You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2016/10/19 20:00:01 UTC
[33/50] [abbrv] incubator-geode git commit: GEODE-1993: refactor
tests to use rules rather than abstract classes
GEODE-1993: refactor tests to use rules rather than abstract classes
* created ServerStarter and LocatorStarter in the rule package
* refacterred LocatorServerConfigurationRule
* refactor tests to use these rules
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/de621597
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/de621597
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/de621597
Branch: refs/heads/feature/GEODE-1874
Commit: de62159780496c3362a1b6ac840e87bba019bc62
Parents: b065993
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Wed Oct 12 09:30:15 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Fri Oct 14 14:59:26 2016 -0700
----------------------------------------------------------------------
.../internal/web/RestSecurityDUnitTest.java | 557 -------------------
.../web/RestSecurityIntegrationTest.java | 497 +++++++++++++++++
.../security/IntegratedSecurityService.java | 2 +-
.../security/AccessControlMBeanJUnitTest.java | 7 +-
...CacheServerMBeanAuthenticationJUnitTest.java | 7 +-
.../CacheServerMBeanAuthorizationJUnitTest.java | 13 +-
.../CacheServerMBeanShiroJUnitTest.java | 30 +-
.../security/CacheServerStartupRule.java | 74 +++
.../security/CliCommandsSecurityTest.java | 9 +-
.../security/DataCommandsSecurityTest.java | 11 +-
.../DiskStoreMXBeanSecurityJUnitTest.java | 9 +-
.../GatewayReceiverMBeanSecurityTest.java | 9 +-
.../GatewaySenderMBeanSecurityTest.java | 9 +-
.../security/GfshCommandsPostProcessorTest.java | 30 +-
.../security/GfshCommandsSecurityTest.java | 48 +-
.../security/GfshShellConnectionRule.java | 5 +-
.../security/JMXConnectionConfiguration.java | 33 --
.../security/JavaRmiServerNameTest.java | 28 +-
.../JsonAuthorizationCacheStartRule.java | 86 ---
.../LockServiceMBeanAuthorizationJUnitTest.java | 11 +-
.../security/MBeanSecurityJUnitTest.java | 10 +-
.../security/MBeanServerConnectionRule.java | 130 -----
.../ManagerMBeanAuthorizationJUnitTest.java | 9 +-
.../security/MemberMBeanSecurityJUnitTest.java | 13 +-
.../security/ResourcePermissionTest.java | 25 +-
.../internal/security/ShiroCacheStartRule.java | 64 ---
.../security/AbstractSecureServerDUnitTest.java | 104 +---
.../ClusterConfigWithoutSecurityDUnitTest.java | 26 +-
.../security/IntegratedClientAuthDUnitTest.java | 19 +-
.../NoShowValue1PostProcessorDUnitTest.java | 8 +-
.../security/PDXPostProcessorDUnitTest.java | 18 +-
.../geode/security/PostProcessorDUnitTest.java | 10 +-
.../SecurityClusterConfigDUnitTest.java | 46 +-
.../SecurityWithoutClusterConfigDUnitTest.java | 16 +-
.../security/StartServerAuthorizationTest.java | 17 +-
.../dunit/rules/ConnectionConfiguration.java | 34 ++
.../rules/LocatorServerConfigurationRule.java | 148 -----
.../dunit/rules/LocatorServerStartupRule.java | 133 +++++
.../geode/test/dunit/rules/LocatorStarter.java | 74 +++
.../dunit/rules/MBeanServerConnectionRule.java | 132 +++++
.../geode/test/dunit/rules/ServerStarter.java | 99 ++++
.../geode/security/CQClientAuthDunitTest.java | 6 +-
.../security/CQPDXPostProcessorDUnitTest.java | 19 +-
.../security/CQPostProcessorDunitTest.java | 10 +-
.../LuceneClusterConfigurationDUnitTest.java | 25 +-
.../web/controllers/CommonCrudController.java | 4 +-
.../web/controllers/PdxBasedCrudController.java | 4 +-
.../web/security/RestSecurityService.java | 2 +-
48 files changed, 1382 insertions(+), 1298 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityDUnitTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityDUnitTest.java
deleted file mode 100644
index 59e00c8..0000000
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityDUnitTest.java
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.geode.rest.internal.web;
-
-import static org.junit.Assert.*;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.MalformedURLException;
-import java.nio.charset.StandardCharsets;
-
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpHost;
-import org.apache.http.HttpResponse;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.client.AuthCache;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.client.CredentialsProvider;
-import org.apache.http.client.methods.HttpDelete;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpHead;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.protocol.HttpClientContext;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.auth.BasicScheme;
-import org.apache.http.impl.client.BasicAuthCache;
-import org.apache.http.impl.client.BasicCredentialsProvider;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.json.JSONArray;
-import org.json.JSONObject;
-import org.json.JSONTokener;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import org.apache.geode.internal.AvailablePortHelper;
-import org.apache.geode.security.AbstractSecureServerDUnitTest;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-
-@Category({ DistributedTest.class, SecurityTest.class })
-public class RestSecurityDUnitTest extends AbstractSecureServerDUnitTest {
-
- public final static String PROTOCOL = "http";
- public final static String HOSTNAME = "localhost";
- public final static String CONTEXT = "/geode/v1";
-
- public RestSecurityDUnitTest() throws MalformedURLException {
- int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
- this.jmxPort = ports[0];
- this.restPort = ports[1];
- }
-
- @Test
- public void testFunctions() {
- client1.invoke(() -> {
- String json = "{\"@type\":\"double\",\"@value\":210}";
-
- HttpResponse response = doGet("/functions", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/functions", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/functions", "dataReader", "1234567");
- assertTrue(isOK(response));
-
- response = doPost("/functions/AddFreeItemsToOrder", "unknown-user", "1234567", json);
- assertEquals(401, getCode(response));
- response = doPost("/functions/AddFreeItemsToOrder", "dataReader", "1234567", json);
- assertEquals(403, getCode(response));
- response = doPost("/functions/AddFreeItemsToOrder?onRegion=" + REGION_NAME, "dataWriter", "1234567", json);
- // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
- });
- }
-
- @Test
- public void testQueries() {
- client1.invoke(() -> {
- HttpResponse response = doGet("/queries", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/queries", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/queries", "dataReader", "1234567");
- assertEquals(200, getCode(response));
- });
- }
-
- @Test
- public void testAdhocQuery() {
- client1.invoke(() -> {
- HttpResponse response = doGet("/queries/adhoc?q=", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/queries/adhoc?q=", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/queries/adhoc?q=", "dataReader", "1234567");
- // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
- });
- }
-
- @Test
- public void testPostQuery() {
- client1.invoke(() -> {
- HttpResponse response = doPost("/queries?id=0&q=", "unknown-user", "1234567", "");
- assertEquals(401, getCode(response));
- response = doPost("/queries?id=0&q=", "stranger", "1234567", "");
- assertEquals(403, getCode(response));
