You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2016/07/25 18:01:40 UTC
[6/6] incubator-geode git commit: GEODE-1673: fail start if
security.json cannot be found
GEODE-1673: fail start if security.json cannot be found
* collapse JSONAuthorization into SampleSecurityManager
* update SampleSecurityManager to support file, resource and string json
* cleanup security tests
* add SecurityTest category to security tests
This closes #212
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/8812d540
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/8812d540
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/8812d540
Branch: refs/heads/feature/GEODE-1673-PR-212
Commit: 8812d540372786cdd6dc664574effb38123e3292
Parents: 7ca571c
Author: Grace Meilen <gm...@pivotal.io>
Authored: Fri Jul 22 17:43:41 2016 -0700
Committer: Kirk Lund <kl...@pivotal.io>
Committed: Mon Jul 25 10:59:23 2016 -0700
----------------------------------------------------------------------
.../internal/InternalDistributedSystem.java | 2 +-
.../gms/mgr/GMSMembershipManager.java | 1 -
.../internal/security/GeodeSecurityUtil.java | 58 ++---
.../security/shiro/CustomAuthRealm.java | 17 +-
.../apache/geode/security/GeodePermission.java | 58 ++---
.../apache/geode/security/SecurityManager.java | 4 +-
.../security/templates/SamplePostProcessor.java | 5 +-
.../templates/SampleSecurityManager.java | 261 +++++++++++--------
.../internal/DistributionConfigJUnitTest.java | 7 +-
.../security/GeodeSecurityUtilTest.java | 23 +-
.../cli/commands/CliCommandTestBase.java | 26 +-
.../security/AccessControlMBeanJUnitTest.java | 14 +-
...CacheServerMBeanAuthenticationJUnitTest.java | 7 +-
.../CacheServerMBeanAuthorizationJUnitTest.java | 14 +-
.../CacheServerMBeanShiroJUnitTest.java | 12 +-
.../security/CliCommandsSecurityTest.java | 7 +-
.../security/DataCommandsSecurityTest.java | 17 +-
.../DiskStoreMXBeanSecurityJUnitTest.java | 14 +-
.../GatewayReceiverMBeanSecurityTest.java | 20 +-
.../GatewaySenderMBeanSecurityTest.java | 21 +-
.../security/GeodePermissionJUnitTest.java | 8 +-
.../GeodeSecurityUtilCustomRealmJUnitTest.java | 22 +-
.../GeodeSecurityUtilWithIniFileJUnitTest.java | 12 +-
.../security/GfshCommandsPostProcessorTest.java | 18 +-
.../security/GfshCommandsSecurityTest.java | 18 +-
.../JsonAuthorizationCacheStartRule.java | 13 +-
.../LockServiceMBeanAuthorizationJUnitTest.java | 20 +-
.../security/MBeanSecurityJUnitTest.java | 50 ++--
.../security/MBeanServerConnectionRule.java | 6 +-
.../ManagerMBeanAuthorizationJUnitTest.java | 17 +-
.../security/MemberMBeanSecurityJUnitTest.java | 14 +-
.../internal/security/MultiUserDUnitTest.java | 8 +-
.../internal/security/ShiroCacheStartRule.java | 10 +-
.../internal/security/TestCommand.java | 5 +-
...ractIntegratedClientAuthDistributedTest.java | 17 +-
...gratedClientGetEntryAuthDistributedTest.java | 1 -
...IntegratedClientSizeAuthDistributedTest.java | 1 -
...edSecurityCacheLifecycleDistributedTest.java | 6 +-
...edSecurityCacheLifecycleIntegrationTest.java | 1 -
...urityNoShowValue1PostProcessorDUnitTest.java | 2 -
...tegratedSecurityPeerAuthDistributedTest.java | 28 +-
...ntegratedSecurityPostProcessorDUnitTest.java | 2 -
.../gemfire/security/JSONAuthorization.java | 54 ----
.../security/NoShowValue1PostProcessor.java | 6 +-
.../gemfire/security/SecurityTestUtils.java | 2 +-
.../templates/SampleSecurityManagerTest.java | 123 +++++++++
.../geode/security/templates/security.json | 30 +++
.../gemfire/tools/pulse/tests/Server.java | 10 +-
48 files changed, 618 insertions(+), 474 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
index 32f1bff..013a72d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
@@ -2085,7 +2085,7 @@ public class InternalDistributedSystem
listener.handleEvent(event, resource);
} catch(CancelException e) {
//ignore
- } catch (ManagementException ex) {
+ } catch (GemFireSecurityException|ManagementException ex) {
if (event == ResourceEvent.CACHE_CREATE) {
throw ex;
} else {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
index cfd11ed..4ed30a4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/mgr/GMSMembershipManager.java
@@ -2070,7 +2070,6 @@ public class GMSMembershipManager implements MembershipManager, Manager
*
* Concurrency: protected by {@link #latestViewLock} ReentrantReadWriteLock
*
- * guarded.By latestViewLock
* @return true if the given member is a zombie
*/
public boolean isShunned(DistributedMember m) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 0d5e701..19f3325 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@@ -58,10 +57,17 @@ public class GeodeSecurityUtil {
private static Logger logger = LogService.getLogger();
+ private static PostProcessor postProcessor;
+ private static SecurityManager securityManager;
+ private static boolean isIntegratedSecurity;
+ private static boolean isClientAuthenticator;
+ private static boolean isPeerAuthenticator;
/**
- * It first looks the shiro subject in AccessControlContext since JMX will use multiple threads to process operations from the same client.
- * then it looks into Shiro's thead context.
+ * It first looks the shiro subject in AccessControlContext since JMX will
+ * use multiple threads to process operations from the same client, then it
+ * looks into Shiro's thead context.
