You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/04/07 20:30:45 UTC
[2/3] incubator-geode git commit: GEODE-17: use the new resource and
operation code
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
index 632c719..fffa077 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
@@ -185,7 +185,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHUTDOWN, help = CliStrings.SHUTDOWN__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_LIFECYCLE },
interceptor = "com.gemstone.gemfire.management.internal.cli.commands.MiscellaneousCommands$Interceptor")
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
public Result shutdown(
@CliOption(key = CliStrings.SHUTDOWN__TIMEOUT, unspecifiedDefaultValue = DEFAULT_TIME_OUT,
help = CliStrings.SHUTDOWN__TIMEOUT__HELP) int userSpecifiedTimeout,
@@ -326,7 +326,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.GC, help = CliStrings.GC__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.MANAGE)
public Result gc(
@CliOption(key = CliStrings.GC__GROUP, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.GC__GROUP__HELP)
String[] groups,
@@ -417,7 +417,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.NETSTAT, help = CliStrings.NETSTAT__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
//TODO : Verify the auto-completion for multiple values.
public Result netstat(
@CliOption(key = CliStrings.NETSTAT__MEMBER,
@@ -571,7 +571,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_DEADLOCK, help = CliStrings.SHOW_DEADLOCK__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result showDeadlock(
@CliOption(key = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE,
help = CliStrings.SHOW_DEADLOCK__DEPENDENCIES__FILE__HELP,
@@ -621,7 +621,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_LOG, help = CliStrings.SHOW_LOG_HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result showLog(
@CliOption(key = CliStrings.SHOW_LOG_MEMBER, optionContext = ConverterHint.ALL_MEMBER_IDNAME, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.SHOW_LOG_MEMBER_HELP, mandatory = true) String memberNameOrId,
@CliOption(key = CliStrings.SHOW_LOG_LINE_NUM, unspecifiedDefaultValue = "0", help = CliStrings.SHOW_LOG_LINE_NUM_HELP, mandatory = false) int numberOfLines) {
@@ -769,7 +769,7 @@ public class MiscellaneousCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.EXPORT_LOGS, help = CliStrings.EXPORT_LOGS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_SERVER, CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result exportLogs(
@CliOption(key = CliStrings.EXPORT_LOGS__DIR,
help = CliStrings.EXPORT_LOGS__DIR__HELP, mandatory=true) String dirName,
@@ -991,7 +991,7 @@ public class MiscellaneousCommands implements CommandMarker {
*/
@CliCommand(value = CliStrings.EXPORT_STACKTRACE, help = CliStrings.EXPORT_STACKTRACE__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result exportStackTrace(
@CliOption(key = CliStrings.EXPORT_STACKTRACE__MEMBER,
optionContext = ConverterHint.ALL_MEMBER_IDNAME,
@@ -1092,7 +1092,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.SHOW_METRICS, help = CliStrings.SHOW_METRICS__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_STATISTICS })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation= OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation= OperationCode.READ)
public Result showMetrics(
@CliOption(key = { CliStrings.SHOW_METRICS__MEMBER }, optionContext = ConverterHint.ALL_MEMBER_IDNAME, help = CliStrings.SHOW_METRICS__MEMBER__HELP) String memberNameOrId,
@CliOption(key = { CliStrings.SHOW_METRICS__REGION }, optionContext = ConverterHint.REGIONPATH, help = CliStrings.SHOW_METRICS__REGION__HELP) String regionName,
@@ -1996,7 +1996,7 @@ public class MiscellaneousCommands implements CommandMarker {
@CliCommand(value = CliStrings.CHANGE_LOGLEVEL, help = CliStrings.CHANGE_LOGLEVEL__HELP)
@CliMetaData(relatedTopic = { CliStrings.TOPIC_CHANGELOGLEVEL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.WRITE)
public Result changeLogLevel(
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__MEMBER, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__MEMBER__HELP) String[] memberIds,
@CliOption(key = CliStrings.CHANGE_LOGLEVEL__GROUPS, unspecifiedDefaultValue = "", help = CliStrings.CHANGE_LOGLEVEL__GROUPS__HELP) String[] grps,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
index 1c3dd84..52af8f1 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
@@ -53,7 +53,7 @@ public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.CONFIGURE_PDX, help = CliStrings.CONFIGURE_PDX__HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION, writesToSharedConfiguration = true)
- @ResourceOperation( resource=Resource.PDX, operation = OperationCode.MANAGE)
+ @ResourceOperation( resource=Resource.DATA, operation = OperationCode.MANAGE)
public Result configurePDX(
@CliOption (key = CliStrings.CONFIGURE_PDX__READ__SERIALIZED,
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -175,7 +175,7 @@ public class PDXCommands extends AbstractCommandsSupport{
