You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2016/03/01 23:24:33 UTC
[4/5] incubator-geode git commit: GEODE-17: WIP adding JMX security
GEODE-17: WIP adding JMX security
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/19a8f0a7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/19a8f0a7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/19a8f0a7
Branch: refs/heads/feature/GEODE-17-2
Commit: 19a8f0a71c41442b8c706f7960b3f55f3a305369
Parents: 64855a2
Author: Jens Deppe <jd...@pivotal.io>
Authored: Mon Feb 29 11:06:03 2016 -0800
Committer: Jens Deppe <jd...@pivotal.io>
Committed: Mon Feb 29 11:07:31 2016 -0800
----------------------------------------------------------------------
.../cache/operations/OperationContext.java | 63 ++-
.../internal/security/AuthorizeRequest.java | 12 +
.../gemfire/management/CacheServerMXBean.java | 8 +
.../gemfire/management/DiskStoreMXBean.java | 8 +
.../management/DistributedSystemMXBean.java | 16 +-
.../management/GatewayReceiverMXBean.java | 5 +
.../gemfire/management/GatewaySenderMXBean.java | 8 +
.../gemfire/management/LockServiceMXBean.java | 4 +
.../gemfire/management/ManagerMXBean.java | 7 +
.../gemfire/management/MemberMXBean.java | 11 +
.../management/internal/AuthManager.java | 305 +++++++++++++++
.../management/internal/ManagementAgent.java | 9 +-
.../internal/SystemManagementService.java | 8 +
.../internal/cli/commands/ClientCommands.java | 7 +-
.../internal/cli/commands/ConfigCommands.java | 6 +
.../CreateAlterDestroyRegionCommands.java | 6 +
.../internal/cli/commands/DataCommands.java | 4 +-
.../internal/cli/commands/DeployCommands.java | 7 +
.../cli/commands/DiskStoreCommands.java | 22 +-
.../cli/commands/DurableClientCommands.java | 7 +
...ExportImportSharedConfigurationCommands.java | 5 +
.../internal/cli/commands/FunctionCommands.java | 6 +
.../internal/cli/commands/GfshHelpCommands.java | 5 +
.../internal/cli/commands/IndexCommands.java | 11 +-
.../cli/commands/LauncherLifecycleCommands.java | 17 +-
.../internal/cli/commands/MemberCommands.java | 5 +
.../cli/commands/MiscellaneousCommands.java | 11 +-
.../internal/cli/commands/PDXCommands.java | 9 +-
.../internal/cli/commands/QueueCommands.java | 5 +
.../internal/cli/commands/RegionCommands.java | 5 +
.../internal/cli/commands/ShellCommands.java | 53 ++-
.../internal/cli/commands/StatusCommands.java | 4 +
.../internal/cli/commands/WanCommands.java | 15 +
.../internal/cli/shell/JmxOperationInvoker.java | 65 +++-
.../internal/security/AccessControl.java | 10 +-
.../internal/security/AccessControlContext.java | 11 +
.../internal/security/AccessControlMXBean.java | 6 +
.../internal/security/CLIOperationContext.java | 102 +++--
.../internal/security/JMXOperationContext.java | 217 +++++++----
.../internal/security/JSONAuthorization.java | 4 +-
.../internal/security/MBeanServerWrapper.java | 104 +++--
.../security/ManagementInterceptor.java | 385 ++++++++++++-------
.../management/internal/security/Resource.java | 2 +-
.../internal/security/ResourceConstants.java | 89 +++--
.../security/ResourceOperationContext.java | 376 ++++++++++++++----
.../security/SetAttributesOperationContext.java | 55 +++
.../controllers/AbstractCommandsController.java | 103 ++++-
.../controllers/ConfigCommandsController.java | 14 +-
.../web/controllers/DataCommandsController.java | 18 +-
.../DiskStoreCommandsController.java | 11 +-
.../controllers/FunctionCommandsController.java | 7 +-
.../MiscellaneousCommandsController.java | 6 +-
.../web/controllers/WanCommandsController.java | 2 +-
.../EnvironmentVariablesHandlerInterceptor.java | 85 ++++
.../web/http/support/SimpleHttpRequester.java | 105 ++++-
.../web/shell/AbstractHttpOperationInvoker.java | 28 +-
.../web/shell/RestHttpOperationInvoker.java | 24 +-
.../web/shell/SimpleHttpOperationInvoker.java | 11 +-
.../extension/mock/MockExtensionCommands.java | 9 +
.../internal/cli/CommandManagerJUnitTest.java | 9 +
.../internal/cli/GfshParserJUnitTest.java | 13 +-
.../management/internal/cli/HeadlessGfsh.java | 2 +-
.../shell/GfshExecutionStrategyJUnitTest.java | 9 +-
...horizeOperationForMBeansIntegrationTest.java | 16 +-
...tionCodesForDataCommandsIntegrationTest.java | 12 +-
...tionCodesForDistributedSystemMXBeanTest.java | 20 +-
66 files changed, 2150 insertions(+), 454 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
index 5cae85d..9d83064 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
@@ -86,11 +86,44 @@ public abstract class OperationContext {
private static final byte OP_RESOURCE = 20;
- private static final OperationCode[] VALUES = new OperationCode[22];
+ private static final byte OP_LIST = 21;
+
+ private static final byte OP_CREATE_QUERY = 22;
+
+ private static final byte OP_UPDATE_QUERY = 23;
+
+ private static final byte OP_DELETE_QUERY = 24;
+
+ private static final OperationCode[] VALUES = new OperationCode[25];
private static final Map OperationNameMap = new HashMap();
/**
+ * A LIST operation.
+ * LIST regions, registered functions, named queries in DS.
+ */
+ public static final OperationCode LIST = new OperationCode(
+ "LIST", OP_LIST);
+
+ /**
+ * A create parameterized query operation with developer REST APIs.
+ */
+ public static final OperationCode CREATE_QUERY = new OperationCode(
+ "CREATE_QUERY", OP_CREATE_QUERY);
+
+ /**
+ * A update parameterized query operation with developer REST APIs.
+ */
+ public static final OperationCode UPDATE_QUERY = new OperationCode(
+ "UPDATE_QUERY", OP_UPDATE_QUERY);
+
+ /**
+ * A delete parameterized query operation with developer REST APIs.
+ */
+ public static final OperationCode DELETE_QUERY = new OperationCode(
+ "DELETE_QUERY", OP_DELETE_QUERY);
+
+ /**
* An entry get operation.