+ *
* @return the shiro subject, null if security is not enabled
*/
public static Subject getSubject() {
@@ -97,8 +103,6 @@ public class GeodeSecurityUtil {
}
/**
- * @param username
- * @param password
* @return null if security is not enabled, otherwise return a shiro subject
*/
public static Subject login(String username, String password) {
@@ -153,7 +157,9 @@ public class GeodeSecurityUtil {
}
/**
- * this binds the passed-in subject to the executing thread, normally, you would do this:
+ * this binds the passed-in subject to the executing thread, normally, you
+ * would do this:
+ *
* ThreadState state = null;
* try{
* state = GeodeSecurityUtil.bindSubject(subject);
@@ -269,15 +275,8 @@ public class GeodeSecurityUtil {
}
}
- private static PostProcessor postProcessor;
- private static SecurityManager securityManager;
- private static boolean isIntegratedSecurity;
- private static boolean isClientAuthenticator;
- private static boolean isPeerAuthenticator;
-
/**
* initialize Shiro's Security Manager and Security Utilities
- * @param securityProps
*/
public static void initSecurity(Properties securityProps) {
if (securityProps == null) {
@@ -352,8 +351,10 @@ public class GeodeSecurityUtil {
}
/**
- * postProcess call already has this logic built in, you don't need to call this everytime you call postProcess.
- * But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first.
+ * postProcess call already has this logic built in, you don't need to call
+ * this everytime you call postProcess. But if your postProcess is pretty
+ * involved with preparations and you need to bypass it entirely, call this
+ * first.
*/
public static boolean needPostProcess(){
return (isIntegratedSecurity && postProcessor != null);
@@ -372,13 +373,9 @@ public class GeodeSecurityUtil {
return postProcessor.processRegionValue((Principal)subject.getPrincipal(), regionName, key, result);
}
-
/**
- * this method would never return null, it either throws an exception or returns an object
- * @param className
- * @param expectedClazz
- * @param <T>
- * @return the expected object loadded by using the className
+ * this method would never return null, it either throws an exception or
+ * returns an object
*/
public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
Class actualClass = null;
@@ -403,11 +400,8 @@ public class GeodeSecurityUtil {
}
/**
- * this method would never return null, it either throws an exception or returns an object
- * @param factoryMethodName
- * @param expectedClazz
- * @param <T>
- * @return the expected object loaded by the factory method
+ * this method would never return null, it either throws an exception or
+ * returns an object
*/
public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
T actualObject = null;
@@ -426,12 +420,11 @@ public class GeodeSecurityUtil {
}
/**
- * this method would never return null, it either throws an exception or returns an object
- * @param classOrMethod
- * @param expectedClazz
- * @param <T>
- * @return an object of type expectedClazz. This method would never return null. It either returns an non-null
- * object or throws exception.
+ * this method would never return null, it either throws an exception or
+ * returns an object
+ *
+ * @return an object of type expectedClazz. This method would never return
+ * null. It either returns an non-null object or throws exception.
*/
public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
T object = null;
@@ -448,7 +441,6 @@ public class GeodeSecurityUtil {
return securityManager;
}
-
public static boolean isClientSecurityRequired() {
return isClientAuthenticator || isIntegratedSecurity;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index db07fe0..c890dc9 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -34,18 +34,31 @@ import org.apache.shiro.subject.PrincipalCollection;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-public class CustomAuthRealm extends AuthorizingRealm{
+public class CustomAuthRealm extends AuthorizingRealm {
private static final String REALM_NAME = "CUSTOMAUTHREALM";
private SecurityManager securityManager = null;
+ /**
+ * The caller must invoke {@link org.apache.geode.security.SecurityManager#init(Properties)}
+ * prior to instantiating CustomAuthRealm.
+ *
+ * @param securityManager instance of SecurityManager which has already been initialized
+ */
public CustomAuthRealm(SecurityManager securityManager) {
this.securityManager = securityManager;
}
- public CustomAuthRealm (String authenticatorFactory) {
+ /**
+ * SecurityManager will be constructed and initialized with the provided security properties.
+ *
+ * @param authenticatorFactory name of the SecurityManager implementation to construct
+ * @param securityProperties the security properties to initialize SecurityManager with
+ */
+ public CustomAuthRealm(String authenticatorFactory, Properties securityProperties) {
this.securityManager = GeodeSecurityUtil.getObjectOfTypeFromClassName(authenticatorFactory, SecurityManager.class);
+ this.securityManager.init(securityProperties);
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
index 9f0ce2d..21cec6b 100644
--- a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
+++ b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.geode.security;
import org.apache.shiro.authz.permission.WildcardPermission;
@@ -42,35 +41,6 @@ public class GeodePermission extends WildcardPermission {
READ
}
- /**
- * Returns
- * @return the resource, could be either DATA or CLUSTER
- */
- public Resource getResource() {
- return resource;
- }
-
- /**
- * @return the operation, could be either MANAGE, WRITE or READ
- */
- public Operation getOperation() {
- return operation;
- }
-
- /**
- * @return the regionName, could be "*", meaning all regions
- */
- public String getRegionName() {
- return regionName;
- }
-
- /**
- * @return the key, could be "*" meaning all keys.
- */
- public String getKey() {
- return key;
- }
-
// these default values are used when creating a lock around an operation
private Resource resource = Resource.NULL;
private Operation operation = Operation.NULL;
@@ -113,6 +83,34 @@ public class GeodePermission extends WildcardPermission {
setParts(this.resource+":"+this.operation+":"+this.regionName+":"+this.key, true);
}
+ /**
+ * Returns the resource, could be either DATA or CLUSTER
+ */
+ public Resource getResource() {
+ return resource;
+ }
+
+ /**
+ * Returns the operation, could be either MANAGE, WRITE or READ
+ */
+ public Operation getOperation() {
+ return operation;
+ }
+
+ /**
+ * returns the regionName, could be "*", meaning all regions
+ */
+ public String getRegionName() {
+ return regionName;
+ }
+
+ /**
+ * returns the key, could be "*" meaning all keys.
