You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ja...@apache.org on 2017/09/28 21:32:42 UTC
[geode] branch feature/GEODE-3247 updated (68b764a -> e6a5394)
This is an automated email from the ASF dual-hosted git repository.
jasonhuynh pushed a change to branch feature/GEODE-3247
in repository https://gitbox.apache.org/repos/asf/geode.git.
discard 68b764a GEODE-3247: MethodInvocationAuthorizer is created at start up
new e6a5394 GEODE-3247: MethodInvocationAuthorizer is created at start up
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (68b764a)
\
N -- N -- N refs/heads/feature/GEODE-3247 (e6a5394)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../geode/cache/query/internal/AttributeDescriptor.java | 5 +----
.../apache/geode/cache/query/internal/CompiledSelect.java | 15 ++-------------
2 files changed, 3 insertions(+), 17 deletions(-)
--
To stop receiving notification emails like this one, please contact
['"commits@geode.apache.org" <co...@geode.apache.org>'].
[geode] 01/01: GEODE-3247: MethodInvocationAuthorizer is created at
start up
Posted by ja...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jasonhuynh pushed a commit to branch feature/GEODE-3247
in repository https://gitbox.apache.org/repos/asf/geode.git
commit e6a5394d5c35d04d4f7a59d45ef162c20a91aac5
Author: Jason Huynh <hu...@gmail.com>
AuthorDate: Mon Sep 25 16:04:23 2017 -0700
GEODE-3247: MethodInvocationAuthorizer is created at start up
* MethodInvocationAuthorizer can now be passed down from InternalCache
* Broke apart new tests into smaller files and removed complex query maps from UserPerms
* Modified Customer Test Object for Rest Security tests
---
.../rest/internal/web/controllers/Customer.java | 2 +-
.../cache/query/internal/AttributeDescriptor.java | 17 +-
.../cache/query/internal/CompiledIteratorDef.java | 1 -
.../cache/query/internal/CompiledOperation.java | 5 +-
.../geode/cache/query/internal/CompiledSelect.java | 15 +-
.../geode/cache/query/internal/DefaultQuery.java | 2 -
.../cache/query/internal/DefaultQueryService.java | 21 +-
.../query/internal/InternalQueryService.java} | 18 +-
.../geode/cache/query/internal/MethodDispatch.java | 11 +-
.../query/internal/MethodInvocationAuthorizer.java | 138 +-
.../geode/cache/query/internal/PathUtils.java | 14 +-
.../RestrictedMethodInvocationAuthorizer.java | 135 ++
.../cache/query/internal/RuntimeIterator.java | 5 +-
.../geode/internal/cache/GemFireCacheImpl.java | 9 +-
.../apache/geode/internal/cache/InternalCache.java | 3 +
.../internal/cache/xmlcache/CacheCreation.java | 10 +-
.../RestrictedMethodInvocationAuthorizerTest.java} | 109 +-
...ServerBridgeClientMembershipRegressionTest.java | 3 +-
.../apache/geode/security/SecurityTestUtil.java | 5 -
.../security/query/IndexSecurityDUnitTest.java | 114 +-
...java => PartitionedIndexSecurityDUnitTest.java} | 5 +-
...ionedQuerySecurityAllowedQueriesDUnitTest.java} | 9 +-
...edQuerySecurityRestrictedQueriesDUnitTest.java} | 9 +-
...ionedQuerySecurityAllowedQueriesDUnitTest.java} | 7 +-
.../PdxQuerySecurityAllowedQueriesDUnitTest.java | 74 +
.../security/query/PdxQuerySecurityDUnitTest.java | 125 --
...PdxQuerySecurityRestrictedQueriesDUnitTest.java | 80 +
.../QuerySecurityAllowedQueriesDUnitTest.java | 255 ++++
...curityAuthorizedUserBindParameterDUnitTest.java | 53 +
.../geode/security/query/QuerySecurityBase.java | 161 ++-
.../security/query/QuerySecurityDUnitTest.java | 1525 --------------------
.../QuerySecurityRestrictedQueriesDUnitTest.java | 318 ++++
...rityUnauthorizedUserBindParameterDUnitTest.java | 76 +
.../geode/security/query/UserPermissions.java | 423 +-----
.../security/query/data/PdxQueryTestObject.java | 73 +
.../geode/security/query/data/QueryTestObject.java | 65 +
.../dunit/CqSecurityAuthorizedUserDUnitTest.java | 267 ++++
.../cache/query/cq/dunit/CqSecurityDUnitTest.java | 424 ------
...SecurityPartitionedAuthorizedUserDUnitTest.java | 65 +
.../cq/dunit/CqSecurityPartitionedDUnitTest.java | 98 --
...curityPartitionedUnauthorizedUserDUnitTest.java | 21 +-
.../dunit/CqSecurityUnauthorizedUserDUnitTest.java | 215 +++
.../geode/security/ClientQueryAuthDUnitTest.java | 151 +-
43 files changed, 1993 insertions(+), 3143 deletions(-)
diff --git a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
index 9732aa0..c2dacbf 100644
--- a/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
+++ b/geode-assembly/src/test/java/org/apache/geode/rest/internal/web/controllers/Customer.java
@@ -31,7 +31,7 @@ import java.io.Serializable;
public class Customer implements Serializable {
@JsonProperty("id")
- private Long customerId;
+ public Long customerId;
private String firstName;
private String lastName;
@JsonProperty("ssn")
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
index cc54db8..8bef658 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/AttributeDescriptor.java
@@ -35,7 +35,6 @@ import org.apache.geode.cache.query.QueryService;
import org.apache.geode.cache.query.types.ObjectType;
import org.apache.geode.internal.cache.Token;
import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.pdx.JSONFormatter;
import org.apache.geode.pdx.PdxInstance;
import org.apache.geode.pdx.PdxSerializationException;
@@ -51,16 +50,15 @@ import org.apache.geode.pdx.internal.PdxInstanceImpl;
public class AttributeDescriptor {
private final String _name;
- private final SecurityService _securityService;
+ private final MethodInvocationAuthorizer _methodInvocationAuthorizer;
/** cache for remembering the correct Member for a class and attribute */
- // DAVID/JASON should this be ConcurrentHashMap or ConcurrentMap? (is there a difference?)
private static final ConcurrentMap _local_field_cache = new ConcurrentHashMap();
private static final ConcurrentMap _local_method_cache = new ConcurrentHashMap();
- public AttributeDescriptor(SecurityService securityService, String name) {
- _securityService = securityService;
+ public AttributeDescriptor(MethodInvocationAuthorizer methodInvocationAuthorizer, String name) {
+ _methodInvocationAuthorizer = methodInvocationAuthorizer;
_name = name;
}
@@ -99,11 +97,10 @@ public class AttributeDescriptor {
Class resolutionClass = target.getClass();
Member m = getReadMember(resolutionClass);
- System.out.println("JASON found m:" + m.getName());
try {
if (m instanceof Method) {
try {
- MethodInvocationAuthorizer.authorizeFunctionInvocation(_securityService, m, target);
+ _methodInvocationAuthorizer.authorizeMethodInvocation((Method) m, target);
return ((Method) m).invoke(target, (Object[]) null);
} catch (EntryDestroyedException e) {
// eat the Exception
@@ -163,7 +160,6 @@ public class AttributeDescriptor {
m = (Member) _local_method_cache.get(key);
if (m != null) {
- MethodInvocationAuthorizer.authorizeFunctionInvocation(m);
return m;
}
}
@@ -188,7 +184,6 @@ public class AttributeDescriptor {
}
-
private Field getReadField(Class targetType) {
try {
return targetType.getField(_name);
@@ -215,9 +210,7 @@ public class AttributeDescriptor {
private Method getReadMethod(Class targetType, String methodName) {
try {
- Method m = targetType.getMethod(methodName, (Class[]) null);
- MethodInvocationAuthorizer.authorizeFunctionInvocation(m);
- return m;
+ return targetType.getMethod(methodName, (Class[]) null);
} catch (NoSuchMethodException e) {
updateClassToMethodsMap(targetType.getCanonicalName(), _name);
return null;
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
index c1c9140..872614d 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledIteratorDef.java
@@ -119,7 +119,6 @@ public class CompiledIteratorDef extends AbstractCompiledValue {
} catch (RegionNotFoundException re) {
throw re;
} catch (Exception e) {
- logger.info("JASON:", e);
if (logger.isDebugEnabled()) {
logger.debug("Exception while getting runtime iterator.", e);
}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
index 3f0934d..0e5bd14 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledOperation.java
@@ -258,8 +258,9 @@ public class CompiledOperation extends AbstractCompiledValue {
methodDispatch = (MethodDispatch) CompiledOperation.cache.get(key);
if (methodDispatch == null) {
try {
- methodDispatch = new MethodDispatch(context.getCache().getSecurityService(), resolutionType,
- this.methodName, argTypes);
+ methodDispatch =
+ new MethodDispatch(context.getCache().getQueryService().getMethodInvocationAuthorizer(),
+ resolutionType, this.methodName, argTypes);
} catch (NameResolutionException nre) {
if (!org.apache.geode.cache.query.Struct.class.isAssignableFrom(resolutionType)
&& (DefaultQueryService.QUERY_HETEROGENEOUS_OBJECTS
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
index 30bda63..3ab90aa 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/CompiledSelect.java
@@ -1116,19 +1116,8 @@ public class CompiledSelect extends AbstractCompiledValue {
List pathOnItr = cv.getPathOnIterator(rit, context);
if (pathOnItr != null) {
String path[] = (String[]) pathOnItr.toArray(new String[pathOnItr.size()]);
- try {
- ObjectType ot[] = PathUtils.calculateTypesAlongPath(context, rit.getElementType(), path);
- retType = ot[ot.length - 1];
- } catch (NotAuthorizedException e) {
- // When preparing result sets/ transform object types are unknown meaning all calls to
- // fields, getters, etc. fall through to method invocation. The query itself may not need
- // to do method invocation but because everything is falling through the user must be
- // authorized for method invocation (DATA:MANAGE and CLUSTER:MANAGE). To execute a query
- // without method invocation requires (DATA:READ). Because the code is unable to determine
- // if we truly need the higher authorizations, we should continue until a true method
- // invocation is required. This code does not actually invoke() the method and instead is
- // using the method object to check class types.
- }
+ ObjectType ot[] = PathUtils.calculateTypesAlongPath(context, rit.getElementType(), path);
+ retType = ot[ot.length - 1];
}
} catch (NameNotFoundException ignore) {
// Unable to determine the type Of attribute.It will default to
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
index 39886bb..c242d89 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQuery.java
@@ -86,8 +86,6 @@ public class DefaultQuery implements Query {
public static boolean QUERY_VERBOSE =
Boolean.getBoolean(DistributionConfig.GEMFIRE_PREFIX + "Query.VERBOSE");
- public static boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.getBoolean(DistributionConfig.GEMFIRE_PREFIX + "Query.allowUntrustedMethodInvocation");
-
/**
* System property to cleanup the compiled query. The compiled query will be removed if it is not
* used for more than the set value. By default its set to 10 minutes, the time is set in
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
index e3b2449..8fc1c9e 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/DefaultQueryService.java
@@ -39,13 +39,14 @@ import org.apache.geode.internal.logging.LogService;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.logging.log4j.Logger;
+import java.lang.reflect.Method;
import java.util.*;
import java.util.Map.Entry;
/**
* @version $Revision: 1.2 $
*/
-public class DefaultQueryService implements QueryService {
+public class DefaultQueryService implements InternalQueryService {
private static final Logger logger = LogService.getLogger();
/**
@@ -62,22 +63,37 @@ public class DefaultQueryService implements QueryService {
DistributionConfig.GEMFIRE_PREFIX + "QueryService.CopyOnReadAtEntryLevel", "false"))
.booleanValue();
+ public static boolean ALLOW_UNTRUSTED_METHOD_INVOCATION = Boolean.getBoolean(
+ DistributionConfig.GEMFIRE_PREFIX + "QueryService.allowUntrustedMethodInvocation");
+
/** Test purpose only */
public static boolean TEST_QUERY_HETEROGENEOUS_OBJECTS = false;
private final InternalCache cache;
+ private final MethodInvocationAuthorizer methodInvocationAuthorizer;
+
private InternalPool pool;
private Map<Region, HashSet<IndexCreationData>> indexDefinitions =
Collections.synchronizedMap(new HashMap<Region, HashSet<IndexCreationData>>());
+
public DefaultQueryService(InternalCache cache) {
if (cache == null)
throw new IllegalArgumentException(
LocalizedStrings.DefaultQueryService_CACHE_MUST_NOT_BE_NULL.toLocalizedString());
this.cache = cache;
+ if (!cache.getSecurityService().isIntegratedSecurity() || ALLOW_UNTRUSTED_METHOD_INVOCATION) {
+ // A no-op authorizer, allow method invocation
+ this.methodInvocationAuthorizer = ((Method m, Object t) -> {
+ });
+ } else {
+ this.methodInvocationAuthorizer =
+ new RestrictedMethodInvocationAuthorizer(cache.getSecurityService());
+
+ }
}
/**
@@ -950,4 +966,7 @@ public class DefaultQueryService implements QueryService {
return pool;
}
+ public MethodInvocationAuthorizer getMethodInvocationAuthorizer() {
+ return methodInvocationAuthorizer;
+ }
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
similarity index 57%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
index 4d81034..2fd462e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/InternalQueryService.java
@@ -12,21 +12,11 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.security.query;
+package org.apache.geode.cache.query.internal;
-import junitparams.JUnitParamsRunner;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
+import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
- public RegionShortcut getRegionType() {
- return RegionShortcut.PARTITION;
- }
+public interface InternalQueryService extends QueryService {
+ MethodInvocationAuthorizer getMethodInvocationAuthorizer();
}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
index 61bae00..7b5e65c 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodDispatch.java
@@ -30,7 +30,6 @@ import org.apache.geode.cache.query.NameResolutionException;
import org.apache.geode.cache.query.QueryInvocationTargetException;
import org.apache.geode.cache.query.internal.types.TypeUtils;
import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
/**
@@ -44,14 +43,14 @@ public class MethodDispatch {
private String _methodName;
private Class[] _argTypes;
private Method _method; // remember the right method
- private SecurityService _securityService;
+ private MethodInvocationAuthorizer _methodInvocationAuthorizer;
- public MethodDispatch(SecurityService securityService, Class targetClass, String methodName,
- List argTypes) throws NameResolutionException {
+ public MethodDispatch(MethodInvocationAuthorizer methodInvocationAuthorizer, Class targetClass,
+ String methodName, List argTypes) throws NameResolutionException {
_targetClass = targetClass;
_methodName = methodName;
_argTypes = (Class[]) argTypes.toArray(new Class[argTypes.size()]);
- _securityService = securityService;
+ _methodInvocationAuthorizer = methodInvocationAuthorizer;
resolve();
// override security in case this is a method on a nonpublic class
@@ -64,7 +63,7 @@ public class MethodDispatch {
Object[] argsArray = args.toArray();
try {
- MethodInvocationAuthorizer.authorizeFunctionInvocation(_securityService, _method, target);
+ _methodInvocationAuthorizer.authorizeMethodInvocation(_method, target);
return _method.invoke(target, argsArray);
} catch (IllegalAccessException e) {
throw new NameNotFoundException(
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
index d5f8cbe..412c2d5 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/MethodInvocationAuthorizer.java
@@ -14,140 +14,8 @@
*/
package org.apache.geode.cache.query.internal;
-import java.lang.reflect.Member;
-import java.math.BigDecimal;
-import java.math.BigInteger;
-import java.security.Security;
-import java.sql.Timestamp;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.atomic.AtomicLong;
+import java.lang.reflect.Method;
-import org.apache.geode.cache.Region;
-import org.apache.geode.cache.query.internal.index.DummyQRegion;
-import org.apache.geode.internal.cache.EntrySnapshot;
-import org.apache.geode.internal.cache.LocalRegion;
-import org.apache.geode.internal.cache.PartitionedRegion;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.security.ResourcePermission;
-
-public class MethodInvocationAuthorizer {
-
- public static final String UNAUTHORIZED_STRING = "Unauthorized access to method: ";
- // List of methods that can be invoked by
- public static final Set<String> whiteListedMethods = new HashSet<>();
