is the base class for all distributed tests using JUnit 4.
@@ -474,7 +484,7 @@ public abstract class JUnit4DistributedTestCase implements DistributedTestFixtur
}
private final void tearDownDistributedTestCase() throws Exception {
- Invoke.invokeInEveryVM(()->tearDownCreationStackGenerator());
+ Invoke.invokeInEveryVM("tearDownCreationStackGenerator", ()->tearDownCreationStackGenerator());
if (logPerTest) {
disconnectAllFromDS();
}
@@ -524,7 +534,7 @@ public abstract class JUnit4DistributedTestCase implements DistributedTestFixtur
private static final void cleanupAllVms() {
tearDownVM();
- Invoke.invokeInEveryVM(()->tearDownVM());
+ Invoke.invokeInEveryVM("tearDownVM", ()->tearDownVM());
Invoke.invokeInLocator(()->{
DistributionMessageObserver.setInstance(null);
DistributedTestUtils.unregisterInstantiatorsInThisVM();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/clientServer.json
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/clientServer.json b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/clientServer.json
new file mode 100644
index 0000000..7fa2ccf
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/management/internal/security/clientServer.json
@@ -0,0 +1,160 @@
+{
+ "roles": [
+ {
+ "name": "cluster",
+ "operationsAllowed": [
+ "CLUSTER:MANAGE",
+ "CLUSTER:WRITE",
+ "CLUSTER:READ"
+ ]
+ },
+ {
+ "name": "data",
+ "operationsAllowed": [
+ "DATA:MANAGE",
+ "DATA:WRITE",
+ "DATA:READ"
+ ]
+ },
+ {
+ "name": "manage",
+ "operationsAllowed": [
+ "CLUSTER:MANAGE",
+ "DATA:MANAGE"
+ ]
+ },
+ {
+ "name": "write",
+ "operationsAllowed": [
+ "CLUSTER:WRITE",
+ "DATA:WRITE"
+ ]
+ },
+ {
+ "name": "read",
+ "operationsAllowed": [
+ "CLUSTER:READ",
+ "DATA:READ"
+ ]
+ },
+ {
+ "name": "cluster-manage",
+ "operationsAllowed": [
+ "CLUSTER:MANAGE"
+ ]
+ },
+ {
+ "name": "cluster-write",
+ "operationsAllowed": [
+ "CLUSTER:WRITE"
+ ]
+ },
+ {
+ "name": "cluster-read",
+ "operationsAllowed": [
+ "CLUSTER:READ"
+ ]
+ },
+ {
+ "name": "data-manage",
+ "operationsAllowed": [
+ "DATA:MANAGE"
+ ]
+ },
+ {
+ "name": "data-write",
+ "operationsAllowed": [
+ "DATA:WRITE"
+ ]
+ },
+ {
+ "name": "data-read",
+ "operationsAllowed": [
+ "DATA:READ"
+ ]
+ },
+ {
+ "name": "region-use",
+ "operationsAllowed": [
+ "DATA:READ:AuthRegion",
+ "DATA:WRITE:AuthRegion"
+ ]
+ },
+ {
+ "name": "region-use-key1",
+ "operationsAllowed": [
+ "DATA:READ:AuthRegion:key1",
+ "DATA:WRITE:AuthRegion:key1"
+ ]
+ },
+ {
+ "name": "region-manage",
+ "operationsAllowed": [
+ "DATA:MANAGE:AuthRegion"
+ ]
+ },
+ {
+ "name": "region-read",
+ "operationsAllowed": [
+ "DATA:READ:AuthRegion"
+ ]
+ },
+ {
+ "name": "region-write",
+ "operationsAllowed": [
+ "DATA:WRITE:AuthRegion"
+ ]
+ }
+ ],
+ "users": [
+ {
+ "name": "super-user",
+ "password": "1234567",
+ "roles": [
+ "cluster",
+ "data"
+ ]
+ },
+ {
+ "name": "stranger",
+ "password": "1234567",
+ "roles": [
+ ]
+ },
+ {
+ "name":"authRegionUser",
+ "password": "1234567",
+ "roles": [
+ "region-use"
+ ]
+ },
+ {
+ "name":"authRegionManager",
+ "password": "1234567",
+ "roles": [
+ "region-manage"
+ ]
+ },
+ {
+ "name":"authRegionReader",
+ "password": "1234567",
+ "roles": [
+ "region-read"
+ ]
+ },
+ {
+ "name":"authRegionWriter",
+ "password": "1234567",
+ "roles": [
+ "region-write"
+ ]
+ },
+ {
+ "name":"key1User",
+ "password": "1234567",
+ "roles": [
+ "region-use-key1"
+ ]
+ }
+ ]
+}
[6/9] incubator-geode git commit: client server
Posted by ji...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put65.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put65.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put65.java
index 4ccc03a..156fbbc 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put65.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Put65.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
/**
- *
+ *
*/
package com.gemstone.gemfire.internal.cache.tier.sockets.command;
@@ -35,7 +35,6 @@ import com.gemstone.gemfire.internal.HeapDataOutputStream;
import com.gemstone.gemfire.internal.InternalDataSerializer;
import com.gemstone.gemfire.internal.Version;
import com.gemstone.gemfire.internal.cache.CachedDeserializable;
-import com.gemstone.gemfire.internal.cache.EntryEventImpl;
import com.gemstone.gemfire.internal.cache.EventID;
import com.gemstone.gemfire.internal.cache.EventIDHolder;
import com.gemstone.gemfire.internal.cache.LocalRegion;
@@ -54,6 +53,7 @@ import com.gemstone.gemfire.internal.cache.versions.VersionTag;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.util.Breadcrumbs;
import com.gemstone.gemfire.security.GemFireSecurityException;
@@ -73,7 +73,7 @@ public class Put65 extends BaseCommand {
@Override
public void cmdExecute(Message msg, ServerConnection servConn, long p_start)
- throws IOException, InterruptedException {
+ throws IOException, InterruptedException {
long start = p_start;
Part regionNamePart = null, keyPart = null, valuePart = null, callbackArgPart = null;
String regionName = null;
@@ -87,11 +87,9 @@ public class Put65 extends BaseCommand {
boolean interrupted = Thread.interrupted();
try {
Thread.sleep(crHelper.emulateSlowServer());
- }
- catch (InterruptedException ugh) {
+ } catch (InterruptedException ugh) {
interrupted = true;
- }
- finally {
+ } finally {
if (interrupted) {
Thread.currentThread().interrupt();
}
@@ -110,7 +108,7 @@ public class Put65 extends BaseCommand {
regionNamePart = msg.getPart(idx++);
Operation operation;
try {
- operation = (Operation)msg.getPart(idx++).getObject();
+ operation = (Operation) msg.getPart(idx++).getObject();
if (operation == null) { // native clients send a null since the op is java-serialized
operation = Operation.UPDATE;
}
@@ -134,10 +132,9 @@ public class Put65 extends BaseCommand {
}
keyPart = msg.getPart(idx++);
try {
- isDelta = ((Boolean)msg.getPart(idx).getObject()).booleanValue();
+ isDelta = ((Boolean) msg.getPart(idx).getObject()).booleanValue();
idx += 1;
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, MessageType.PUT_DELTA_ERROR, e, false, servConn);
servConn.setAsTrue(RESPONDED);
// CachePerfStats not available here.