- response = doPost("/queries?id=0&q=", "dataWriter", "1234567", "");
- // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
- });
- }
-
- @Test
- public void testPostQuery2() {
- client1.invoke(() -> {
- HttpResponse response = doPost("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(401, getCode(response));
- response = doPost("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(403, getCode(response));
- response = doPost("/queries/id", "dataWriter", "1234567", "{\"id\" : \"foo\"}");
- // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
- assertEquals(500, getCode(response));
- });
- }
-
- @Test
- public void testPutQuery() {
- client1.invoke(() -> {
- HttpResponse response = doPut("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(401, getCode(response));
- response = doPut("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
- assertEquals(403, getCode(response));
- response = doPut("/queries/id", "dataWriter", "1234567", "{\"id\" : \"foo\"}");
- // We should get a 404 because we're trying to update a query that doesn't exist
- assertEquals(404, getCode(response));
- });
- }
-
- @Test
- public void testDeleteQuery() {
- client1.invoke(() -> {
- HttpResponse response = doDelete("/queries/id", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doDelete("/queries/id", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doDelete("/queries/id", "dataWriter", "1234567");
- // We should get a 404 because we're trying to delete a query that doesn't exist
- assertEquals(404, getCode(response));
- });
- }
-
- @Test
- public void testServers() {
- client1.invoke(() -> {
- HttpResponse response = doGet("/servers", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- response = doGet("/servers", "stranger", "1234567");
- assertEquals(403, getCode(response));
- response = doGet("/servers", "super-user", "1234567");
- assertTrue(isOK(response));
- });
- }
-
- /**
- * This test should always return an OK, whether the user is known or unknown. A phishing script should not be
- * able to determine whether a user/password combination is good
- */
- @Test
- public void testPing() {
- client1.invoke(() -> {
- HttpResponse response = doHEAD("/ping", "stranger", "1234567");
- assertTrue(isOK(response));
- response = doGet("/ping", "stranger", "1234567");
- assertTrue(isOK(response));
-
- response = doHEAD("/ping", "super-user", "1234567");
- assertTrue(isOK(response));
- response = doGet("/ping", "super-user", "1234567");
- assertTrue(isOK(response));
-
- // TODO - invalid username/password should still respond, but doesn't
- // response = doHEAD("/ping", "unknown-user", "badpassword");
- // assertTrue(isOK(response));
- // response = doGet("/ping", "unknown-user", "badpassword");
- // assertTrue(isOK(response));
-
- // TODO - credentials are currently required and shouldn't be for this endpoint
- // response = doHEAD("/ping", null, null);
- // assertTrue(isOK(response));
- // response = doGet("/ping", null, null);
- // assertTrue(isOK(response));
- });
- }
-
- /**
- * Test permissions on retrieving a list of regions.
- */
- @Test
- public void getRegions() {
- client1.invoke(() -> {
- HttpResponse response = doGet("", "dataReader", "1234567");
- assertEquals("A '200 - OK' was expected", 200, getCode(response));
-
- assertTrue(isOK(response));
- JSONObject jsonObject = new JSONObject(getResponseBody(response));
- JSONArray regions = jsonObject.getJSONArray("regions");
- assertNotNull(regions);
- assertTrue(regions.length() > 0);
- JSONObject region = regions.getJSONObject(0);
- assertEquals("AuthRegion", region.get("name"));
- assertEquals("REPLICATE", region.get("type"));
- });
-
- // List regions with an unknown user - 401
- client1.invoke(() -> {
- HttpResponse response = doGet("", "unknown-user", "badpassword");
- assertEquals(401, getCode(response));
- });
-
- // list regions with insufficent rights - 403
- client1.invoke(() -> {
- HttpResponse response = doGet("", "authRegionReader", "1234567");
- assertEquals(403, getCode(response));
- });
- }
-
- /**
- * Test permissions on getting a region
- */
- @Test
- public void getRegion() {
- // Test an unknown user - 401 error
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME, "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- });
-
- // Test a user with insufficient rights - 403
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME, "stranger", "1234567");
- assertEquals(403, getCode(response));
- });
-
- // Test an authorized user - 200
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME, "super-user", "1234567");
- assertTrue(isOK(response));
- });
- }
-
- /**
- * Test permissions on HEAD region
- */
- @Test
- public void headRegion() {
- // Test an unknown user - 401 error
- client1.invoke(() -> {
- HttpResponse response = doHEAD("/" + REGION_NAME, "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- });
-
- // Test a user with insufficient rights - 403
- client1.invoke(() -> {
- HttpResponse response = doHEAD("/" + REGION_NAME, "stranger", "1234567");
- assertEquals(403, getCode(response));
- });
-
- // Test an authorized user - 200
- client1.invoke(() -> {
- HttpResponse response = doHEAD("/" + REGION_NAME, "super-user", "1234567");
- assertTrue(isOK(response));
- });
- }
-
- /**
- * Test permissions on deleting a region
- */
- @Test
- public void deleteRegion() {
- // Test an unknown user - 401 error
- client1.invoke(() -> {
- HttpResponse response = doDelete("/" + REGION_NAME, "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- });
-
- // Test a user with insufficient rights - 403
- client1.invoke(() -> {
- HttpResponse response = doDelete("/" + REGION_NAME, "dataReader", "1234567");
- assertEquals(403, getCode(response));
- });
-
- // Test an authorized user - 200
- client1.invoke(() -> {
- HttpResponse response = doDelete("/" + REGION_NAME, "super-user", "1234567");
- assertTrue(isOK(response));
- });
- }
-
- /**
- * Test permissions on getting a region's keys
- */
- @Test
- public void getRegionKeys() {
- // Test an authorized user
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME + "/keys", "super-user", "1234567");
- assertTrue(isOK(response));
- });
- // Test an unauthorized user
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME + "/keys", "dataWriter", "1234567");
- assertEquals(403, getCode(response));
- });
- }
-
- /**
- * Test permissions on retrieving a key from a region
- */
- @Test
- public void getRegionKey() {
- // Test an authorized user
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME + "/key1", "key1User", "1234567");
- assertTrue(isOK(response));
- });
- // Test an unauthorized user
- client1.invoke(() -> {
- HttpResponse response = doGet("/" + REGION_NAME + "/key1", "dataWriter", "1234567");
- assertEquals(403, getCode(response));
- });
- }
-
- /**
- * Test permissions on deleting a region's key(s)
- */
- @Test
- public void deleteRegionKey() {
- // Test an unknown user - 401 error
- client1.invoke(() -> {
- HttpResponse response = doDelete("/" + REGION_NAME + "/key1", "unknown-user", "1234567");
- assertEquals(401, getCode(response));
- });
-
- // Test a user with insufficient rights - 403
- client1.invoke(() -> {
- HttpResponse response = doDelete("/" + REGION_NAME + "/key1", "dataReader", "1234567");
- assertEquals(403, getCode(response));