*
* @see Region#get(Object)
@@ -257,6 +290,34 @@ public abstract class OperationContext {
}
/**
+ * Returns true if this is a list operation for regions, functions and queries.
+ */
+ public boolean isList() {
+ return (this.opCode == OP_LIST);
+ }
+
+ /**
+ * Returns true if this is a create named query operation.
+ */
+ public boolean isCreateQuery() {
+ return (this.opCode == OP_CREATE_QUERY);
+ }
+
+ /**
+ * Returns true if this is a update named query operation.
+ */
+ public boolean isUpdateQuery() {
+ return (this.opCode == OP_UPDATE_QUERY);
+ }
+
+ /**
+ * Returns true if this is a delete named query operation.
+ */
+ public boolean isDestroyQuery() {
+ return (this.opCode == OP_DELETE_QUERY);
+ }
+
+ /**
* Returns true if this is a entry get operation.
*/
public boolean isGet() {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java
index 312472b..2b015f6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java
@@ -102,6 +102,18 @@ public class AuthorizeRequest {
return this.authzCallback;
}
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ public boolean isPrincipalSerializable() {
+ return isPrincipalSerializable;
+ }
+
+ public LogWriterI18n getLogger() {
+ return logger;
+ }
+
public GetOperationContext getAuthorize(String regionName, Object key,
Object callbackArg) throws NotAuthorizedException {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
index 62aedbd..7c3aa18 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
@@ -17,6 +17,9 @@
package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.server.CacheServer;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -279,6 +282,7 @@ public interface CacheServerMXBean {
* @param indexName
* Name of the index to be removed.
*/
+ @ResourceOperation(resource=Resource.REGION, operation=ResourceConstants.DESTROY_INDEX)
public void removeIndex(String indexName) throws Exception;
/**
@@ -296,6 +300,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
+ @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERY)
public void executeContinuousQuery(String queryName) throws Exception;
/**
@@ -309,6 +314,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
+ @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.STOP_CONTINUOUS_QUERY)
public void stopContinuousQuery(String queryName) throws Exception;
/**
@@ -321,6 +327,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
+ @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.STOP_CONTINUOUS_QUERY)
public void closeAllContinuousQuery(String regionName) throws Exception;
@@ -334,6 +341,7 @@ public interface CacheServerMXBean {
* not affected. Using the client side CQ methods to modify a CQ.
*/
@Deprecated
+ @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.STOP_CONTINUOUS_QUERY)
public void closeContinuousQuery(String queryName) throws Exception;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
index 110a791..a8a4ded 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
@@ -17,6 +17,9 @@
package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.DiskStore;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
@@ -157,6 +160,7 @@ public interface DiskStoreMXBean {
* compaction is true then the application will wait for the other op-logs to
* be compacted and additional space is available.
*/
+ @ResourceOperation(resource=Resource.DISKSTORE, operation=ResourceConstants.FORCE_ROLL)
public void forceRoll();
/**
@@ -170,12 +174,14 @@ public interface DiskStoreMXBean {
* that no op-logs were ready to be compacted or that a compaction was
* already in progress.
*/
+ @ResourceOperation(resource=Resource.DISKSTORE, operation=ResourceConstants.FORCE_COMPACTION)
public boolean forceCompaction();
/**
* Causes any data that is currently in the asynchronous queue to be written
* to disk. Does not return until the flush is complete.
*/
+ @ResourceOperation(resource=Resource.DISKSTORE, operation=ResourceConstants.FLUSH_DISKSTORE)
public void flush();
/**
@@ -201,6 +207,7 @@ public interface DiskStoreMXBean {
*
* @param warningPercent the warning percent
*/
+ @ResourceOperation(resource=Resource.DISKSTORE, operation=ResourceConstants.SET_DISK_USAGE)
public void setDiskUsageWarningPercentage(float warningPercent);
/**
@@ -208,5 +215,6 @@ public interface DiskStoreMXBean {
*
* @param criticalPercent the critical percent
*/
+ @ResourceOperation(resource=Resource.DISKSTORE, operation=ResourceConstants.SET_DISK_USAGE)
public void setDiskUsageCriticalPercentage(float criticalPercent);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
index 3ce1730..14b7b3c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
@@ -161,7 +161,7 @@ public interface DistributedSystemMXBean {
* Minimum level for alerts to be delivered.
* Must be one of: WARNING, ERROR, SEVERE or NONE.
*/
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CHANGE_ALERT_LEVEL_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.CHANGE_ALERT_LEVEL)
public void changeAlertLevel(String alertLevel) throws Exception;
/**
@@ -244,7 +244,7 @@ public interface DistributedSystemMXBean {
* path of the directory for baseline backup.
* @return The results of the backup request.
*/
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.BACKUP_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.BACKUP_MEMBERS)
public DiskBackupStatus backupAllMembers(String targetDirPath, String baselineDirPath)
throws Exception;
@@ -329,7 +329,7 @@ public interface DistributedSystemMXBean {
*
* @return List of names of all distributed members that were shutdown.
*/
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.SHUTDOWN_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.SHUTDOWN)
public String[] shutDownAllMembers() throws Exception;
/**
@@ -349,7 +349,7 @@ public interface DistributedSystemMXBean {
* UUID of the disk store to remove
* @return True if the request is successful, false otherwise.
*/
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.REMOVE_DISKSTORE_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.REVOKE_MISSING_DISKSTORE)
public boolean revokeMissingDiskStores(String diskStoreId)
throws Exception;
@@ -625,7 +625,7 @@ public interface DistributedSystemMXBean {
* will be set.
* @return a JSON formated string containing data and its type
*/
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERYDATA_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERY)
public String queryData(String queryString, String members, int limit) throws Exception;
/**
@@ -655,7 +655,7 @@ public interface DistributedSystemMXBean {
* will be set.
* @return a byte[] which is a compressed JSON string.
*/
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERYDATA_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERY)
public byte[] queryDataForCompressedResult(String queryString, String members, int limit) throws Exception;
@@ -681,7 +681,7 @@ public interface DistributedSystemMXBean {
*/
public int getQueryResultSetLimit();
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERYDATA_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERY)
public void setQueryResultSetLimit(int queryResultSetLimit);
/**
@@ -691,6 +691,6 @@ public interface DistributedSystemMXBean {
*/
public int getQueryCollectionsDepth();
- @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERYDATA_DS)
+ @ResourceOperation( resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.QUERY)
public void setQueryCollectionsDepth(int queryCollectionsDepth);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
index e3c483f..359e92e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
@@ -17,6 +17,9 @@
package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.wan.GatewayReceiver;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -89,11 +92,13 @@ public interface GatewayReceiverMXBean {
/**
* Starts the gateway receiver.