- public static final HashMap<String, Set> whiteListedClassMethods = new HashMap<>();
- static {
- whiteListedMethods.add("toString");
- whiteListedMethods.add("equals");
- whiteListedMethods.add("compareTo");
-
- Set<String> booleanMethods = new HashSet<>();
- booleanMethods.add("booleanValue");
- whiteListedClassMethods.put(Boolean.class.getName(), booleanMethods);
-
- Set<String> numberMethods = new HashSet<>();
- numberMethods.add("byteValue");
- numberMethods.add("doubleValue");
- numberMethods.add("intValue");
- numberMethods.add("floatValue");
- numberMethods.add("longValue");
- numberMethods.add("shortValue");
- whiteListedClassMethods.put(Byte.class.getName(), numberMethods);
- whiteListedClassMethods.put(Double.class.getName(), numberMethods);
- whiteListedClassMethods.put(Float.class.getName(), numberMethods);
- whiteListedClassMethods.put(Integer.class.getName(), numberMethods);
- whiteListedClassMethods.put(Short.class.getName(), numberMethods);
- whiteListedClassMethods.put(Number.class.getName(), numberMethods);
- whiteListedClassMethods.put(BigDecimal.class.getName(), numberMethods);
- whiteListedClassMethods.put(BigInteger.class.getName(), numberMethods);
- whiteListedClassMethods.put(AtomicInteger.class.getName(), numberMethods);
- whiteListedClassMethods.put(AtomicLong.class.getName(), numberMethods);
-
- Set<String> dateMethods = new HashSet<>();
- dateMethods.add("after");
- dateMethods.add("before");
- whiteListedClassMethods.put(Date.class.getName(), dateMethods);
-
- Set<String> timestampMethods = new HashSet<>();
- timestampMethods.add("after");
- timestampMethods.add("before");
- timestampMethods.add("getNanos");
- timestampMethods.add("getTime");
- whiteListedClassMethods.put(Timestamp.class.getName(), timestampMethods);
-
- Set<String> mapMethods = new HashSet<>();
- mapMethods.add("entrySet");
- mapMethods.add("keySet");
- mapMethods.add("values");
- mapMethods.add("getEntries");
- mapMethods.add("getValues");
- mapMethods.add("containsKey");
- whiteListedClassMethods.put(QRegion.class.getName(), mapMethods);
- whiteListedClassMethods.put(DummyQRegion.class.getName(), mapMethods);
- whiteListedClassMethods.put(PartitionedRegion.class.getName(), mapMethods);
-
- Set<String> mapEntryMethods = new HashSet<>();
- mapEntryMethods.add("getKey");
- mapEntryMethods.add("getValue");
- whiteListedClassMethods.put(Map.Entry.class.getName(), mapEntryMethods);
- whiteListedClassMethods.put(LocalRegion.NonTXEntry.class.getName(), mapEntryMethods);
- whiteListedClassMethods.put(EntrySnapshot.class.getName(), mapEntryMethods);
-
- Set<String> stringMethods = new HashSet<>();
- stringMethods.add("toString");
- stringMethods.add("toLowerCase");
- stringMethods.add("toUpperCase");
- whiteListedClassMethods.put(String.class.getName(), stringMethods);
-
- Set<String> localRegionMethods = new HashSet<>();
- localRegionMethods.add("values");
- whiteListedClassMethods.put(LocalRegion.class.getName(), localRegionMethods);
- }
-
- public MethodInvocationAuthorizer() {
-
- }
-
- public static boolean isWhitelisted(Member method) {
- return isWhitelisted(method.getDeclaringClass().getName(), method.getName());
- }
-
- public static void allowedRegionAccess(SecurityService securityService, Member method,
- Object target) {
- if (target instanceof Region) {
- String regionName = ((Region) target).getName();
- securityService.authorize(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ, regionName);
- }
- }
-
- public static boolean isWhitelisted(String className, String methodName) {
- if (DefaultQuery.ALLOW_UNTRUSTED_METHOD_INVOCATION || whiteListedMethods.contains((methodName))) {
- return true;
- }
-
- Set whiteListedMethods = whiteListedClassMethods.get(className);
- if (whiteListedMethods != null) {
- return whiteListedMethods.contains(methodName);
- }
- return false;
- }
- public static void authorizeFunctionInvocation(Member method) {
- if (!isWhitelisted(method) ) {
- throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
- }
- }
-
- public static void authorizeFunctionInvocation(SecurityService securityService, Member method, Object target) {
- if (!isWhitelisted(method)) {
- throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
- }
- allowedRegionAccess(securityService, method, target);
- }
+public interface MethodInvocationAuthorizer {
+ void authorizeMethodInvocation(Method method, Object target);
}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
index aecf5d2..4c7141f 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/PathUtils.java
@@ -72,8 +72,9 @@ public class PathUtils {
}
}
try {
- return new AttributeDescriptor(context.getCache().getSecurityService(), attribute)
- .read(target);
+ return new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), attribute)
+ .read(target);
} catch (NameNotFoundException nfe) {
if (DefaultQueryService.QUERY_HETEROGENEOUS_OBJECTS
|| DefaultQueryService.TEST_QUERY_HETEROGENEOUS_OBJECTS) {
@@ -111,8 +112,8 @@ public class PathUtils {
for (int i = 1; i < types.length; i++) {
ObjectType currentType = types[i - 1];
- Member member =
- new AttributeDescriptor(context.getCache().getSecurityService(), pathArray[i - 1])
+ Member member = new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), pathArray[i - 1])
.getReadMember(currentType);
if (member instanceof Field)
@@ -169,8 +170,9 @@ public class PathUtils {
stepStr = stepStr.substring(0, stepStr.length() - 2);
member = clazz.getMethod(stepStr, (Class[]) null);
} else {
- member = new AttributeDescriptor(context.getCache().getSecurityService(), stepStr)
- .getReadMember(clazz);
+ member = new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), stepStr)
+ .getReadMember(clazz);
}
if (member instanceof Field) {
clazz = ((Field) member).getType();
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
new file mode 100644
index 0000000..e97fe34
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizer.java
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.internal;
+
+import java.lang.reflect.Member;
+import java.lang.reflect.Method;
+import java.math.BigDecimal;
+import java.math.BigInteger;
+import java.sql.Timestamp;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.concurrent.atomic.AtomicLong;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.query.internal.index.DummyQRegion;
+import org.apache.geode.internal.cache.EntrySnapshot;
+import org.apache.geode.internal.cache.LocalRegion;
+import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission;
+
+public class RestrictedMethodInvocationAuthorizer implements MethodInvocationAuthorizer {
+
+ public static final String UNAUTHORIZED_STRING = "Unauthorized access to method: ";
+
+ private SecurityService securityService;
+
+ // List of methods that can be invoked by
+ private final HashMap<String, Set> whiteListedMethodsToClass;
+
+
+ public RestrictedMethodInvocationAuthorizer(SecurityService securityService) {
+ this.securityService = securityService;
+ whiteListedMethodsToClass = createWhiteList();
+ }
+
+ private HashMap<String, Set> createWhiteList() {
+ HashMap<String, Set> whiteListMap = new HashMap();
+ Set<Class> objectCallers = new HashSet();
+ objectCallers.add(Object.class);
+ whiteListMap.put("toString", objectCallers);
+ whiteListMap.put("equals", objectCallers);
+ whiteListMap.put("compareTo", objectCallers);
+
+ Set<Class> booleanCallers = new HashSet();
+ booleanCallers.add(Boolean.class);
+ whiteListMap.put("booleanValue", booleanCallers);
+
+ Set<Class> numericCallers = new HashSet();
+ numericCallers.add(Number.class);
+ whiteListMap.put("byteValue", numericCallers);
+ whiteListMap.put("intValue", numericCallers);
+ whiteListMap.put("doubleValue", numericCallers);
+ whiteListMap.put("floatValue", numericCallers);
+ whiteListMap.put("longValue", numericCallers);
+ whiteListMap.put("shortValue", numericCallers);
+
+ Set<Class> mapCallers = new HashSet();
+ mapCallers.add(Collection.class);
+ mapCallers.add(Map.class);
+ whiteListMap.put("entrySet", mapCallers);
+ whiteListMap.put("keySet", mapCallers);
+ whiteListMap.put("values", mapCallers);
+ whiteListMap.put("getEntries", mapCallers);
+ whiteListMap.put("getValues", mapCallers);
+ whiteListMap.put("containsKey", mapCallers);
+
+ Set<Class> mapEntryCallers = new HashSet();
+ mapEntryCallers.add(Map.Entry.class);
+ whiteListMap.put("getKey", mapEntryCallers);
+ whiteListMap.put("getValue", mapEntryCallers);
+
+ Set<Class> dateCallers = new HashSet<>();
+ dateCallers.add(Date.class);
+ whiteListMap.put("after", dateCallers);
+ whiteListMap.put("before", dateCallers);
+ whiteListMap.put("getNanos", dateCallers);
+ whiteListMap.put("getTime", dateCallers);
+
+ Set<Class> stringCallers = new HashSet<>();
+ stringCallers.add(String.class);
+ whiteListMap.put("toLowerCase", stringCallers);
+ whiteListMap.put("toUpperCase", stringCallers);
+ return whiteListMap;
+ }
+
+ boolean isWhitelisted(Method method) {
+ String methodName = method.getName();
+
+ Set<Class> allowedClasses = whiteListedMethodsToClass.get(methodName);
+ if (allowedClasses == null) {
+ return false;
+ }
+ for (Class clazz : allowedClasses) {
+ if (clazz.isAssignableFrom(method.getDeclaringClass())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public void authorizeMethodInvocation(Method method, Object target) {
+ if (!isWhitelisted(method)) {
+ throw new NotAuthorizedException(UNAUTHORIZED_STRING + method.getName());
+ }
+ authorizeRegionAccess(securityService, target);
+ }
+
+ private void authorizeRegionAccess(SecurityService securityService, Object target) {
+ if (target instanceof Region) {
+ String regionName = ((Region) target).getName();
+ securityService.authorize(ResourcePermission.Resource.DATA, ResourcePermission.Operation.READ,
+ regionName);
+ }
+ }
+}
diff --git a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
index 23d470c..3373b96 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/query/internal/RuntimeIterator.java
@@ -198,8 +198,9 @@ public class RuntimeIterator extends AbstractCompiledValue {
// if there are zero arguments and it's an attribute, then defer to
// AttributeDescriptor
// to see if there's a match
- return new AttributeDescriptor(context.getCache().getSecurityService(), name)
- .validateReadType(clazz);
+ return new AttributeDescriptor(
+ context.getCache().getQueryService().getMethodInvocationAuthorizer(), name)
+ .validateReadType(clazz);
}
// private SelectResults prepareIteratorDef(Object obj)
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
index c5b5d01..e2975ea 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/GemFireCacheImpl.java
@@ -79,6 +79,9 @@ import com.sun.jna.Platform;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.Logger;
+import org.apache.geode.cache.query.internal.InternalQueryService;
+import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
+import org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer;
import org.apache.geode.internal.cache.event.EventTrackerExpiryTask;
import org.apache.geode.internal.cache.wan.GatewaySenderQueueEntrySynchronizationListener;
import org.apache.geode.internal.security.SecurityServiceFactory;
@@ -177,7 +180,6 @@ import org.apache.geode.internal.SystemTimer;
import org.apache.geode.internal.cache.control.InternalResourceManager;
import org.apache.geode.internal.cache.control.InternalResourceManager.ResourceType;
import org.apache.geode.internal.cache.control.ResourceAdvisor;
-import org.apache.geode.internal.cache.event.EventTrackerExpiryTask;
import org.apache.geode.internal.cache.execute.util.FindRestEnabledServersFunction;
import org.apache.geode.internal.cache.extension.Extensible;
import org.apache.geode.internal.cache.extension.ExtensionPoint;
@@ -215,7 +217,6 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.offheap.MemoryAllocator;
import org.apache.geode.internal.security.SecurityService;
-import org.apache.geode.internal.security.SecurityServiceFactory;
import org.apache.geode.internal.sequencelog.SequenceLoggerImpl;
import org.apache.geode.internal.tcp.ConnectionTable;
import org.apache.geode.internal.util.concurrent.FutureResult;
@@ -4192,7 +4193,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
}
@Override
- public QueryService getQueryService() {
+ public InternalQueryService getQueryService() {
if (!isClient()) {
return new DefaultQueryService(this);
}
@@ -4201,7 +4202,7 @@ public class GemFireCacheImpl implements InternalCache, InternalClientCache, Has
throw new IllegalStateException(
"Client cache does not have a default pool. Use getQueryService(String poolName) instead.");
}
- return defaultPool.getQueryService();
+ return (InternalQueryService) defaultPool.getQueryService();
}
@Override
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
index 66bc44a..5ef8fcd 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/InternalCache.java
@@ -39,6 +39,7 @@ import org.apache.geode.cache.asyncqueue.AsyncEventQueue;
import org.apache.geode.cache.asyncqueue.internal.AsyncEventQueueImpl;
import org.apache.geode.cache.client.internal.ClientMetadataService;
import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.internal.InternalQueryService;
import org.apache.geode.cache.query.internal.QueryMonitor;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.cache.server.CacheServer;
@@ -320,4 +321,6 @@ public interface InternalCache extends Cache, Extensible<Cache>, CacheTime {
void invokeRegionEntrySynchronizationListenersAfterSynchronization(
InternalDistributedMember sender, LocalRegion region,
List<InitialImageOperation.Entry> entriesToSynchronize);
+
+ InternalQueryService getQueryService();
}
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
index 9c80ce1..3cd1971 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/xmlcache/CacheCreation.java
@@ -58,6 +58,8 @@ import org.apache.geode.cache.query.Query;
import org.apache.geode.cache.query.QueryInvalidException;
import org.apache.geode.cache.query.QueryService;
import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.cache.query.internal.InternalQueryService;
+import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
import org.apache.geode.cache.query.internal.QueryMonitor;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.cache.server.CacheServer;
@@ -943,7 +945,7 @@ public class CacheCreation implements InternalCache {
}
@Override
- public QueryService getQueryService() {
+ public InternalQueryService getQueryService() {
return this.queryService;
}
@@ -1735,7 +1737,7 @@ public class CacheCreation implements InternalCache {
return null;
}
- private final QueryService queryService = new QueryService() {
+ private final InternalQueryService queryService = new InternalQueryService() {
private final Map<String, List<Index>> indexes = new HashMap<>();
@@ -1958,6 +1960,10 @@ public class CacheCreation implements InternalCache {
throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
}
+ @Override
+ public MethodInvocationAuthorizer getMethodInvocationAuthorizer() {
+ throw new UnsupportedOperationException(LocalizedStrings.SHOULDNT_INVOKE.toLocalizedString());
+ }
};
@Override
diff --git a/geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
similarity index 59%
rename from geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java
rename to geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
index 490cf2c..45ddf27 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/MethodInvocationAuthorizerTest.java
+++ b/geode-core/src/test/java/org/apache/geode/cache/query/internal/RestrictedMethodInvocationAuthorizerTest.java
@@ -1,6 +1,21 @@
-package org.apache.geode.internal;
-
-
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.internal;
+
+
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.lang.reflect.Method;
@@ -13,129 +28,139 @@ import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import org.junit.Test;
+import org.junit.experimental.categories.Category;
-import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
-import org.apache.geode.cache.query.internal.QRegion;
import org.apache.geode.cache.query.internal.index.DummyQRegion;
import org.apache.geode.internal.cache.EntrySnapshot;
import org.apache.geode.internal.cache.LocalRegion;
import org.apache.geode.internal.cache.PartitionedRegion;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category({UnitTest.class, SecurityTest.class})