- });
-
- // Test an authorized user - 200
- client1.invoke(() -> {
- HttpResponse response = doDelete("/" + REGION_NAME + "/key1", "key1User", "1234567");
- assertTrue(isOK(response));
- });
- }
-
- /**
- * Test permissions on deleting a region's key(s)
- */
- @Test
- public void postRegionKey() {
- // Test an unknown user - 401 error
- client1.invoke(() -> {
- HttpResponse response = doPost("/" + REGION_NAME + "?key9", "unknown", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(401, getCode(response));
- });
-
- // Test a user with insufficient rights - 403
- client1.invoke(() -> {
- HttpResponse response = doPost("/" + REGION_NAME + "?key9", "dataReader", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(403, getCode(response));
- });
-
- // Test an authorized user - 200
- client1.invoke(() -> {
- HttpResponse response = doPost("/" + REGION_NAME + "?key9", "dataWriter", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(201, getCode(response));
- assertTrue(isOK(response));
- });
- }
-
- /**
- * Test permissions on deleting a region's key(s)
- */
- @Test
- public void putRegionKey() {
-
- String json = "{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}";
- String casJSON = "{\"@old\":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225},\"@new \":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1013,\"description\":\"Order for New Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/25/2014\",\"contact\":\"Vanilla Bean\",\"email\":\"vanillabean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":12345,\"description\":\"part 123\",\"quantity\":12,\"unitPrice\":29.99,\"totalPrice\":149.95}],\"totalPrice\":149.95}}";
- // Test an unknown user - 401 error
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=PUT", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(401, getCode(response));
- });
-
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=CAS", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
- assertEquals(401, getCode(response));
- });
-
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "unknown-user", "1234567", "{ \"@old\" : \"value1\", \"@new\" : \"CASvalue\" }");
- assertEquals(401, getCode(response));
- });
-
- // Test a user with insufficient rights - 403
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=PUT", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
- assertEquals(403, getCode(response));
- });
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
- assertEquals(403, getCode(response));
- });
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=CAS", "dataReader", "1234567", casJSON);
- assertEquals(403, getCode(response));
- });
-
- // Test an authorized user - 200
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=PUT", "key1User", "1234567", "{ \"key1\" : \"foo\" }");
- assertEquals(200, getCode(response));
- assertTrue(isOK(response));
- });
- client1.invoke(() -> {
- HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "key1User", "1234567", json);
- assertEquals(200, getCode(response));
- assertTrue(isOK(response));
- });
- }
-
- protected HttpResponse doHEAD(String query, String username, String password) throws MalformedURLException {
- HttpHead httpHead = new HttpHead(CONTEXT + query);
- return doRequest(httpHead, username, password);
- }
-
-
- protected HttpResponse doPost(String query, String username, String password, String body) throws MalformedURLException {
- HttpPost httpPost = new HttpPost(CONTEXT + query);
- httpPost.addHeader("content-type", "application/json");
- httpPost.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
- return doRequest(httpPost, username, password);
- }
-
-
- protected HttpResponse doPut(String query, String username, String password, String body) throws MalformedURLException {
- HttpPut httpPut = new HttpPut(CONTEXT + query);
- httpPut.addHeader("content-type", "application/json");
- httpPut.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
- return doRequest(httpPut, username, password);
- }
-
- protected HttpResponse doGet(String uri, String username, String password) throws MalformedURLException {
- HttpGet getRequest = new HttpGet(CONTEXT + uri);
- return doRequest(getRequest, username, password);
- }
-
- protected HttpResponse doDelete(String uri, String username, String password) throws MalformedURLException {
- HttpDelete httpDelete = new HttpDelete(CONTEXT + uri);
- return doRequest(httpDelete, username, password);
- }
-
- /**
- * Check the HTTP status of the response and return if it's within the OK range
- * @param response The HttpResponse message received from the server
- *
- * @return true if the status code is a 2XX-type code (200-299), otherwise false
- */
- protected boolean isOK(HttpResponse response) {
- int returnCode = response.getStatusLine().getStatusCode();
- return (returnCode < 300 && returnCode >= 200);
- }
-
- /**
- * Check the HTTP status of the response and return true if a 401
- * @param response The HttpResponse message received from the server
- *
- * @return true if the status code is 401, otherwise false
- */
- protected boolean isUnauthorized(HttpResponse response) {
- int returnCode = response.getStatusLine().getStatusCode();
- return returnCode == 401;
- }
-
- /**
- * Retrieve the status code of the HttpResponse
- * @param response The HttpResponse message received from the server
- *
- * @return a numeric value
- */
- protected int getCode(HttpResponse response) {
- return response.getStatusLine().getStatusCode();
- }
-
- protected JSONTokener getResponseBody(HttpResponse response) throws IOException {
- HttpEntity entity = response.getEntity();
- InputStream content = entity.getContent();
- BufferedReader reader = new BufferedReader(new InputStreamReader(
- content));
- String line;
- StringBuilder str = new StringBuilder();
- while ((line = reader.readLine()) != null) {
- str.append(line);
- }
- return new JSONTokener(str.toString());
- }
-
- private HttpResponse doRequest(HttpRequestBase request, String username, String password) throws MalformedURLException {
- HttpHost targetHost = new HttpHost(HOSTNAME, this.restPort, PROTOCOL);
- CloseableHttpClient httpclient = HttpClients.custom().build();
- HttpClientContext clientContext = HttpClientContext.create();
- // if username is null, do not put in authentication
- if (username != null) {
- CredentialsProvider credsProvider = new BasicCredentialsProvider();
- credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password));
- httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();
- AuthCache authCache = new BasicAuthCache();
- BasicScheme basicAuth = new BasicScheme();
- authCache.put(targetHost, basicAuth);
- clientContext.setCredentialsProvider(credsProvider);
- clientContext.setAuthCache(authCache);
- }
-
- try {
- return httpclient.execute(targetHost, request, clientContext);
- } catch (ClientProtocolException e) {
- e.printStackTrace();
- fail("Rest GET should not have thrown ClientProtocolException!");
- } catch (IOException e) {
- e.printStackTrace();
- fail("Rest GET Request should not have thrown IOException!");
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
new file mode 100644
index 0000000..ef019a4
--- /dev/null
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/RestSecurityIntegrationTest.java