@@ -149,19 +146,17 @@ public class Put65 extends BaseCommand {
callbackArgPart = msg.getPart(idx++);
try {
callbackArg = callbackArgPart.getObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
}
}
regionName = regionNamePart.getString();
-
+
try {
key = keyPart.getStringOrObject();
- }
- catch (Exception e) {
+ } catch (Exception e) {
writeException(msg, e, false, servConn);
servConn.setAsTrue(RESPONDED);
return;
@@ -169,7 +164,8 @@ public class Put65 extends BaseCommand {
final boolean isDebugEnabled = logger.isDebugEnabled();
if (isDebugEnabled) {
- logger.debug("{}: Received {}put request ({} bytes) from {} for region {} key {} txId {} posdup: {}", servConn.getName(), (isDelta ? " delta " : " "), msg.getPayloadLength(), servConn.getSocketString(), regionName, key, msg.getTransactionId(), msg.isRetry());
+ logger.debug("{}: Received {}put request ({} bytes) from {} for region {} key {} txId {} posdup: {}", servConn.getName(), (isDelta ? " delta " : " "), msg
+ .getPayloadLength(), servConn.getSocketString(), regionName, key, msg.getTransactionId(), msg.isRetry());
}
// Process the put request
@@ -188,325 +184,304 @@ public class Put65 extends BaseCommand {
}
errMessage.append(putMsg);
}
- writeErrorResponse(msg, MessageType.PUT_DATA_ERROR,
- errMessage.toString(), servConn);
+ writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage.toString(), servConn);
servConn.setAsTrue(RESPONDED);
+ return;
}
- else {
- LocalRegion region = (LocalRegion)crHelper.getRegion(regionName);
- if (region == null) {
- String reason = " was not found during put request";
- writeRegionDestroyedEx(msg, regionName, reason, servConn);
- servConn.setAsTrue(RESPONDED);
+
+ LocalRegion region = (LocalRegion) crHelper.getRegion(regionName);
+ if (region == null) {
+ String reason = " was not found during put request";
+ writeRegionDestroyedEx(msg, regionName, reason, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+ if (valuePart.isNull() && operation != Operation.PUT_IF_ABSENT && region.containsKey(key)) {
+ // Invalid to 'put' a null value in an existing key
+ String putMsg = " Attempted to put a null value for existing key " + key;
+ if (isDebugEnabled) {
+ logger.debug("{}:{}", servConn.getName(), putMsg);
}
- else if (valuePart.isNull() && operation != Operation.PUT_IF_ABSENT && region.containsKey(key)) {
- // Invalid to 'put' a null value in an existing key
- String putMsg = " Attempted to put a null value for existing key "
- + key;
- if (isDebugEnabled) {
- logger.debug("{}:{}", servConn.getName(), putMsg);
+ errMessage.append(putMsg);
+ writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage.toString(), servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ }
+
+
+ ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart.getSerializedForm());
+ long threadId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+ long sequenceId = EventID.readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+
+ EventIDHolder clientEvent = new EventIDHolder(new EventID(servConn.getEventMemberIDByteArray(), threadId, sequenceId));
+
+ Breadcrumbs.setEventId(clientEvent.getEventId());
+
+ // msg.isRetry might be set by v7.0 and later clients
+ if (msg.isRetry()) {
+ // if (logger.isDebugEnabled()) {
+ // logger.debug("DEBUG: encountered isRetry in Put65");
+ // }
+ clientEvent.setPossibleDuplicate(true);
+ if (region.getAttributes().getConcurrencyChecksEnabled()) {
+ // recover the version tag from other servers
+ clientEvent.setRegion(region);
+ if (!recoverVersionTagForRetriedOperation(clientEvent)) {
+ clientEvent.setPossibleDuplicate(false); // no-one has seen this event
}
- errMessage.append(putMsg);
- writeErrorResponse(msg, MessageType.PUT_DATA_ERROR, errMessage
- .toString(), servConn);
- servConn.setAsTrue(RESPONDED);
}
- else {
- // try {
- // this.eventId = (EventID)eventPart.getObject();
- ByteBuffer eventIdPartsBuffer = ByteBuffer.wrap(eventPart
- .getSerializedForm());
- long threadId = EventID
- .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
- long sequenceId = EventID
- .readEventIdPartsFromOptmizedByteArray(eventIdPartsBuffer);
+ }
- EventIDHolder clientEvent = new EventIDHolder(
- new EventID(servConn.getEventMemberIDByteArray(),
- threadId, sequenceId));
-
- Breadcrumbs.setEventId(clientEvent.getEventId());
+ boolean result = false;
+ boolean sendOldValue = false;
+ boolean oldValueIsObject = true;
+ Object oldValue = null;
- // msg.isRetry might be set by v7.0 and later clients
- if (msg.isRetry()) {
-// if (logger.isDebugEnabled()) {
-// logger.debug("DEBUG: encountered isRetry in Put65");
-// }
- clientEvent.setPossibleDuplicate(true);
- if (region.getAttributes().getConcurrencyChecksEnabled()) {
- // recover the version tag from other servers
- clientEvent.setRegion(region);
- if (!recoverVersionTagForRetriedOperation(clientEvent)) {
- clientEvent.setPossibleDuplicate(false); // no-one has seen this event
- }
- }
+ try {
+ Object value = null;
+ if (!isDelta) {
+ value = valuePart.getSerializedForm();
+ }
+ boolean isObject = valuePart.isObject();
+ boolean isMetaRegion = region.isUsedForMetaRegion();
+ msg.setMetaRegion(isMetaRegion);
+ AuthorizeRequest authzRequest = null;
+ if (!isMetaRegion) {
+ authzRequest = servConn.getAuthzRequest();
+ }
+ if (authzRequest != null) {
+ // TODO SW: This is to handle DynamicRegionFactory create
+ // calls. Rework this when the semantics of DynamicRegionFactory are
+ // cleaned up.
+ if (DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
+ authzRequest.createRegionAuthorize((String) key);
+ }
+ // Allow PUT operations on meta regions (bug #38961)
+ else {
+ PutOperationContext putContext = authzRequest.putAuthorize(regionName, key, value, isObject, callbackArg);
+ value = putContext.getValue();
+ isObject = putContext.isObject();
+ callbackArg = putContext.getCallbackArg();
}
-
- boolean result = false;
- boolean sendOldValue = false;
- boolean oldValueIsObject = true;
- Object oldValue = null;
+ }
+ if (isDebugEnabled) {
+ logger.debug("processing put65 with operation={}", operation);
+ }
- try {
- Object value = null;
- if (!isDelta) {
- value = valuePart.getSerializedForm();
- }
- boolean isObject = valuePart.isObject();
- boolean isMetaRegion = region.isUsedForMetaRegion();
- msg.setMetaRegion(isMetaRegion);
- AuthorizeRequest authzRequest = null;
- if (!isMetaRegion) {
- authzRequest = servConn.getAuthzRequest();
- }
- if (authzRequest != null) {
- // TODO SW: This is to handle DynamicRegionFactory create
- // calls. Rework this when the semantics of DynamicRegionFactory are
- // cleaned up.
- if (DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
- authzRequest.createRegionAuthorize((String)key);
- }
- // Allow PUT operations on meta regions (bug #38961)
- else {
- PutOperationContext putContext = authzRequest.putAuthorize(
- regionName, key, value, isObject, callbackArg);
- value = putContext.getValue();
- isObject = putContext.isObject();
- callbackArg = putContext.getCallbackArg();
- }
- }
+ GeodeSecurityUtil.authorizeRegionWrite(regionName, key.toString());
+
+ // If the value is 1 byte and the byte represents null,
+ // attempt to create the entry. This test needs to be
+ // moved to DataSerializer or DataSerializer.NULL needs
+ // to be publicly accessible.
+ if (operation == Operation.PUT_IF_ABSENT) {
+ // try {
+ if (msg.isRetry() && clientEvent.getVersionTag() != null) {
+ // bug #46590 the operation was successful the last time since it
+ // was applied to the cache, so return success and the recovered
+ // version tag
if (isDebugEnabled) {
- logger.debug("processing put65 with operation={}", operation);
+ logger.debug("putIfAbsent operation was successful last time with version {}", clientEvent.getVersionTag());
}
- // If the value is 1 byte and the byte represents null,
- // attempt to create the entry. This test needs to be
- // moved to DataSerializer or DataSerializer.NULL needs
- // to be publicly accessible.