@CliCommand (value = CliStrings.PDX_RENAME, help = CliStrings.PDX_RENAME__HELP)
@CliMetaData(shellOnly=true, relatedTopic={CliStrings.TOPIC_GEMFIRE_DISKSTORE})
- @ResourceOperation(resource = Resource.PDX, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result pdxRename(
@CliOption (key = CliStrings.PDX_RENAME_OLD,
mandatory=true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
index f77c4c0..89534a6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
@@ -62,7 +62,7 @@ public class QueueCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_ASYNC_EVENT_QUEUE, help = CliStrings.CREATE_ASYNC_EVENT_QUEUE__HELP)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.ASYNC_EVENT_QUEUE, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result createAsyncEventQueue(
@CliOption(key = CliStrings.CREATE_ASYNC_EVENT_QUEUE__ID,
mandatory = true,
@@ -202,7 +202,7 @@ public class QueueCommands implements CommandMarker {
}
@CliCommand(value = CliStrings.LIST_ASYNC_EVENT_QUEUES, help = CliStrings.LIST_ASYNC_EVENT_QUEUES__HELP)
- @ResourceOperation(resource = Resource.ASYNC_EVENT_QUEUE, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result listAsyncEventQueues() {
try {
TabularResultData tabularData = ResultBuilder.createTabularResultData();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
index 3413ba4..fed5dbd 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
@@ -77,7 +77,7 @@ public class RegionCommands implements CommandMarker {
@CliCommand(value = { CliStrings.LIST_REGION }, help = CliStrings.LIST_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = CliStrings.TOPIC_GEMFIRE_REGION)
- @ResourceOperation(resource = Resource.REGION, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result listRegion(
@CliOption(key = { CliStrings.LIST_REGION__GROUP },
optionContext = ConverterHint.MEMBERGROUP,
@@ -157,7 +157,7 @@ public class RegionCommands implements CommandMarker {
@CliCommand(value = { CliStrings.DESCRIBE_REGION }, help = CliStrings.DESCRIBE_REGION__HELP)
@CliMetaData(shellOnly = false, relatedTopic = { CliStrings.TOPIC_GEMFIRE_REGION, CliStrings.TOPIC_GEMFIRE_CONFIG } )
- @ResourceOperation(resource = Resource.REGION, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result describeRegion(
@CliOption(key = CliStrings.DESCRIBE_REGION__NAME,
optionContext = ConverterHint.REGIONPATH,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
index fe0d0a1..f5e104c 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
@@ -48,7 +48,6 @@ import com.gemstone.gemfire.management.internal.cli.shell.OperationInvoker;
import com.gemstone.gemfire.management.internal.cli.shell.jline.GfshHistory;
import com.gemstone.gemfire.management.internal.cli.util.CauseFinder;
import com.gemstone.gemfire.management.internal.cli.util.ConnectionEndpoint;
-import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.management.internal.web.domain.LinkIndex;
import com.gemstone.gemfire.management.internal.web.http.support.SimpleHttpRequester;
import com.gemstone.gemfire.management.internal.web.shell.HttpOperationInvoker;
@@ -86,9 +85,6 @@ import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
-import static com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import static com.gemstone.gemfire.cache.operations.OperationContext.Resource;
-
/**
*
* @since 7.0
@@ -101,7 +97,6 @@ public class ShellCommands implements CommandMarker {
@CliCommand(value = { CliStrings.EXIT, "quit" }, help = CliStrings.EXIT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public ExitShellRequest exit() throws IOException {
Gfsh gfshInstance = getGfsh();
@@ -125,7 +120,6 @@ public class ShellCommands implements CommandMarker {
@CliCommand(value = { CliStrings.CONNECT }, help = CliStrings.CONNECT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_MANAGER})
- @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result connect(
@CliOption(key = { CliStrings.CONNECT__LOCATOR },
unspecifiedDefaultValue = ConnectionEndpointConverter.DEFAULT_LOCATOR_ENDPOINTS,
@@ -687,7 +681,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.DISCONNECT }, help = CliStrings.DISCONNECT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_JMX, CliStrings.TOPIC_GEMFIRE_MANAGER})
- @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result disconnect() {
Result result = null;
@@ -720,7 +713,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = {CliStrings.DESCRIBE_CONNECTION}, help = CliStrings.DESCRIBE_CONNECTION__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_JMX})
- @ResourceOperation(resource=Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result describeConnection() {
Result result = null;
try {
@@ -748,7 +740,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.ECHO }, help = CliStrings.ECHO__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result echo(
@CliOption(key = {CliStrings.ECHO__STR, ""},
unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
@@ -786,7 +777,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.SET_VARIABLE }, help = CliStrings.SET_VARIABLE__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result setVariable(