@@ -0,0 +1,497 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.geode.rest.internal.web;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.MalformedURLException;
+import java.nio.charset.StandardCharsets;
+import java.util.Properties;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpHost;
+import org.apache.http.HttpResponse;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.AuthCache;
+import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.CredentialsProvider;
+import org.apache.http.client.methods.HttpDelete;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpHead;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpPut;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.auth.BasicScheme;
+import org.apache.http.impl.client.BasicAuthCache;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.json.JSONTokener;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.internal.AvailablePortHelper;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.apache.geode.test.dunit.rules.ServerStarter;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+
+@Category({ IntegrationTest.class, SecurityTest.class })
+public class RestSecurityIntegrationTest {
+
+ protected static final String REGION_NAME = "AuthRegion";
+
+ public final static String PROTOCOL = "http";
+ public final static String HOSTNAME = "localhost";
+ public final static String CONTEXT = "/geode/v1";
+
+ private static int restPort = AvailablePortHelper.getRandomAvailableTCPPort();
+ static Properties properties = new Properties() {{
+ setProperty(SampleSecurityManager.SECURITY_JSON, "org/apache/geode/management/internal/security/clientServer.json");
+ setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ setProperty(START_DEV_REST_API, "true");
+ setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
+ setProperty(HTTP_SERVICE_PORT, restPort + "");
+ }};
+
+ @ClassRule
+ public static ServerStarter serverStarter = new ServerStarter(properties);
+
+ @BeforeClass
+ public static void before() throws Exception {
+ serverStarter.startServer();
+ serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
+ }
+
+ @Test
+ public void testFunctions() throws Exception {
+ String json = "{\"@type\":\"double\",\"@value\":210}";
+
+ HttpResponse response = doGet("/functions", "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+ response = doGet("/functions", "stranger", "1234567");
+ assertEquals(403, getCode(response));
+ response = doGet("/functions", "dataReader", "1234567");
+ assertTrue(isOK(response));
+
+ response = doPost("/functions/AddFreeItemsToOrder", "unknown-user", "1234567", json);
+ assertEquals(401, getCode(response));
+ response = doPost("/functions/AddFreeItemsToOrder", "dataReader", "1234567", json);
+ assertEquals(403, getCode(response));
+ response = doPost("/functions/AddFreeItemsToOrder?onRegion=" + REGION_NAME, "dataWriter", "1234567", json);
+ // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
+ assertEquals(500, getCode(response));
+ }
+
+ @Test
+ public void testQueries() throws Exception {
+ HttpResponse response = doGet("/queries", "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+ response = doGet("/queries", "stranger", "1234567");
+ assertEquals(403, getCode(response));
+ response = doGet("/queries", "dataReader", "1234567");
+ assertEquals(200, getCode(response));
+ }
+
+ @Test
+ public void testAdhocQuery() throws Exception {
+ HttpResponse response = doGet("/queries/adhoc?q=", "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+ response = doGet("/queries/adhoc?q=", "stranger", "1234567");
+ assertEquals(403, getCode(response));
+ response = doGet("/queries/adhoc?q=", "dataReader", "1234567");
+ // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
+ assertEquals(500, getCode(response));
+ }
+
+ @Test
+ public void testPostQuery() throws Exception {
+ HttpResponse response = doPost("/queries?id=0&q=", "unknown-user", "1234567", "");
+ assertEquals(401, getCode(response));
+ response = doPost("/queries?id=0&q=", "stranger", "1234567", "");
+ assertEquals(403, getCode(response));
+ response = doPost("/queries?id=0&q=", "dataWriter", "1234567", "");
+ // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
+ assertEquals(500, getCode(response));
+ }
+
+ @Test
+ public void testPostQuery2() throws Exception {
+ HttpResponse response = doPost("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(401, getCode(response));
+ response = doPost("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(403, getCode(response));
+ response = doPost("/queries/id", "dataWriter", "1234567", "{\"id\" : \"foo\"}");
+ // because we're only testing the security of the endpoint, not the endpoint functionality, a 500 is acceptable
+ assertEquals(500, getCode(response));
+ }
+
+ @Test
+ public void testPutQuery() throws Exception {
+ HttpResponse response = doPut("/queries/id", "unknown-user", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(401, getCode(response));
+ response = doPut("/queries/id", "stranger", "1234567", "{\"id\" : \"foo\"}");
+ assertEquals(403, getCode(response));
+ response = doPut("/queries/id", "dataWriter", "1234567", "{\"id\" : \"foo\"}");
+ // We should get a 404 because we're trying to update a query that doesn't exist
+ assertEquals(404, getCode(response));
+ }
+
+ @Test
+ public void testDeleteQuery() throws Exception {
+ HttpResponse response = doDelete("/queries/id", "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+ response = doDelete("/queries/id", "stranger", "1234567");
+ assertEquals(403, getCode(response));
+ response = doDelete("/queries/id", "dataWriter", "1234567");
+ // We should get a 404 because we're trying to delete a query that doesn't exist
+ assertEquals(404, getCode(response));
+ }
+
+ @Test
+ public void testServers() throws Exception {
+ HttpResponse response = doGet("/servers", "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+ response = doGet("/servers", "stranger", "1234567");
+ assertEquals(403, getCode(response));
+ response = doGet("/servers", "super-user", "1234567");
+ assertTrue(isOK(response));
+ }
+
+ /**
+ * This test should always return an OK, whether the user is known or unknown. A phishing script should not be
+ * able to determine whether a user/password combination is good
+ */
+ @Test
+ public void testPing() throws Exception {
+ HttpResponse response = doHEAD("/ping", "stranger", "1234567");
+ assertTrue(isOK(response));
+ response = doGet("/ping", "stranger", "1234567");
+ assertTrue(isOK(response));
+
+ response = doHEAD("/ping", "super-user", "1234567");
+ assertTrue(isOK(response));
+ response = doGet("/ping", "super-user", "1234567");
+ assertTrue(isOK(response));
+
+ // TODO - invalid username/password should still respond, but doesn't
+ // response = doHEAD("/ping", "unknown-user", "badpassword");
+ // assertTrue(isOK(response));
+ // response = doGet("/ping", "unknown-user", "badpassword");
+ // assertTrue(isOK(response));
+
+ // TODO - credentials are currently required and shouldn't be for this endpoint
+ // response = doHEAD("/ping", null, null);
+ // assertTrue(isOK(response));
+ // response = doGet("/ping", null, null);
+ // assertTrue(isOK(response));
+ }
+
+ /**
+ * Test permissions on retrieving a list of regions.