+public class RestrictedMethodInvocationAuthorizerTest {
+ RestrictedMethodInvocationAuthorizer methodInvocationAuthorizer =
+ new RestrictedMethodInvocationAuthorizer(null);
-public class MethodInvocationAuthorizerTest {
+ @Test
+ public void getClassShouldFail() throws Exception {
+ Method method = Integer.class.getMethod("getClass");
+ assertFalse(methodInvocationAuthorizer.isWhitelisted(method));
+ }
@Test
public void toStringOnAnyObject() throws Exception {
Method stringMethod = Integer.class.getMethod("toString");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
}
@Test
public void equalsOnAnyObject() throws Exception {
Method equalsMethod = Integer.class.getMethod("equals", Object.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(equalsMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(equalsMethod));
}
@Test
public void booleanMethodsAreWhiteListed() throws Exception {
Method booleanValue = Boolean.class.getMethod("booleanValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(booleanValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(booleanValue));
}
@Test
public void toLowerCaseOnStringObject() throws Exception {
Method stringMethod = String.class.getMethod("toLowerCase");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
}
@Test
public void toUpperCaseOnStringObject() throws Exception {
Method stringMethod = String.class.getMethod("toUpperCase");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(stringMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(stringMethod));
}
@Test
public void utilDateAfterMethodIsWhiteListed() throws Exception {
Method method = Date.class.getMethod("after", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlDateAfterMethodIsWhiteListed() throws Exception {
Method method = java.sql.Date.class.getMethod("after", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void utilDateBeforeMethodIsWhiteListed() throws Exception {
Method method = Date.class.getMethod("before", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlDateBeforeMethodIsWhiteListed() throws Exception {
Method method = java.sql.Date.class.getMethod("before", Date.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void timestampAfterMethodIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("after", Timestamp.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlTimestampBeforeMethodIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("before", Timestamp.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlTimestampGetNanosIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("getNanos");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void sqlTimestampGetTimeIsWhiteListed() throws Exception {
Method method = Timestamp.class.getMethod("getTime");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(method));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(method));
}
@Test
public void getKeyForMapEntryIsWhiteListed() throws Exception {
Method getKeyMethod = Map.Entry.class.getMethod("getKey");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
}
@Test
public void getValueForMapEntryIsWhiteListed() throws Exception {
Method getValueMethod = Map.Entry.class.getMethod("getValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
}
@Test
public void getKeyForMapEntrySnapShotIsWhiteListed() throws Exception {
Method getKeyMethod = EntrySnapshot.class.getMethod("getKey");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
}
@Test
public void getValueForMapEntrySnapShotIsWhiteListed() throws Exception {
Method getValueMethod = EntrySnapshot.class.getMethod("getValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
}
@Test
public void getKeyForNonTXEntryIsWhiteListed() throws Exception {
Method getKeyMethod = LocalRegion.NonTXEntry.class.getMethod("getKey");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getKeyMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getKeyMethod));
}
@Test
public void getValueForNonTXEntryIsWhiteListed() throws Exception {
Method getValueMethod = LocalRegion.NonTXEntry.class.getMethod("getValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValueMethod));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValueMethod));
}
@Test
@@ -150,7 +175,15 @@ public class MethodInvocationAuthorizerTest {
@Test
public void mapMethodsForPartitionedRegionAreWhiteListed() throws Exception {
- testMapMethods(PartitionedRegion.class);
+ Class clazz = PartitionedRegion.class;
+ Method entrySet = clazz.getMethod("entrySet");
+ Method keySet = clazz.getMethod("keySet");
+ Method values = clazz.getMethod("values");
+ Method containsKey = clazz.getMethod("containsKey", Object.class);
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(entrySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(keySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(values));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(containsKey));
}
@Test
@@ -205,12 +238,12 @@ public class MethodInvocationAuthorizerTest {
Method floatValue = clazz.getMethod("longValue");
Method longValue = clazz.getMethod("floatValue");
Method shortValue = clazz.getMethod("shortValue");
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(byteValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(doubleValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(intValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(floatValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(longValue));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(shortValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(byteValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(doubleValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(intValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(floatValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(longValue));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(shortValue));
}
private void testMapMethods(Class clazz) throws NoSuchMethodException {
@@ -220,12 +253,12 @@ public class MethodInvocationAuthorizerTest {
Method getEntries = clazz.getMethod("getEntries");
Method getValues = clazz.getMethod("getValues");
Method containsKey = clazz.getMethod("containsKey", Object.class);
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(entrySet));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(keySet));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(values));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getEntries));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(getValues));
- assertTrue(MethodInvocationAuthorizer.isWhitelisted(containsKey));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(entrySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(keySet));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(values));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getEntries));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(getValues));
+ assertTrue(methodInvocationAuthorizer.isWhitelisted(containsKey));
}
}
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
index 232df0a..1cc73c3 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/beans/CacheServerBridgeClientMembershipRegressionTest.java
@@ -34,6 +34,7 @@ import org.junit.experimental.categories.Category;
import org.apache.geode.cache.CacheClosedException;
import org.apache.geode.cache.CacheFactory;
import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.internal.InternalQueryService;
import org.apache.geode.internal.cache.CacheServerImpl;
import org.apache.geode.internal.cache.InternalCache;
import org.apache.geode.internal.cache.tier.sockets.AcceptorImpl;
@@ -75,7 +76,7 @@ public class CacheServerBridgeClientMembershipRegressionTest {
this.acceptor = mock(AcceptorImpl.class);
this.monitor = mock(MBeanStatsMonitor.class);
- when(cache.getQueryService()).thenReturn(mock(QueryService.class));
+ when(cache.getQueryService()).thenReturn(mock(InternalQueryService.class));
when(acceptor.getStats()).thenReturn(mock(CacheServerStats.class));
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
index 331acac..1a1e105 100644
--- a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
+++ b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtil.java
@@ -48,11 +48,6 @@ public class SecurityTestUtil {
return cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(regionName);
}
- public static void assertNotAuthorizedMatching(
- ThrowableAssert.ThrowingCallable shouldRaiseThrowable, String permString) {
- assertThatThrownBy(shouldRaiseThrowable).hasMessageMatching(permString);
- }
-
public static void assertNotAuthorized(ThrowableAssert.ThrowingCallable shouldRaiseThrowable,
String permString) {
assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
index b2ce211..ea0f920 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/IndexSecurityDUnitTest.java
@@ -14,10 +14,9 @@
*/
package org.apache.geode.security.query;
-import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
-import static org.apache.geode.security.SecurityTestUtil.createClientCache;
-import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
-import static org.junit.Assert.assertEquals;
+import static org.apache.geode.internal.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
import java.util.Arrays;
import java.util.List;
@@ -25,95 +24,82 @@ import java.util.List;
import junitparams.JUnitParamsRunner;
import junitparams.Parameters;
import org.junit.Before;
-import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
-import org.apache.geode.cache.Region;
import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.client.ClientCache;
import org.apache.geode.cache.query.Index;
+import org.apache.geode.cache.query.IndexInvalidException;
import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.security.TestSecurityManager;
-import org.apache.geode.test.dunit.Host;
-import org.apache.geode.test.dunit.VM;
-import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.security.query.data.QueryTestObject;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
+@RunWith(Parameterized.class)
public class IndexSecurityDUnitTest extends QuerySecurityBase {
+ public RegionShortcut getRegionType() {
+ return RegionShortcut.REPLICATE;
+ }
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataWriter"};
+ }
- // Should be the same as the key specified for the region key specific users in the
- // clientServer.json
- public static final String REGION_PUT_KEY = "key";
+ @Parameterized.Parameter
+ public String user;
- public List<String> getAllUsersOnlyAllowedWrite() {
- return Arrays.asList(
- "dataWriter");
+ @Before
+ public void configureSpecificUserAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1", "key-2"};
+ values = new Object[] {new QueryTestObject(1, "Mary"), new QueryTestObject(2, "Joe"),
+ new QueryTestObject(3, "Joe")};
}
@Test
- @Parameters(method = "getAllUsers")
- public void indexBehaviorTest(String user) throws Exception {
- String query = UserPermissions.SELECT_ALL_FROM_REGION;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
- new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+ public void indexCreatedButPutWithNoReadCredentialsShouldNotThrowSecurityException()
+ throws Exception {
QueryService queryService = server.getCache().getQueryService();
- Index idIndex = queryService.createIndex("IdIndex", "id", "/" + UserPermissions.REGION_NAME);
- Index errorIndex = queryService.createIndex("TEST", "methodThrowsException",
- "/" + UserPermissions.REGION_NAME);
-
- try {
- putIntoRegion(superUserClient, keys, values, region);
- } catch (Exception e) {
- e.printStackTrace();
- }
-
+ Index idIndex = queryService.createIndex("IdIndex", "id", "/" + regionName);
+ putIntoRegion(specificUserClient, keys, values, regionName);
}
@Test
- @Parameters(method = "getAllUsersOnlyAllowedWrite")
- public void indexCreatedButPutWithNoReadCredentialsShouldNotThrowSecurityException(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
- new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+ public void indexCreatedWithRegionEntriesButPutWithNoReadCredentialsShouldNotThrowSecurityException()
+ throws Exception {
QueryService queryService = server.getCache().getQueryService();
- Index idIndex = queryService.createIndex("IdIndex", "id", "/" + UserPermissions.REGION_NAME);
-
- putIntoRegion(specificUserClient, keys, values, region);
-
+ Index idIndex = queryService.createIndex("IdIndex", "e.id", "/" + regionName + ".entries e");
+ putIntoRegion(specificUserClient, keys, values, regionName);
}
@Test
- @Parameters(method = "getAllUsersOnlyAllowedWrite")
- public void indexCreatedWithRegionEntriesButPutWithNoReadCredentialsShouldNotThrowSecurityException(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + 1, REGION_PUT_KEY + 2};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary"), new QuerySecurityDUnitTest.QueryTestObject(2, "Joe"),
- new QuerySecurityDUnitTest.QueryTestObject(3, "Joe")};
+ public void indexCreatedWithMethodInvocationOnPrepopulatedRegionShouldThrowSecurityException()
+ throws Exception {
QueryService queryService = server.getCache().getQueryService();
- Index idIndex = queryService.createIndex("IdIndex", "e.id", "/" + UserPermissions.REGION_NAME + ".entries e");
+ putIntoRegion(superUserClient, keys, values, regionName);
- putIntoRegion(specificUserClient, keys, values, region);
+ try {
+ queryService.createIndex("IdIndex", "e.getName()", "/" + regionName + " e");
+ fail("Index creation should have failed due to method invocation");
+ } catch (IndexInvalidException e) {
+ assertTrue(e.getMessage().contains("Unauthorized access to method: getName"));
+ }
}
-
+ @Test
+ public void indexCreatedWithMethodInvocationOnUnpopulatedRegionAndPutShouldMarkIndexInvalid()
+ throws Exception {
+ QueryService queryService = server.getCache().getQueryService();
+ Index index = queryService.createIndex("IdIndex", "e.getName()", "/" + regionName + " e");
+ putIntoRegion(superUserClient, keys, values, regionName);
+ assertFalse(index.isValid());
+ }
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
similarity index 90%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
index 4d81034..593bd4e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedIndexSecurityDUnitTest.java
@@ -17,14 +17,15 @@ package org.apache.geode.security.query;
import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+public class PartitionedIndexSecurityDUnitTest extends IndexSecurityDUnitTest {
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
similarity index 78%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
index 4d81034..2d5b057 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityAllowedQueriesDUnitTest.java
@@ -17,14 +17,19 @@ package org.apache.geode.security.query;
import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PartitionedQuerySecurityAllowedQueriesDUnitTest
+ extends QuerySecurityAllowedQueriesDUnitTest {
+
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
similarity index 77%
copy from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
copy to geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
index 4d81034..28a01ff 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityRestrictedQueriesDUnitTest.java
@@ -17,14 +17,19 @@ package org.apache.geode.security.query;
import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class PartitionedQuerySecurityRestrictedQueriesDUnitTest
+ extends QuerySecurityRestrictedQueriesDUnitTest {
+
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
similarity index 86%
rename from geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java
rename to geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
index 856ff5a..b9d0fda 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxPartitionedQuerySecurityAllowedQueriesDUnitTest.java
@@ -14,17 +14,18 @@
*/
package org.apache.geode.security.query;
-import junitparams.JUnitParamsRunner;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PdxPartitionedQuerySecurityDUnitTest extends PdxQuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+public class PdxPartitionedQuerySecurityAllowedQueriesDUnitTest
+ extends PdxQuerySecurityAllowedQueriesDUnitTest {
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java
new file mode 100644
index 0000000..e25f6cf