*/
+ @ResourceOperation(resource=Resource.GATEWAY_RECEIVER, operation=ResourceConstants.START_GW_RECEIVER)
public void start() throws Exception;
/**
* Stops the gateway receiver.
*/
+ @ResourceOperation(resource=Resource.GATEWAY_RECEIVER, operation=ResourceConstants.STOP_GW_RECEIVER)
public void stop() throws Exception;
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
index 27ad171..0f8642a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
@@ -17,6 +17,9 @@
package com.gemstone.gemfire.management;
import com.gemstone.gemfire.cache.wan.GatewaySender;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -171,26 +174,31 @@ public interface GatewaySenderMXBean {
* configuration cannot be changed.
*
*/
+ @ResourceOperation(resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.START_GW_SENDER)
public void start();
/**
* Stops this GatewaySender.
*/
+ @ResourceOperation(resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.STOP_GW_SENDER)
public void stop();
/**
* Pauses this GatewaySender.
*/
+ @ResourceOperation(resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.PAUSE_GW_SENDER)
public void pause();
/**
* Resumes this paused GatewaySender.
*/
+ @ResourceOperation(resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.RESUME_GW_SENDER)
public void resume();
/**
* Rebalances this GatewaySender.
*/
+ @ResourceOperation(resource=Resource.GATEWAY_SENDER, operation=ResourceConstants.LOAD_BALANCE_GW_SENDER)
public void rebalance();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
index 9cec87f..067a799 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
@@ -19,6 +19,9 @@ package com.gemstone.gemfire.management;
import java.util.Map;
import com.gemstone.gemfire.distributed.internal.locks.DLockService;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* MBean that provides access to information and management functionality for a
@@ -69,6 +72,7 @@ public interface LockServiceMXBean {
/**
* Requests that this member become the granter.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.BECOME_LOCK_GRANTOR)
public void becomeLockGrantor();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
index 39981cf..62a5f52 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
@@ -19,6 +19,9 @@ package com.gemstone.gemfire.management;
import javax.management.JMException;
import com.gemstone.gemfire.management.internal.Manager;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
@@ -43,6 +46,7 @@ public interface ManagerMXBean {
*
* @return True if the manager service was successfully started, false otherwise.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.START_MANAGER)
public boolean start() throws JMException;
/**
@@ -50,6 +54,7 @@ public interface ManagerMXBean {
*
* @return True if the manager service was successfully stopped, false otherwise.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.STOP_MANAGER)
public boolean stop() throws JMException;
/**
@@ -63,6 +68,7 @@ public interface ManagerMXBean {
* @param pulseURL
* The URL for the Pulse application.
*/
+ @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public void setPulseURL(String pulseURL);
/**
@@ -79,5 +85,6 @@ public interface ManagerMXBean {
* @param message
* The status message.
*/
+ @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation=ResourceConstants.LIST_DS)
public void setStatusMessage(String message);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
index e803825..c4316ae 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
@@ -19,6 +19,9 @@ package com.gemstone.gemfire.management;
import java.util.Map;
import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
@@ -145,6 +148,7 @@ public interface MemberMXBean {
* @param numberOfLines
* Number of lines to return, up to a maximum of 100.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.SHOW_LOG)
public String showLog(int numberOfLines);
/**
@@ -160,6 +164,7 @@ public interface MemberMXBean {
*
* @return A list of names of the disk stores that were compacted.
*/
+ @ResourceOperation(resource=Resource.DISKSTORE, operation=ResourceConstants.COMPACT_DISKSTORE)
public String[] compactAllDiskStores();
/**
@@ -167,12 +172,14 @@ public interface MemberMXBean {
*
* @return True if the Manager MBean was successfully create, false otherwise.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.CREATE_MANAGER)
public boolean createManager();
/**
* Shuts down the member. This is an asynchronous call and it will
* return immediately without waiting for a result.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.SHUTDOWN)
public void shutDownMember();
/**
@@ -193,6 +200,7 @@ public interface MemberMXBean {
*
* @return Result of the execution in JSON format.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.LIST_DS)
String processCommand(String commandString);
/**
@@ -204,6 +212,7 @@ public interface MemberMXBean {
* Environmental properties to use during command execution.
* @return Result of the execution in JSON format.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.LIST_DS)
String processCommand(String commandString, Map<String, String> env);
/**
@@ -217,6 +226,7 @@ public interface MemberMXBean {
* Binary data specific to the command being executed.
* @return Result of the execution in JSON format.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.LIST_DS)
String processCommand(String commandString, Map<String, String> env, Byte[][] binaryData);
/**
@@ -273,6 +283,7 @@ public interface MemberMXBean {
/**
* Returns the status.
*/
+ @ResourceOperation(resource=Resource.MEMBER, operation=ResourceConstants.LIST_DS)
public String status();
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/AuthManager.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/AuthManager.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/AuthManager.java
new file mode 100644
index 0000000..31a5ab3
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/AuthManager.java
@@ -0,0 +1,305 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.management.internal;
+
+import static com.gemstone.gemfire.management.internal.security.ResourceConstants.ACCESS_DENIED_MESSAGE;
+
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.ConcurrentHashMap;
+
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.i18n.LogWriterI18n;
+import com.gemstone.gemfire.internal.ClassLoadUtil;
+import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
+import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.AuthenticationRequiredException;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.internal.lang.StringUtils;
+
+
+/**
+ * This class acts as a single gateway to authorize and authenticate REST ADMIN
+ * APIS. This stores credentials against CommandAuthZRequest object which is
+ * used to identify a particular client. As REST requests are state less we need
+ * to store this map to avoid re-authenticating same client on subsequent
+ * requests. However this map needs to be purged and cleaned up on some expiry
+ * policy.