+ */
+ @Test
+ public void getRegions() throws Exception {
+ HttpResponse response = doGet("", "dataReader", "1234567");
+ assertEquals("A '200 - OK' was expected", 200, getCode(response));
+
+ assertTrue(isOK(response));
+ JSONObject jsonObject = new JSONObject(getResponseBody(response));
+ JSONArray regions = jsonObject.getJSONArray("regions");
+ assertNotNull(regions);
+ assertTrue(regions.length() > 0);
+ JSONObject region = regions.getJSONObject(0);
+ assertEquals("AuthRegion", region.get("name"));
+ assertEquals("REPLICATE", region.get("type"));
+
+ // List regions with an unknown user - 401
+ response = doGet("", "unknown-user", "badpassword");
+ assertEquals(401, getCode(response));
+
+ // list regions with insufficent rights - 403
+ response = doGet("", "authRegionReader", "1234567");
+ assertEquals(403, getCode(response));
+ }
+
+ /**
+ * Test permissions on getting a region
+ */
+ @Test
+ public void getRegion() throws Exception {
+ // Test an unknown user - 401 error
+ HttpResponse response = doGet("/" + REGION_NAME, "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+
+ // Test a user with insufficient rights - 403
+ response = doGet("/" + REGION_NAME, "stranger", "1234567");
+ assertEquals(403, getCode(response));
+
+ // Test an authorized user - 200
+ response = doGet("/" + REGION_NAME, "super-user", "1234567");
+ assertTrue(isOK(response));
+ }
+
+ /**
+ * Test permissions on HEAD region
+ */
+ @Test
+ public void headRegion() throws Exception {
+ // Test an unknown user - 401 error
+ HttpResponse response = doHEAD("/" + REGION_NAME, "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+
+ // Test a user with insufficient rights - 403
+ response = doHEAD("/" + REGION_NAME, "stranger", "1234567");
+ assertEquals(403, getCode(response));
+
+ // Test an authorized user - 200
+ response = doHEAD("/" + REGION_NAME, "super-user", "1234567");
+ assertTrue(isOK(response));
+ }
+
+ /**
+ * Test permissions on deleting a region
+ */
+ @Test
+ public void deleteRegion() throws Exception {
+ // Test an unknown user - 401 error
+ HttpResponse response = doDelete("/" + REGION_NAME, "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+
+ // Test a user with insufficient rights - 403
+ response = doDelete("/" + REGION_NAME, "dataReader", "1234567");
+ assertEquals(403, getCode(response));
+ }
+
+ /**
+ * Test permissions on getting a region's keys
+ */
+ @Test
+ public void getRegionKeys() throws Exception {
+ // Test an authorized user
+ HttpResponse response = doGet("/" + REGION_NAME + "/keys", "super-user", "1234567");
+ assertTrue(isOK(response));
+ // Test an unauthorized user
+ response = doGet("/" + REGION_NAME + "/keys", "dataWriter", "1234567");
+ assertEquals(403, getCode(response));
+ }
+
+ /**
+ * Test permissions on retrieving a key from a region
+ */
+ @Test
+ public void getRegionKey() throws Exception {
+ // Test an authorized user
+ HttpResponse response = doGet("/" + REGION_NAME + "/key1", "key1User", "1234567");
+ assertTrue(isOK(response));
+ // Test an unauthorized user
+ response = doGet("/" + REGION_NAME + "/key1", "dataWriter", "1234567");
+ assertEquals(403, getCode(response));
+ }
+
+ /**
+ * Test permissions on deleting a region's key(s)
+ */
+ @Test
+ public void deleteRegionKey() throws Exception {
+ // Test an unknown user - 401 error
+ HttpResponse response = doDelete("/" + REGION_NAME + "/key1", "unknown-user", "1234567");
+ assertEquals(401, getCode(response));
+
+ // Test a user with insufficient rights - 403
+ response = doDelete("/" + REGION_NAME + "/key1", "dataReader", "1234567");
+ assertEquals(403, getCode(response));
+
+ // Test an authorized user - 200
+ response = doDelete("/" + REGION_NAME + "/key1", "key1User", "1234567");
+ assertTrue(isOK(response));
+ }
+
+ /**
+ * Test permissions on deleting a region's key(s)
+ */
+ @Test
+ public void postRegionKey() throws Exception {
+ // Test an unknown user - 401 error
+ HttpResponse response = doPost("/" + REGION_NAME + "?key9", "unknown", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(401, getCode(response));
+
+ // Test a user with insufficient rights - 403
+ response = doPost("/" + REGION_NAME + "?key9", "dataReader", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(403, getCode(response));
+
+ // Test an authorized user - 200
+ response = doPost("/" + REGION_NAME + "?key9", "dataWriter", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(201, getCode(response));
+ assertTrue(isOK(response));
+ }
+
+ /**
+ * Test permissions on deleting a region's key(s)
+ */
+ @Test
+ public void putRegionKey() throws Exception {
+
+ String json = "{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225}";
+ String casJSON = "{\"@old\":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1012,\"description\":\"Order for XYZ Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/20/2014\",\"contact\":\"Jelly Bean\",\"email\":\"jelly.bean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":1,\"description\":\"Product-100\",\"quantity\":12,\"unitPrice\":5,\"totalPrice\":60}],\"totalPrice\":225},\"@new \":{\"@type\":\"com.gemstone.gemfire.web.rest.domain.Order\",\"purchaseOrderNo\":1121,\"customerId\":1013,\"description\":\"Order for New Corp\",\"orderDate\":\"02/10/2014\",\"deliveryDate\":\"02/25/2014\",\"contact\":\"Vanilla Bean\",\"email\":\"vanillabean@example.com\",\"phone\":\"01-2048096\",\"items\":[{\"itemNo\":12345,\"description\":\"part 123\",\"quantity\":12,\"unitPrice\":29.99,\"totalPrice\":149.95}],\"totalPrice\":149.95}}";
+ // Test an unknown user - 401 error
+ HttpResponse response = doPut("/" + REGION_NAME + "/key1?op=PUT", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(401, getCode(response));
+
+ response = doPut("/" + REGION_NAME + "/key1?op=CAS", "unknown-user", "1234567", "{ \"key9\" : \"foo\" }");
+ assertEquals(401, getCode(response));
+ response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "unknown-user", "1234567", "{ \"@old\" : \"value1\", \"@new\" : \"CASvalue\" }");
+ assertEquals(401, getCode(response));
+
+ response = doPut("/" + REGION_NAME + "/key1?op=PUT", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
+ assertEquals(403, getCode(response));
+
+ response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "dataReader", "1234567", "{ \"key1\" : \"foo\" }");
+ assertEquals(403, getCode(response));
+
+ response = doPut("/" + REGION_NAME + "/key1?op=CAS", "dataReader", "1234567", casJSON);
+ assertEquals(403, getCode(response));
+
+ response = doPut("/" + REGION_NAME + "/key1?op=PUT", "key1User", "1234567", "{ \"key1\" : \"foo\" }");
+ assertEquals(200, getCode(response));
+ assertTrue(isOK(response));
+
+ response = doPut("/" + REGION_NAME + "/key1?op=REPLACE", "key1User", "1234567", json);
+ assertEquals(200, getCode(response));
+ assertTrue(isOK(response));
+ }
+
+ protected HttpResponse doHEAD(String query, String username, String password) throws MalformedURLException {
+ HttpHead httpHead = new HttpHead(CONTEXT + query);
+ return doRequest(httpHead, username, password);
+ }
+
+
+ protected HttpResponse doPost(String query, String username, String password, String body) throws MalformedURLException {
+ HttpPost httpPost = new HttpPost(CONTEXT + query);
+ httpPost.addHeader("content-type", "application/json");
+ httpPost.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
+ return doRequest(httpPost, username, password);
+ }
+
+
+ protected HttpResponse doPut(String query, String username, String password, String body) throws MalformedURLException {
+ HttpPut httpPut = new HttpPut(CONTEXT + query);
+ httpPut.addHeader("content-type", "application/json");
+ httpPut.setEntity(new StringEntity(body, StandardCharsets.UTF_8));
+ return doRequest(httpPut, username, password);
+ }
+
+ protected HttpResponse doGet(String uri, String username, String password) throws MalformedURLException {
+ HttpGet getRequest = new HttpGet(CONTEXT + uri);
+ return doRequest(getRequest, username, password);
+ }
+
+ protected HttpResponse doDelete(String uri, String username, String password) throws MalformedURLException {
+ HttpDelete httpDelete = new HttpDelete(CONTEXT + uri);
+ return doRequest(httpDelete, username, password);
+ }
+
+ /**
+ * Check the HTTP status of the response and return if it's within the OK range
+ *
+ * @param response The HttpResponse message received from the server
+ *