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityAllowedQueriesDUnitTest.java
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+import org.apache.geode.security.query.data.PdxQueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+public class PdxQuerySecurityAllowedQueriesDUnitTest extends QuerySecurityBase {
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureSpecificClientAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectOnPublicFieldQuery() {
+ String query = "select * from /" + regionName + " r where r.id = 3";
+ List<Object> expectedResults = Arrays.asList(values[1]);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectWithPdxFieldNamedGetQuery() {
+ server.getCache().setReadSerialized(true);
+ String query = "select * from /" + regionName + " r where r.getName = 'Beth'";
+ List<Object> expectedResults = Arrays.asList(values[1]);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java
deleted file mode 100644
index 80a10ff..0000000
--- a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityDUnitTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.security.query;
-
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.List;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.pdx.PdxReader;
-import org.apache.geode.pdx.PdxSerializable;
-import org.apache.geode.pdx.PdxWriter;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PdxQuerySecurityDUnitTest extends QuerySecurityBase {
-
- // Should be the same as the key specified for the region key specific users in the
- // clientServer.json
- public static final String REGION_PUT_KEY = "key";
-
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectOnPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, region);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectWithPdxFieldNoExistingPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, region);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectWhenInvokingMethodOnPdxObjectQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DEPLOYED_METHOD_FROM_REGION;
- String region = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, region);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, region, expectedResults);
- }
-
- public static class PdxQueryTestObject implements PdxSerializable , Serializable /*just to pass around in test code*/ {
- public int id = -1;
- private String name;
-
- private boolean shouldThrowException = true;
-
- public PdxQueryTestObject(int id, String name) {
- this.id = id;
- this.name = name;
- }
-
- public String getName() {
- return name;
- }
-
- @Override
- public String toString() {
- return "Test_Object";
- }
-
- @Override
- public void toData(PdxWriter writer) {
- writer.writeInt("id", id);
- writer.writeString("getName", name);
- }
-
- @Override
- public void fromData(PdxReader reader) {
- id = reader.readInt("id");
- name = reader.readString("getName");
- }
- }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java
new file mode 100644
index 0000000..f7e0258
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/PdxQuerySecurityRestrictedQueriesDUnitTest.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+import org.apache.geode.security.query.data.PdxQueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+public class PdxQuerySecurityRestrictedQueriesDUnitTest extends QuerySecurityBase {
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ private String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+ @Before
+ public void configureCache() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new PdxQueryTestObject(0, "John"), new PdxQueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void selectWhenInvokingMethodOnPdxObjectQueryShouldBeRestricted() {
+ String query = "select r.getClass from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void invokingMethodOnPdxObjectShouldBeRestricted() {
+ String query = "select r.getAge from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void selectWithPdxFieldNoExistingPublicFieldQueryShouldBeRestricted() {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java
new file mode 100644
index 0000000..318086e
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAllowedQueriesDUnitTest.java
@@ -0,0 +1,255 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class QuerySecurityAllowedQueriesDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureCache() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+
+ @Test
+ public void checkUserAuthorizationsForSelectAllQuery() {
+ String query = "select * from /" + regionName;
+ List<Object> expectedResults = Arrays.asList(values);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ /* ----- Public Field Tests ----- */
+ @Test
+ public void checkUserAuthorizationsForSelectByPublicFieldQuery() {
+ String query = "select * from /" + regionName + " r where r.id = 1";
+ List<Object> expectedResults = Arrays.asList(values[0]);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectPublicFieldQuery() {
+ String query = "select r.id from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1, 3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectCountOfPublicFieldQuery() {
+ String query = "select count(r.id) from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(2);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMaxOfPublicFieldQuery() {
+ String query = "select max(r.id) from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMinOfPublicFieldQuery() {
+ String query = "select min(r.id) from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectPublicFieldFromRegionByPublicFieldFromRegionQuery() {
+ String query = "select * from /" + regionName + " r1 where r1.id in (select r2.id from /"
+ + regionName + " r2)";
+ List<Object> expectedResults = Arrays.asList(values);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionContainsKeyQuery() {
+ String query = "select * from /" + regionName + ".containsKey('" + keys[0] + "')";
+ List<Object> expectedResults = Arrays.asList(true);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectValuesQuery() {
+ String query = "select * from /" + regionName + ".values";
+ List<Object> expectedResults = Arrays.asList(values);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectKeySetQuery() {
+ String query = "select * from /" + regionName + ".keySet";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectEntriesQuery() {
+ String query = "select e.getKey from /" + regionName + ".entries e";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectKeyFromEntrySetQuery() {
+ String query = "select e.key from /" + regionName + ".entrySet e";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetKeyFromEntrySetQuery() {
+ String query = "select e.getKey from /" + regionName + ".entrySet e";
+ List<Object> expectedResults = Arrays.asList(keys);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectValueFromEntrySetQuery() {
+ String query = "select e.value from /" + regionName + ".entrySet e";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetValueFromEntrySetQuery() {
+ String query = "select e.getValue from /" + regionName + ".entrySet e";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByToStringQuery() {
+ String query = "select * from /" + regionName + " r where r.toString = 'Test_Object'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectToStringQuery() {
+ String query = "select r.toString() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList("Test_Object", "Test_Object");
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByToStringToUpperCaseQuery() {
+ String query =
+ "select * from /" + regionName + " r where r.toString().toUpperCase = 'TEST_OBJECT'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByToStringToLowerCaseQuery() {
+ String query =
+ "select * from /" + regionName + " r where r.toString().toLowerCase = 'test_object'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectIntValueQuery() {
+ String query = "select r.id.intValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1, 3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectLongValueQuery() {
+ String query = "select r.id.longValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1L, 3L);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectDoubleValueQuery() {
+ String query = "select r.id.doubleValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList(1d, 3d);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectShortValueQuery() {
+ String query = "select r.id.shortValue() from /" + regionName + " r";
+ List<Object> expectedResults = Arrays.asList((short) 1, (short) 3);
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ expectedResults);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectToDateQuery() {
+ String query =
+ "SELECT * FROM /" + regionName + " where dateField = to_date('08/08/2018', 'MM/dd/yyyy')";
+
+ QueryTestObject obj1 = new QueryTestObject(0, "John");
+ obj1.setDateField("08/08/2018");
+ QueryTestObject obj2 = new QueryTestObject(3, "Beth");
+ obj2.setDateField("08/08/2018");
+ Object[] values = {obj1, obj2};
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ Arrays.asList(values));
+ }
+
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java
new file mode 100644
index 0000000..493fb73
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityAuthorizedUserBindParameterDUnitTest.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.Arrays;
+import java.util.HashSet;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class QuerySecurityAuthorizedUserBindParameterDUnitTest extends QuerySecurityBase {
+
+ @Before
+ public void configureCache() {
+ String user = "dataReaderRegion";
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void userWithRegionAccessAndPassingInWrappedBindParameterShouldReturnCorrectResults() {
+ String query = "select v from $1 r, r.values() v";
+ specificUserClient.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ HashSet hashset = new HashSet();
+ hashset.add(region);
+ assertQueryResults(getClientCache(), query, new Object[] {hashset}, Arrays.asList(values));
+ });
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
index d412111..1e1815e 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityBase.java
@@ -1,3 +1,17 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
package org.apache.geode.security.query;
import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANAGER;
@@ -21,6 +35,7 @@ import org.apache.geode.cache.client.Pool;
import org.apache.geode.cache.client.PoolManager;
import org.apache.geode.cache.query.FunctionDomainException;
import org.apache.geode.cache.query.NameResolutionException;
+import org.apache.geode.cache.query.Query;
import org.apache.geode.cache.query.QueryInvocationTargetException;
import org.apache.geode.cache.query.QueryService;
import org.apache.geode.cache.query.TypeMismatchException;
@@ -29,56 +44,41 @@ import org.apache.geode.security.TestSecurityManager;
import org.apache.geode.test.dunit.Host;
import org.apache.geode.test.dunit.VM;
import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
-import org.apache.geode.test.dunit.rules.ServerStarterRule;
+import org.apache.geode.test.junit.rules.ServerStarterRule;
public class QuerySecurityBase extends JUnit4DistributedTestCase {
+ public RegionShortcut getRegionType() {
+ return RegionShortcut.REPLICATE;
+ }
+
+ protected String regionName = "region";
+ protected Object[] keys;
+ protected Object[] values;
+
@Rule
public ServerStarterRule server =
new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
.withProperty(TestSecurityManager.SECURITY_JSON,
"org/apache/geode/management/internal/security/clientServer.json")
- .withRegion(getRegionType(), UserPermissions.REGION_NAME);
+ .withRegion(getRegionType(), regionName);
- //Varibles used to store caches between invoke methods
+ // Varibles used to store caches between invoke methods
private static ClientCache clientCache;
- protected static transient UserPermissions userPerms;
+ protected transient UserPermissions userPerms = new UserPermissions();
- protected Host host;
+ protected Host host;
protected VM superUserClient;
- protected VM specificUserClient;
+ protected VM specificUserClient;
-
- protected UserPermissions configurePermissions() {
- return new UserPermissions("DATA:READ");
- }
-
- public RegionShortcut getRegionType() {
- return RegionShortcut.REPLICATE;
- }
-
- public List<String> getAllUsers() {
- return userPerms.getAllUsers();
- }
-
- public List<String> getAllUsersWhoCanExecuteQuery() {
- return Arrays.asList("dataReader", "dataReaderRegion", "clusterManagerDataReader",
- "clusterManagerDataReaderRegion", "super-user");
- }
-
- public List<String> getAllUsersWhoCannotExecuteQuery() {
- return Arrays.asList("stranger", "dataReaderRegionKey",
- "clusterManager", "clusterManagerQuery", "clusterManagerDataReaderRegionKey");
- }
@Before
- public void setup() {
+ public void configureTest() {
host = Host.getHost(0);
superUserClient = host.getVM(1);
specificUserClient = host.getVM(2);
- userPerms = configurePermissions();
createClientCache(superUserClient, "super-user", userPerms.getUserPassword("super-user"));
- createProxyRegion(superUserClient, UserPermissions.REGION_NAME);
+ createProxyRegion(superUserClient, regionName);
}
public void setClientCache(ClientCache cache) {
@@ -91,8 +91,7 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
public void createClientCache(VM vm, String userName, String password) {
vm.invoke(() -> {
- ClientCache cache = SecurityTestUtil.createClientCache(userName, password,
- server.getPort());
+ ClientCache cache = SecurityTestUtil.createClientCache(userName, password, server.getPort());
setClientCache(cache);
});
}
@@ -118,7 +117,6 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
}
protected void assertExceptionOccurred(QueryService qs, String query, String authErrorRegexp) {
- System.out.println("Execution exception should match:" + authErrorRegexp);
try {
qs.newQuery(query).execute();
} catch (Exception e) {
@@ -136,7 +134,8 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
}
}
- protected void assertExceptionOccurred(QueryService qs, String query, Object[] bindParams, String authErrorRegexp) {
+ protected void assertExceptionOccurred(QueryService qs, String query, Object[] bindParams,
+ String authErrorRegexp) {
System.out.println("Execution exception should match:" + authErrorRegexp);
try {
qs.newQuery(query).execute(bindParams);
@@ -156,66 +155,68 @@ public class QuerySecurityBase extends JUnit4DistributedTestCase {
}
}
+ protected void assertQueryResults(ClientCache clientCache, String query,
+ List<Object> expectedResults) throws FunctionDomainException, TypeMismatchException,
+ NameResolutionException, QueryInvocationTargetException {
+ assertQueryResults(clientCache, query, null, expectedResults);
+ }
- public void executeAndConfirmQueryResults(VM vm, String query,
- List<Object> expectedResults) throws Exception {
- vm.invoke(()-> {
- assertQueryResults(getClientCache(), query, expectedResults);
+ protected void assertQueryResults(ClientCache clientCache, String queryString,
+ Object[] bindParameters, List<Object> expectedResults) throws FunctionDomainException,
+ TypeMismatchException, NameResolutionException, QueryInvocationTargetException {
+ Query query = clientCache.getQueryService().newQuery(queryString);
+ Collection results;
+ if (bindParameters == null) {
+ results = (Collection) query.execute();
+ } else {
+ results = (Collection) query.execute(bindParameters);
+ }
+ assertNotNull(results);
+ assertEquals("Query results size did not match expected for " + query, expectedResults.size(),
+ results.size());
+
+ results.forEach((i) -> {
+ assertTrue("Result:" + i + " was not found in the expectedResults",
+ expectedResults.contains(i));
});
}
- private void assertQueryResults(ClientCache clientCache, String query, List<Object> expectedResults)
- throws FunctionDomainException, TypeMismatchException, NameResolutionException,
- QueryInvocationTargetException {
- Collection
- results =
- (Collection) clientCache.getQueryService().newQuery(query).execute();
- assertNotNull("Query results were null when they should have been " + expectedResults + ".",
- results);
- assertEquals(
- "The number of expected results does not match the number of results obtained from the query."