- if (operation == Operation.PUT_IF_ABSENT) {
-// try {
- if (msg.isRetry() && clientEvent.getVersionTag() != null) {
- // bug #46590 the operation was successful the last time since it
- // was applied to the cache, so return success and the recovered
- // version tag
- if (isDebugEnabled) {
- logger.debug("putIfAbsent operation was successful last time with version {}", clientEvent.getVersionTag());
- }
- // invoke basicBridgePutIfAbsent anyway to ensure that the event is distributed to all
- // servers - bug #51664
- region.basicBridgePutIfAbsent(key, value, isObject,
- callbackArg, servConn.getProxyID(), true, clientEvent);
- oldValue = null;
- } else {
- oldValue = region.basicBridgePutIfAbsent(key, value, isObject,
- callbackArg, servConn.getProxyID(), true, clientEvent);
- }
- sendOldValue = true;
- oldValueIsObject = true;
- Version clientVersion = servConn.getClientVersion();
- if (oldValue instanceof CachedDeserializable) {
- oldValue = ((CachedDeserializable)oldValue).getSerializedValue();
- } else if (oldValue instanceof byte[]) {
- oldValueIsObject = false;
- } else if ((oldValue instanceof Token)
- && clientVersion.compareTo(Version.GFE_651) <= 0) {
- // older clients don't know that Token is now a DSFID class, so we
- // put the token in a serialized form they can consume
- HeapDataOutputStream str = new HeapDataOutputStream(Version.CURRENT);
- DataOutput dstr = new DataOutputStream(str);
- InternalDataSerializer.writeSerializableObject(oldValue, dstr);
- oldValue = str.toByteArray();
- }
- result = true;
-// } catch (Exception e) {
-// writeException(msg, e, false, servConn);
-// servConn.setAsTrue(RESPONDED);
-// return;
-// }
-
- } else if (operation == Operation.REPLACE) {
-// try {
- if (requireOldValue) { // <V> replace(<K>, <V>)
- if (msg.isRetry() && clientEvent.isConcurrencyConflict()
- && clientEvent.getVersionTag() != null) {
- if (isDebugEnabled) {
- logger.debug("replace(k,v) operation was successful last time with version {}", clientEvent.getVersionTag());
- }
- }
- oldValue = region.basicBridgeReplace(key, value, isObject,
- callbackArg, servConn.getProxyID(), true, clientEvent);
- sendOldValue = !clientEvent.isConcurrencyConflict();
- oldValueIsObject = true;
- Version clientVersion = servConn.getClientVersion();
- if (oldValue instanceof CachedDeserializable) {
- oldValue = ((CachedDeserializable)oldValue).getSerializedValue();
- } else if (oldValue instanceof byte[]) {
- oldValueIsObject = false;
- } else if ((oldValue instanceof Token)
- && clientVersion.compareTo(Version.GFE_651) <= 0) {
- // older clients don't know that Token is now a DSFID class, so we
- // put the token in a serialized form they can consume
- HeapDataOutputStream str = new HeapDataOutputStream(Version.CURRENT);
- DataOutput dstr = new DataOutputStream(str);
- InternalDataSerializer.writeSerializableObject(oldValue, dstr);
- oldValue = str.toByteArray();
- }
- if (isDebugEnabled) {
- logger.debug("returning {} from replace(K,V)", oldValue);
- }
- result = true;
- } else { // boolean replace(<K>, <V>, <V>) {
- boolean didPut;
- didPut = region.basicBridgeReplace(key, expectedOldValue,
- value, isObject, callbackArg, servConn.getProxyID(), true, clientEvent);
- if (msg.isRetry() && clientEvent.getVersionTag() != null) {
- if (isDebugEnabled) {
- logger.debug("replace(k,v,v) operation was successful last time with version {}", clientEvent.getVersionTag());
- }
- didPut = true;
- }
- sendOldValue = true;
- oldValueIsObject = true;
- oldValue = didPut? Boolean.TRUE : Boolean.FALSE;
- if (isDebugEnabled) {
- logger.debug("returning {} from replace(K,V,V)", oldValue);
- }
- result = true;
- }
-// } catch (Exception e) {
-// writeException(msg, e, false, servConn);
-// servConn.setAsTrue(RESPONDED);
-// return;
-// }
-
- } else if (value == null && !isDelta) {
- // Create the null entry. Since the value is null, the value of the
- // isObject
- // the true after null doesn't matter and is not used.
- result = region.basicBridgeCreate(key, null, true, callbackArg,
- servConn.getProxyID(), true, clientEvent, false);
- if (msg.isRetry() && clientEvent.isConcurrencyConflict()
- && clientEvent.getVersionTag() != null) {
- result = true;
- if (isDebugEnabled) {
- logger.debug("create(k,null) operation was successful last time with version {}", clientEvent.getVersionTag());
- }
+ // invoke basicBridgePutIfAbsent anyway to ensure that the event is distributed to all
+ // servers - bug #51664
+ region.basicBridgePutIfAbsent(key, value, isObject, callbackArg, servConn.getProxyID(), true, clientEvent);
+ oldValue = null;
+ } else {
+ oldValue = region.basicBridgePutIfAbsent(key, value, isObject, callbackArg, servConn.getProxyID(), true, clientEvent);
+ }
+ sendOldValue = true;
+ oldValueIsObject = true;
+ Version clientVersion = servConn.getClientVersion();
+ if (oldValue instanceof CachedDeserializable) {
+ oldValue = ((CachedDeserializable) oldValue).getSerializedValue();
+ } else if (oldValue instanceof byte[]) {
+ oldValueIsObject = false;
+ } else if ((oldValue instanceof Token) && clientVersion.compareTo(Version.GFE_651) <= 0) {
+ // older clients don't know that Token is now a DSFID class, so we
+ // put the token in a serialized form they can consume
+ HeapDataOutputStream str = new HeapDataOutputStream(Version.CURRENT);
+ DataOutput dstr = new DataOutputStream(str);
+ InternalDataSerializer.writeSerializableObject(oldValue, dstr);
+ oldValue = str.toByteArray();
+ }
+ result = true;
+ // } catch (Exception e) {
+ // writeException(msg, e, false, servConn);
+ // servConn.setAsTrue(RESPONDED);
+ // return;
+ // }
+
+ } else if (operation == Operation.REPLACE) {
+ // try {
+ if (requireOldValue) { // <V> replace(<K>, <V>)
+ if (msg.isRetry() && clientEvent.isConcurrencyConflict() && clientEvent.getVersionTag() != null) {
+ if (isDebugEnabled) {
+ logger.debug("replace(k,v) operation was successful last time with version {}", clientEvent.getVersionTag());
}
}
- else {
- // Put the entry
- byte[] delta = null;
- if (isDelta) {
- delta = valuePart.getSerializedForm();
- }
- TXManagerImpl txMgr = (TXManagerImpl)servConn.getCache().getCacheTransactionManager();
- // bug 43068 - use create() if in a transaction and op is CREATE
- if (txMgr.getTXState() != null && operation.isCreate()) {
- result = region.basicBridgeCreate(key, (byte[])value, isObject, callbackArg,
- servConn.getProxyID(), true, clientEvent, true);
- } else {
- result = region.basicBridgePut(key, value, delta, isObject,
- callbackArg, servConn.getProxyID(), true, clientEvent);
- }
- if (msg.isRetry() && clientEvent.isConcurrencyConflict()
- && clientEvent.getVersionTag() != null) {
- if (isDebugEnabled) {
- logger.debug("put(k,v) operation was successful last time with version {}", clientEvent.getVersionTag());
- }
- result = true;
- }
+ oldValue = region.basicBridgeReplace(key, value, isObject, callbackArg, servConn.getProxyID(), true, clientEvent);
+ sendOldValue = !clientEvent.isConcurrencyConflict();
+ oldValueIsObject = true;
+ Version clientVersion = servConn.getClientVersion();
+ if (oldValue instanceof CachedDeserializable) {
+ oldValue = ((CachedDeserializable) oldValue).getSerializedValue();
+ } else if (oldValue instanceof byte[]) {
+ oldValueIsObject = false;
+ } else if ((oldValue instanceof Token) && clientVersion.compareTo(Version.GFE_651) <= 0) {
+ // older clients don't know that Token is now a DSFID class, so we
+ // put the token in a serialized form they can consume
+ HeapDataOutputStream str = new HeapDataOutputStream(Version.CURRENT);
+ DataOutput dstr = new DataOutputStream(str);
+ InternalDataSerializer.writeSerializableObject(oldValue, dstr);
+ oldValue = str.toByteArray();
}
- if (result) {
- servConn.setModificationInfo(true, regionName, key);
+ if (isDebugEnabled) {
+ logger.debug("returning {} from replace(K,V)", oldValue);
}
- else {
- String message = servConn.getName()
- + ": Failed to put entry for region " + regionName
- + " key " + key + " value " + valuePart;
+ result = true;
+ } else { // boolean replace(<K>, <V>, <V>) {
+ boolean didPut;
+ didPut = region.basicBridgeReplace(key, expectedOldValue, value, isObject, callbackArg, servConn.getProxyID(), true, clientEvent);
+ if (msg.isRetry() && clientEvent.getVersionTag() != null) {
if (isDebugEnabled) {
- logger.debug(message);