+ */
+ public String getKey() {
+ return key;
+ }
+
@Override
public String toString() {
if (ALL_REGIONS.equals(regionName)) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
index 269ed43..51a6879 100644
--- a/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/SecurityManager.java
@@ -43,13 +43,13 @@ public interface SecurityManager {
/**
* Verify the credentials provided in the properties
- * @param props
+ * @param credentials
* it contains the security-username and security-password as keys of the properties
* @return
* the authenticated Principal object
* @throws AuthenticationFailedException
*/
- Principal authenticate(Properties props) throws AuthenticationFailedException;
+ Principal authenticate(Properties credentials) throws AuthenticationFailedException;
/**
* Authorize the GeodePermission for a given Principal
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
index 5eca744..ce87bf8 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package org.apache.geode.security.templates;
import java.security.Principal;
@@ -29,11 +28,11 @@ public class SamplePostProcessor implements PostProcessor{
@Override
public void init(final Properties securityProps) {
-
}
/**
- * this simply modifies the value with all the parameter values
+ * This simply modifies the value with all the parameter values
+ *
* @param principal
* The principal that's accessing the value
* @param regionName
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
index dd49f11..97ebe4f 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SampleSecurityManager.java
@@ -16,6 +16,8 @@
*/
package org.apache.geode.security.templates;
+import java.io.File;
+import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
@@ -45,19 +47,24 @@ import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.NotAuthorizedException;
/**
- * This class provides a sample implementation for authentication and authorization via the {@link SecurityManager}
+ * This class provides a sample implementation of {@link SecurityManager} for
+ * authentication and authorization initialized from data provided as JSON.
*
- * In order to use it, a Geode member must be started with the following properties:
- * <p/>
- * <code>
- * security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager
- * </code>
- * <p/>
- * The class is initialized with a JSON file called {@code security.json}. This file must exist on the classpath,
+ * <p>A Geode member must be configured with the following:
+ *
+ * <p>{@code security-manager = com.gemstone.gemfire.security.examples.SampleSecurityManager}
+ *
+ * <p>The class can be initialized with from either a JSON string or a JSON
+ * file
+ *
+ * <p>TODO: example of configuring from in-memory JSON string specified in securityProperties
+ *
+ * <p>TODO: example of configuring from a JSON file specified in securityProperties<br/>
+ * ...called {@code security.json}. This file must exist on the classpath,
* so members should be started with an appropriate {@code --classpath} option.
- * <p/>
- * The format of the file is as follows:
- * <pre>
+ *
+ * <p>The format of the JSON for configuration is as follows:
+ * <pre><code>
* {
* "roles": [
* {
@@ -74,11 +81,11 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
* ],
* "regions": ["RegionA", "RegionB"]
* }
- * ]
+ * ],
* "users": [
* {
* "name": "admin",
- * "password": "secret".
+ * "password": "secret",
* "roles": ["admin"]
* },
* {
@@ -88,105 +95,177 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
* }
* ]
* }
- * </pre>
+ * </code></pre>
*/
public class SampleSecurityManager implements SecurityManager {
- public SampleSecurityManager() {
- try {
- setUpWithJsonFile("security.json");
+ public static final String SECURITY_JSON = "security-json";
+
+ protected static final String DEFAULT_JSON_FILE_NAME = "security.json";
+
+ private Map<String, User> userNameToUser;
+
+ @Override
+ public boolean authorize(final Principal principal, final GeodePermission context) {
+ if (principal == null) return false;
+
+ User user = this.userNameToUser.get(principal.getName());
+ if (user == null) return false; // this user is not authorized to do anything
+
+ // check if the user has this permission defined in the context
+ for (Role role : this.userNameToUser.get(user.name).roles) {
+ for (Permission permitted : role.permissions) {
+ if (permitted.implies(context)) {
+ return true;
+ }
+ }
}
- catch (IOException e) {
- e.printStackTrace();
+
+ return false;
+ }
+
+ @Override
+ public void init(final Properties securityProperties) throws NotAuthorizedException {
+ String jsonPropertyValue = securityProperties.getProperty(SECURITY_JSON);
+ if (jsonPropertyValue == null) {
+ throw new AuthenticationFailedException("SampleSecurityManager: property [" + SECURITY_JSON + "] must be set.");
+ }
+
+ // 1st try to load value as a json resource
+ boolean initialized = initializeFromJsonResource(jsonPropertyValue);
+
+ // 2nd try to load value as a json file
+ if (!initialized) {
+ initialized = initializeFromJsonFile(new File(jsonPropertyValue));
+ }
+
+ // 3rd try to use value as a json string
+ if (!initialized) {
+ initialized = initializeFromJson(jsonPropertyValue);
+ }
+
+ if (!initialized) {
+ throw new AuthenticationFailedException("SampleSecurityManager: unable to read json from \"" + jsonPropertyValue + "\" as specified by [" + SECURITY_JSON + "].");
}
}
- public static class Role {
- List<GeodePermission> permissions = new ArrayList<>();
- String name;
- String serverGroup;
+ @Override
+ public Principal authenticate(final Properties credentials) throws AuthenticationFailedException {
+ String user = credentials.getProperty(ResourceConstants.USER_NAME);
+ String password = credentials.getProperty(ResourceConstants.PASSWORD);
+
+ User userObj = this.userNameToUser.get(user);
+ if (userObj == null) {
+ throw new AuthenticationFailedException("SampleSecurityManager: wrong username/password");