@CliOption(key = CliStrings.SET_VARIABLE__VAR,
mandatory=true,
@@ -826,7 +816,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.DEBUG }, help = CliStrings.DEBUG__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result debug(
@CliOption(key = CliStrings.DEBUG__STATE,
unspecifiedDefaultValue = "OFF",
@@ -856,7 +845,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = CliStrings.HISTORY, help = CliStrings.HISTORY__HELP)
@CliMetaData(shellOnly = true, relatedTopic = { CliStrings.TOPIC_GFSH })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result history(
@CliOption(key = { CliStrings.HISTORY__FILE }, unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE, help = CliStrings.HISTORY__FILE__HELP)
String saveHistoryTo,
@@ -968,7 +956,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.RUN }, help = CliStrings.RUN__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result executeScript(
@CliOption(key = CliStrings.RUN__FILE,
optionContext = ConverterHint.FILE,
@@ -1000,7 +987,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = CliStrings.ENCRYPT, help = CliStrings.ENCRYPT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GEMFIRE_DEBUG_UTIL})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result encryptPassword(
@CliOption(key = CliStrings.ENCRYPT_STRING,
help = CliStrings.ENCRYPT_STRING__HELP,
@@ -1011,7 +997,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.VERSION }, help = CliStrings.VERSION__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result version(
@CliOption(key = { CliStrings.VERSION__FULL },
specifiedDefaultValue = "true",
@@ -1025,7 +1010,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.SLEEP }, help = CliStrings.SLEEP__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result sleep(
@CliOption(key = { CliStrings.SLEEP__TIME },
unspecifiedDefaultValue = "3",
@@ -1040,7 +1024,6 @@ private void configureHttpsURLConnection(Map<String, String> sslConfigProps) thr
@CliCommand(value = { CliStrings.SH }, help = CliStrings.SH__HELP)
@CliMetaData(shellOnly=true, relatedTopic = {CliStrings.TOPIC_GFSH})
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
public Result sh(
@CliArgument(name = CliStrings.SH__COMMAND,
mandatory = true,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
index 2671ba4..bf0b044 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
@@ -48,7 +48,7 @@ public class StatusCommands extends AbstractCommandsSupport implements CommandMa
@SuppressWarnings("unchecked")
@CliCommand (value = CliStrings.STATUS_SHARED_CONFIG, help = CliStrings.STATUS_SHARED_CONFIG_HELP)
@CliMetaData (relatedTopic = CliStrings.TOPIC_GEMFIRE_LOCATOR)
- @ResourceOperation(resource = Resource.CLUSTER_CONFIGURATION, operation = OperationCode.STATUS)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result statusSharedConfiguration() {
final GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
final Set<DistributedMember> locators = new HashSet<DistributedMember>(cache.getDistributionManager().getAllHostedLocatorsWithSharedConfiguration().keySet());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
index 197e3e2..2e9fed1 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
@@ -76,7 +76,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_GATEWAYSENDER, help = CliStrings.CREATE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN, writesToSharedConfiguration=true)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result createGatewaySender(
@CliOption(key = CliStrings.CREATE_GATEWAYSENDER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -193,7 +193,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.START_GATEWAYSENDER, help = CliStrings.START_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result startGatewaySender(
@CliOption(key = CliStrings.START_GATEWAYSENDER__ID,
mandatory = true,
@@ -336,7 +336,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.PAUSE_GATEWAYSENDER, help = CliStrings.PAUSE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result pauseGatewaySender(
@CliOption(key = CliStrings.PAUSE_GATEWAYSENDER__ID,
mandatory = true,
@@ -429,7 +429,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.RESUME_GATEWAYSENDER, help = CliStrings.RESUME_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource=Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource=Resource.DATA, operation = OperationCode.MANAGE)
public Result resumeGatewaySender(
@CliOption(key = CliStrings.RESUME_GATEWAYSENDER__ID,
mandatory = true,
@@ -569,7 +569,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STOP_GATEWAYSENDER, help = CliStrings.STOP_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result stopGatewaySender(
@CliOption(key = CliStrings.STOP_GATEWAYSENDER__ID,
mandatory = true,
@@ -645,7 +645,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.CREATE_GATEWAYRECEIVER, help = CliStrings.CREATE_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation( resource=Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation( resource=Resource.DATA, operation = OperationCode.MANAGE)