+ logger.debug("replace(k,v,v) operation was successful last time with version {}", clientEvent.getVersionTag());
}
- throw new Exception(message);
+ didPut = true;
}
+ sendOldValue = true;
+ oldValueIsObject = true;
+ oldValue = didPut ? Boolean.TRUE : Boolean.FALSE;
+ if (isDebugEnabled) {
+ logger.debug("returning {} from replace(K,V,V)", oldValue);
+ }
+ result = true;
}
- catch (RegionDestroyedException rde) {
- writeException(msg, rde, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- catch (ResourceException re) {
- writeException(msg, re, false, servConn);
- servConn.setAsTrue(RESPONDED);
- return;
- }
- catch (InvalidDeltaException ide) {
- logger.info(LocalizedMessage.create(LocalizedStrings.UpdateOperation_ERROR_APPLYING_DELTA_FOR_KEY_0_OF_REGION_1,new Object[] { key, regionName }));
- writeException(msg, MessageType.PUT_DELTA_ERROR, ide, false, servConn);
- servConn.setAsTrue(RESPONDED);
- region.getCachePerfStats().incDeltaFullValuesRequested();
- return;
- }
- catch (Exception ce) {
- // If an interrupted exception is thrown , rethrow it
- checkForInterrupt(servConn, ce);
+ // } catch (Exception e) {
+ // writeException(msg, e, false, servConn);
+ // servConn.setAsTrue(RESPONDED);
+ // return;
+ // }
- // If an exception occurs during the put, preserve the connection
- writeException(msg, ce, false, servConn);
- servConn.setAsTrue(RESPONDED);
- if (ce instanceof GemFireSecurityException) {
- // Fine logging for security exceptions since these are already
- // logged by the security logger
- if (isDebugEnabled) {
- logger.debug("{}: Unexpected Security exception", servConn.getName(), ce);
- }
- }
- else if (isDebugEnabled) {
- logger.debug("{}: Unexpected Exception", servConn.getName(), ce);
+ } else if (value == null && !isDelta) {
+ // Create the null entry. Since the value is null, the value of the
+ // isObject
+ // the true after null doesn't matter and is not used.
+ result = region.basicBridgeCreate(key, null, true, callbackArg, servConn.getProxyID(), true, clientEvent, false);
+ if (msg.isRetry() && clientEvent.isConcurrencyConflict() && clientEvent.getVersionTag() != null) {
+ result = true;
+ if (isDebugEnabled) {
+ logger.debug("create(k,null) operation was successful last time with version {}", clientEvent.getVersionTag());
}
- return;
}
- finally {
- long oldStart = start;
- start = DistributionStats.getStatTime();
- stats.incProcessPutTime(start - oldStart);
+ } else {
+ // Put the entry
+ byte[] delta = null;
+ if (isDelta) {
+ delta = valuePart.getSerializedForm();
}
-
- // Increment statistics and write the reply
- if (region instanceof PartitionedRegion) {
- PartitionedRegion pr = (PartitionedRegion)region;
- if (pr.isNetworkHop().byteValue() != (byte)0) {
- writeReplyWithRefreshMetadata(msg, servConn, pr, sendOldValue, oldValueIsObject,
- oldValue, pr.isNetworkHop().byteValue(), clientEvent.getVersionTag());
- pr.setIsNetworkHop((byte)0);
- pr.setMetadataVersion(Byte.valueOf((byte)0));
- }
- else {
- writeReply(msg, servConn, sendOldValue, oldValueIsObject, oldValue, clientEvent.getVersionTag());
+ TXManagerImpl txMgr = (TXManagerImpl) servConn.getCache().getCacheTransactionManager();
+ // bug 43068 - use create() if in a transaction and op is CREATE
+ if (txMgr.getTXState() != null && operation.isCreate()) {
+ result = region.basicBridgeCreate(key, (byte[]) value, isObject, callbackArg, servConn.getProxyID(), true, clientEvent, true);
+ } else {
+ result = region.basicBridgePut(key, value, delta, isObject, callbackArg, servConn.getProxyID(), true, clientEvent);
+ }
+ if (msg.isRetry() && clientEvent.isConcurrencyConflict() && clientEvent.getVersionTag() != null) {
+ if (isDebugEnabled) {
+ logger.debug("put(k,v) operation was successful last time with version {}", clientEvent.getVersionTag());
}
+ result = true;
}
- else {
- writeReply(msg, servConn, sendOldValue, oldValueIsObject, oldValue, clientEvent.getVersionTag());
+ }
+ if (result) {
+ servConn.setModificationInfo(true, regionName, key);
+ } else {
+ String message = servConn.getName() + ": Failed to put entry for region " + regionName + " key " + key + " value " + valuePart;
+ if (isDebugEnabled) {
+ logger.debug(message);
}
- servConn.setAsTrue(RESPONDED);
+ throw new Exception(message);
+ }
+ } catch (RegionDestroyedException rde) {
+ writeException(msg, rde, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ } catch (ResourceException re) {
+ writeException(msg, re, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ return;
+ } catch (InvalidDeltaException ide) {
+ logger.info(LocalizedMessage.create(LocalizedStrings.UpdateOperation_ERROR_APPLYING_DELTA_FOR_KEY_0_OF_REGION_1, new Object[] {
+ key,
+ regionName
+ }));
+ writeException(msg, MessageType.PUT_DELTA_ERROR, ide, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ region.getCachePerfStats().incDeltaFullValuesRequested();
+ return;
+ } catch (Exception ce) {
+ // If an interrupted exception is thrown , rethrow it
+ checkForInterrupt(servConn, ce);
+
+ // If an exception occurs during the put, preserve the connection
+ writeException(msg, ce, false, servConn);
+ servConn.setAsTrue(RESPONDED);
+ if (ce instanceof GemFireSecurityException) {
+ // Fine logging for security exceptions since these are already
+ // logged by the security logger
if (isDebugEnabled) {
- logger.debug("{}: Sent put response back to {} for region {} key {} value {}", servConn.getName(), servConn.getSocketString(), regionName, key, valuePart);
+ logger.debug("{}: Unexpected Security exception", servConn.getName(), ce);
}
- stats.incWritePutResponseTime(DistributionStats.getStatTime() - start);
+ } else if (isDebugEnabled) {
+ logger.debug("{}: Unexpected Exception", servConn.getName(), ce);
}
+ return;
+ } finally {
+ long oldStart = start;
+ start = DistributionStats.getStatTime();
+ stats.incProcessPutTime(start - oldStart);
}
+ // Increment statistics and write the reply
+ if (region instanceof PartitionedRegion) {
+ PartitionedRegion pr = (PartitionedRegion) region;
+ if (pr.isNetworkHop().byteValue() != (byte) 0) {
+ writeReplyWithRefreshMetadata(msg, servConn, pr, sendOldValue, oldValueIsObject, oldValue, pr.isNetworkHop()
+ .byteValue(), clientEvent
+ .getVersionTag());
+ pr.setIsNetworkHop((byte) 0);
+ pr.setMetadataVersion(Byte.valueOf((byte) 0));
+ } else {
+ writeReply(msg, servConn, sendOldValue, oldValueIsObject, oldValue, clientEvent.getVersionTag());
+ }
+ } else {
+ writeReply(msg, servConn, sendOldValue, oldValueIsObject, oldValue, clientEvent.getVersionTag());
+ }
+ servConn.setAsTrue(RESPONDED);
+ if (isDebugEnabled) {
+ logger.debug("{}: Sent put response back to {} for region {} key {} value {}", servConn.getName(), servConn.getSocketString(), regionName, key, valuePart);
+ }
+ stats.incWritePutResponseTime(DistributionStats.getStatTime() - start);
+
+
}
- protected void writeReply(Message origMsg, ServerConnection servConn,
- boolean sendOldValue, boolean oldValueIsObject, Object oldValue,
- VersionTag tag)
- throws IOException {
+
+ protected void writeReply(Message origMsg,
+ ServerConnection servConn,
+ boolean sendOldValue,
+ boolean oldValueIsObject,
+ Object oldValue,
+ VersionTag tag) throws IOException {
Message replyMsg = servConn.getReplyMessage();
servConn.getCache().getCancelCriterion().checkCancelInProgress(null);
replyMsg.setMessageType(MessageType.REPLY);
- replyMsg.setNumberOfParts(sendOldValue? 3 : 1);
+ replyMsg.setNumberOfParts(sendOldValue ? 3 : 1);
replyMsg.setTransactionId(origMsg.getTransactionId());
replyMsg.addBytesPart(OK_BYTES);
if (sendOldValue) {
- replyMsg.addIntPart(oldValueIsObject?1:0);
+ replyMsg.addIntPart(oldValueIsObject ? 1 : 0);
replyMsg.addObjPart(oldValue);
}
replyMsg.send(servConn);
@@ -514,25 +489,30 @@ public class Put65 extends BaseCommand {
logger.trace("{}: rpl tx: {} parts={}", servConn.getName(), origMsg.getTransactionId(), replyMsg.getNumberOfParts());
}
}
+
protected void writeReplyWithRefreshMetadata(Message origMsg,
- ServerConnection servConn, PartitionedRegion pr,
- boolean sendOldValue, boolean oldValueIsObject, Object oldValue, byte nwHopType,
- VersionTag tag)
- throws IOException {
+ ServerConnection servConn,
+ PartitionedRegion pr,
+ boolean sendOldValue,
+ boolean oldValueIsObject,
+ Object oldValue,
+ byte nwHopType,
+ VersionTag tag) throws IOException {
Message replyMsg = servConn.getReplyMessage();