+ }
+
+ if (user != null && !userObj.password.equals(password) && !"".equals(user)) {
+ throw new AuthenticationFailedException("SampleSecurityManager: wrong username/password");
+ }
+
+ return new JMXPrincipal(user);
}
- public static class User {
- String name;
- Set<Role> roles = new HashSet<>();
- String pwd;
+ boolean initializeFromJson(final String json) {//throws IOException {
+ try {
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode jsonNode = mapper.readTree(json);
+ this.userNameToUser = new HashMap<>();
+ Map<String, Role> roleMap = readRoles(jsonNode);
+ readUsers(this.userNameToUser, jsonNode, roleMap);
+ return true;
+ } catch (IOException ex) {
+ return false;
+ }
}
- private static Map<String, User> acl = null;
+ boolean initializeFromJsonFile(final File jsonFile) {//throws IOException {
+ try {
+ InputStream input = new FileInputStream(jsonFile);
+ if (input != null) {
+ initializeFromJson(readJsonFromInputStream(input));
+ return true;
+ }
+ } catch (IOException ex) {
+ }
+ return false;
+ }
+ boolean initializeFromJsonResource(final String jsonResource) {//throws IOException {
+ try {
+ InputStream input = ClassLoader.getSystemResourceAsStream(jsonResource);
+ if (input != null) {
+ initializeFromJson(readJsonFromInputStream(input));
+ return true;
+ }
+ } catch (IOException ex) {
+ }
+ return false;
+ }
- public static void setUpWithJsonFile(String jsonFileName) throws IOException {
- InputStream input = ClassLoader.getSystemResourceAsStream(jsonFileName);
- if (input == null)
- return;
+ User getUser(final String user) {
+ return this.userNameToUser.get(user);
+ }
+ private String readJsonFromInputStream(final InputStream input) throws IOException {
StringWriter writer = new StringWriter();
IOUtils.copy(input, writer, "UTF-8");
- String json = writer.toString();
- readSecurityDescriptor(json);
+ return writer.toString();
}
- protected static void readSecurityDescriptor(String json) throws IOException {
- ObjectMapper mapper = new ObjectMapper();
- JsonNode jsonNode = mapper.readTree(json);
- acl = new HashMap<>();
- Map<String, Role> roleMap = readRoles(jsonNode);
- readUsers(acl, jsonNode, roleMap);
- }
-
- private static void readUsers(Map<String, User> acl, JsonNode node, Map<String, Role> roleMap) {
- for (JsonNode u : node.get("users")) {
+ private void readUsers(final Map<String, User> rolesToUsers, final JsonNode node, final Map<String, Role> roleMap) {
+ for (JsonNode usersNode : node.get("users")) {
User user = new User();
- user.name = u.get("name").asText();
+ user.name = usersNode.get("name").asText();
- if (u.has("password")) {
- user.pwd = u.get("password").asText();
+ if (usersNode.has("password")) {
+ user.password = usersNode.get("password").asText();
} else {
- user.pwd = user.name;
+ user.password = user.name;
}
- for (JsonNode r : u.get("roles")) {
- user.roles.add(roleMap.get(r.asText()));
+ for (JsonNode rolesNode : usersNode.get("roles")) {
+ user.roles.add(roleMap.get(rolesNode.asText()));
}
- acl.put(user.name, user);
+ rolesToUsers.put(user.name, user);
}
}
- private static Map<String, Role> readRoles(JsonNode jsonNode) {
+ private Map<String, Role> readRoles(final JsonNode jsonNode) {
if (jsonNode.get("roles") == null) {
return Collections.EMPTY_MAP;
}
-
Map<String, Role> roleMap = new HashMap<>();
- for (JsonNode r : jsonNode.get("roles")) {
+ for (JsonNode rolesNode : jsonNode.get("roles")) {
Role role = new Role();
- role.name = r.get("name").asText();
+ role.name = rolesNode.get("name").asText();
String regionNames = null;
String keys = null;
- JsonNode regions = r.get("regions");
- if (regions != null) {
- if (regions.isArray()) {
- regionNames = StreamSupport.stream(regions.spliterator(), false)
- .map(JsonNode::asText)
- .collect(Collectors.joining(","));
+ JsonNode regionsNode = rolesNode.get("regions");
+ if (regionsNode != null) {
+ if (regionsNode.isArray()) {
+ regionNames = StreamSupport.stream(regionsNode.spliterator(), false)
+ .map(JsonNode::asText)
+ .collect(Collectors.joining(","));
} else {
- regionNames = regions.asText();
+ regionNames = regionsNode.asText();
}
}
- for (JsonNode op : r.get("operationsAllowed")) {
- String[] parts = op.asText().split(":");
+ for (JsonNode operationsAllowedNode : rolesNode.get("operationsAllowed")) {
+ String[] parts = operationsAllowedNode.asText().split(":");
String resourcePart = (parts.length > 0) ? parts[0] : null;
String operationPart = (parts.length > 1) ? parts[1] : null;
- if(parts.length>2){
+
+ if (parts.length>2){
regionNames = parts[2];
}
- if(parts.length>3){
+ if (parts.length>3){
keys = parts[3];
}
+
String regionPart = (regionNames != null) ? regionNames : "*";
String keyPart = (keys !=null) ? keys : "*";
@@ -195,54 +274,24 @@ public class SampleSecurityManager implements SecurityManager {
roleMap.put(role.name, role);
- if (r.has("serverGroup")) {
- role.serverGroup = r.get("serverGroup").asText();
+ if (rolesNode.has("serverGroup")) {
+ role.serverGroup = rolesNode.get("serverGroup").asText();
}
}
return roleMap;
}
- public static Map<String, User> getAcl() {
- return acl;
- }
- @Override
- public boolean authorize(Principal principal, GeodePermission context) {
- if (principal == null) return false;
-
- User user = acl.get(principal.getName());
- if (user == null) return false; // this user is not authorized to do anything
-
- // check if the user has this permission defined in the context
- for (Role role : acl.get(user.name).roles) {
- for (Permission permitted : role.permissions) {
- if (permitted.implies(context)) {
- return true;
- }
- }
- }
-
- return false;
+ static class Role {
+ List<GeodePermission> permissions = new ArrayList<>();
+ String name;
+ String serverGroup;
}
- @Override
- public void init(Properties props) throws NotAuthorizedException {
+ static class User {
+ String name;
+ Set<Role> roles = new HashSet<>();
+ String password;