- + query, expectedResults.size(), results.size());
- assertTrue("The query returned results that were not in the expected result list.",
- expectedResults.containsAll(results));
+ public void executeAndConfirmRegionMatches(VM vm, String regionName,
+ List<Object> expectedRegionResults) throws Exception {
+ vm.invoke(() -> {
+ assertQueryResults(getClientCache(), "select * from /" + regionName, expectedRegionResults);
+ });
}
- public void assertRegionMatches(VM vm, String regionName, List<Object> expectedRegionResults) throws Exception {
- executeAndConfirmQueryResults(vm,"select * from /" + regionName, expectedRegionResults);
+ protected void putIntoRegion(VM vm, Object[] keys, Object[] values, String regionName) {
+ vm.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ assertEquals(
+ "Bad region put. The list of keys does not have the same length as the list of values.",
+ keys.length, values.length);
+ for (int i = 0; i < keys.length; i++) {
+ region.put(keys[i], values[i]);
+ }
+ });
}
- public void executeQueryWithCheckForAccessPermissions(VM vm, String query, String user, String regionName, List<Object> expectedSuccessfulQueryResults) {
- List<String> possibleAuthorizationErrors = userPerms.getMissingUserAuthorizationsForQuery(user, query);
- String regexForExpectedExceptions = userPerms.regexForExpectedException(possibleAuthorizationErrors);
- executeQueryWithCheckForAccessPermissions(vm, query, user, possibleAuthorizationErrors, regexForExpectedExceptions, regionName, expectedSuccessfulQueryResults);
-}
-
-
- private void executeQueryWithCheckForAccessPermissions(VM vm, String query, String user, List<String> possibleAuthorizationErrors, String regexForExpectedExceptions,
- String regionName, List<Object> expectedSuccessfulQueryResults) {
-
+ protected void executeQueryWithCheckForAccessPermissions(VM vm, String query, String regionName,
+ List<Object> expectedSuccessfulQueryResults) {
vm.invoke(() -> {
Region region = getClientCache().getRegion(regionName);
- if (possibleAuthorizationErrors.isEmpty()) {
- assertQueryResults(getClientCache(), query, expectedSuccessfulQueryResults);
- } else {
- String authErrorRegexp = regexForExpectedExceptions;
- assertExceptionOccurred(getClientCache().getQueryService(), query, authErrorRegexp);
- Pool pool = PoolManager.find(region);
- assertExceptionOccurred(pool.getQueryService(), query, authErrorRegexp);
- }
+ assertQueryResults(getClientCache(), query, expectedSuccessfulQueryResults);
});
}
- protected void putIntoRegion(VM vm, Object[] keys, Object[] values,
- String regionName) {
+
+ protected void executeQueryWithCheckForAccessPermissions(VM vm, String query, String regionName,
+ String regexForExpectedExceptions) {
vm.invoke(() -> {
Region region = getClientCache().getRegion(regionName);
- assertEquals(
- "Bad region put. The list of keys does not have the same length as the list of values.",
- keys.length, values.length);
- for (int i = 0; i < keys.length; i++) {
- region.put(keys[i], values[i]);
- }
+ assertExceptionOccurred(getClientCache().getQueryService(), query,
+ regexForExpectedExceptions);
+ Pool pool = PoolManager.find(region);
+ assertExceptionOccurred(pool.getQueryService(), query, regexForExpectedExceptions);
});
}
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java
deleted file mode 100644
index 366571b..0000000
--- a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityDUnitTest.java
+++ /dev/null
@@ -1,1525 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.security.query;
-
-import static org.junit.Assert.fail;
-
-import java.io.Serializable;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.Region;
-import org.apache.geode.cache.RegionDestroyedException;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.query.internal.index.DummyQRegion;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class QuerySecurityDUnitTest extends QuerySecurityBase {
-
-
- public static final String REGION_PUT_KEY = "key";
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectAllQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_ALL_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- /* ----- Public Field Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[0]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(1, 2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(3);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfPublicFieldQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectPublicFieldFromRegionByPublicFieldFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Public Field Tests ----- */
-
- /* ----- Implicit Getter Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John", "Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfImplicitGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectImplicitGetterFromRegionByImplicitGetterFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query =
- UserPermissions.SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Implicit Getter Tests ----- */
-
- /* ----- Direct Getter Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_DIRECT_GETTER;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John", "Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfDirectGetterQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Beth");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDirectGetterFromRegionByDirectGetterFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Direct Getter Tests ----- */
-
- /* ----- Deployed Method Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_DEPLOYED_METHOD;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[0]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John:1", "Beth:2");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCountOfDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(2);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMaxOfDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("John:1");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectMinOfDeployedMethodQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Beth:3");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDeployedMethodFromRegionByDeployedMethodFromRegionQuery(
- String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query =
- UserPermissions.SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Deployed Method Tests ----- */
-
- /* ----- Geode Method Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionContainsKeyQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CONTAINS_KEY;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(true);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionContainsValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CONTAINS_VALUE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(false);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionCreateQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CREATE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokeRegionCreateForSelectRegionCreateQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CREATE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCanExecuteQueryShouldGetExceptionForSelectCreateFromRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CREATE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldGetResultsForSelectCreateFromRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CREATE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionDestroyQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokeDestroyForSelectRegionDestroyQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCanExecuteQueryShouldGetExceptionForSelectRegionDestroyRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- try {
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- } catch (Throwable throwable) {
- if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
- throw throwable;
- }
- }
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotMethodInvokeADestroyForSelectRegionDestroyRegionQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- try {
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- } catch (Throwable throwable) {
- if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
- throw throwable;
- }
- }
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionDestroyRegionParenQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_DESTROY_REGION_PAREN;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- try {
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- } catch (Throwable throwable) {
- if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
- throw throwable;
- }
- }
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionGetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_GET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values[0]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldGetExceptionForSelectRegionPutQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokeRegionPutForSelectRegionPutQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCanExecuteQueryShouldReceiveExceptionForSelectRegionPutIfAbsentQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT_IF_ABSENT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokePutIfAbsentForSelectRegionPutIfAbsentQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_PUT_IF_ABSENT;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void checkUserAuthorizationsForSelectRegionRemoveQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REMOVE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCanExecuteQueryShouldNotInvokedRegionRemoveForSelectRegionRemoveQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REMOVE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCanExecuteQuery")
- public void usersWhoCannExecuteQueryShouldReceiveExpectedResultsForSelectRegionReplaceQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REPLACE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- List<Object> expectedFullRegionResults = Arrays.asList(values[0], values[1]);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- assertRegionMatches(specificUserClient, regionName, expectedFullRegionResults);
- }
-
- @Test
- @Parameters(method = "getAllUsersWhoCannotExecuteQuery")
- public void usersWhoCannotExecuteQueryShouldReceiveExceptionForSelectRegionReplaceQuery(String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_REPLACE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetInterestListRegexRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetInterestListRegexParenRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(1, "John"), new QueryTestObject(2, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(QueryService.UNDEFINED, QueryService.UNDEFINED);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Geode Method Tests ----- */
-
-
- /* ----- Whitelisted Methods Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectValuesQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_VALUES;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectKeySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_KEYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectEntriesQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_ENTRIES;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_ENTRY_SET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(REGION_PUT_KEY, REGION_PUT_KEY + "1");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectKeyFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_KEY_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetKeyFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_KEY_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(keys);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectValueFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_VALUE_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetValueFromEntrySetQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_VALUE_FROM_REGION_ENTRYSET;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByToStringQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectToStringQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_TO_STRING_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList("Test_Object", "Test_Object");
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByToStringToUpperCaseQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByToStringToLowerCaseQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(values);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectIntValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_INT_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0, 3);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectLongValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_LONG_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0L, 3L);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectDoubleValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_DOUBLE_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList(0d, 3d);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectShortValueQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_SHORT_VALUE_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = Arrays.asList((short) 0, (short) 3);
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
- /* ----- Whitelisted Methods Tests ----- */
-
- /* ----- Blacklisted Methods Tests ----- */
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByGetClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_GET_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByGetClassParenQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_GET_CLASS_PAREN;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetClassRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_CLASS_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectGetClassParenRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_GET_CLASS_PAREN_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectClassRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CLASS_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectByCapitalClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_CAPITAL_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectCapitalClassRegionQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_CAPITAL_CLASS_FROM_REGION;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionGetClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_GET_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionGetClassParenQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_GET_CLASS_PAREN;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionCapitalClassQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CAPITAL_CLASS;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectRegionCloneQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_CLONE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void checkUserAuthorizationsForSelectToDateQuery(String user) {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_TO_DATE;
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- QueryTestObject obj1 = new QueryTestObject(0, "John");
- obj1.setDateField("08/08/2018");
- QueryTestObject obj2 = new QueryTestObject(3, "Beth");
- obj2.setDateField("08/08/2018");
- Object[] values = {obj1, obj2};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- List<Object> expectedResults = new ArrayList<>();
- executeQueryWithCheckForAccessPermissions(specificUserClient, query, user, regionName, expectedResults);
- }
-
- @Test
- public void userWithRegionAccessAndPassingInWrappedbindParameterShouldExecute() {
- String user = "dataReaderRegion";
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- String query = "select v from $1 r, r.values() v";
- String regexForExpectedException = ".*DATA:READ.*";
- specificUserClient.invoke(()-> {
- Region region = getClientCache().getRegion(regionName);
- HashSet hashset = new HashSet();
- hashset.add(region);
- getClientCache().getQueryService().newQuery(query).execute(new Object[]{hashset});
- });
- }
-
- @Test
- public void userWithoutRegionAccessAndPassingInWrappedBindParameterShouldThrowException() {
- String user = "dataReaderRegionKey";
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- String query = "select v from $1 r, r.values() v";
- String regexForExpectedException = ".*DATA:READ.*";
- specificUserClient.invoke(()-> {
- Region region = getClientCache().getRegion(regionName);
- HashSet hashset = new HashSet();
- hashset.add(region);
- assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[]{hashset}, regexForExpectedException);
- });
- }
-
- //If DummyQRegion is every serializable, then this test will fail and a security hole with query will have been opened
- //That means a user could wrap a region in a dummy region and bypass the MethodInvocationAuthorizer
- @Test
- public void userWithoutRegionAccessAndPassingInWrappedInDummyQRegionBindParameterShouldThrowSerializationException() {
- String user = "dataReaderRegionKey";
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String regionName = UserPermissions.REGION_NAME;
-
- Object[] keys = {REGION_PUT_KEY, REGION_PUT_KEY + "1"};
- Object[] values = {new QueryTestObject(0, "John"), new QueryTestObject(3, "Beth")};
- putIntoRegion(superUserClient, keys, values, regionName);
-
- String query = "select v from $1 r, r.values() v";
- String regexForExpectedException = ".*failed serializing object.*";
- specificUserClient.invoke(()-> {
- Region region = getClientCache().getRegion(regionName);
- HashSet hashset = new HashSet();
- hashset.add(new DummyQRegion(region));
- assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[]{hashset}, regexForExpectedException);
- });
- }
-
- public static class QueryTestObject implements Serializable {
- public int id = -1;
-
- private String name;
- private String Class;
-
- public Date dateField;
-
- public QueryTestObject(int id, String name) {
- this.id = id;
- this.name = name;
- }
-
- public String getName() {
- return name;
- }
-
- public String someMethod() {
- return name + ":" + id;
- }
-
- public void setDateField(String dateString) {
- try {
- SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
- dateField = sdf.parse(dateString);
- } catch (ParseException e) {
-
- }
- }
-
- @Override
- public String toString() {
- return "Test_Object";
- }
-
- @Override
- public boolean equals(Object obj) {
- QueryTestObject qto = (QueryTestObject) obj;
- return (this.id == qto.id && this.name.equals(qto.getName()));
- }
- }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java
new file mode 100644
index 0000000..bf39447
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityRestrictedQueriesDUnitTest.java
@@ -0,0 +1,318 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.io.Serializable;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+import junitparams.Parameters;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.RegionDestroyedException;
+import org.apache.geode.cache.client.Pool;
+import org.apache.geode.cache.client.PoolManager;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class QuerySecurityRestrictedQueriesDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureCache() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ protected String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+
+ /* ----- Implicit Getter Tests ----- */
+ @Test
+ public void checkUserAuthorizationsForSelectByImplicitGetterQuery() {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectImplicitGetterQuery() {
+ String query = "select r.name from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectCountOfImplicitGetterQuery() {
+ String query = "select count(r.name) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMaxOfImplicitGetterQuery() {
+ String query = "select max(r.name) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMinOfImplicitGetterQuery() {
+ String query = "select min(r.name) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectImplicitGetterFromRegionByImplicitGetterFromRegionQuery() {
+ String query = "select * from /" + regionName + " r1 where r1.name in (select r2.name from /"
+ + regionName + " r2)";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+ /* ----- Implicit Getter Tests ----- */
+
+ /* ----- Direct Getter Tests ----- */
+ @Test
+ public void checkUserAuthorizationsForSelectByDirectGetterQuery() {
+ String query = "select * from /" + regionName + " r where r.getName = 'Beth'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectDirectGetterQuery() {
+ String query = "select r.getName() from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectCountOfDirectGetterQuery() {
+ String query = "select count(r.getId) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMaxOfDirectGetterQuery() {
+ String query = "select max(r.getId()) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectMinOfDirectGetterQuery() {
+ String query = "select min(getId()) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectDirectGetterFromRegionByDirectGetterFromRegionQuery() {
+ String query = "select * from /" + regionName
+ + " r1 where r1.getName in (select r2.getName from /" + regionName + " r2)";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionContainsValueQuery() {
+ String query = "select * from /" + regionName + ".containsValue('value')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void usersWhoCanExecuteQueryShouldNotInvokeRegionCreateForSelectRegionCreateQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".create('key2', 15)";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+
+ @Test
+ // @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCanExecuteQueryShouldGetResultsForSelectCreateFromRegionQuery()
+ throws Exception {
+ String query = "select r.create('key2', 15) from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ // @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCanExecuteQueryShouldNotInvokeDestroyForSelectRegionDestroyQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".destroyKey('" + keys[0] + "')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionDestroyRegionQuery() {
+ String query = "select * from /" + regionName + ".destroyRegion()";
+ try {
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ } catch (Throwable throwable) {
+ if (!(throwable.getCause().getCause() instanceof RegionDestroyedException)) {
+ throw throwable;
+ }
+ }
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionGetQuery() {
+ String query = "select * from /" + regionName + ".getKey('" + keys[0] + "')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void usersWhoCanExecuteQueryShouldNotInvokeRegionPutForSelectRegionPutQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".put('key-2', 'something')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+
+
+ @Test