+ * @return true if the status code is a 2XX-type code (200-299), otherwise false
+ */
+ protected boolean isOK(HttpResponse response) {
+ int returnCode = response.getStatusLine().getStatusCode();
+ return (returnCode < 300 && returnCode >= 200);
+ }
+
+ /**
+ * Check the HTTP status of the response and return true if a 401
+ *
+ * @param response The HttpResponse message received from the server
+ *
+ * @return true if the status code is 401, otherwise false
+ */
+ protected boolean isUnauthorized(HttpResponse response) {
+ int returnCode = response.getStatusLine().getStatusCode();
+ return returnCode == 401;
+ }
+
+ /**
+ * Retrieve the status code of the HttpResponse
+ *
+ * @param response The HttpResponse message received from the server
+ *
+ * @return a numeric value
+ */
+ protected int getCode(HttpResponse response) {
+ return response.getStatusLine().getStatusCode();
+ }
+
+ protected JSONTokener getResponseBody(HttpResponse response) throws IOException {
+ HttpEntity entity = response.getEntity();
+ InputStream content = entity.getContent();
+ BufferedReader reader = new BufferedReader(new InputStreamReader(content));
+ String line;
+ StringBuilder str = new StringBuilder();
+ while ((line = reader.readLine()) != null) {
+ str.append(line);
+ }
+ return new JSONTokener(str.toString());
+ }
+
+ private HttpResponse doRequest(HttpRequestBase request, String username, String password) throws MalformedURLException {
+ HttpHost targetHost = new HttpHost(HOSTNAME, this.restPort, PROTOCOL);
+ CloseableHttpClient httpclient = HttpClients.custom().build();
+ HttpClientContext clientContext = HttpClientContext.create();
+ // if username is null, do not put in authentication
+ if (username != null) {
+ CredentialsProvider credsProvider = new BasicCredentialsProvider();
+ credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password));
+ httpclient = HttpClients.custom().setDefaultCredentialsProvider(credsProvider).build();
+ AuthCache authCache = new BasicAuthCache();
+ BasicScheme basicAuth = new BasicScheme();
+ authCache.put(targetHost, basicAuth);
+ clientContext.setCredentialsProvider(credsProvider);
+ clientContext.setAuthCache(authCache);
+ }
+
+ try {
+ return httpclient.execute(targetHost, request, clientContext);
+ } catch (ClientProtocolException e) {
+ e.printStackTrace();
+ fail("Rest GET should not have thrown ClientProtocolException!");
+ } catch (IOException e) {
+ e.printStackTrace();
+ fail("Rest GET Request should not have thrown IOException!");
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
index 79b70f8..ac1be0d 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
@@ -107,7 +107,7 @@ public class IntegratedSecurityService implements SecurityService{
}
}
- // in other cases like admin rest call or pulse authorization
+ // in other cases like rest call, client operations, we get it from the current thread
currentUser = SecurityUtils.getSubject();
if (currentUser == null || currentUser.getPrincipal() == null) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/AccessControlMBeanJUnitTest.java
index c22fff3..db4767e 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -25,6 +25,8 @@ import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -36,8 +38,7 @@ public class AccessControlMBeanJUnitTest {
private AccessControlMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -51,7 +52,7 @@ public class AccessControlMBeanJUnitTest {
* Test that any authenticated user can access this method
*/
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ @ConnectionConfiguration(user = "stranger", password = "1234567")
public void testAnyAccess() throws Exception {
assertThat(bean.authorize("DATA", "READ")).isEqualTo(false);
assertThat(bean.authorize("CLUSTER", "READ")).isEqualTo(false);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index 3880948..0dd512d 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -24,6 +24,8 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.CacheServerMXBean;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
@Category(IntegrationTest.class)
@@ -34,8 +36,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
private CacheServerMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -46,7 +47,7 @@ public class CacheServerMBeanAuthenticationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ @ConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.removeIndex("foo");
bean.fetchLoadProbe();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 7bbfbcc..03b41a9 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -26,6 +26,8 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.CacheServerMXBean;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.FlakyTest;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -38,8 +40,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
private CacheServerMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -50,7 +51,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ @ConnectionConfiguration(user = "data-admin", password = "1234567")
public void testDataAdmin() throws Exception {
bean.removeIndex("foo");
assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).hasMessageContaining(TestCommand.dataRead.toString());
@@ -63,7 +64,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "cluster-admin", password = "1234567")
+ @ConnectionConfiguration(user = "cluster-admin", password = "1234567")
public void testClusterAdmin() throws Exception {
assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).hasMessageContaining(TestCommand.dataRead.toString());
@@ -72,7 +73,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
@Test
- @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ @ConnectionConfiguration(user = "data-user", password = "1234567")
public void testDataUser() throws Exception {
assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
bean.executeContinuousQuery("bar");
@@ -80,7 +81,7 @@ public class CacheServerMBeanAuthorizationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ @ConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).hasMessageContaining(TestCommand.dataRead.toString());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java
index 721a431..d0df150 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerMBeanShiroJUnitTest.java
@@ -16,28 +16,40 @@
*/
package org.apache.geode.management.internal.security;
+import static org.apache.geode.distributed.ConfigurationProperties.*;
import static org.assertj.core.api.Assertions.*;
+import java.util.Properties;
+
import org.junit.Before;
-import org.junit.ClassRule;
+import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.CacheServerMXBean;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
+import org.apache.geode.test.dunit.rules.ServerStarter;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({ IntegrationTest.class, SecurityTest.class })
public class CacheServerMBeanShiroJUnitTest {
-
- private static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ static int jmxManagerPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET);
+ static Properties properties = new Properties(){{
+ setProperty(JMX_MANAGER_PORT, jmxManagerPort+"");
+ setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
+ }};
private CacheServerMXBean bean;
- @ClassRule
- public static ShiroCacheStartRule serverRule = new ShiroCacheStartRule(jmxManagerPort, "shiro.ini");
+ @BeforeClass
+ public static void before() throws Exception {
+ ServerStarter serverStarter = new ServerStarter(properties);
+ serverStarter.startServer();
+ }
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -48,7 +60,7 @@ public class CacheServerMBeanShiroJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "root", password = "secret")
+ @ConnectionConfiguration(user = "root", password = "secret")
public void testAllAccess() throws Exception {
bean.removeIndex("foo");
bean.executeContinuousQuery("bar");
@@ -61,7 +73,7 @@ public class CacheServerMBeanShiroJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "guest", password = "guest")
+ @ConnectionConfiguration(user = "guest", password = "guest")
public void testNoAccess() throws Exception {
assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).hasMessageContaining(TestCommand.dataRead.toString());
@@ -74,7 +86,7 @@ public class CacheServerMBeanShiroJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "regionAReader", password = "password")