}
- @Override
- public Principal authenticate(Properties props) throws AuthenticationFailedException {
- String user = props.getProperty(ResourceConstants.USER_NAME);
- String pwd = props.getProperty(ResourceConstants.PASSWORD);
-
- User userObj = acl.get(user);
- if (userObj == null) {
- throw new AuthenticationFailedException("Wrong username/password");
- }
-
- if (user != null && !userObj.pwd.equals(pwd) && !"".equals(user)) {
- throw new AuthenticationFailedException("Wrong username/password");
- }
-
- return new JMXPrincipal(user);
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
index c4b3a4d..36783ed 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
@@ -31,6 +31,7 @@ import java.util.Map;
import java.util.Properties;
import org.apache.geode.security.templates.SamplePostProcessor;
+import org.apache.geode.security.templates.SampleSecurityManager;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -38,7 +39,6 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.InternalGemFireException;
import com.gemstone.gemfire.UnmodifiableException;
import com.gemstone.gemfire.internal.ConfigSource;
-import com.gemstone.gemfire.security.JSONAuthorization;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -326,11 +326,10 @@ public class DistributionConfigJUnitTest {
assertTrue(config.isAttributeModifiable(JMX_MANAGER_HTTP_PORT));
}
-
@Test
public void testSecurityProps(){
Properties props = new Properties();
- props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
props.put(SECURITY_LOG_LEVEL, "config");
// add another non-security property to verify it won't get put in the security properties
@@ -343,7 +342,7 @@ public class DistributionConfigJUnitTest {
@Test
public void testSecurityPropsWithNoSetter(){
Properties props = new Properties();
- props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
props.put(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
props.put(SECURITY_LOG_LEVEL, "config");
// add another non-security property to verify it won't get put in the security properties
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
index 272b04f..bdd1ec6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
@@ -16,13 +16,13 @@
*/
package com.gemstone.gemfire.internal.security;
-
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import static org.assertj.core.api.Java6Assertions.*;
import static org.junit.Assert.*;
import java.util.Properties;
+import org.apache.geode.security.templates.SampleSecurityManager;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -32,15 +32,17 @@ import com.gemstone.gemfire.test.junit.categories.UnitTest;
@Category(UnitTest.class)
public class GeodeSecurityUtilTest {
- Properties properties;
+
+ private Properties properties;
+
@Before
- public void before(){
+ public void before() {
properties = new Properties();
GeodeSecurityUtil.initSecurity(properties);
}
@Test
- public void testGetObjectFromConstructor(){
+ public void testGetObjectFromConstructor() {
String string = GeodeSecurityUtil.getObjectOfType(String.class.getName(), String.class);
assertNotNull(string);
CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(String.class.getName(), CharSequence.class);
@@ -58,7 +60,7 @@ public class GeodeSecurityUtilTest {
}
@Test
- public void testGetObjectFromFactoryMethod(){
+ public void testGetObjectFromFactoryMethod() {
String string = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
assertNotNull(string);
CharSequence charSequence = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
@@ -82,6 +84,7 @@ public class GeodeSecurityUtilTest {
@Test
public void testInitWithSecurityManager() {
properties.setProperty(SECURITY_MANAGER, "org.apache.geode.security.templates.SampleSecurityManager");
+ properties.setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/security/templates/security.json");
GeodeSecurityUtil.initSecurity(properties);
assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
assertTrue(GeodeSecurityUtil.isIntegratedSecurity());
@@ -89,8 +92,7 @@ public class GeodeSecurityUtilTest {
}
@Test
- public void testInitWithClientAuthenticator()
- {
+ public void testInitWithClientAuthenticator() {
properties.setProperty(SECURITY_CLIENT_AUTHENTICATOR, "org.abc.test");
GeodeSecurityUtil.initSecurity(properties);
assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
@@ -99,8 +101,7 @@ public class GeodeSecurityUtilTest {
}
@Test
- public void testInitWithPeerAuthenticator()
- {
+ public void testInitWithPeerAuthenticator() {
properties.setProperty(SECURITY_PEER_AUTHENTICATOR, "org.abc.test");
GeodeSecurityUtil.initSecurity(properties);
assertFalse(GeodeSecurityUtil.isClientSecurityRequired());
@@ -109,8 +110,7 @@ public class GeodeSecurityUtilTest {
}
@Test
- public void testInitWithShiroAuthenticator()
- {
+ public void testInitWithShiroAuthenticator() {
properties.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
GeodeSecurityUtil.initSecurity(properties);
assertTrue(GeodeSecurityUtil.isClientSecurityRequired());
@@ -119,6 +119,7 @@ public class GeodeSecurityUtilTest {
}
private static class Factories{
+
public static String getString(){
return new String();
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
index 163f9b5..a6627d5 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CliCommandTestBase.java
@@ -29,6 +29,7 @@ import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import org.apache.geode.security.templates.SampleSecurityManager;
import org.junit.Rule;
import org.junit.rules.TemporaryFolder;
@@ -42,31 +43,33 @@ import com.gemstone.gemfire.management.internal.cli.parser.CommandTarget;
import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
-import com.gemstone.gemfire.security.JSONAuthorization;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
+import com.gemstone.gemfire.test.dunit.rules.DistributedRestoreSystemProperties;
/**
* Base class for all the CLI/gfsh command dunit tests.