+ public void usersWhoCanExecuteQueryShouldNotInvokePutIfAbsentForSelectRegionPutIfAbsentQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".putIfAbsent('key-2', 'something')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+
+ @Test
+ @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCanExecuteQueryShouldNotInvokedRegionRemoveForSelectRegionRemoveQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".remove('key-0')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ @Parameters(method = "getAllUsersWhoCanExecuteQuery")
+ public void usersWhoCannExecuteQueryShouldReceiveExpectedResultsForSelectRegionReplaceQuery()
+ throws Exception {
+ String query = "select * from /" + regionName + ".replace('key-0', 'something')";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ executeAndConfirmRegionMatches(specificUserClient, regionName, Arrays.asList(values));
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetInterestListRegexRegionQuery() {
+ String query = "select r.getInterestListRegex from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetInterestListRegexParenRegionQuery() {
+ String query = "select r.getInterestListRegex() from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByGetClassQuery() {
+ String query = "select * from /" + regionName + " r where r.getClass != '1'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetClassRegionQuery() {
+ String query = "select r.getClass from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectGetClassWithParenthesisRegionQuery() {
+ String query = "select r.getClass() from /" + regionName + " r";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByClassQuery() {
+ String query = "select * from /" + regionName + " r where r.getClass != 'blah'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectByGetClassWithParenthesisQuery() {
+ String query = "select * from /" + regionName + " r where r.getClass() != '1'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+
+ @Test
+ public void checkUserAuthorizationsForSelectByCapitalClassQuery() {
+ String query = "select * from /" + regionName + " r where r.Class != '1'";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+
+ @Test
+ public void checkUserAuthorizationsForSelectRegionCloneQuery() {
+ String query = "select * from /" + regionName + ".clone";
+ executeQueryWithCheckForAccessPermissions(specificUserClient, query, regionName,
+ regexForExpectedExceptions);
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java
new file mode 100644
index 0000000..47647be
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/QuerySecurityUnauthorizedUserBindParameterDUnitTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query;
+
+import java.util.HashSet;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.query.internal.index.DummyQRegion;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+public class QuerySecurityUnauthorizedUserBindParameterDUnitTest extends QuerySecurityBase {
+
+ @Before
+ public void configureCache() {
+ String user = "dataReaderRegionKey";
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0", "key-1"};
+ values = new Object[] {new QueryTestObject(1, "John"), new QueryTestObject(3, "Beth")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+ }
+
+ @Test
+ public void userWithoutRegionAccessAndPassingInWrappedBindParameterShouldThrowException() {
+ String query = "select v from $1 r, r.values() v";
+ String regexForExpectedException = ".*DATA:READ.*";
+ specificUserClient.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ HashSet hashset = new HashSet();
+ hashset.add(region);
+ assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[] {hashset},
+ regexForExpectedException);
+ });
+ }
+
+
+ // If DummyQRegion is ever serializable, then this test will fail and a security hole with query
+ // will have been opened
+ // That means a user could wrap a region in a dummy region and bypass the
+ // RestrictedMethodInvocationAuthorizer
+ @Test
+ public void userWithoutRegionAccessAndPassingInWrappedInDummyQRegionBindParameterShouldThrowSerializationException() {
+ String query = "select v from $1 r, r.values() v";
+ String regexForExpectedException = ".*failed serializing object.*";
+ specificUserClient.invoke(() -> {
+ Region region = getClientCache().getRegion(regionName);
+ HashSet hashset = new HashSet();
+ hashset.add(new DummyQRegion(region));
+ assertExceptionOccurred(getClientCache().getQueryService(), query, new Object[] {hashset},
+ regexForExpectedException);
+ });
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java b/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
index 4c44f33..bd87ae9 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
+++ b/geode-core/src/test/java/org/apache/geode/security/query/UserPermissions.java
@@ -21,445 +21,26 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import org.apache.geode.cache.query.internal.MethodInvocationAuthorizer;
+import org.apache.geode.cache.query.internal.RestrictedMethodInvocationAuthorizer;
import org.apache.geode.security.ResourcePermission;
import org.apache.geode.security.ResourcePermission.Operation;
import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.security.TestSecurityManager;
public class UserPermissions {
-
- // Must be the same as the region specified for the region specific users in the clientServer.json
- public static final String REGION_NAME = "region";
-
- public static List<String> RESTRICTED_METHOD_ACCESS_PERMISSIONS;
-
- public static final String SELECT_FROM_REGION_BY_FORMAT =
- "select * from /" + REGION_NAME + " r where r.%s = %s";
- public static final String SELECT_FORMAT_FROM_REGION = "select r.%s from /" + REGION_NAME + " r";
- public static final String SELECT_COUNT_OF_FORMAT_FROM_REGION =
- "select count(r.%s) from /" + REGION_NAME + " r";
- public static final String SELECT_MAX_OF_FORMAT_FROM_REGION =
- "select max(r.%s) from /" + REGION_NAME + " r";
- public static final String SELECT_MIN_OF_FORMAT_FROM_REGION =
- "select min(r.%s) from /" + REGION_NAME + " r";
- public static final String SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT = "select * from /"
- + REGION_NAME + " r1 where r1.%1$s in (select r2.%1$s from /" + REGION_NAME + " r2)";
- public static final String SELECT_FROM_REGION_FORMAT = "select * from /" + REGION_NAME + ".%s";
- public static final String SELECT_FORMAT_FROM_REGION_ENTRYSET =
- "select e.%s from /" + REGION_NAME + ".entrySet e";
-
- public static final String SELECT_FROM_REGION_WITH_NUMERIC_METHOD =
- "select * from /" + REGION_NAME + " r where r.%s > 0";
- public static final String SELECT_NUMERIC_FROM_REGION_RESULTS =
- "select r.%s from /" + REGION_NAME + " r";
-
- // Regular ad hoc query
- public static final String SELECT_ALL_FROM_REGION = "select * from /" + REGION_NAME;
- // Testing public field getting
- public static final String SELECT_FROM_REGION_BY_PUBLIC_FIELD =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "id", 1);
- public static final String SELECT_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "id");
- public static final String SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "id");
- public static final String SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "id");
- public static final String SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "id");
- public static final String SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "id");
-
- // Testing getter invocation
- public static final String SELECT_FROM_REGION_BY_IMPLICIT_GETTER =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "name", "'Beth'");
- public static final String SELECT_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "name");
- public static final String SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "name");
- public static final String SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "name");
- public static final String SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "name");
- public static final String SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "name");
- public static final String SELECT_FROM_REGION_BY_DIRECT_GETTER =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "getName", "'Beth'");
- public static final String SELECT_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "getName");
- public static final String SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "getName");
-
- // Testing custom method invocation
- public static final String SELECT_FROM_REGION_BY_DEPLOYED_METHOD =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "someMethod", "'John:1'");
- public static final String SELECT_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "someMethod");
- public static final String SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_COUNT_OF_FORMAT_FROM_REGION, "someMethod");
- public static final String SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_MAX_OF_FORMAT_FROM_REGION, "someMethod");
- public static final String SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION =
- String.format(SELECT_MIN_OF_FORMAT_FROM_REGION, "someMethod");;
- public static final String SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS =
- String.format(SELECT_FROM_REGION_WHERE_FORMAT_IN_REGION_FORMAT, "someMethod");
-
- // Geode method invocation
- public static final String SELECT_FROM_REGION_CONTAINS_KEY =
- String.format(SELECT_FROM_REGION_FORMAT, "containsKey('key')");
- public static final String SELECT_FROM_REGION_CONTAINS_VALUE =
- String.format(SELECT_FROM_REGION_FORMAT, "containsValue(15)");
- public static final String SELECT_FROM_REGION_CREATE =
- String.format(SELECT_FROM_REGION_FORMAT, "create('key2', 15)");
- public static final String SELECT_CREATE_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "create('key2', 15)");
- public static final String SELECT_FROM_REGION_DESTROY =
- String.format(SELECT_FROM_REGION_FORMAT, "destroy('key')");
- public static final String SELECT_FROM_REGION_DESTROY_REGION =
- String.format(SELECT_FROM_REGION_FORMAT, "destroyRegion");
- public static final String SELECT_DESTROY_REGION_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "destroyRegion");
- public static final String SELECT_FROM_REGION_DESTROY_REGION_PAREN =
- String.format(SELECT_FROM_REGION_FORMAT, "destroyRegion()");
- public static final String SELECT_DESTROY_REGION_PAREN_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "destroyRegion()");
- public static final String SELECT_FROM_REGION_GET =
- String.format(SELECT_FROM_REGION_FORMAT, "get('key')");
- public static final String SELECT_FROM_REGION_PUT =
- String.format(SELECT_FROM_REGION_FORMAT, "put('key2', 20)");
- public static final String SELECT_FROM_REGION_PUT_IF_ABSENT =
- String.format(SELECT_FROM_REGION_FORMAT, "putIfAbsent('key2', 20)");
- public static final String SELECT_FROM_REGION_REMOVE =
- String.format(SELECT_FROM_REGION_FORMAT, "remove('key')");
- public static final String SELECT_FROM_REGION_REPLACE =
- String.format(SELECT_FROM_REGION_FORMAT, "replace('key', 25)");
- public static final String SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getInterestListRegex");
- public static final String SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getInterestListRegex()");
-
- // JDK method invocation
- public static final String SELECT_ADD_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "add('test')");
- public static final String SELECT_REMOVE_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "remove('key')");
- public static final String SELECT_FROM_REGION_TO_DATE =
- "SELECT * FROM /" + REGION_NAME + " where dateField = to_date('08/08/2018', 'MM/dd/yyyy')";
-
- // JDK numeric methods
- public static final String SELECT_INT_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.intValue");
- public static final String SELECT_LONG_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.longValue");
- public static final String SELECT_DOUBLE_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.doubleValue");
- public static final String SELECT_SHORT_VALUE_FROM_REGION =
- String.format(SELECT_NUMERIC_FROM_REGION_RESULTS, "id.shortValue");
-
- // Testing whitelisted methods
- public static final String SELECT_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey, e.getValue");
- public static final String SELECT_FROM_REGION_VALUES =
- String.format(SELECT_FROM_REGION_FORMAT, "values");
- public static final String SELECT_FROM_REGION_KEYSET =
- String.format(SELECT_FROM_REGION_FORMAT, "keySet");
- public static final String SELECT_FROM_REGION_ENTRIES =
- "select e.getKey from /" + REGION_NAME + ".entries e";
- public static final String SELECT_FROM_REGION_ENTRY_SET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey");
- public static final String SELECT_KEY_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "key");
- public static final String SELECT_GET_KEY_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getKey");
- public static final String SELECT_VALUE_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "value");
- public static final String SELECT_GET_VALUE_FROM_REGION_ENTRYSET =
- String.format(SELECT_FORMAT_FROM_REGION_ENTRYSET, "getValue");
- public static final String SELECT_FROM_REGION_BY_TO_STRING =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "toString", "'Test_Object'");
- public static final String SELECT_TO_STRING_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "toString");
- public static final String SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "toString.toUpperCase", "'TEST_OBJECT'");
- public static final String SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "toString.toLowerCase", "'test_object'");
-
- // Testing blocked methods
- public static final String SELECT_FROM_REGION_BY_GET_CLASS =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "getClass", "'org.apache'");
- public static final String SELECT_FROM_REGION_BY_GET_CLASS_PAREN =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "getClass()", "'org.apache'");
- public static final String SELECT_GET_CLASS_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getClass");
- public static final String SELECT_GET_CLASS_PAREN_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "getClass()");
- public static final String SELECT_FROM_REGION_BY_CLASS =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "class", "'org.apache'");
- public static final String SELECT_CLASS_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "class");
- public static final String SELECT_FROM_REGION_BY_CAPITAL_CLASS =
- String.format(SELECT_FROM_REGION_BY_FORMAT, "Class", "'org.apache'");
- public static final String SELECT_CAPITAL_CLASS_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "Class");
- public static final String SELECT_FROM_REGION_GET_CLASS =
- String.format(SELECT_FROM_REGION_FORMAT, "getClass");
- public static final String SELECT_FROM_REGION_GET_CLASS_PAREN =
- String.format(SELECT_FROM_REGION_FORMAT, "getClass()");
- public static final String SELECT_FROM_REGION_CLASS =
- String.format(SELECT_FROM_REGION_FORMAT, "class");
- public static final String SELECT_FROM_REGION_CAPITAL_CLASS =
- String.format(SELECT_FROM_REGION_FORMAT, "Class");
- public static final String SELECT_FROM_REGION_CLONE =
- String.format(SELECT_FROM_REGION_FORMAT, "clone");
- public static final String SELECT_FROM_REGION_WAIT =
- String.format(SELECT_FROM_REGION_FORMAT, "wait");
- public static final String SELECT_CLONE_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "clone");
- public static final String SELECT_WAIT_FROM_REGION =
- String.format(SELECT_FORMAT_FROM_REGION, "wait");
-
-
private TestSecurityManager manager = new TestSecurityManager();
public HashMap<String, List<String>> queryPermissions;
- public UserPermissions(String requiredSecurityTag) {
- this(Arrays.asList(requiredSecurityTag));
- }
-
- public UserPermissions(List<String> requiredSecurityTags) {
+ public UserPermissions() {
if (!manager.initializeFromJsonResource(
"org/apache/geode/management/internal/security/clientServer.json"))
throw new RuntimeException(
"Something bad happened while trying to load the TestSecurityManager with the org/apache/geode/management/internal/security/clientServer.json");
- queryPermissions = initQueryPermissions(requiredSecurityTags);
- }
-
- public ResourcePermission createResourcePermissionFromString(String perm) {
- String[] permParts = perm.split(":");
-
- Resource res = Resource.valueOf(permParts[0]);
- Operation op = Operation.valueOf(permParts[1]);
- if (permParts.length == 2)
- return new ResourcePermission(res, op);
- else {
- String target = permParts[3];
- if (permParts.length == 3)
- return new ResourcePermission(res, op, target);
- else {
- String targetKey = permParts[4];
- return new ResourcePermission(res, op, target, targetKey);
- }
- }
}
- public List<ResourcePermission> createResourcePermissionListFromStrings(String... perms) {
- List<ResourcePermission> resPerms = new ArrayList<>();
- for (String perm : perms) {
- resPerms.add(createResourcePermissionFromString(perm));
- }
- return resPerms;
- }
-
- public HashMap<String, List<String>> initQueryPermissions(List<String> requiredSecurityTags) {
- HashMap<String, List<String>> perms = new HashMap<>();
-
- String securityString = "";
- Iterator<String> iterator = requiredSecurityTags.iterator();
- while (iterator.hasNext()) {
- securityString += "(.*" + iterator.next();
- if (iterator.hasNext()) {
- securityString += ".*)|";
- }
- }
-
- RESTRICTED_METHOD_ACCESS_PERMISSIONS = Arrays.asList(
- MethodInvocationAuthorizer.UNAUTHORIZED_STRING + ".*)|" + securityString);
- perms.put(SELECT_ALL_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Public field access
- perms.put(SELECT_FROM_REGION_BY_PUBLIC_FIELD, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_PUBLIC_FIELD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WHERE_PUBLIC_FIELD_IN_REGION_PUBLIC_FIELDS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Getter access
- perms.put(SELECT_FROM_REGION_BY_IMPLICIT_GETTER, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_IMPLICIT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION1_WHERE_IMPLICIT_GETTER_IN_REGION2_IMPLICIT_GETTERS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_DIRECT_GETTER, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_DIRECT_GETTER_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WHERE_DIRECT_GETTER_IN_REGION_DIRECT_GETTERS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Deployed Methods
- perms.put(SELECT_FROM_REGION_BY_DEPLOYED_METHOD, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_COUNT_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MAX_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_MIN_OF_DEPLOYED_METHOD_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WHERE_DEPLOYED_METHOD_IN_REGION_DEPLOYED_METHODS,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Gemfire Methods
- perms.put(SELECT_FROM_REGION_CONTAINS_KEY, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CONTAINS_VALUE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CREATE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CREATE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_DESTROY, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_DESTROY_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DESTROY_REGION_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_DESTROY_REGION_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DESTROY_REGION_PAREN_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_GET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_PUT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_PUT_IF_ABSENT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_REMOVE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_REPLACE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_INTEREST_LIST_REGEX_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_INTEREST_LIST_REGEX_PAREN_FROM_REGION,
- RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // JDK Methods
- perms.put(SELECT_ADD_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_REMOVE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_TO_DATE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Numeric Methods
- perms.put(SELECT_INT_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_LONG_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_DOUBLE_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_SHORT_VALUE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Whitelisted Methods
- perms.put(SELECT_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_VALUES, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_KEYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_ENTRIES, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_ENTRY_SET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_KEY_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_KEY_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_VALUE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_VALUE_FROM_REGION_ENTRYSET, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_TO_STRING, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_TO_STRING_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_TO_STRING_TO_UPPER_CASE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_TO_STRING_TO_LOWER_CASE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- // Blacklisted Methods
- perms.put(SELECT_FROM_REGION_BY_GET_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_GET_CLASS_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_GET_CLASS_PAREN_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_BY_CAPITAL_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CAPITAL_CLASS_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_GET_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_GET_CLASS_PAREN, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CAPITAL_CLASS, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_CLONE, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_FROM_REGION_WAIT, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_CLONE_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
- perms.put(SELECT_WAIT_FROM_REGION, RESTRICTED_METHOD_ACCESS_PERMISSIONS);
-
- return perms;
- }
-
- public static List<String> getAllUsers() {
- return Arrays.asList("stranger", "dataReader", "dataReaderRegion", "dataReaderRegionKey",
- "clusterManager", "clusterManagerQuery", "clusterManagerDataReader",
- "clusterManagerDataReaderRegion", "clusterManagerDataReaderRegionKey", "super-user"); // Includes
- // all
- // cluster
- // permissions
- // (READ,
- // WRITE,
- // MANAGE)
- // as
- // well
- // as
- // all
- // data
- // privileges