+ @ConnectionConfiguration(user = "regionAReader", password = "password")
public void testRegionAccess() throws Exception{
assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
assertThatThrownBy(() -> bean.fetchLoadProbe()).hasMessageContaining(TestCommand.clusterRead.toString());
@@ -84,7 +96,7 @@ public class CacheServerMBeanShiroJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "dataReader", password = "12345")
+ @ConnectionConfiguration(user = "dataReader", password = "12345")
public void testDataRead() throws Exception{
assertThatThrownBy(() -> bean.removeIndex("foo")).hasMessageContaining(TestCommand.dataManage.toString());
assertThatThrownBy(() -> bean.fetchLoadProbe()).hasMessageContaining(TestCommand.clusterRead.toString());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerStartupRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerStartupRule.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerStartupRule.java
new file mode 100644
index 0000000..b99d8e1
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CacheServerStartupRule.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.geode.management.internal.security;
+
+import static org.apache.geode.distributed.ConfigurationProperties.*;
+
+import java.io.Serializable;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.rules.ExternalResource;
+
+import org.apache.geode.cache.Cache;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.apache.geode.test.dunit.rules.ServerStarter;
+
+/**
+ * this rule would help you start up a cache server with the given properties in the current VM
+ */
+public class CacheServerStartupRule extends ExternalResource implements Serializable {
+
+ private ServerStarter serverStarter;
+
+ public static CacheServerStartupRule withDefaultSecurityJson(int jmxManagerPort) {
+ return new CacheServerStartupRule(jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ }
+
+ public CacheServerStartupRule(int jmxManagerPort, String jsonFile) {
+ Properties properties = new Properties();
+ if(jmxManagerPort>0){
+ properties.put(JMX_MANAGER_PORT, String.valueOf(jmxManagerPort));
+ }
+ if(jsonFile!=null){
+ properties.put(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ properties.put(SampleSecurityManager.SECURITY_JSON, jsonFile);
+ }
+ serverStarter = new ServerStarter(properties);
+ }
+
+ @Before
+ public void before() throws Throwable {
+ serverStarter.startServer();
+ serverStarter.cache.createRegionFactory().create("region1");
+ }
+
+ @After
+ public void after(){
+ serverStarter.after();
+ }
+
+ public Cache getCache() {
+ return serverStarter.cache;
+ }
+
+ public int getServerPort(){
+ return serverStarter.server.getPort();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
index 84155a9..403e2ab 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/CliCommandsSecurityTest.java
@@ -30,6 +30,8 @@ import org.apache.geode.internal.AvailablePort;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.management.MemberMXBean;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -43,8 +45,7 @@ public class CliCommandsSecurityTest {
private List<TestCommand> commands = TestCommand.getCommands();
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -55,7 +56,7 @@ public class CliCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ @ConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess(){
for (TestCommand command:commands) {
// skip query commands since query commands are only available in client shell
@@ -77,7 +78,7 @@ public class CliCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "super-user", password = "1234567")
+ @ConnectionConfiguration(user = "super-user", password = "1234567")
public void testAdminUser() throws Exception {
for (TestCommand command:commands) {
LogService.getLogger().info("processing: "+command.getCommand());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
index 0084cb8..1b2a7ce 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/DataCommandsSecurityTest.java
@@ -27,6 +27,8 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.MemberMXBean;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -38,8 +40,7 @@ public class DataCommandsSecurityTest {
private MemberMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -50,7 +51,7 @@ public class DataCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "region1-user", password = "1234567")
+ @ConnectionConfiguration(user = "region1-user", password = "1234567")
public void testDataUser() throws Exception {
bean.processCommand("locate entry --key=k1 --region=region1");
@@ -58,7 +59,7 @@ public class DataCommandsSecurityTest {
assertThatThrownBy(() -> bean.processCommand("locate entry --key=k1 --region=secureRegion")).isInstanceOf(GemFireSecurityException.class);
}
- @JMXConnectionConfiguration(user = "secure-user", password = "1234567")
+ @ConnectionConfiguration(user = "secure-user", password = "1234567")
@Test
public void testSecureDataUser(){
// can do all these on both regions
@@ -67,7 +68,7 @@ public class DataCommandsSecurityTest {
}
// dataUser has all the permissions granted, but not to region2 (only to region1)
- @JMXConnectionConfiguration(user = "region1-user", password = "1234567")
+ @ConnectionConfiguration(user = "region1-user", password = "1234567")
@Test
public void testRegionAccess(){
assertThatThrownBy(() -> bean.processCommand("rebalance --include-region=region2")).isInstanceOf(GemFireSecurityException.class)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index 750ce2a..8e556a7 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -27,6 +27,8 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.DiskStoreMXBean;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -38,8 +40,7 @@ public class DiskStoreMXBeanSecurityJUnitTest {
private DiskStoreMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -55,7 +56,7 @@ public class DiskStoreMXBeanSecurityJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ @ConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.flush();
bean.forceCompaction();
@@ -70,7 +71,7 @@ public class DiskStoreMXBeanSecurityJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ @ConnectionConfiguration(user = "data-user", password = "1234567")
public void testNoAccess() throws Exception {
assertThatThrownBy(() -> bean.flush()).hasMessageContaining(TestCommand.dataManage.toString());
assertThatThrownBy(() -> bean.forceCompaction()).hasMessageContaining(TestCommand.dataManage.toString());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index b64a6f7..b799cbd 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -32,6 +32,8 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.GatewayReceiverMXBean;
import org.apache.geode.management.ManagementService;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -47,8 +49,7 @@ public class GatewayReceiverMBeanSecurityTest {
private GatewayReceiverMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -72,7 +73,7 @@ public class GatewayReceiverMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ @ConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.getAverageBatchProcessingTime();
bean.getBindAddress();
@@ -83,7 +84,7 @@ public class GatewayReceiverMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ @ConnectionConfiguration(user = "data-user", password = "1234567")
public void testNoAccess() throws Exception {
assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut()).hasMessageContaining(TestCommand.clusterRead.toString());
assertThatThrownBy(() -> bean.start()).hasMessageContaining(TestCommand.dataManage.toString());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
index 9acf8db..a800064 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -33,6 +33,8 @@ import org.apache.geode.internal.AvailablePort;
import org.apache.geode.management.GatewaySenderMXBean;
import org.apache.geode.management.ManagementService;
import org.apache.geode.management.internal.beans.GatewaySenderMBean;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.MBeanServerConnectionRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -48,8 +50,7 @@ public class GatewaySenderMBeanSecurityTest {
private GatewaySenderMXBean bean;
@ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxManagerPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ public static CacheServerStartupRule serverRule = CacheServerStartupRule.withDefaultSecurityJson(jmxManagerPort);
@Rule