*/
public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
- private static final long serialVersionUID = 1L;
+ public static final String USE_HTTP_SYSTEM_PROPERTY = "useHTTP";
+
+ private boolean useHttpOnConnect = Boolean.getBoolean(USE_HTTP_SYSTEM_PROPERTY);
private ManagementService managementService;
private transient HeadlessGfsh shell;
- public static final String USE_HTTP_SYSTEM_PROPERTY = "useHTTP";
- private boolean useHttpOnConnect = Boolean.getBoolean(USE_HTTP_SYSTEM_PROPERTY);
-
protected transient int httpPort;
protected transient int jmxPort;
protected transient String jmxHost;
protected transient String gfshDir;
@Rule
+ public transient DistributedRestoreSystemProperties restoreSystemProperties = new DistributedRestoreSystemProperties();
+
+ @Rule
public transient TemporaryFolder temporaryFolder = new TemporaryFolder();
@Override
@@ -97,7 +100,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
* cache). When adding regions, functions, keys, whatever to your cache for tests, you'll need to use
* Host.getHost(0).getVM(0).invoke(new SerializableRunnable() { public void run() { ... } } in order to have this
* setup run in the same VM as the manager.
- * <p>
*
* @param props the Properties used when creating the cache for this default setup.
* @return the default testable GemFire shell.
@@ -117,10 +119,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
}
/**
- *
- * @param vm
- * @param props
- * @param jsonFile
* @return an object array, result[0] is jmxHost(String), result[1] is jmxPort, result[2] is httpPort
*/
protected Object[] setUpJMXManagerOnVM(int vm, final Properties props, String jsonFile) {
@@ -139,6 +137,10 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
localProps.setProperty(NAME, "Manager");
}
+ if (jsonFile!=null) {
+ localProps.setProperty(SampleSecurityManager.SECURITY_JSON, jsonFile);
+ }
+
final int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
jmxPort = ports[0];
@@ -153,10 +155,6 @@ public abstract class CliCommandTestBase extends JUnit4CacheTestCase {
getSystem(localProps);
verifyManagementServiceStarted(getCache());
- if(jsonFile!=null){
- JSONAuthorization.setUpWithJsonFile(jsonFile);
- }
-
IgnoredException.addIgnoredException("org.eclipse.jetty.io.EofException");
IgnoredException.addIgnoredException("java.nio.channels.ClosedChannelException");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index 6c626fc..6124e31 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -16,27 +16,28 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class AccessControlMBeanJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private AccessControlMXBean bean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -48,7 +49,6 @@ public class AccessControlMBeanJUnitTest {
/**
* Test that any authenticated user can access this method
- * @throws Exception
*/
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index 6857e18..53fce5f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -30,13 +28,14 @@ import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
@Category(IntegrationTest.class)
public class CacheServerMBeanAuthenticationJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private CacheServerMXBean bean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -46,7 +45,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
bean = connectionRule.getProxyMBean(CacheServerMXBean.class, "GemFire:service=CacheServer,*");
}
- @Test()
+ @Test
@JMXConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.removeIndex("foo");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 39094fb..aba0b58 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -16,27 +16,29 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
import static org.assertj.core.api.Assertions.*;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.CacheServerMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.CacheServerMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class CacheServerMBeanAuthorizationJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private CacheServerMXBean bean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
index 85a55a7..d53dc0e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanShiroJUnitTest.java
@@ -18,17 +18,20 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.CacheServerMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.CacheServerMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class CacheServerMBeanShiroJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private CacheServerMXBean bean;
@@ -57,7 +60,6 @@ public class CacheServerMBeanShiroJUnitTest {
bean.showClientQueueDetails("foo");
}
-
@Test
@JMXConnectionConfiguration(user = "guest", password = "guest")
public void testNoAccess() throws Exception {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
index af26147..56078e1 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CliCommandsSecurityTest.java
@@ -16,8 +16,6 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-import static org.assertj.core.api.AssertionsForClassTypes.fail;
import static org.junit.Assert.*;
import java.util.List;
@@ -35,8 +33,9 @@ import com.gemstone.gemfire.security.NotAuthorizedException;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-@Category({IntegrationTest.class, SecurityTest.class})
+@Category({ IntegrationTest.class, SecurityTest.class })
public class CliCommandsSecurityTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private MemberMXBean bean;
@@ -45,7 +44,7 @@ public class CliCommandsSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
index 73da024..eea9f06 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
@@ -17,28 +17,29 @@
package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.security.GemFireSecurityException;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category({IntegrationTest.class, SecurityTest.class})
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.security.GemFireSecurityException;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class DataCommandsSecurityTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private MemberMXBean bean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index 2d8099d..185c984 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -17,11 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.DiskStoreMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
@@ -29,15 +25,21 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.DiskStoreMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class DiskStoreMXBeanSecurityJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private DiskStoreMXBean bean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index 8bc55f0..b339094 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -18,15 +18,9 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
import javax.management.ObjectName;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.GatewayReceiverMXBean;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -35,18 +29,26 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.GatewayReceiverMXBean;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class GatewayReceiverMBeanSecurityTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
- private GatewayReceiverMXBean bean;
private static GatewayReceiverMXBean mock = mock(GatewayReceiverMXBean.class);
private static ObjectName mockBeanName = null;
private static ManagementService service = null;
+ private GatewayReceiverMXBean bean;
+
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index fe4f624..e65adfb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -18,15 +18,9 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
import javax.management.ObjectName;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.GatewaySenderMXBean;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -35,18 +29,27 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.GatewaySenderMXBean;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.internal.beans.GatewaySenderMBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class GatewaySenderMBeanSecurityTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
- private GatewaySenderMXBean bean;
private static GatewaySenderMBean mock = mock(GatewaySenderMBean.class);
private static ObjectName mockBeanName = null;
private static ManagementService service = null;
+ private GatewaySenderMXBean bean;
+
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
index a955dae..104ea5e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodePermissionJUnitTest.java
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.management.internal.security;
import static org.junit.Assert.*;
@@ -22,13 +21,14 @@ import static org.junit.Assert.*;
import org.apache.geode.security.GeodePermission;
import org.apache.geode.security.GeodePermission.Operation;
import org.apache.geode.security.GeodePermission.Resource;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
-
import org.apache.shiro.authz.permission.WildcardPermission;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(UnitTest.class)
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+import com.gemstone.gemfire.test.junit.categories.UnitTest;
+
+@Category({ UnitTest.class, SecurityTest.class })
public class GeodePermissionJUnitTest {
private GeodePermission context;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
index dd9961d..78168bf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilCustomRealmJUnitTest.java
@@ -14,30 +14,30 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.management.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import org.apache.geode.security.templates.SampleSecurityManager;
import org.junit.BeforeClass;
import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
-import com.gemstone.gemfire.security.JSONAuthorization;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
/**
- * this test and ShiroUtilWithIniFileJunitTest uses the same test body, but initialize the SecurityUtils differently.