- // (READ,
- // WRITE,
- // MANAGE)
- }
-
- private List<String> getUserResourcePermissions(String user) {
- List<String> userPerms = new ArrayList<>();
- Set<TestSecurityManager.Role> userRoles = manager.getUser(user).getRoles();
-
- for (TestSecurityManager.Role role : userRoles) {
- for (ResourcePermission perm : role.getPermissions()) {
- userPerms.add(perm.toString());
- }
- }
- return userPerms;
- }
-
- public List<String> getMissingUserAuthorizationsForQuery(String user, String query) {
- List<String> foundPerms = new ArrayList<>();
- List<String> userPerms = getUserResourcePermissions(user);
- List<String> reqPerms = queryPermissions.get(query);
-
- System.out.println("userPerms: " + userPerms);
- System.out.println("reqPerms: " + reqPerms);
-
- for (String reqPerm : reqPerms) {
- for (String userPerm : userPerms) {
- if (userPerm.equals(reqPerm)) {
- foundPerms.add(reqPerm);
- } else {
- String[] reqPermParts = reqPerm.split(":");
- String[] userPermParts = userPerm.split(":");
- if (reqPermParts.length > userPermParts.length) {
- boolean hasGenericPerm = true;
- for (int i = 0; i < userPermParts.length; i++) {
- if (!reqPermParts[i].equals(userPermParts[i])) {
- hasGenericPerm = false;
- break;
- }
- }
-
- if (hasGenericPerm) {
- foundPerms.add(reqPerm);
- }
- }
- }
- }
- }
-
- List<String> missingPerms = new ArrayList<>(reqPerms);
- missingPerms.removeAll(foundPerms);
- System.out.println("Missing perms: " + missingPerms);
- return missingPerms;
- }
public String getUserPassword(String user) {
return manager.getUser(user).getPassword();
}
- public String regexForExpectedException(List<String> expectedExceptionMessages) {
- String authErrorRegexp = "(.*" + String.join(".*)|(.*", expectedExceptionMessages) + ".*)";
- return authErrorRegexp;
- }
-
}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java b/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java
new file mode 100644
index 0000000..e2c2ff4
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/data/PdxQueryTestObject.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query.data;
+
+import java.io.Serializable;
+
+import org.apache.geode.pdx.PdxReader;
+import org.apache.geode.pdx.PdxSerializable;
+import org.apache.geode.pdx.PdxWriter;
+
+public class PdxQueryTestObject
+ implements PdxSerializable, Serializable /* just to pass around in test code */ {
+ public int id = -1;
+ private String name;
+ private int age = 1;
+
+ private boolean shouldThrowException = true;
+
+
+ public PdxQueryTestObject() {
+
+ }
+
+ public PdxQueryTestObject(int id, String name) {
+ this.id = id;
+ this.name = name;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String toString() {
+ return "Test_Object";
+ }
+
+ public int getAge() {
+ return age;
+ }
+
+ @Override
+ public void toData(PdxWriter writer) {
+ writer.writeInt("id", id);
+ writer.writeString("getName", name);
+ }
+
+ @Override
+ public void fromData(PdxReader reader) {
+ id = reader.readInt("id");
+ name = reader.readString("getName");
+ }
+
+ public boolean equals(Object o) {
+ if (o instanceof PdxQueryTestObject) {
+ PdxQueryTestObject other = (PdxQueryTestObject) o;
+ return other.id == this.id && other.name.equals(this.name);
+ }
+ return false;
+ }
+}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java b/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java
new file mode 100644
index 0000000..70b535d
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/security/query/data/QueryTestObject.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.security.query.data;
+
+import java.io.Serializable;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+public class QueryTestObject implements Serializable {
+ public int id = -1;
+
+ private String name;
+
+ public Date dateField;
+
+ public QueryTestObject(int id, String name) {
+ this.id = id;
+ this.name = name;
+ }
+
+ public int getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String someMethod() {
+ return name + ":" + id;
+ }
+
+ public void setDateField(String dateString) {
+ try {
+ SimpleDateFormat sdf = new SimpleDateFormat("MM/dd/yyyy");
+ dateField = sdf.parse(dateString);
+ } catch (ParseException e) {
+
+ }
+ }
+
+ @Override
+ public String toString() {
+ return "Test_Object";
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ QueryTestObject qto = (QueryTestObject) obj;
+ return (this.id == qto.id && this.name.equals(qto.getName()));
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java
new file mode 100644
index 0000000..298a273
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityAuthorizedUserDUnitTest.java
@@ -0,0 +1,267 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.apache.geode.internal.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import junitparams.Parameters;
+import org.awaitility.Awaitility;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.query.CqAttributesFactory;
+import org.apache.geode.cache.query.CqEvent;
+import org.apache.geode.cache.query.CqException;
+import org.apache.geode.cache.query.CqListener;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.security.query.QuerySecurityBase;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityAuthorizedUserDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"dataReader", "dataReaderRegion", "clusterManagerDataReader",
+ "clusterManagerDataReaderRegion", "super-user"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureSpecificClientAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0"};
+ values = new Object[] {new QueryTestObject(0, "John")};
+ }
+
+ // Variables that need to be shared across invoke calls.
+ protected static CqSecurityTestCqListener cqListener = null;
+
+ private String regexForExpectedExceptions = ".*Unauthorized access.*";
+
+ @Test
+ public void cqExecuteNoMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeAllowed()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.id = 0";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ putIntoRegion(superUserClient, keys, new Object[] {new QueryTestObject(0, "Bethany")},
+ regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumEvent()));
+ });
+ }
+
+ @Test
+ public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqExecuteWithInitialResultsWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeDeniedBecauseOfInvocation()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqWithInitialResultsButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+
+ @Test
+ public void cqExecuteWithInitialResultsWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError()
+ throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.executeWithInitialResults();
+ });
+
+ Object[] keys = {"key-0"};
+ Object[] values = {new QueryTestObject(1, "Mary")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumErrors()));
+ });
+ }
+
+ @Test
+ public void cqExecuteWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError()
+ throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";;
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ Object[] keys = {"key-0"};
+ Object[] values = {new QueryTestObject(1, "Mary")};
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumErrors()));
+ });
+ }
+
+ @Test
+ public void cqCanBeClosedByTheCreator() throws Exception {
+ String query = "select * from /" + regionName + " r where r.id = 0";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ cq.close();
+ assertTrue(cq.isClosed());
+ });
+ assertEquals(0, server.getCache().getCqService().getAllCqs().size());
+ }
+
+
+ protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
+ throws CqException {
+ CqAttributesFactory cqaf = new CqAttributesFactory();
+ cqaf.addCqListener(cqListener);
+ CqQuery cq = queryService.newCq(query, cqaf.create());
+ return cq;
+ }
+
+ protected void executeCqButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.execute();
+ fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+ }
+
+ private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.executeWithInitialResults();
+ fail("Expected an exception when executing cq:" + cq + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ e.printStackTrace();
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+
+ }
+
+ public class CqSecurityTestCqListener implements CqListener {
+
+ private int numEvents = 0;
+ private int numErrors = 0;
+
+ @Override
+ public void onEvent(CqEvent aCqEvent) {
+ numEvents++;
+ }
+
+ @Override
+ public void onError(CqEvent aCqEvent) {
+ numErrors++;
+ }
+
+ public int getNumEvent() {
+ return numEvents;
+ }
+
+ public int getNumErrors() {
+ return numErrors;
+ }
+
+ @Override
+ public void close() {
+
+ }
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java
deleted file mode 100644
index d2bc8ec..0000000
--- a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityDUnitTest.java
+++ /dev/null
@@ -1,424 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.query.cq.dunit;
-
-import static org.apache.geode.internal.Assert.assertTrue;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.query.CqAttributesFactory;
-import org.apache.geode.cache.query.CqEvent;
-import org.apache.geode.cache.query.CqException;
-import org.apache.geode.cache.query.CqListener;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.cache.query.RegionNotFoundException;
-import org.apache.geode.security.query.QuerySecurityBase;
-import org.apache.geode.security.query.QuerySecurityDUnitTest;
-import org.apache.geode.security.query.UserPermissions;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class CqSecurityDUnitTest extends QuerySecurityBase {
-
- protected UserPermissions configurePermissions() {
- return new UserPermissions(Arrays.asList("DATA:READ"));
- }
-
- // Variables that need to be shared across invoke calls.
- protected static CqSecurityTestCqListener cqListener = null;
-
- // Should be the same as the key specified for the region key specific users in the
- // clientServer.json
- public static final String REGION_PUT_KEY = "key";
-
- public List<String> getAllUsersThatCannotInvokeCq() {
- return Arrays.asList("stranger", "dataReaderRegionKey", "clusterManagerQuery", "clusterManagerDataReaderRegionKey");
- }
-
- public List<String> getAllUsersThatCanInvokeCq() {
- return Arrays.asList(
- "dataReader", "dataReaderRegion", "clusterManagerDataReader", "clusterManagerDataReaderRegion", "super-user");
- }
-
-
- public List<String> getAllUsersOnlyAllowedWrite() {
- return Arrays.asList(
- "dataWriter");
- }
-
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteNoMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeAllowed(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumEvent()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCannotInvokeCq")
- public void cqExecuteNoMethodInvocationWithUsersWithoutCqPermissionsWithPrepopulatedRegionShouldThrowSecurityException(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqButExpectException(cq, user, regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqButExpectException(cq, user, regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsers")
- public void cqExecuteWithInitialResultsWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionShouldBeDeniedBecauseOfInvocation(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqWithInitialResultsButExpectException(cq, user,regexForExpectedExceptions);
- });
- }
-
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteWithInitialResultsWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- // security should trigger listener with error
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- specificUserClient.invoke(() -> {
- String regionName = UserPermissions.REGION_NAME;
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.executeWithInitialResults();
- });
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumErrors()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCannotInvokeCq")
- public void cqExecuteWithInitialResultsWithMethodInvocationWithoutPermissionWithUnpopulatedRegionThrowSecurityException(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- // security should trigger listener with error
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqWithInitialResultsButExpectException(cq, user,regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteWithMethodInvocationWithUnpopulatedRegionAndFollowedByAPutShouldTriggerCqError(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- // security should trigger listener wit gh error
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumErrors()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCannotInvokeCq")
- public void cqExecuteWithOutPermissionsWithUnpopulatedRegionShouldNotAllowCq(String user)
- throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- // execute cq
- // put into region
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
- List<String> expectedExceptionMessages =
- userPerms.getMissingUserAuthorizationsForQuery(user, query);
-
- String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- executeCqButExpectException(cq, user, regexForExpectedExceptions);
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersOnlyAllowedWrite")
- public void cqCreatedByAllowedUserButPutDoneByUnallowedReaderShouldStillExecuteWithCqEvent(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-
- superUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(specificUserClient, keys, values, UserPermissions.REGION_NAME);
-
- superUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumEvent()));
- });
- }
-
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqCanBeClosedByTheCreator(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_PUBLIC_FIELD;
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- cq.close();
- assertTrue(cq.isClosed());
- });
- assertEquals(0, server.getCache().getCqService().getAllCqs().size());
- }
-
-
- protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
- throws CqException {
- CqAttributesFactory cqaf = new CqAttributesFactory();
- cqaf.addCqListener(cqListener);
- CqQuery cq = queryService.newCq(query, cqaf.create());
- return cq;
- }
-
- protected void executeCqButExpectException(CqQuery cq, String user,
- String regexForExpectedException) {
- try {
- cq.execute();
- fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
- } catch (RegionNotFoundException | CqException e) {
- if (!e.getMessage().matches(regexForExpectedException)) {
- Throwable cause = e.getCause();
- while (cause != null) {
- if (cause.getMessage().matches(regexForExpectedException)) {
- return;
- }
- cause = cause.getCause();
- }
- e.printStackTrace();
- fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
- }
- }
- }
-
- private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
- String regexForExpectedException) {
- try {
- cq.executeWithInitialResults();
- fail("Expected an exception when executing cq:" + cq + " with user:" + user);
- } catch (RegionNotFoundException | CqException e) {
- e.printStackTrace();
- if (!e.getMessage().matches(regexForExpectedException)) {
- Throwable cause = e.getCause();
- while (cause != null) {
- if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
- return;
- }
- cause = cause.getCause();
- }
- e.printStackTrace();
- fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
- }
- }
-
- }
-
- public class CqSecurityTestCqListener implements CqListener {
-
- private int numEvents = 0;
- private int numErrors = 0;
-
- @Override
- public void onEvent(CqEvent aCqEvent) {
- numEvents++;
- }
-
- @Override
- public void onError(CqEvent aCqEvent) {
- numErrors++;
- }
-
- public int getNumEvent() {
- return numEvents;
- }
-
- public int getNumErrors() {
- return numErrors;
- }
-
- @Override
- public void close() {
-
- }
- }
-}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java
new file mode 100644
index 0000000..6fe9f87
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedAuthorizedUserDUnitTest.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.junit.Assert.assertEquals;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityPartitionedAuthorizedUserDUnitTest
+ extends CqSecurityAuthorizedUserDUnitTest {
+ public RegionShortcut getRegionType() {
+ return RegionShortcut.PARTITION;
+ }
+
+ @Test
+ public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityAuthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ putIntoRegion(superUserClient, keys, values, regionName);
+
+ specificUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumErrors()));
+ });
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java
deleted file mode 100644
index e542e0e..0000000
--- a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedDUnitTest.java
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.cache.query.cq.dunit;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-
-import junitparams.JUnitParamsRunner;
-import junitparams.Parameters;
-import org.awaitility.Awaitility;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
-
-import org.apache.geode.cache.RegionShortcut;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
-import org.apache.geode.security.query.QuerySecurityDUnitTest;
-import org.apache.geode.security.query.UserPermissions;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.categories.SecurityTest;
-
-@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class CqSecurityPartitionedDUnitTest extends CqSecurityDUnitTest {
- public RegionShortcut getRegionType() {
- return RegionShortcut.PARTITION;
- }
-
-
-// @Test
-// @Parameters(method = "getAllUsersThatCannotInvokeCq")
-// public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
-// String user) throws Exception {
-// createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
-// createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-//
-// Object[] keys = {REGION_PUT_KEY};
-// Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
-// putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-//
-// String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-// List<String> expectedExceptionMessages =
-// userPerms.getMissingUserAuthorizationsForQuery(user, query);
-// String regexForExpectedExceptions = userPerms.regexForExpectedException(expectedExceptionMessages);
-//
-// specificUserClient.invoke(() -> {
-// QueryService queryService = getClientCache().getQueryService();
-// CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
-// CqSecurityDUnitTest.cqListener = cqListener;
-// CqQuery cq = createCq(queryService, query, cqListener);
-// executeCqButExpectException(cq, user, regexForExpectedExceptions);
-// });
-// }
-//
- @Test
- @Parameters(method = "getAllUsersThatCanInvokeCq")
- public void cqExecuteWithMethodInvocationWithUsersWithCqPermissionsWithPrepopulatedRegionIsGettingExceptionInReplicatedRegion(
- String user) throws Exception {
- createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
- createProxyRegion(specificUserClient, UserPermissions.REGION_NAME);
-
- Object[] keys = {REGION_PUT_KEY};
- Object[] values = {new QuerySecurityDUnitTest.QueryTestObject(1, "Mary")};
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- String query = UserPermissions.SELECT_FROM_REGION_BY_IMPLICIT_GETTER;
-
- specificUserClient.invoke(() -> {
- QueryService queryService = getClientCache().getQueryService();
- CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
- CqSecurityDUnitTest.cqListener = cqListener;
- CqQuery cq = createCq(queryService, query, cqListener);
- cq.execute();
- });
-
- putIntoRegion(superUserClient, keys, values, UserPermissions.REGION_NAME);
-
- specificUserClient.invoke(() -> {
- Awaitility.await().atMost(30, TimeUnit.SECONDS)
- .until(() -> assertEquals(1, cqListener.getNumErrors()));
- });
- }
-}
diff --git a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
similarity index 61%
rename from geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
rename to geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
index 4d81034..d3e3adb 100644
--- a/geode-core/src/test/java/org/apache/geode/security/query/PartitionedQuerySecurityDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityPartitionedUnauthorizedUserDUnitTest.java
@@ -12,19 +12,32 @@
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
-package org.apache.geode.security.query;
+package org.apache.geode.cache.query.cq.dunit;
-import junitparams.JUnitParamsRunner;
+import static org.junit.Assert.assertEquals;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.security.query.UserPermissions;
+import org.apache.geode.security.query.data.QueryTestObject;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
-public class PartitionedQuerySecurityDUnitTest extends QuerySecurityDUnitTest {
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityPartitionedUnauthorizedUserDUnitTest
+ extends CqSecurityUnauthorizedUserDUnitTest {
public RegionShortcut getRegionType() {
return RegionShortcut.PARTITION;
}
diff --git a/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java
new file mode 100644
index 0000000..2e9fc8a
--- /dev/null
+++ b/geode-cq/src/test/java/org/apache/geode/cache/query/cq/dunit/CqSecurityUnauthorizedUserDUnitTest.java
@@ -0,0 +1,215 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.query.cq.dunit;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeTrue;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+import org.apache.geode.cache.query.CqAttributesFactory;
+import org.apache.geode.cache.query.CqEvent;
+import org.apache.geode.cache.query.CqException;
+import org.apache.geode.cache.query.CqListener;
+import org.apache.geode.cache.query.CqQuery;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
+import org.apache.geode.security.query.QuerySecurityBase;
+import org.apache.geode.security.query.data.QueryTestObject;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.categories.SecurityTest;
+import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory;
+
+@Category({DistributedTest.class, SecurityTest.class})
+@RunWith(Parameterized.class)
+@Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class)
+public class CqSecurityUnauthorizedUserDUnitTest extends QuerySecurityBase {
+
+ @Parameterized.Parameters
+ public static Object[] usersAllowed() {
+ return new Object[] {"stranger", "dataReaderRegionKey", "clusterManagerQuery",
+ "clusterManagerDataReaderRegionKey", "dataWriter"};
+ }
+
+ @Parameterized.Parameter
+ public String user;
+
+ @Before
+ public void configureSpecificClientAndKeyAndValues() {
+ createClientCache(specificUserClient, user, userPerms.getUserPassword(user));
+ createProxyRegion(specificUserClient, regionName);
+
+ keys = new Object[] {"key-0"};
+ values = new Object[] {new QueryTestObject(0, "John")};
+ }
+
+ // Variables that need to be shared across invoke calls.