+ *
+ *
+ * @author rishim
+ *
+ */
+public class AuthManager {
+
+ private Map<Properties, CommandAuthZRequest> authMap = new ConcurrentHashMap<Properties, CommandAuthZRequest>();
+
+ private Cache cache;
+
+ private final LogWriterI18n logger;
+
+ private long DEFAULT_EXPIRY_TIME = 30; // in minutes
+
+ private long EXPIRY_TIME ;
+
+ String authzFactoryName;
+
+ String postAuthzFactoryName;
+
+ public static String EXPIRY_TIME_FOR_REST_ADMIN_AUTH = "gemfire.expriyTimeForRESTAdminAuth";
+
+ public AuthManager(Cache cache) {
+ this.cache = cache;
+ this.logger = cache.getSecurityLoggerI18n();
+ this.EXPIRY_TIME = Long.getLong(EXPIRY_TIME_FOR_REST_ADMIN_AUTH, DEFAULT_EXPIRY_TIME);
+ DistributedSystem system = cache.getDistributedSystem();
+ Properties sysProps = system.getProperties();
+ this.authzFactoryName = sysProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME);
+ this.postAuthzFactoryName = sysProps.getProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_PP_NAME);
+ }
+
+ private Authenticator getAuthenticator(String authenticatorMethod, Properties securityProperties,
+ InternalLogWriter logWriter, InternalLogWriter securityLogWriter) throws AuthenticationFailedException {
+ Authenticator auth;
+ try {
+
+ Method instanceGetter = ClassLoadUtil.methodFromName(authenticatorMethod);
+ auth = (Authenticator) instanceGetter.invoke(null, (Object[]) null);
+ } catch (Exception ex) {
+ throw new AuthenticationFailedException(
+ LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT.toLocalizedString(), ex);
+ }
+ if (auth == null) {
+ throw new AuthenticationFailedException(
+ LocalizedStrings.HandShake_AUTHENTICATOR_INSTANCE_COULD_NOT_BE_OBTAINED.toLocalizedString());
+ }
+ auth.init(securityProperties, logWriter, securityLogWriter);
+ return auth;
+
+ }
+
+ public void verifyCredentials(Properties credentials) {
+
+ DistributedSystem system = this.cache.getDistributedSystem();
+ Properties sysProps = system.getProperties();
+ String authenticator = sysProps.getProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME);
+
+ if (authenticator != null && authenticator.length() > 0) {
+
+ CommandAuthZRequest authZRequest = authMap.get(credentials);
+
+ if (authZRequest != null && !authZRequest.hasExpired()) {
+ return; //Already existing credentials . Return from here
+
+ } else {
+ Principal principal = verifyCredentials(authenticator, credentials, system.getSecurityProperties(),
+ (InternalLogWriter) this.cache.getLogger(), (InternalLogWriter) this.cache.getSecurityLogger(), cache
+ .getDistributedSystem().getDistributedMember());
+
+ if(authZRequest != null){ //i.e its an expired credential
+ CommandAuthZRequest expiredAuth = authMap.remove(credentials);
+ try{
+ expiredAuth.close();
+ }catch(Exception e){
+ logger.error(e);//Don't throw an exception , just logs it
+ }
+ }
+
+ authZRequest = new CommandAuthZRequest(principal).init();
+ authMap.put(credentials, authZRequest);
+ }
+ }
+
+ }
+
+ public void expireAllAuthZ() {
+ for (CommandAuthZRequest auth : authMap.values()) {
+ try {
+ auth.close();
+
+ } catch (Exception e) {
+ logger.error(e);// Don't throw an exception , just log it, as it depends on the user code.
+ }finally{
+ authMap.clear();
+ }
+ }
+ }
+
+ public void authorize(Properties credentials, OperationContext context) {
+
+ if (!StringUtils.isBlank(authzFactoryName)) {
+ CommandAuthZRequest authZRequest = authMap.get(credentials);
+ boolean authorized = authZRequest.authorize(context);
+ if (!authorized)
+ throw new SecurityException(ACCESS_DENIED_MESSAGE);
+ }
+ }
+
+ public void postAuthorize(Properties credentials, OperationContext context) {
+ if (!StringUtils.isBlank(postAuthzFactoryName)) {
+ CommandAuthZRequest authZRequest = authMap.get(credentials);
+ boolean authorized = authZRequest.postAuthorize(context);
+ if (!authorized)
+ throw new SecurityException(ACCESS_DENIED_MESSAGE);
+ }
+
+ }
+
+ private Principal verifyCredentials(String authenticatorMethod, Properties credentials,
+ Properties securityProperties, InternalLogWriter logWriter, InternalLogWriter securityLogWriter,
+ DistributedMember member) throws AuthenticationRequiredException, AuthenticationFailedException {
+
+ Authenticator authenticator = getAuthenticator(authenticatorMethod, securityProperties, logWriter,
+ securityLogWriter);
+ Principal principal;
+
+ try {
+ principal = authenticator.authenticate(credentials, member);
+ } finally {
+ authenticator.close();
+ }
+
+ return principal;
+
+ }
+
+ public class CommandAuthZRequest {
+
+ private Principal principal;
+
+ private AccessControl authzCallback;
+
+ private AccessControl postAuthzCallback;
+
+ private long initTime = System.currentTimeMillis();
+
+ public CommandAuthZRequest(Principal principal) {
+ this.principal = principal;
+ }
+
+ public boolean authorize(OperationContext context) {
+ if (authzCallback != null) {
+ return authzCallback.authorizeOperation(null, context);
+ }
+ return true; // If no AccessControl is set then always return true
+ }
+
+ public boolean postAuthorize(OperationContext context) {
+ if (postAuthzCallback != null) {
+ return postAuthzCallback.authorizeOperation(null, context);
+ }
+ return true; // If no AccessControl is set then always return true
+ }
+
+ public boolean hasExpired(){
+ if(System.currentTimeMillis() - initTime >= EXPIRY_TIME * 60 * 1000){
+ return true;
+ }
+ return false;
+ }
+
+ public void close() {
+ if (authzCallback != null) {
+ authzCallback.close();
+ }
+ if (postAuthzCallback != null) {
+ postAuthzCallback.close();
+ }
+ }
+
+ private CommandAuthZRequest init() {
+ try {
+ if (!StringUtils.isBlank(authzFactoryName)) {
+ Method authzMethod = ClassLoadUtil.methodFromName(authzFactoryName);
+ this.authzCallback = (AccessControl) authzMethod.invoke(null, (Object[]) null);
+ this.authzCallback.init(principal, null, cache);
+ }
+ if (!StringUtils.isBlank(postAuthzFactoryName)) {
+ Method postAuthzMethod = ClassLoadUtil.methodFromName(postAuthzFactoryName);
+ this.postAuthzCallback = (AccessControl) postAuthzMethod.invoke(null, (Object[]) null);
+ this.postAuthzCallback.init(principal, null, cache);
+ }
+ } catch (IllegalAccessException e) {
+ logger.error(e);
+ throw new GemFireConfigException("Error while configuring accesscontrol for rest resource", e);
+ } catch (Exception e) {
+ logger.error(e);
+ throw new GemFireConfigException("Error while configuring accesscontrol for rest resource", e);
+ }
+ return this;
+ }
+
+ public AccessControl getAuthzCallback() {
+ return authzCallback;
+ }
+
+ public AccessControl getPostAuthzCallback() {
+ return postAuthzCallback;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + getOuterType().hashCode();
+ result = prime * result + (int) (initTime ^ (initTime >>> 32));
+ result = prime * result + ((principal == null) ? 0 : principal.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ CommandAuthZRequest other = (CommandAuthZRequest) obj;
+ if (!getOuterType().equals(other.getOuterType()))
+ return false;
+ if (initTime != other.initTime)
+ return false;
+ if (principal == null) {
+ if (other.principal != null)
+ return false;
+ } else if (!principal.equals(other.principal))
+ return false;
+ return true;
+ }
+
+ private AuthManager getOuterType() {
+ return AuthManager.this;
+ }
+
+ }
+
+ public Map<Properties, CommandAuthZRequest> getAuthMap() {
+ return this.authMap;
+ }
+
+}
+
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
index 3b22eec..fecbb4c 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
@@ -386,9 +386,9 @@ public class ManagementAgent {
// Environment map. KIRK: why is this declared as HashMap?