- * If you change shiro-ini.json, remmber to change the shiro.ini to match the changes as well.
+ * Integration tests for {@link GeodeSecurityUtil} using shiro-ini.json.
+ *
+ * @see GeodeSecurityUtilWithIniFileJUnitTest
*/
-
-@Category(UnitTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
public class GeodeSecurityUtilCustomRealmJUnitTest extends GeodeSecurityUtilWithIniFileJUnitTest {
+
@BeforeClass
- public static void beforeClass() throws Exception{
- props.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
- JSONAuthorization.setUpWithJsonFile(SHIRO_INI_JSON);
+ public static void beforeClass() throws Exception {
+ props.put(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/shiro-ini.json");
+ props.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
GeodeSecurityUtil.initSecurity(props);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
index 6496076..ec0d393 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GeodeSecurityUtilWithIniFileJUnitTest.java
@@ -14,7 +14,6 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.management.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@@ -22,23 +21,24 @@ import static org.assertj.core.api.Assertions.*;
import java.util.Properties;
+import org.apache.geode.security.GeodePermission;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import org.apache.geode.security.GeodePermission;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-import com.gemstone.gemfire.test.junit.categories.UnitTest;
/**
- * this test and ShiroUtilCustomRealmJUunitTest uses the same test body, but initialize the SecurityUtils differently.
- * If you change shiro.ini, remmber to change the shiro-ini.json to match the changes as well.
+ * Integration tests for {@link GeodeSecurityUtil} using shiro.ini
*/
-@Category({UnitTest.class, SecurityTest.class})
+@Category({ IntegrationTest.class, SecurityTest.class })
public class GeodeSecurityUtilWithIniFileJUnitTest {
+
protected static Properties props = new Properties();
+
@BeforeClass
public static void beforeClass() throws Exception{
props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
index 8b96e8b..44db600 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -14,12 +14,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.management.internal.security;
-import static com.gemstone.gemfire.internal.Assert.assertTrue;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import static com.gemstone.gemfire.internal.Assert.*;
+import org.apache.geode.security.templates.SamplePostProcessor;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -28,25 +27,22 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.internal.AvailablePortHelper;
import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
-import org.apache.geode.security.templates.SamplePostProcessor;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-@Category(IntegrationTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
public class GfshCommandsPostProcessorTest {
+
protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
private HeadlessGfsh gfsh = null;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxPort, CACHE_SERVER_JSON, SamplePostProcessor.class);
+ jmxPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json", SamplePostProcessor.class);
@Rule
- public GfshShellConnectionRule gfshConnection;
-
- public GfshCommandsPostProcessorTest(){
- gfshConnection = new GfshShellConnectionRule(jmxPort);
- }
+ public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort);
@Before
public void before(){
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
index 603088e..8d6c54d 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GfshCommandsSecurityTest.java
@@ -14,11 +14,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
package com.gemstone.gemfire.management.internal.security;
import static org.junit.Assert.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
import java.util.List;
@@ -37,9 +35,11 @@ import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
import com.gemstone.gemfire.management.internal.cli.result.ErrorResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-@Category(IntegrationTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
public class GfshCommandsSecurityTest {
+
protected static int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
protected static int jmxPort = ports[0];
protected static int httpPort = ports[1];
@@ -48,15 +48,10 @@ public class GfshCommandsSecurityTest {
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxPort, httpPort, CACHE_SERVER_JSON);
+ jmxPort, httpPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
- public GfshShellConnectionRule gfshConnection;
-
- public GfshCommandsSecurityTest(){
- gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false);
- }
-
+ public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false);
@Before
public void before(){
@@ -129,7 +124,6 @@ public class GfshCommandsSecurityTest {
runCommandsWithAndWithout("DATA:MANAGE:RegionA");
}
-
private void runCommandsWithAndWithout(String permission) throws Exception{
List<TestCommand> allPermitted = TestCommand.getPermittedCommands(new WildcardPermission(permission, true));
for(TestCommand permitted:allPermitted) {
@@ -184,6 +178,4 @@ public class GfshCommandsSecurityTest {
gfsh.executeCommand("query --query=\"select * from /region1\"");
}
-
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
index 1d4fb40..81cf92f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JsonAuthorizationCacheStartRule.java
@@ -20,13 +20,14 @@ import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import java.util.Properties;
+import org.apache.geode.security.templates.SampleSecurityManager;
import org.junit.rules.ExternalResource;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.security.JSONAuthorization;
public class JsonAuthorizationCacheStartRule extends ExternalResource {
+
private Cache cache;
private int jmxManagerPort = 0;
private int httpPort = 0;
@@ -39,7 +40,6 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
this.postProcessor = postProcessor;
}
-
public JsonAuthorizationCacheStartRule(int jmxManagerPort, String jsonFile) {
this.jmxManagerPort = jmxManagerPort;
this.jsonFile = jsonFile;
@@ -53,6 +53,7 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
protected void before() throws Throwable {
Properties properties = new Properties();
+ properties.put(SampleSecurityManager.SECURITY_JSON, jsonFile);
properties.put(NAME, JsonAuthorizationCacheStartRule.class.getSimpleName());
properties.put(LOCATORS, "");
properties.put(MCAST_PORT, "0");
@@ -60,20 +61,18 @@ public class JsonAuthorizationCacheStartRule extends ExternalResource {
properties.put(JMX_MANAGER_START, "true");
properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort));
properties.put(HTTP_SERVICE_PORT, String.valueOf(httpPort));