+ protected static CqSecurityTestCqListener cqListener = null;
+
+ public List<String> getAllUsersOnlyAllowedWrite() {
+ return Arrays.asList("dataWriter");
+ }
+
+
+ private String regexForExpectedExceptions = ".*DATA:READ:.*";
+
+ @Test
+ public void cqExecuteNoMethodInvocationWithUsersWithoutCqPermissionsWithPrepopulatedRegionShouldThrowSecurityException()
+ throws Exception {
+ putIntoRegion(superUserClient, keys, values, regionName);
+ String query = "select * from /" + regionName + " r where r.id = 0";
+
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqExecuteWithInitialResultsWithMethodInvocationWithoutPermissionWithUnpopulatedRegionThrowSecurityException()
+ throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqWithInitialResultsButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqExecuteWithOutPermissionsWithUnpopulatedRegionShouldNotAllowCq() throws Exception {
+ String query = "select * from /" + regionName + " r where r.name = 'Beth'";
+ specificUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ executeCqButExpectException(cq, user, regexForExpectedExceptions);
+ });
+ }
+
+ @Test
+ public void cqCreatedByAllowedUserButPutDoneByUnallowedReaderShouldStillExecuteWithCqEvent()
+ throws Exception {
+ assumeTrue(user.equals("dataWriter"));
+ String query = "select * from /" + regionName + " r where r.id = 1";
+ superUserClient.invoke(() -> {
+ QueryService queryService = getClientCache().getQueryService();
+ CqSecurityTestCqListener cqListener = new CqSecurityTestCqListener();
+ CqSecurityUnauthorizedUserDUnitTest.cqListener = cqListener;
+ CqQuery cq = createCq(queryService, query, cqListener);
+ cq.execute();
+ });
+
+ Object[] keys = {"key-0"};
+ Object[] values = {new QueryTestObject(1, "Mary")};
+ putIntoRegion(specificUserClient, keys, values, regionName);
+
+ superUserClient.invoke(() -> {
+ Awaitility.await().atMost(30, TimeUnit.SECONDS)
+ .until(() -> assertEquals(1, cqListener.getNumEvent()));
+ });
+ }
+
+
+ protected CqQuery createCq(QueryService queryService, String query, CqListener cqListener)
+ throws CqException {
+ CqAttributesFactory cqaf = new CqAttributesFactory();
+ cqaf.addCqListener(cqListener);
+ CqQuery cq = queryService.newCq(query, cqaf.create());
+ return cq;
+ }
+
+ protected void executeCqButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.execute();
+ fail("Expected an exception when executing cq:" + cq.getQueryString() + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+ }
+
+ private void executeCqWithInitialResultsButExpectException(CqQuery cq, String user,
+ String regexForExpectedException) {
+ try {
+ cq.executeWithInitialResults();
+ fail("Expected an exception when executing cq:" + cq + " with user:" + user);
+ } catch (RegionNotFoundException | CqException e) {
+ e.printStackTrace();
+ if (!e.getMessage().matches(regexForExpectedException)) {
+ Throwable cause = e.getCause();
+ while (cause != null) {
+ if (cause.getMessage() != null && cause.getMessage().matches(regexForExpectedException)) {
+ return;
+ }
+ cause = cause.getCause();
+ }
+ e.printStackTrace();
+ fail("Exception thrown did not match:" + regexForExpectedException + ". Instead was:" + e);
+ }
+ }
+ }
+
+ public class CqSecurityTestCqListener implements CqListener {
+
+ private int numEvents = 0;
+
+ @Override
+ public void onEvent(CqEvent aCqEvent) {
+ numEvents++;
+ }
+
+ @Override
+ public void onError(CqEvent aCqEvent) {
+
+ }
+
+ public int getNumEvent() {
+ return numEvents;
+ }
+
+
+ @Override
+ public void close() {
+
+ }
+ }
+}
diff --git a/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
index 9d66290..a18a4c6 100644
--- a/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/security/ClientQueryAuthDUnitTest.java
@@ -18,27 +18,16 @@ import static org.apache.geode.distributed.ConfigurationProperties.SECURITY_MANA
import static org.apache.geode.security.SecurityTestUtil.assertNotAuthorized;
import static org.apache.geode.security.SecurityTestUtil.createClientCache;
import static org.apache.geode.security.SecurityTestUtil.createProxyRegion;
-import static org.junit.Assert.assertEquals;
-import java.util.Collection;
-
-import junitparams.JUnitParamsRunner;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
-import org.junit.runner.RunWith;
import org.apache.geode.cache.Region;
import org.apache.geode.cache.RegionShortcut;
import org.apache.geode.cache.client.ClientCache;
import org.apache.geode.cache.client.Pool;
import org.apache.geode.cache.client.PoolManager;
-import org.apache.geode.cache.query.CqAttributes;
-import org.apache.geode.cache.query.CqAttributesFactory;
-import org.apache.geode.cache.query.CqEvent;
-import org.apache.geode.cache.query.CqListener;
-import org.apache.geode.cache.query.CqQuery;
-import org.apache.geode.cache.query.QueryService;
import org.apache.geode.test.dunit.Host;
import org.apache.geode.test.dunit.VM;
import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
@@ -46,45 +35,27 @@ import org.apache.geode.test.junit.rules.ServerStarterRule;
import org.apache.geode.test.junit.categories.DistributedTest;
import org.apache.geode.test.junit.categories.SecurityTest;
-// TODO pdx field look up
-// DataManage with region read key
-
@Category({DistributedTest.class, SecurityTest.class})
-@RunWith(JUnitParamsRunner.class)
public class ClientQueryAuthDUnitTest extends JUnit4DistributedTestCase {
- private static final String AUTH_REGION_NAME = "AuthRegion";
- private static final String NO_AUTH_REGION_NAME = "NoAuthRegion";
- private static final String REP_REGION_NAME = "Rep" + AUTH_REGION_NAME;
- private static final String PART_REGION_NAME = "Part" + AUTH_REGION_NAME;
-
- private static final String USER_PASSWORD = "1234567";
-
- private static final String PUT_KEY = "key1";
- private static final String PUT_VALUE = "value1";
-
+ private static String REGION_NAME = "AuthRegion";
final Host host = Host.getHost(0);
final VM client1 = host.getVM(1);
final VM client2 = host.getVM(2);
final VM client3 = host.getVM(3);
- static TestSecurityManager scManager = new TestSecurityManager();
-
@Rule
public ServerStarterRule server =
new ServerStarterRule().withProperty(SECURITY_MANAGER, TestSecurityManager.class.getName())
.withProperty(TestSecurityManager.SECURITY_JSON,
"org/apache/geode/management/internal/security/clientServer.json")
- .withRegion(RegionShortcut.REPLICATE, REP_REGION_NAME)
- .withRegion(RegionShortcut.PARTITION, PART_REGION_NAME)
- .withRegion(RegionShortcut.PARTITION, AUTH_REGION_NAME)
- .withRegion(RegionShortcut.PARTITION, NO_AUTH_REGION_NAME);
+ .withRegion(RegionShortcut.REPLICATE, REGION_NAME);
@Test
public void testQuery() {
client1.invoke(() -> {
ClientCache cache = createClientCache("stranger", "1234567", server.getPort());
- final Region region = createProxyRegion(cache, AUTH_REGION_NAME);
+ final Region region = createProxyRegion(cache, REGION_NAME);
String query = "select * from /AuthRegion";
assertNotAuthorized(() -> region.query(query), "DATA:READ:AuthRegion");
@@ -94,120 +65,4 @@ public class ClientQueryAuthDUnitTest extends JUnit4DistributedTestCase {
"DATA:READ:AuthRegion");
});
}
-
- private void createRegionIndex(String indexName, String regionName) {
- ClientCache cache = createClientCache("super-user", USER_PASSWORD, server.getPort());
- final Region region = createProxyRegion(cache, regionName);
- // cache.getQueryService().createIndex(indexName, "id", "/" + regionName);
-
- cache.close();
- }
-
- protected void putIntoRegion(Object value, String regionName) {
- ClientCache cache = createClientCache("super-user", USER_PASSWORD, server.getPort());
- final Region region = createProxyRegion(cache, regionName);
- region.put(PUT_KEY, value);
- cache.close();
- }
-
- // @Test
- // public void testQueryWithRegionsAsBindParameters() {
- // client1.invoke(() -> {
- // putIntoRegion(PUT_VALUE, NO_AUTH_REGION_NAME);
- // ClientCache cache = createClientCache("authRegionUser", "1234567", server.getPort());
- // final Region authRegion = createProxyRegion(cache, AUTH_REGION_NAME);
- // final Region noAuthRegion = createProxyRegion(cache, NO_AUTH_REGION_NAME);
- //
- // String query = "select * from /AuthRegion";
- // authRegion.put("A", "B");
- // Pool pool = PoolManager.find(authRegion);
- // assertEquals(1, ((Collection) cache.getQueryService().newQuery(query).execute()).size());
- // HashSet regions = new HashSet();
- // regions.add(noAuthRegion);
- //
- // assertNotAuthorized(() -> pool.getQueryService().newQuery("select v from $1 r, r.values()
- // v").execute(new Object[] {regions}),
- // "DATA:READ:NoAuthRegion");
- // });
- // }
-
- @Test
- public void testCQ() {
- String query = "select * from /AuthRegion";
- client1.invoke(() -> {
- ClientCache cache = createClientCache("dataWriter", "1234567", server.getPort());
- Region region = createProxyRegion(cache, AUTH_REGION_NAME);
- Pool pool = PoolManager.find(region);
- QueryService qs = pool.getQueryService();
-
- CqAttributes cqa = new CqAttributesFactory().create();
-
- // Create the CqQuery
- CqQuery cq = qs.newCq("CQ1", query, cqa);
-
- // try {
- // cq.executeWithInitialResults();
- // }
- // catch (Exception e) {
- // System.out.println("JASON:" + e.getCause().getCause());
- //
- // }
-
- // assertNotAuthorized(() -> cq.executeWithInitialResults(), "DATA:READ:AuthRegion");
- // assertNotAuthorized(() -> cq.execute(), "DATA:READ:AuthRegion");
- cq.execute();
- region.put(PUT_KEY + "xxx", PUT_VALUE + "xxx");
- cq.close();
- // assertNotAuthorized(() -> cq.close(), "DATA:MANAGE");
- });
-
- client2.invoke(() -> {
- ClientCache cache = createClientCache("authRegionReader", "1234567", server.getPort());
- Region region = createProxyRegion(cache, AUTH_REGION_NAME);
- Pool pool = PoolManager.find(region);
- QueryService qs = pool.getQueryService();
-
- CqAttributes cqa = new CqAttributesFactory().create();
- // Create the CqQuery
- CqQuery cq = qs.newCq("CQ1", query, cqa);
- cq.execute();
-
- assertNotAuthorized(() -> cq.stop(), "DATA:MANAGE");
- assertNotAuthorized(() -> qs.getAllDurableCqsFromServer(), "CLUSTER:READ");
- });
-
- client3.invoke(() -> {
- ClientCache cache = createClientCache("super-user", "1234567", server.getPort());
- Region region = createProxyRegion(cache, AUTH_REGION_NAME);
- Pool pool = PoolManager.find(region);
- QueryService qs = pool.getQueryService();
-
- CqAttributesFactory factory = new CqAttributesFactory();
- factory.addCqListener(new CqListener() {
- @Override
- public void onEvent(final CqEvent aCqEvent) {
- System.out.println(aCqEvent);
- }
-
- @Override
- public void onError(final CqEvent aCqEvent) {
-
- }
-
- @Override
- public void close() {
-
- }
- });
-
-
- CqAttributes cqa = factory.create();
-
- // Create the CqQuery
- CqQuery cq = qs.newCq("CQ1", query, cqa);
- System.out.println("query result: " + cq.executeWithInitialResults());
-
- cq.stop();
- });
- }
}
--
To stop receiving notification emails like this one, please contact
"commits@geode.apache.org" <co...@geode.apache.org>.