final HashMap<String, Object> env = new HashMap<String, Object>();
- boolean integratedSecEnabled = System.getProperty("resource-authenticator") != null;
+ boolean integratedSecEnabled = isIntegratedSecEnabled();
if (integratedSecEnabled) {
- securityInterceptor = new ManagementInterceptor(logger);
+ securityInterceptor = new ManagementInterceptor((GemFireCacheImpl)CacheFactory.getAnyInstance(), logger);
env.put(JMXConnectorServer.AUTHENTICATOR, securityInterceptor);
} else {
/* Disable the old authenticator mechanism */
@@ -481,6 +481,11 @@ public class ManagementAgent {
// clean.start();
}
+ private boolean isIntegratedSecEnabled() {
+ String authenticatorFactoryName = config.getSecurityClientAuthenticator();
+ return authenticatorFactoryName != null && !authenticatorFactoryName.isEmpty();
+ }
+
private static class GemFireRMIClientSocketFactory implements RMIClientSocketFactory,
Serializable {
private static final long serialVersionUID = -7604285019188827617L;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
index 1ca10cc..72564c3 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
@@ -131,6 +131,8 @@ public final class SystemManagementService extends BaseManagementService {
*/
private List<ProxyListener> proxyListeners;
+ private AuthManager authManager;
+
private UniversalListenerContainer universalListenerContainer = new UniversalListenerContainer();
@@ -180,6 +182,7 @@ public final class SystemManagementService extends BaseManagementService {
this.listener = new ManagementMembershipListener(this);
system.getDistributionManager().addMembershipListener(listener);
isStarted = true;
+ this.authManager = new AuthManager(cache);
return this;
} catch (CancelException e) {
// Rethrow all CancelExceptions (fix for defect 46339)
@@ -272,6 +275,7 @@ public final class SystemManagementService extends BaseManagementService {
if (this.agent != null && this.agent.isRunning()) {
this.agent.stopAgent();
}
+ this.authManager.expireAllAuthZ();
getGemFireCacheImpl().getJmxManagerAdvisor().broadcastChange();
instances.remove(cache);
localManager = null;
@@ -834,4 +838,8 @@ public final class SystemManagementService extends BaseManagementService {
public void removeMembershipListener(MembershipListener listener) {
universalListenerContainer.removeMembershipListener(listener);
}
+
+ public AuthManager getAuthManager(){
+ return this.authManager;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
index e02202a..b205b5c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
@@ -52,6 +52,9 @@ import com.gemstone.gemfire.management.internal.cli.result.CompositeResultData.S
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
*
@@ -67,6 +70,7 @@ public class ClientCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_CLIENTS, help = CliStrings.LIST_CLIENT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_LIST })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result listClient() {
Result result = null;
@@ -150,6 +154,7 @@ public class ClientCommands implements CommandMarker {
@CliCommand(value = CliStrings.DESCRIBE_CLIENT, help = CliStrings.DESCRIBE_CLIENT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_LIST })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result describeClient(
@CliOption(key = CliStrings.DESCRIBE_CLIENT__ID, mandatory = true, help = CliStrings.DESCRIBE_CLIENT__ID__HELP) String clientId) {
Result result = null;
@@ -318,7 +323,7 @@ public class ClientCommands implements CommandMarker {
}
@CliAvailabilityIndicator({ CliStrings.LIST_CLIENTS , CliStrings.DESCRIBE_CLIENT})
- public boolean functionCommandsAvailable() {
+ public boolean clientCommandsAvailable() {
boolean isAvailable = true; // always available on server
if (CliUtil.isGfshVM()) { // in gfsh check if connected
isAvailable = getGfsh() != null && getGfsh().isConnectedAndReady();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
index aa4be81..651630a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
@@ -62,6 +62,9 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/****
*
* @author David Hoots
@@ -80,6 +83,7 @@ public class ConfigCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_CONFIG }, help = CliStrings.DESCRIBE_CONFIG__HELP)
@CliMetaData(shellOnly = false, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result describeConfig(
@CliOption (key = CliStrings.DESCRIBE_CONFIG__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -193,6 +197,7 @@ public class ConfigCommands implements CommandMarker {
*/
@CliCommand(value = { CliStrings.EXPORT_CONFIG }, help = CliStrings.EXPORT_CONFIG__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ConfigCommands$Interceptor", relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.EXPORT_CONFIG)
public Result exportConfig(
@CliOption(key = { CliStrings.EXPORT_CONFIG__MEMBER },
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -248,6 +253,7 @@ public class ConfigCommands implements CommandMarker {
@CliCommand(value = { CliStrings.ALTER_RUNTIME_CONFIG }, help = CliStrings.ALTER_RUNTIME_CONFIG__HELP)
@CliMetaData(relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.ALTER_RUNTIME)
public Result alterRuntimeConfig(
@CliOption (key = {CliStrings.ALTER_RUNTIME_CONFIG__MEMBER},
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
index bf1fdf0..6286bdd 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
@@ -83,6 +83,9 @@ import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.util.RegionPath;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