servConn.getCache().getCancelCriterion().checkCancelInProgress(null);
replyMsg.setMessageType(MessageType.REPLY);
- replyMsg.setNumberOfParts(sendOldValue? 3 : 1);
+ replyMsg.setNumberOfParts(sendOldValue ? 3 : 1);
replyMsg.setTransactionId(origMsg.getTransactionId());
- replyMsg.addBytesPart(new byte[]{pr.getMetadataVersion().byteValue(), nwHopType});
+ replyMsg.addBytesPart(new byte[] { pr.getMetadataVersion().byteValue(), nwHopType });
if (sendOldValue) {
- replyMsg.addIntPart(oldValueIsObject?1:0);
+ replyMsg.addIntPart(oldValueIsObject ? 1 : 0);
replyMsg.addObjPart(oldValue);
}
replyMsg.send(servConn);
pr.getPrStats().incPRMetaDataSentCount();
if (logger.isTraceEnabled()) {
- logger.trace("{}: rpl with REFRESH_METADAT tx: {} parts={}", servConn.getName(), origMsg.getTransactionId(), replyMsg.getNumberOfParts());
+ logger.trace("{}: rpl with REFRESH_METADAT tx: {} parts={}", servConn.getName(), origMsg.getTransactionId(), replyMsg
+ .getNumberOfParts());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/PutAll80.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/PutAll80.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/PutAll80.java
index 4552c95..0c2a86c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/PutAll80.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/PutAll80.java
@@ -52,6 +52,7 @@ import com.gemstone.gemfire.internal.cache.versions.VersionTag;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.security.AuthorizeRequest;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.internal.util.Breadcrumbs;
public class PutAll80 extends BaseCommand {
@@ -140,7 +141,9 @@ public class PutAll80 extends BaseCommand {
servConn.setAsTrue(RESPONDED);
return;
}
-
+
+ GeodeSecurityUtil.authorizeRegionWrite(regionName);
+
final int BASE_PART_COUNT = getBasePartCount();
// part 1: eventID
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Query.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Query.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Query.java
index 68f6a51..1b5265e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Query.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/command/Query.java
@@ -23,14 +23,12 @@ import java.io.IOException;
import java.util.Set;
import com.gemstone.gemfire.cache.operations.QueryOperationContext;
-import com.gemstone.gemfire.cache.query.QueryException;
import com.gemstone.gemfire.cache.query.QueryExecutionLowMemoryException;
import com.gemstone.gemfire.cache.query.QueryInvalidException;
import com.gemstone.gemfire.cache.query.QueryService;
import com.gemstone.gemfire.cache.query.internal.DefaultQuery;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.cache.tier.Command;
-import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommand;
import com.gemstone.gemfire.internal.cache.tier.sockets.BaseCommandQuery;
import com.gemstone.gemfire.internal.cache.tier.sockets.Message;
import com.gemstone.gemfire.internal.cache.tier.sockets.ServerConnection;
@@ -71,31 +69,31 @@ public class Query extends BaseCommandQuery {
logger.debug("{}: Received query request from {} queryString: {}", servConn.getName(), servConn.getSocketString(), queryString);
}
try {
- // Create query
+ // Create query
QueryService queryService = ((GemFireCacheImpl)servConn.getCachedRegionHelper().getCache())
- .getLocalQueryService();
- com.gemstone.gemfire.cache.query.Query query = queryService
- .newQuery(queryString);
- Set regionNames = ((DefaultQuery)query).getRegionsInQuery(null);
+ .getLocalQueryService();
+ com.gemstone.gemfire.cache.query.Query query = queryService
+ .newQuery(queryString);
+ Set regionNames = ((DefaultQuery)query).getRegionsInQuery(null);
- // Authorization check
- QueryOperationContext queryContext = null;
- AuthorizeRequest authzRequest = servConn.getAuthzRequest();
- if (authzRequest != null) {
- queryContext = authzRequest.queryAuthorize(queryString, regionNames);
- String newQueryString = queryContext.getQuery();
- if (queryString != null && !queryString.equals(newQueryString)) {
- query = queryService.newQuery(newQueryString);
- queryString = newQueryString;
- regionNames = queryContext.getRegionNames();
- if (regionNames == null) {
- regionNames = ((DefaultQuery)query).getRegionsInQuery(null);
+ // Authorization check
+ QueryOperationContext queryContext = null;
+ AuthorizeRequest authzRequest = servConn.getAuthzRequest();
+ if (authzRequest != null) {
+ queryContext = authzRequest.queryAuthorize(queryString, regionNames);
+ String newQueryString = queryContext.getQuery();
+ if (queryString != null && !queryString.equals(newQueryString)) {
+ query = queryService.newQuery(newQueryString);
+ queryString = newQueryString;
+ regionNames = queryContext.getRegionNames();
+ if (regionNames == null) {
+ regionNames = ((DefaultQuery)query).getRegionsInQuery(null);
+ }
}
}
- }
- processQuery(msg, query, queryString, regionNames, start, null,
- queryContext, servConn, true);
+ processQuery(msg, query, queryString, regionNames, start, null,
+ queryContext, servConn, true);
} catch (QueryInvalidException e) {
throw new QueryInvalidException(e.getMessage()
+ queryString );
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index fa499d9..17bfec0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -21,6 +21,7 @@ import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import java.lang.reflect.Method;
import java.security.AccessController;
+import java.security.Principal;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.Callable;
@@ -54,6 +55,7 @@ import com.gemstone.gemfire.security.GeodePermission;
import com.gemstone.gemfire.security.GeodePermission.Operation;
import com.gemstone.gemfire.security.GeodePermission.Resource;
import com.gemstone.gemfire.security.NotAuthorizedException;
+import com.gemstone.gemfire.security.PostProcessor;
public class GeodeSecurityUtil {
@@ -212,21 +214,37 @@ public class GeodeSecurityUtil {
authorize("DATA", "MANAGE", regionName);
}
+ public static void authorizeRegionManage(String regionName, String key) {
+ authorize("DATA", "MANAGE", regionName, key);
+ }
+
public static void authorizeRegionWrite(String regionName) {
authorize("DATA", "WRITE", regionName);
}
+ public static void authorizeRegionWrite(String regionName, String key) {
+ authorize("DATA", "WRITE", regionName, key);
+ }
+
public static void authorizeRegionRead(String regionName) {
authorize("DATA", "READ", regionName);
}
+ public static void authorizeRegionRead(String regionName, String key) {
+ authorize("DATA", "READ", regionName, key);
+ }
+
public static void authorize(String resource, String operation) {
authorize(resource, operation, null);
}
- private static void authorize(String resource, String operation, String regionName) {
+ private static void authorize(String resource, String operation, String regionName){
+ authorize(resource, operation, regionName, null);
+ }
+
+ private static void authorize(String resource, String operation, String regionName, String key) {
regionName = StringUtils.stripStart(regionName, "/");
- authorize(new GeodePermission(resource, operation, regionName));
+ authorize(new GeodePermission(resource, operation, regionName, key));
}
public static void authorize(GeodePermission context) {
@@ -247,8 +265,8 @@ public class GeodeSecurityUtil {
currentUser.checkPermission(context);
}
catch (ShiroException e) {
- logger.info(currentUser.getPrincipal() + " not authorized for " + context);
- throw new NotAuthorizedException(e.getMessage(), e);
+ String msg = currentUser.getPrincipal() + " not authorized for " + context;
+ throw new NotAuthorizedException(msg, e);
}
}
@@ -262,6 +280,8 @@ public class GeodeSecurityUtil {
return true;
}
+ private static PostProcessor postProcessor;
+
/**
* initialize Shiro's Security Manager and Security Utilities
* @param securityProps
@@ -274,8 +294,7 @@ public class GeodeSecurityUtil {
String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
String customAuthenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
- Object auth = getAuthenticatorObject(customAuthenticator);
-
+ Object authenticatorObject = getObject(customAuthenticator);
if (!com.gemstone.gemfire.internal.lang.StringUtils.isBlank(shiroConfig)) {
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
@@ -289,26 +308,46 @@ public class GeodeSecurityUtil {
SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
}
+