public MBeanServerConnectionRule connectionRule = new MBeanServerConnectionRule(jmxManagerPort);
@@ -73,7 +74,7 @@ public class GatewaySenderMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ @ConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.getAlertThreshold();
bean.getAverageDistributionTimePerBatch();
@@ -90,7 +91,7 @@ public class GatewaySenderMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ @ConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageContaining(TestCommand.clusterRead.toString());
assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageContaining(TestCommand.clusterRead.toString());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
index 34fd5a9..6eba91c 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsPostProcessorTest.java
@@ -16,30 +16,46 @@
*/
package org.apache.geode.management.internal.security;
+import static org.apache.geode.distributed.ConfigurationProperties.*;
import static org.apache.geode.internal.Assert.*;
-import org.apache.geode.security.templates.SamplePostProcessor;
+import java.util.Properties;
+
import org.junit.Before;
-import org.junit.ClassRule;
+import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.management.internal.cli.HeadlessGfsh;
+import org.apache.geode.security.templates.SamplePostProcessor;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.ServerStarter;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({ IntegrationTest.class, SecurityTest.class })
public class GfshCommandsPostProcessorTest {
- protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
+ protected static int jmxPort = AvailablePortHelper.getRandomAvailableTCPPort();
+ static Properties properties = new Properties(){{
+ setProperty(JMX_MANAGER_PORT, jmxPort+"");
+ setProperty(SECURITY_POST_PROCESSOR, SamplePostProcessor.class.getName());
+ setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ setProperty("security-json", "org/apache/geode/management/internal/security/cacheServer.json");
+ }};
private HeadlessGfsh gfsh = null;
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxPort, "org/apache/geode/management/internal/security/cacheServer.json", SamplePostProcessor.class);
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ ServerStarter serverStarter = new ServerStarter(properties);
+ serverStarter.startServer();
+ serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create("region1");
+ }
@Rule
public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort);
@@ -50,7 +66,7 @@ public class GfshCommandsPostProcessorTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ @ConnectionConfiguration(user = "data-user", password = "1234567")
public void testGetPostProcess() throws Exception {
gfsh.executeCommand("put --region=region1 --key=key1 --value=value1");
gfsh.executeCommand("put --region=region1 --key=key2 --value=value2");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/de621597/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
index def1792..960d13d 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/security/GfshCommandsSecurityTest.java
@@ -16,17 +16,20 @@
*/
package org.apache.geode.management.internal.security;
+import static org.apache.geode.distributed.ConfigurationProperties.*;
import static org.junit.Assert.*;
import java.util.List;
+import java.util.Properties;
import org.apache.shiro.authz.permission.WildcardPermission;
import org.junit.Before;
-import org.junit.ClassRule;
+import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.internal.AvailablePortHelper;
import org.apache.geode.internal.logging.LogService;
import org.apache.geode.management.cli.Result;
@@ -34,6 +37,9 @@ import org.apache.geode.management.internal.cli.HeadlessGfsh;
import org.apache.geode.management.internal.cli.result.CommandResult;
import org.apache.geode.management.internal.cli.result.ErrorResultData;
import org.apache.geode.management.internal.cli.result.ResultBuilder;
+import org.apache.geode.security.templates.SampleSecurityManager;
+import org.apache.geode.test.dunit.rules.ConnectionConfiguration;
+import org.apache.geode.test.dunit.rules.ServerStarter;
import org.apache.geode.test.junit.categories.IntegrationTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@@ -44,11 +50,21 @@ public class GfshCommandsSecurityTest {
protected static int jmxPort = ports[0];
protected static int httpPort = ports[1];
+ static Properties properties = new Properties(){{
+ setProperty(JMX_MANAGER_PORT, jmxPort+"");
+ setProperty(HTTP_SERVICE_PORT, httpPort+"");
+ setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
+ setProperty("security-json", "org/apache/geode/management/internal/security/cacheServer.json");
+ }};
+
private HeadlessGfsh gfsh = null;
- @ClassRule
- public static JsonAuthorizationCacheStartRule serverRule = new JsonAuthorizationCacheStartRule(
- jmxPort, httpPort, "org/apache/geode/management/internal/security/cacheServer.json");
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ ServerStarter serverStarter = new ServerStarter(properties);
+ serverStarter.startServer();
+ serverStarter.cache.createRegionFactory(RegionShortcut.REPLICATE).create("region1");
+ }
@Rule
public GfshShellConnectionRule gfshConnection = new GfshShellConnectionRule(jmxPort, httpPort, false);
@@ -59,67 +75,67 @@ public class GfshCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "wrongPwd")
+ @ConnectionConfiguration(user = "data-admin", password = "wrongPwd")
public void testInvalidCredentials() throws Exception {
assertFalse(gfshConnection.isAuthenticated());
}
@Test
- @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ @ConnectionConfiguration(user = "data-admin", password = "1234567")
public void testValidCredentials() throws Exception{
assertTrue(gfshConnection.isAuthenticated());
}
@Test
- @JMXConnectionConfiguration(user = "cluster-reader", password = "1234567")
+ @ConnectionConfiguration(user = "cluster-reader", password = "1234567")
public void testClusterReader() throws Exception{
runCommandsWithAndWithout("CLUSTER:READ");
}
@Test
- @JMXConnectionConfiguration(user = "cluster-writer", password = "1234567")
+ @ConnectionConfiguration(user = "cluster-writer", password = "1234567")
public void testClusterWriter() throws Exception{
runCommandsWithAndWithout("CLUSTER:WRITE");
}
@Test
- @JMXConnectionConfiguration(user = "cluster-manager", password = "1234567")
+ @ConnectionConfiguration(user = "cluster-manager", password = "1234567")
public void testClusterManager() throws Exception{
runCommandsWithAndWithout("CLUSTER:MANAGE");
}
@Test
- @JMXConnectionConfiguration(user = "data-reader", password = "1234567")
+ @ConnectionConfiguration(user = "data-reader", password = "1234567")
public void testDataReader() throws Exception{
runCommandsWithAndWithout("DATA:READ");
}
@Test
- @JMXConnectionConfiguration(user = "data-writer", password = "1234567")
+ @ConnectionConfiguration(user = "data-writer", password = "1234567")
public void testDataWriter() throws Exception{
runCommandsWithAndWithout("DATA:WRITE");
}
@Test
- @JMXConnectionConfiguration(user = "data-manager", password = "1234567")
+ @ConnectionConfiguration(user = "data-manager", password = "1234567")
public void testDataManager() throws Exception{
runCommandsWithAndWithout("DATA:MANAGE");
}
@Test
- @JMXConnectionConfiguration(user = "regionA-reader", password = "1234567")
+ @ConnectionConfiguration(user = "regionA-reader", password = "1234567")
public void testRegionAReader() throws Exception{
runCommandsWithAndWithout("DATA:READ:RegionA");
}
@Test
- @JMXConnectionConfiguration(user = "regionA-writer", password = "1234567")
+ @ConnectionConfiguration(user = "regionA-writer", password = "1234567")
public void testRegionAWriter() throws Exception{
runCommandsWithAndWithout("DATA:WRITE:RegionA");
}
@Test
- @JMXConnectionConfiguration(user = "regionA-manager", password = "1234567")
+ @ConnectionConfiguration(user = "regionA-manager", password = "1234567")
public void testRegionAManager() throws Exception{
runCommandsWithAndWithout("DATA:MANAGE:RegionA");
}
@@ -168,7 +184,7 @@ public class GfshCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ @ConnectionConfiguration(user = "data-user", password = "1234567")
public void testGetPostProcess() throws Exception {
gfsh.executeCommand("put --region=region1 --key=key2 --value=value2");
gfsh.executeCommand("put --region=region1 --key=key2 --value=value2");