*
@@ -109,6 +112,7 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
@CliCommand (value = CliStrings.CREATE_REGION, help = CliStrings.CREATE_REGION__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CREATE_REGION)
public Result createRegion(
@CliOption (key = CliStrings.CREATE_REGION__REGION,
mandatory = true,
@@ -437,6 +441,7 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
@CliCommand (value = CliStrings.ALTER_REGION, help = CliStrings.ALTER_REGION__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.ALTER_REGION)
public Result alterRegion(
@CliOption (key = CliStrings.ALTER_REGION__REGION,
mandatory = true,
@@ -995,6 +1000,7 @@ public class CreateAlterDestroyRegionCommands extends AbstractCommandsSupport {
@CliCommand(value = { CliStrings.DESTROY_REGION }, help = CliStrings.DESTROY_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.DESTROY_REGION)
public Result destroyRegion(
@CliOption(key = CliStrings.DESTROY_REGION__REGION,
optionContext = ConverterHint.REGIONPATH,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
index 78f8bd0..35aa445 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
@@ -1017,6 +1017,7 @@ public class DataCommands implements CommandMarker {
@CliMetaData(shellOnly = false, relatedTopic = {
CliStrings.TOPIC_GEMFIRE_DATA, CliStrings.TOPIC_GEMFIRE_REGION })
@CliCommand(value = { CliStrings.GET }, help = CliStrings.GET__HELP)
+ @ResourceOperation(resource = Resource.REGION, operation= ResourceConstants.GET)
public Result get(
@CliOption(key = { CliStrings.GET__KEY }, mandatory = true, help = CliStrings.GET__KEY__HELP) String key,
@CliOption(key = { CliStrings.GET__REGIONNAME }, mandatory = true, help = CliStrings.GET__REGIONNAME__HELP, optionContext = ConverterHint.REGIONPATH) String regionPath,
@@ -1119,6 +1120,7 @@ public class DataCommands implements CommandMarker {
@CliMetaData(shellOnly = false, relatedTopic = {
CliStrings.TOPIC_GEMFIRE_DATA, CliStrings.TOPIC_GEMFIRE_REGION })
@CliCommand(value = { CliStrings.REMOVE }, help = CliStrings.REMOVE__HELP)
+ @ResourceOperation(resource = Resource.REGION, operation= ResourceConstants.REMOVE)
public Result remove(
@CliOption(key = { CliStrings.REMOVE__KEY }, help = CliStrings.REMOVE__KEY__HELP) String key,
@CliOption(key = { CliStrings.REMOVE__REGION }, mandatory = true, help = CliStrings.REMOVE__REGION__HELP, optionContext = ConverterHint.REGIONPATH) String regionPath,
@@ -1173,7 +1175,7 @@ public class DataCommands implements CommandMarker {
CliStrings.TOPIC_GEMFIRE_DATA, CliStrings.TOPIC_GEMFIRE_REGION })
@MultiStepCommand
@CliCommand(value = { CliStrings.QUERY }, help = CliStrings.QUERY__HELP)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.QUERYDATA_DS)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.QUERY)
public Object query(
@CliOption(key = CliStrings.QUERY__QUERY, help = CliStrings.QUERY__QUERY__HELP, mandatory = true) final String query,
@CliOption(key = CliStrings.QUERY__STEPNAME, mandatory = false, help = "Stpe name", unspecifiedDefaultValue = CliStrings.QUERY__STEPNAME__DEFAULTVALUE) String stepName,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
index da9ac8c..23cc687 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
@@ -44,6 +44,10 @@ import com.gemstone.gemfire.management.internal.cli.result.FileResult;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
+
import org.springframework.shell.core.CommandMarker;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
@@ -75,6 +79,7 @@ public final class DeployCommands extends AbstractCommandsSupport implements Com
*/
@CliCommand(value = { CliStrings.DEPLOY }, help = CliStrings.DEPLOY__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.DeployCommands$Interceptor", relatedTopic={CliStrings.TOPIC_GEMFIRE_CONFIG}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.DEPLOY)
public final Result deploy(
@CliOption(key = { CliStrings.DEPLOY__GROUP }, help = CliStrings.DEPLOY__GROUP__HELP, optionContext=ConverterHint.MEMBERGROUP)
@CliMetaData (valueSeparator = ",")
@@ -157,6 +162,7 @@ public final class DeployCommands extends AbstractCommandsSupport implements Com
*/
@CliCommand(value = { CliStrings.UNDEPLOY }, help = CliStrings.UNDEPLOY__HELP)
@CliMetaData(relatedTopic={CliStrings.TOPIC_GEMFIRE_CONFIG}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.UNDEPLOY)
public final Result undeploy(
@CliOption(key = { CliStrings.UNDEPLOY__GROUP },
help = CliStrings.UNDEPLOY__GROUP__HELP,
@@ -227,6 +233,7 @@ public final class DeployCommands extends AbstractCommandsSupport implements Com
*/
@CliCommand(value = { CliStrings.LIST_DEPLOYED }, help = CliStrings.LIST_DEPLOYED__HELP)
@CliMetaData(relatedTopic={CliStrings.TOPIC_GEMFIRE_CONFIG})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public final Result listDeployed(
@CliOption(key = { CliStrings.LIST_DEPLOYED__GROUP },
help = CliStrings.LIST_DEPLOYED__GROUP__HELP)
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
index f724921..a825f97 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
@@ -94,6 +94,9 @@ import com.gemstone.gemfire.management.internal.cli.util.MemberNotFoundException
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
import com.gemstone.gemfire.management.internal.messages.CompactRequest;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* The DiskStoreCommands class encapsulates all GemFire Disk Store commands in Gfsh.