// only set up shiro realm if user has implemented ExternalSecurity
- else if (auth != null && auth instanceof ExternalSecurity) {
- ExternalSecurity externalSecurity = (ExternalSecurity) auth;
- externalSecurity.init(securityProps);
- Realm realm = new CustomAuthRealm(externalSecurity);
+ else if (authenticatorObject != null && authenticatorObject instanceof ExternalSecurity) {
+ ExternalSecurity authenticator = (ExternalSecurity) authenticatorObject;
+ authenticator.init(securityProps);
+ Realm realm = new CustomAuthRealm(authenticator);
SecurityManager securityManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(securityManager);
}
else {
SecurityUtils.setSecurityManager(null);
}
+
+ // this initializes the post processor
+ String customPostProcessor = securityProps.getProperty(SECURITY_CLIENT_ACCESSOR_PP);
+ Object postProcessObject = getObject(customPostProcessor);
+ if(postProcessObject instanceof PostProcessor){
+ postProcessor = (PostProcessor) postProcessObject;
+ postProcessor.init(securityProps);
+ }
}
- public static Object getAuthenticatorObject(String authenticatorFactoryName) {
- if (StringUtils.isBlank(authenticatorFactoryName)) {
+ public static Object postProcess(String regionPath, Object key, Object result){
+ if(postProcessor == null)
+ return result;
+
+ Subject subject = getSubject();
+
+ if(subject == null)
+ return result;
+
+ return postProcessor.processRegionValue((Principal)subject.getPrincipal(), regionPath, key, result);
+ }
+
+ public static Object getObject(String factoryName) {
+ if (StringUtils.isBlank(factoryName)) {
return null;
}
-
try {
- Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorFactoryName);
+ Method instanceGetter = ClassLoadUtil.methodFromName(factoryName);
return instanceGetter.invoke(null, (Object[]) null);
}
catch (Exception ex) {
@@ -317,7 +356,7 @@ public class GeodeSecurityUtil {
}
public static boolean isIntegratedSecurity(String authenticatorFactoryName) {
- Object auth = getAuthenticatorObject(authenticatorFactoryName);
+ Object auth = getObject(authenticatorFactoryName);
return (auth instanceof ExternalSecurity);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index 060878d..cb3b116 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -19,12 +19,6 @@ package com.gemstone.gemfire.internal.security.shiro;
import java.security.Principal;
import java.util.Properties;
-import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import com.gemstone.gemfire.security.ExternalSecurity;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.security.GeodePermission;
-
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.authc.AuthenticationException;
@@ -37,6 +31,12 @@ import org.apache.shiro.authz.Permission;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.security.ExternalSecurity;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.security.GeodePermission;
+
public class CustomAuthRealm extends AuthorizingRealm{
public static final String REALM_NAME = "CUSTOMAUTHREALM";
@@ -49,7 +49,7 @@ public class CustomAuthRealm extends AuthorizingRealm{
public CustomAuthRealm (String authenticatorFactory) {
- Object auth = GeodeSecurityUtil.getAuthenticatorObject(authenticatorFactory);
+ Object auth = GeodeSecurityUtil.getObject(authenticatorFactory);
if(!(auth instanceof ExternalSecurity)){
throw new GemFireSecurityException("Integrated Security requires ExternalSecurity interface.");
@@ -57,7 +57,7 @@ public class CustomAuthRealm extends AuthorizingRealm{
externalSecurity = (ExternalSecurity) auth;
}
- @Override
+ @Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
UsernamePasswordToken authToken = (UsernamePasswordToken) token;
String username = authToken.getUsername();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
index cd802a9..a727b5c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
@@ -30,6 +30,11 @@ import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
+import org.springframework.shell.core.CommandMarker;
+import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
+import org.springframework.shell.core.annotation.CliCommand;
+import org.springframework.shell.core.annotation.CliOption;
+
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheClosedException;
@@ -75,11 +80,6 @@ import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.security.GeodePermission.Operation;
import com.gemstone.gemfire.security.GeodePermission.Resource;
-import org.springframework.shell.core.CommandMarker;
-import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
-import org.springframework.shell.core.annotation.CliCommand;
-import org.springframework.shell.core.annotation.CliOption;
-
/**
*
* @since GemFire 7.0
@@ -1027,7 +1027,7 @@ public class DataCommands implements CommandMarker {
@CliOption(key = { CliStrings.GET__VALUEKLASS }, help = CliStrings.GET__VALUEKLASS__HELP) String valueClass,
@CliOption(key = CliStrings.GET__LOAD, unspecifiedDefaultValue = "true", specifiedDefaultValue = "true", help = CliStrings.GET__LOAD__HELP) Boolean loadOnCacheMiss)
{
- GeodeSecurityUtil.authorizeRegionRead(regionPath);
+ GeodeSecurityUtil.authorizeRegionRead(regionPath, key);
Cache cache = CacheFactory.getAnyInstance();
DataCommandResult dataResult = null;
@@ -1069,6 +1069,10 @@ public class DataCommands implements CommandMarker {
dataResult.setKeyClass(keyClass);
if (valueClass != null)
dataResult.setValueClass(valueClass);
+
+ Object result = GeodeSecurityUtil.postProcess(regionPath, key, dataResult.getGetResult());
+ dataResult.setGetResult(result);
+
return makePresentationResult(dataResult);
}
@@ -1083,8 +1087,8 @@ public class DataCommands implements CommandMarker {
@CliOption(key = { CliStrings.LOCATE_ENTRY__VALUEKLASS }, help = CliStrings.LOCATE_ENTRY__VALUEKLASS__HELP) String valueClass,
@CliOption(key = { CliStrings.LOCATE_ENTRY__RECURSIVE }, help = CliStrings.LOCATE_ENTRY__RECURSIVE__HELP, unspecifiedDefaultValue = "false") boolean recursive) {
- GeodeSecurityUtil.authorizeRegionRead(regionPath);
- // Cache cache = CacheFactory.getAnyInstance();
+ GeodeSecurityUtil.authorizeRegionRead(regionPath, key);
+
DataCommandResult dataResult = null;
if (regionPath == null || regionPath.isEmpty()) {
@@ -1118,6 +1122,7 @@ public class DataCommands implements CommandMarker {
dataResult.setKeyClass(keyClass);
if (valueClass != null)
dataResult.setValueClass(valueClass);
+
return makePresentationResult(dataResult);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
index 48cc83a..3f1eb21 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/functions/DataCommandFunction.java
@@ -26,6 +26,10 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
+import org.apache.commons.lang.StringUtils;
+import org.apache.logging.log4j.Logger;
+import org.json.JSONArray;
+
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheClosedException;
import com.gemstone.gemfire.cache.CacheFactory;
@@ -77,10 +81,6 @@ import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.JsonUtil;
import com.gemstone.gemfire.pdx.PdxInstance;
-import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-import org.json.JSONArray;
-
/***
*
* since 7.0
@@ -930,6 +930,21 @@ public class DataCommandFunction extends FunctionAdapter implements InternalEnt
request.setQuery(query);
dataResult = DataCommands.callFunctionForRegion(request, function, members);
dataResult.setInputQuery(query);
+
+ // post process, iterate through the result for post processing
+ List<SelectResultRow> rows = dataResult.getSelectResult();
+ for(Iterator<SelectResultRow> itr = rows.iterator(); itr.hasNext();){
+ SelectResultRow row = itr.next();
+ Object newValue = GeodeSecurityUtil.postProcess(null, null, row.getValue());
+ // user is not supposed to see this row
+ if(newValue==null){
+ itr.remove();
+ }
+ else{
+ row.setValue(newValue);
+ }
+ }
+
return (dataResult);
} else {
return (dataResult = DataCommandResult.createSelectInfoResult(null, null, -1, null,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
index 95ef2c8..fab8b74 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/GeodePermission.java
@@ -22,6 +22,7 @@ import org.apache.shiro.authz.permission.WildcardPermission;
public class GeodePermission extends WildcardPermission {
public static String ALL_REGIONS = "*";
+ public static String ALL_KEYS = "*";
public enum Resource {
NULL,
@@ -48,45 +49,61 @@ public class GeodePermission extends WildcardPermission {