- properties.put(SECURITY_MANAGER, JSONAuthorization.class.getName());
+ properties.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
- if(postProcessor!=null){
+ if (postProcessor!=null) {
properties.put(SECURITY_POST_PROCESSOR, postProcessor.getName());
}
- JSONAuthorization.setUpWithJsonFile(jsonFile);
-
cache = new CacheFactory(properties).create();
cache.addCacheServer().start();
cache.createRegionFactory().create("region1");
}
- public Cache getCache(){
+ public Cache getCache() {
return cache;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
index 44e414c..8258f81 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/LockServiceMBeanAuthorizationJUnitTest.java
@@ -17,14 +17,7 @@
package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
-import com.gemstone.gemfire.distributed.internal.locks.DLockService;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.LockServiceMXBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -33,15 +26,24 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.distributed.internal.locks.DLockService;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.LockServiceMXBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class LockServiceMBeanAuthorizationJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private LockServiceMXBean lockServiceMBean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
index 1d6c95d..1d77375 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanSecurityJUnitTest.java
@@ -16,17 +16,11 @@
*/
package com.gemstone.gemfire.management.internal.security;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.ManagementException;
-import com.gemstone.gemfire.management.ManagementService;
-import com.gemstone.gemfire.management.MemberMXBean;
-import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
-import org.junit.ClassRule;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.io.IOException;
+import java.util.Set;
import javax.management.DynamicMBean;
import javax.management.MBeanServer;
@@ -35,25 +29,31 @@ import javax.management.MalformedObjectNameException;
import javax.management.ObjectInstance;
import javax.management.ObjectName;
import javax.management.ReflectionException;
-import java.io.IOException;
-import java.util.Set;
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.mock;
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.ManagementException;
+import com.gemstone.gemfire.management.ManagementService;
+import com.gemstone.gemfire.management.MemberMXBean;
+import com.gemstone.gemfire.management.internal.MBeanJMXAdapter;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-@Category(IntegrationTest.class)
+@Category({ IntegrationTest.class, SecurityTest.class })
public class MBeanSecurityJUnitTest {
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, CACHE_SERVER_JSON);
+ public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
-
/**
* No user can call createBean or unregisterBean of GemFire Domain
*/
@@ -75,9 +75,9 @@ public class MBeanSecurityJUnitTest {
).isInstanceOf(ReflectionException.class);
}
- /*
- * looks like everyone can query for beans, but the AccessControlMXBean is filtered from the result
- */
+ /**
+ * looks like everyone can query for beans, but the AccessControlMXBean is filtered from the result
+ */
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testQueryBean() throws MalformedObjectNameException, IOException {
@@ -89,8 +89,8 @@ public class MBeanSecurityJUnitTest {
assertThat(objects.size()).isEqualTo(1);
}
- /*
- * These calls does not go through the MBeanServerWrapper authentication, therefore is not throwing the SecurityExceptions
+ /**
+ * These calls does not go through the MBeanServerWrapper authentication, therefore is not throwing the SecurityExceptions
*/
@Test
public void testLocalCalls() throws Exception{
@@ -103,8 +103,6 @@ public class MBeanSecurityJUnitTest {
assertThatThrownBy(
() -> adapter.registerMBean(mock(DynamicMBean.class), new ObjectName("MockDomain", "name", "mock"), false)
).isInstanceOf(ManagementException.class);
-
-
}
@Test
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
index 51cc6b8..2ca4b19 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/MBeanServerConnectionRule.java
@@ -22,6 +22,7 @@ import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
+
import javax.management.JMX;
import javax.management.MBeanServerConnection;
import javax.management.MalformedObjectNameException;
@@ -33,13 +34,13 @@ import javax.management.remote.JMXConnector;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
-import com.gemstone.gemfire.test.junit.rules.DescribedExternalResource;
import org.junit.runner.Description;
+import com.gemstone.gemfire.test.junit.rules.DescribedExternalResource;
+
/**
* Class which eases the creation of MBeans for security testing. When combined with {@link JMXConnectionConfiguration}
* it allows for the creation of per-test connections with different user/password combinations.
- *
*/
public class MBeanServerConnectionRule extends DescribedExternalResource {
@@ -96,7 +97,6 @@ public class MBeanServerConnectionRule extends DescribedExternalResource {
return getProxyMBean(null, beanQueryName);
}
-
public MBeanServerConnection getMBeanServerConnection() throws IOException {
return con;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8812d540/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
index 635daa6..4df20e7 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/ManagerMBeanAuthorizationJUnitTest.java
@@ -18,15 +18,11 @@ package com.gemstone.gemfire.management.internal.security;
import static org.assertj.core.api.Assertions.*;
import static org.mockito.Mockito.*;
-import static com.gemstone.gemfire.security.JSONAuthorization.*;
import java.lang.management.ManagementFactory;
+
import javax.management.ObjectName;
-import com.gemstone.gemfire.internal.AvailablePort;
-import com.gemstone.gemfire.management.ManagerMXBean;
-import com.gemstone.gemfire.management.internal.beans.ManagerMBean;
-import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.ClassRule;
@@ -34,15 +30,22 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-@Category(IntegrationTest.class)
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.management.ManagerMXBean;
+import com.gemstone.gemfire.management.internal.beans.ManagerMBean;
+import com.gemstone.gemfire.test.junit.categories.IntegrationTest;
+import com.gemstone.gemfire.test.junit.categories.SecurityTest;
+
+@Category({ IntegrationTest.class, SecurityTest.class })
public class ManagerMBeanAuthorizationJUnitTest {
+
private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
private ManagerMXBean managerMXBean;
@ClassRule
public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, CACHE_SERVER_JSON);
+ jmxManagerPort, "com/gemstone/gemfire/management/internal/security/cacheServer.json");
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);