@@ -122,6 +125,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.BACKUP_DISK_STORE, help=CliStrings.BACKUP_DISK_STORE__HELP)
@CliMetaData(relatedTopic={ CliStrings.TOPIC_GEMFIRE_DISKSTORE })
+ @ResourceOperation(resource = Resource.DISKSTORE, operation= ResourceConstants.BACKUP_DISKSTORE)
public Result backupDiskStore(
@CliOption(key=CliStrings.BACKUP_DISK_STORE__DISKDIRS,
@@ -216,6 +220,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.LIST_DISK_STORE, help = CliStrings.LIST_DISK_STORE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
+ @ResourceOperation(resource = Resource.DISKSTORE, operation= ResourceConstants.LIST_DS)
public Result listDiskStore() {
try {
Set<DistributedMember> dataMembers = getNormalMembers(getCache());
@@ -284,7 +289,8 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.CREATE_DISK_STORE, help=CliStrings.CREATE_DISK_STORE__HELP)
@CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE}, writesToSharedConfiguration=true)
- public Result createDiskStore(@CliOption(key=CliStrings.CREATE_DISK_STORE__NAME,
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CREATE_DISKSTORE)
+ public Result createDiskStore(@CliOption(key=CliStrings.CREATE_DISK_STORE__NAME,
mandatory=true,
optionContext = ConverterHint.DISKSTORE_ALL,
help=CliStrings.CREATE_DISK_STORE__NAME__HELP)
@@ -424,7 +430,8 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.COMPACT_DISK_STORE, help=CliStrings.COMPACT_DISK_STORE__HELP)
@CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
- public Result compactDiskStore(@CliOption(key=CliStrings.COMPACT_DISK_STORE__NAME,
+ @ResourceOperation(resource = Resource.DISKSTORE, operation= ResourceConstants.COMPACT_DISKSTORE)
+ public Result compactDiskStore(@CliOption(key=CliStrings.COMPACT_DISK_STORE__NAME,
mandatory=true,
optionContext = ConverterHint.DISKSTORE_ALL,
help=CliStrings.COMPACT_DISK_STORE__NAME__HELP)
@@ -553,6 +560,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.COMPACT_OFFLINE_DISK_STORE, help=CliStrings.COMPACT_OFFLINE_DISK_STORE__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result compactOfflineDiskStore(
@CliOption(key=CliStrings.COMPACT_OFFLINE_DISK_STORE__NAME,
mandatory=true,
@@ -696,6 +704,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.UPGRADE_OFFLINE_DISK_STORE, help=CliStrings.UPGRADE_OFFLINE_DISK_STORE__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result upgradeOfflineDiskStore(
@CliOption(key=CliStrings.UPGRADE_OFFLINE_DISK_STORE__NAME,
mandatory=true,
@@ -865,6 +874,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.DESCRIBE_DISK_STORE, help = CliStrings.DESCRIBE_DISK_STORE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result describeDiskStore(@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__MEMBER, mandatory = true, optionContext = ConverterHint.MEMBERIDNAME, help = CliStrings.DESCRIBE_DISK_STORE__MEMBER__HELP)
final String memberName,
@CliOption(key = CliStrings.DESCRIBE_DISK_STORE__NAME, mandatory = true, optionContext = ConverterHint.DISKSTORE_ALL, help = CliStrings.DESCRIBE_DISK_STORE__NAME__HELP)
@@ -991,6 +1001,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.REVOKE_MISSING_DISK_STORE, help = CliStrings.REVOKE_MISSING_DISK_STORE__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.REVOKE_MISSING_DISKSTORE)
public Result revokeMissingDiskStore(
@CliOption(key = CliStrings.REVOKE_MISSING_DISK_STORE__ID, mandatory = true, help = CliStrings.REVOKE_MISSING_DISK_STORE__ID__HELP)
String id) {
@@ -1017,6 +1028,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.SHOW_MISSING_DISK_STORE, help = CliStrings.SHOW_MISSING_DISK_STORE__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DISKSTORE })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result showMissingDiskStore() {
try {
@@ -1055,6 +1067,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.DESCRIBE_OFFLINE_DISK_STORE, help=CliStrings.DESCRIBE_OFFLINE_DISK_STORE__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result describeOfflineDiskStore(
@CliOption (key=CliStrings.DESCRIBE_OFFLINE_DISK_STORE__DISKSTORENAME,
mandatory=true,
@@ -1103,6 +1116,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.EXPORT_OFFLINE_DISK_STORE, help=CliStrings.EXPORT_OFFLINE_DISK_STORE__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result exportOfflineDiskStore(
@CliOption (key=CliStrings.EXPORT_OFFLINE_DISK_STORE__DISKSTORENAME,
mandatory=true,
@@ -1151,6 +1165,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.VALIDATE_DISK_STORE, help=CliStrings.VALIDATE_DISK_STORE__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_DISKSTORE}) //offline command
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result validateDiskStore(
@CliOption(key=CliStrings.VALIDATE_DISK_STORE__NAME, mandatory=true,
help=CliStrings.VALIDATE_DISK_STORE__NAME__HELP)
@@ -1232,7 +1247,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.ALTER_DISK_STORE, help=CliStrings.ALTER_DISK_STORE__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
-
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result alterOfflineDiskStore(
@CliOption (key=CliStrings.ALTER_DISK_STORE__DISKSTORENAME,
mandatory=true,
@@ -1364,6 +1379,7 @@ public class DiskStoreCommands extends AbstractCommandsSupport {
@CliCommand(value=CliStrings.DESTROY_DISK_STORE, help=CliStrings.DESTROY_DISK_STORE__HELP)
@CliMetaData(shellOnly=false, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.DESTROY_DISKSTORE)
public Result destroyDiskStore(
@CliOption (key=CliStrings.DESTROY_DISK_STORE__NAME,
mandatory=true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
index b844e85..e6de2ec 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
@@ -56,6 +56,9 @@ import com.gemstone.gemfire.management.internal.cli.result.InfoResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.ResultData;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* The DurableClientCommands class encapsulates all GemFire shell (Gfsh) commands related to
@@ -74,6 +77,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.LIST_DURABLE_CQS, help = CliStrings.LIST_DURABLE_CQS__HELP)
@CliMetaData(shellOnly = false)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result listDurableClientCqs(
@CliOption (key = CliStrings.LIST_DURABLE_CQS__DURABLECLIENTID,
mandatory=true,
@@ -150,6 +154,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.COUNT_DURABLE_CQ_EVENTS, help = CliStrings.COUNT_DURABLE_CQ_EVENTS__HELP)
@CliMetaData(shellOnly = false)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result countDurableCqEvents(
@CliOption (key = CliStrings.COUNT_DURABLE_CQ_EVENTS__DURABLE__CLIENT__ID,
mandatory=true,
@@ -201,6 +206,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CLOSE_DURABLE_CLIENTS, help = CliStrings.CLOSE_DURABLE_CLIENTS__HELP)
@CliMetaData(shellOnly = false)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CLOSE_DURABLE_CLIENT)
public Result closeDurableClient(
@CliOption (key = CliStrings.CLOSE_DURABLE_CLIENTS__CLIENT__ID,
mandatory=true,
@@ -239,6 +245,7 @@ public class DurableClientCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CLOSE_DURABLE_CQS, help = CliStrings.CLOSE_DURABLE_CQS__HELP)
@CliMetaData(shellOnly = false)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CLOSE_DURABLE_CQ)
public Result closeDurableCqs(
@CliOption (key = CliStrings.CLOSE_DURABLE_CQS__DURABLE__CLIENT__ID,