return regionName;
}
+ public String getKey() {
+ return key;
+ }
+
// these default values are used when creating a lock around an operation
private Resource resource = Resource.NULL;
private Operation operation = Operation.NULL;
private String regionName = ALL_REGIONS;
+ private String key = ALL_KEYS;
public GeodePermission() {
this(Resource.NULL, Operation.NULL);
}
public GeodePermission(String resource, String operation) {
- this(Resource.valueOf(resource), Operation.valueOf(operation));
- }
-
- public GeodePermission(Resource resource, Operation operation){
this(resource, operation, ALL_REGIONS);
}
public GeodePermission(String resource, String operation, String regionName) {
- if(resource != null) this.resource = Resource.valueOf(resource);
- if(operation != null) this.operation = Operation.valueOf(operation);
- if(regionName != null) this.regionName = regionName;
+ this(resource, operation, regionName, ALL_KEYS);
+ }
- setParts(this.resource+":"+this.operation+":"+this.regionName, true);
+ public GeodePermission(String resource, String operation, String regionName, String key) {
+ this((resource==null) ? Resource.NULL : Resource.valueOf(resource),
+ (operation == null) ? Operation.NULL : Operation.valueOf(operation),
+ regionName,
+ key);
+ }
+
+ public GeodePermission(Resource resource, Operation operation){
+ this(resource, operation, ALL_REGIONS);
}
public GeodePermission(Resource resource, Operation operation, String regionName){
+ this(resource, operation, regionName, ALL_KEYS);
+ }
+
+ public GeodePermission(Resource resource, Operation operation, String regionName, String key){
if(resource != null) this.resource = resource;
if(operation != null) this.operation = operation;
if(regionName != null) this.regionName = regionName;
+ if(key != null) this.key = key;
- setParts(this.resource+":"+this.operation+":"+this.regionName, true);
+ setParts(this.resource+":"+this.operation+":"+this.regionName+":"+this.key, true);
}
@Override
public String toString() {
- if (ALL_REGIONS.equals(getRegionName())) {
+ if (ALL_REGIONS.equals(regionName)) {
return getResource() + ":" + getOperation();
- } else {
- return getResource() + ":" + getOperation() + ":" + getRegionName();
+ } else if(ALL_KEYS.equals(key)) {
+ return resource + ":" + operation + ":" + regionName;
+ }
+ else{
+ return resource + ":" + operation + ":" + regionName + ":" + key;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/security/PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/PostProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/security/PostProcessor.java
new file mode 100644
index 0000000..7f959e9
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/PostProcessor.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+public interface PostProcessor {
+ void init(Properties securityProps);
+ Object processRegionValue(Principal principal, String regionPath, Object key, Object value);
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
index 3922d99..a86c871 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SampleJsonAuthorization.java
@@ -31,11 +31,14 @@ import java.util.Properties;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
+
import javax.management.remote.JMXPrincipal;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
-import com.gemstone.gemfire.internal.logging.LogService;
+import org.apache.commons.io.IOUtils;
+import org.apache.shiro.authz.Permission;
+
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
import com.gemstone.gemfire.security.AccessControl;
import com.gemstone.gemfire.security.AuthenticationFailedException;
@@ -44,9 +47,6 @@ import com.gemstone.gemfire.security.ExternalSecurity;
import com.gemstone.gemfire.security.GeodePermission;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import org.apache.commons.io.IOUtils;
-import org.apache.shiro.authz.Permission;
-
/**
* This class provides a sample implementation for authentication and authorization via the {@link AccessControl}
* and {@link Authenticator} interfaces.
@@ -163,6 +163,7 @@ public class SampleJsonAuthorization implements ExternalSecurity {
Role role = new Role();
role.name = r.get("name").asText();
String regionNames = null;
+ String keys = null;
JsonNode regions = r.get("regions");
if (regions != null) {
@@ -179,8 +180,16 @@ public class SampleJsonAuthorization implements ExternalSecurity {
String[] parts = op.asText().split(":");
String resourcePart = (parts.length > 0) ? parts[0] : null;
String operationPart = (parts.length > 1) ? parts[1] : null;
+ if(parts.length>2){
+ regionNames = parts[2];
+ }
+ if(parts.length>3){
+ keys = parts[3];
+ }
String regionPart = (regionNames != null) ? regionNames : "*";
- role.permissions.add(new GeodePermission(resourcePart, operationPart, regionPart));
+ String keyPart = (keys !=null) ? keys : "*";
+
+ role.permissions.add(new GeodePermission(resourcePart, operationPart, regionPart, keyPart));
}
roleMap.put(role.name, role);
@@ -232,7 +241,6 @@ public class SampleJsonAuthorization implements ExternalSecurity {
throw new AuthenticationFailedException("Wrong username/password");
}
- LogService.getLogger().info("User=" + user + " pwd=" + pwd);
if (user != null && !userObj.pwd.equals(pwd) && !"".equals(user)) {
throw new AuthenticationFailedException("Wrong username/password");
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SamplePostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SamplePostProcessor.java
new file mode 100644
index 0000000..1adfb9f
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/templates/SamplePostProcessor.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security.templates;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.security.PostProcessor;
+
+public class SamplePostProcessor implements PostProcessor{
+ public static String MASK = "****";
+
+ public static SamplePostProcessor create(){
+ return new SamplePostProcessor();
+ }
+
+ @Override
+ public void init(final Properties securityProps) {
+
+ }
+
+ @Override
+ public Object processRegionValue(Principal principal,
+ String regionPath,
+ Object key,
+ Object value) {
+ return MASK;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
index 95e4943..852c230 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
@@ -16,7 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.cli;
-import static com.gemstone.gemfire.cache.operations.OperationContext.*;
import static org.junit.Assert.*;
import java.lang.reflect.Method;
@@ -49,6 +48,8 @@ import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
import com.gemstone.gemfire.management.internal.cli.parser.SyntaxConstants;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+import com.gemstone.gemfire.security.GeodePermission.Operation;
+import com.gemstone.gemfire.security.GeodePermission.Resource;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
/**
@@ -688,7 +689,7 @@ public class GfshParserJUnitTest {
static class Commands implements CommandMarker {
@CliCommand(value = { COMMAND1_NAME, COMMAND1_NAME_ALIAS }, help = COMMAND1_HELP)
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static String command1(@CliArgument(name = ARGUMENT1_NAME, argumentContext = ARGUMENT1_CONTEXT, help = ARGUMENT1_HELP, mandatory = true) String argument1,
@CliArgument(name = ARGUMENT2_NAME, argumentContext = ARGUMENT2_CONTEXT, help = ARGUMENT2_HELP, mandatory = false, unspecifiedDefaultValue = ARGUMENT2_UNSPECIFIED_DEFAULT_VALUE, systemProvided = false) String argument2,
@CliOption(key = {
@@ -704,13 +705,13 @@ public class GfshParserJUnitTest {
}
@CliCommand(value = { COMMAND2_NAME })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static String command2() {
return null;
}
@CliCommand(value = { "testParamConcat" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result testParamConcat(@CliOption(key = { "string" }) String string,
@CliOption(key = { "stringArray" }) @CliMetaData(valueSeparator = ",") String[] stringArray,
@CliOption(key = { "stringList" }, optionContext = ConverterHint.STRING_LIST) @CliMetaData(valueSeparator = ",") List<String> stringList,
@@ -720,7 +721,7 @@ public class GfshParserJUnitTest {
}
@CliCommand(value = { "testMultiWordArg" })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public static Result testMultiWordArg(@CliArgument(name = "arg1") String arg1,
@CliArgument(name = "arg2") String arg2) {