mandatory=true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
index 2e8447a..60eea3e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
@@ -43,6 +43,9 @@ import com.gemstone.gemfire.management.internal.cli.result.FileResult;
import com.gemstone.gemfire.management.internal.cli.result.InfoResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
import org.springframework.shell.core.annotation.CliCommand;
@@ -62,6 +65,7 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
@CliCommand(value = { CliStrings.EXPORT_SHARED_CONFIG }, help = CliStrings.EXPORT_SHARED_CONFIG__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ExportInterceptor", readsSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.EXPORT_CONFIG)
public Result exportSharedConfig(
@CliOption(key = { CliStrings.EXPORT_SHARED_CONFIG__FILE},
mandatory = true,
@@ -112,6 +116,7 @@ public class ExportImportSharedConfigurationCommands extends AbstractCommandsSup
@CliCommand(value = { CliStrings.IMPORT_SHARED_CONFIG }, help = CliStrings.IMPORT_SHARED_CONFIG__HELP)
@CliMetaData(interceptor = "com.gemstone.gemfire.management.internal.cli.commands.ExportImportSharedConfigurationCommands$ImportInterceptor", writesToSharedConfiguration=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_CONFIG})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.IMPORT_CONFIG)
@SuppressWarnings("unchecked")
public Result importSharedConfig(
@CliOption(key = { CliStrings.IMPORT_SHARED_CONFIG__ZIP},
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
index 7930e1e..9a61b1b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
@@ -63,6 +63,9 @@ import com.gemstone.gemfire.management.internal.cli.result.ErrorResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* @author David Hoots
@@ -79,6 +82,7 @@ public class FunctionCommands implements CommandMarker {
@CliCommand(value = CliStrings.EXECUTE_FUNCTION, help = CliStrings.EXECUTE_FUNCTION__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_FUNCTION })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.EXECUTE_FUNCTION)
public Result executeFunction(
//TODO: Add optioncontext for functionID
@CliOption(key = CliStrings.EXECUTE_FUNCTION__ID,
@@ -451,6 +455,7 @@ public class FunctionCommands implements CommandMarker {
@CliCommand(value = CliStrings.DESTROY_FUNCTION, help = CliStrings.DESTROY_FUNCTION__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_FUNCTION } ,
interceptor = "com.gemstone.gemfire.management.internal.cli.commands.FunctionCommands$Interceptor")
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.DESTROY_FUNCTION)
//TODO: Add optioncontext for functionId
public Result destroyFunction(
@CliOption(key = CliStrings.DESTROY_FUNCTION__ID,
@@ -574,6 +579,7 @@ public class FunctionCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_FUNCTION, help = CliStrings.LIST_FUNCTION__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_FUNCTION })
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result listFunction(
@CliOption(key = CliStrings.LIST_FUNCTION__MATCHES,
help = CliStrings.LIST_FUNCTION__MATCHES__HELP)String matches,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java
index 24fd117..d946ffb 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java
@@ -35,6 +35,9 @@ import com.gemstone.gemfire.management.internal.cli.result.CompositeResultData;
import com.gemstone.gemfire.management.internal.cli.result.CompositeResultData.SectionResultData;
import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.shell.Gfsh;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
*
@@ -51,6 +54,7 @@ public class GfshHelpCommands implements CommandMarker{
@CliCommand(value = CliStrings.HELP, help = CliStrings.HELP__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_HELP})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result obtainHelp(
@CliArgument(name = CliStrings.HELP__COMMAND,
argumentContext = CliStrings.PARAM_CONTEXT_HELP,
@@ -63,6 +67,7 @@ public class GfshHelpCommands implements CommandMarker{
@CliCommand(value = CliStrings.HINT, help = CliStrings.HINT__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_HELP})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result hint(
@CliArgument(name = CliStrings.HINT__TOPICNAME,
argumentContext = ConverterHint.HINTTOPIC,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/19a8f0a7/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
index df09580..1accf21 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
@@ -61,6 +61,9 @@ import com.gemstone.gemfire.management.internal.cli.result.ResultBuilder;
import com.gemstone.gemfire.management.internal.cli.result.TabularResultData;
import com.gemstone.gemfire.management.internal.configuration.SharedConfigurationWriter;
import com.gemstone.gemfire.management.internal.configuration.domain.XmlEntity;
+import com.gemstone.gemfire.management.internal.security.Resource;
+import com.gemstone.gemfire.management.internal.security.ResourceConstants;
+import com.gemstone.gemfire.management.internal.security.ResourceOperation;
/**
* The IndexCommands class encapsulates all GemFire shell (Gfsh) commands related to indexes defined in GemFire.
@@ -87,6 +90,7 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.LIST_INDEX, help = CliStrings.LIST_INDEX__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA})
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.LIST_DS)
public Result listIndex(@CliOption(key = CliStrings.LIST_INDEX__STATS,
mandatory = false,
specifiedDefaultValue = "true",
@@ -170,6 +174,7 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CREATE_INDEX, help = CliStrings.CREATE_INDEX__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CREATE_INDEX)
//TODO : Add optionContext for indexName
public Result createIndex(
@CliOption (key = CliStrings.CREATE_INDEX__NAME,
@@ -319,7 +324,8 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.DESTROY_INDEX, help = CliStrings.DESTROY_INDEX__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
- //TODO : Add optioncontext for the index name.
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.DESTROY_INDEX)
+ //TODO : Add optioncontext for the index name.
public Result destroyIndex(
@CliOption(
key = CliStrings.DESTROY_INDEX__NAME,
@@ -455,6 +461,7 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.DEFINE_INDEX, help = CliStrings.DEFINE_INDEX__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CREATE_INDEX)
//TODO : Add optionContext for indexName
public Result defineIndex(
@CliOption (key = CliStrings.DEFINE_INDEX_NAME,
@@ -523,6 +530,7 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CREATE_DEFINED_INDEXES, help = CliStrings.CREATE_DEFINED__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CREATE_INDEX)
//TODO : Add optionContext for indexName
public Result createDefinedIndexes(
@@ -623,6 +631,7 @@ public class IndexCommands extends AbstractCommandsSupport {
@CliCommand(value = CliStrings.CLEAR_DEFINED_INDEXES, help = CliStrings.CLEAR_DEFINED__HELP)
@CliMetaData(shellOnly = false, relatedTopic={CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_DATA}, writesToSharedConfiguration=true)
+ @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= ResourceConstants.CREATE_INDEX)
//TODO : Add optionContext for indexName
public Result clearDefinedIndexes() {
indexDefinitions.clear();