return null;
@@ -778,13 +779,13 @@ public class GfshParserJUnitTest {
static final String C2_MSG_AVAILABLE = C2_NAME + " is available.";
@CliCommand(value = { C1_NAME })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result command1() {
return ResultBuilder.createInfoResult(C1_MSG_AVAILABLE);
}
@CliCommand(value = { C2_NAME })
- @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = Operation.READ)
public Result command2() {
return ResultBuilder.createInfoResult(C2_MSG_AVAILABLE);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index 5edca36..55284b4 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -21,18 +21,18 @@ import static org.junit.Assert.*;
import java.util.List;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.management.MemberMXBean;
import com.gemstone.gemfire.security.NotAuthorizedException;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
/**
*/
@@ -88,5 +88,4 @@ public class CliCommandsSecurityTest {
}
}
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
new file mode 100644
index 0000000..2cfd496
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.management.internal.security;
+
+import static com.gemstone.gemfire.internal.Assert.assertTrue;
+
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
+import com.gemstone.gemfire.security.templates.SamplePostProcessor;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+
+@Category(IntegrationTest.class)
+public class GfshCommandsPostProcessorTest {
+ protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
+
+ private HeadlessGfsh gfsh = null;
+
+ @ClassRule
+ public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
+ jmxPort, "cacheServer.json", SamplePostProcessor.class);
+
+ @Rule
+ public GfshShellConnectionRule gfshConnection;
+
+ public GfshCommandsPostProcessorTest(){
+ gfshConnection = new GfshShellConnectionRule(jmxPort);
+ }
+
+ @Before
+ public void before(){
+ gfsh = gfshConnection.getGfsh();
+ }
+
+ @Test
+ @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ public void testGetPostProcess() throws Exception {
+ gfsh.executeCommand("put --region=region1 --key=key1 --value=value1");
+ gfsh.executeCommand("put --region=region1 --key=key2 --value=value2");
+ gfsh.executeCommand("put --region=region1 --key=key3 --value=value3");
+
+ // for get command, assert the return value is processed
+ gfsh.executeCommand("get --region=region1 --key=key1");
+ assertTrue(gfsh.outputString.contains("Value : ****"), gfsh.outputString);
+
+ // for query command, assert the return values are processed
+ gfsh.executeCommand("query --query=\"select * from /region1\"");
+ assertTrue(gfsh.outputString.contains("****\n****\n****"), gfsh.outputString);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index 9e24317..dda844e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -21,6 +21,13 @@ import static org.junit.Assert.*;
import java.util.List;
+import org.apache.shiro.authz.permission.WildcardPermission;
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import com.gemstone.gemfire.internal.AvailablePortHelper;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.management.cli.Result;
@@ -30,13 +37,6 @@ import com.gemstone.gemfire.management.internal.cli.result.ErrorResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.apache.shiro.authz.permission.WildcardPermission;
-import org.junit.Before;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
@Category(IntegrationTest.class)
public class GfshCommandsSecurityTest {
protected static int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
@@ -172,5 +172,17 @@ public class GfshCommandsSecurityTest {
}
}
+ @Test
+ @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ public void testGetPostProcess() throws Exception {
+ gfsh.executeCommand("put --region=region1 --key=key2 --value=value2");
+ gfsh.executeCommand("put --region=region1 --key=key2 --value=value2");
+ gfsh.executeCommand("put --region=region1 --key=key3 --value=value3");
+
+ //gfsh.executeCommand("get --region=region1 --key=key1");
+ gfsh.executeCommand("query --query=\"select * from /region1\"");
+ }
+
+
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshShellConnectionRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshShellConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshShellConnectionRule.java
index d0f33d9..5183e7a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshShellConnectionRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshShellConnectionRule.java
@@ -48,6 +48,10 @@ public class GfshShellConnectionRule extends DescribedExternalResource {
this.useHttp = useHttp;
}
+ public GfshShellConnectionRule(int jmxPort) {
+ this.jmxPort = jmxPort;
+ }
+
protected void before(Description description) throws Throwable {
JMXConnectionConfiguration config = description.getAnnotation(JMXConnectionConfiguration.class);
if(config==null)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index 223ff91..4714016 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -16,21 +16,31 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import org.junit.rules.ExternalResource;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import java.util.Properties;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import org.junit.rules.ExternalResource;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
public class JsonAuthorizationCacheStartRule extends ExternalResource {
private Cache cache;
private int jmxManagerPort = 0;
private int httpPort = 0;
private String jsonFile;
+ private Class postProcessor;
private boolean doAuthorization;
+ public JsonAuthorizationCacheStartRule(int jmxManagerPort, String jsonFile, Class postProcessor) {
+ this.jmxManagerPort = jmxManagerPort;
+ this.jsonFile = jsonFile;
+ this.doAuthorization = true;
+ this.postProcessor = postProcessor;
+ }
+
+
public JsonAuthorizationCacheStartRule(int jmxManagerPort, String jsonFile) {
this.jmxManagerPort = jmxManagerPort;
this.jsonFile = jsonFile;
@@ -64,10 +74,16 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
if (doAuthorization) {
properties.put(SECURITY_CLIENT_ACCESSOR, JSONAuthorization.class.getName() + ".create");
}
+ if(postProcessor!=null){
+ properties.put(SECURITY_CLIENT_ACCESSOR_PP, postProcessor.getName()+".create");
+ }
+
JSONAuthorization.setUpWithJsonFile(jsonFile);
cache = new CacheFactory(properties).create();
cache.addCacheServer().start();
+
+ cache.createRegionFactory().create("region1");
}
public Cache getCache(){
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c6e7a3bd/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
index e6dd1d5..644e9f8 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MultiUserDUnitTest.java
@@ -17,6 +17,19 @@
package com.gemstone.gemfire.management.internal.security;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
+
+import com.jayway.awaitility.Awaitility;
+import org.json.JSONException;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.management.cli.Result.Status;
import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
@@ -30,18 +43,6 @@ import com.gemstone.gemfire.test.dunit.IgnoredException;
import com.gemstone.gemfire.test.dunit.VM;
import com.gemstone.gemfire.test.junit.categories.DistributedTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.jayway.awaitility.Awaitility;
-import org.json.JSONException;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Properties;
-import java.util.concurrent.TimeUnit;
-
-import static org.junit.Assert.*;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@Category({ DistributedTest.class, SecurityTest.class })
public class MultiUserDUnitTest extends CliCommandTestBase {
@@ -97,7 +98,7 @@ public class MultiUserDUnitTest extends CliCommandTestBase {
((ErrorResultData) result.getResultData()).getErrorCode());
String resultMessage = result.getContent().toString();
String permString = command.getPermission().toString();
- assertTrue(resultMessage + " does not contain " + permString, resultMessage.contains("[" + permString + "]"));
+ assertTrue(resultMessage + " does not contain " + permString, resultMessage.contains(permString));
}
LogService.getLogger().info("vm 2 done!");
});
@@ -136,6 +137,9 @@ public class MultiUserDUnitTest extends CliCommandTestBase {
vm2Invoke.join();
vm3Invoke.join();
+ vm2Invoke.checkException();
+ vm3Invoke.checkException();
+
IgnoredException.removeAllExpectedExceptions();
}