public Result createGatewayReceiver(
@CliOption(key = CliStrings.CREATE_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -725,7 +725,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.LOAD_BALANCE_GATEWAYSENDER, help = CliStrings.LOAD_BALANCE_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result loadBalanceGatewaySender(
@CliOption(key = CliStrings.LOAD_BALANCE_GATEWAYSENDER__ID,
mandatory = true,
@@ -791,7 +791,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.START_GATEWAYRECEIVER, help = CliStrings.START_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result startGatewayReceiver(
@CliOption(key = CliStrings.START_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
@@ -853,7 +853,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STOP_GATEWAYRECEIVER, help = CliStrings.STOP_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.MANAGE)
+ @ResourceOperation(resource = Resource.DATA, operation = OperationCode.MANAGE)
public Result stopGatewayReceiver(
@CliOption(key = CliStrings.STOP_GATEWAYRECEIVER__GROUP,
@@ -927,7 +927,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.LIST_GATEWAY, help = CliStrings.LIST_GATEWAY__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result listGateway(
@CliOption(key = CliStrings.LIST_GATEWAY__MEMBER,
optionContext = ConverterHint.MEMBERIDNAME,
@@ -1018,7 +1018,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STATUS_GATEWAYSENDER, help = CliStrings.STATUS_GATEWAYSENDER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result statusGatewaySender(
@CliOption(key = CliStrings.STATUS_GATEWAYSENDER__ID,
mandatory = true,
@@ -1085,7 +1085,7 @@ public class WanCommands implements CommandMarker {
@CliCommand(value = CliStrings.STATUS_GATEWAYRECEIVER, help = CliStrings.STATUS_GATEWAYRECEIVER__HELP)
@CliMetaData(relatedTopic = CliStrings.TOPIC_GEMFIRE_WAN)
- @ResourceOperation(resource = Resource.GATEWAY, operation = OperationCode.LIST)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result statusGatewayReceiver(
@CliOption(key = CliStrings.STATUS_GATEWAYRECEIVER__GROUP,
optionContext = ConverterHint.MEMBERGROUP,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
index 3a1f44d..d80bc05 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
@@ -45,13 +45,20 @@ public class CLIOperationContext extends ResourceOperationContext {
private static CommandManager commandManager = null;
private static GfshParser parser = null;
- public CLIOperationContext(String commandString) throws CommandProcessingException, IllegalStateException{
- GfshParseResult parseResult = (GfshParseResult) parseCommand(commandString);
- this.command = parseResult.getCommandName();
- this.commandOptions = parseResult.getParamValueStrings();
- ResourceOperation op = findResourceCode(this.command);
+ private CLIOperationContext(String commandName, Map<String,String> commandOptions, ResourceOperation op) throws CommandProcessingException, IllegalStateException{
+ this.command = commandName;
+ this.commandOptions = commandOptions;
setResourceOperation(op);
}
+
+ public static CLIOperationContext getOperationContext(String commandString){
+ GfshParseResult parseResult = (GfshParseResult) parseCommand(commandString);
+ ResourceOperation op = findResourceCode(parseResult.getCommandName());
+ if(op==null)
+ return null;
+
+ return new CLIOperationContext(parseResult.getCommandName(), parseResult.getParamValueStrings(), op);
+ }
private static ParseResult parseCommand(String commentLessLine) throws CommandProcessingException, IllegalStateException {
if (commentLessLine != null) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
index dfcae22..b83f0a2 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
@@ -220,7 +220,7 @@ public class MBeanServerWrapper implements MBeanServerForwarder {
throws InstanceNotFoundException, MBeanException, ReflectionException {
ResourceOperationContext ctx = null;
if("processCommand".equals(operationName) && params.length==1){
- ctx = new CLIOperationContext((String)params[0]);
+ ctx = CLIOperationContext.getOperationContext((String)params[0]);
}
else {
ctx = getOperationContext(name, operationName, true);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
index 99ef1d3..f72a835 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
@@ -36,5 +36,5 @@ public @interface ResourceOperation {
String label() default ResourceConstants.DEFAULT_LABEL;
@DescriptorKey("operation")
- OperationCode operation() default OperationCode.ALL;
+ OperationCode operation();
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
index f81a93a..1750bd3 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
@@ -635,7 +635,7 @@ public abstract class AbstractCommandsController {
SystemManagementService service = (SystemManagementService) ManagementService
.getExistingManagementService(CacheFactory.getAnyInstance());
Properties credentials = EnvironmentVariablesHandlerInterceptor.CREDENTIALS.get();
- CLIOperationContext context = new CLIOperationContext(command);
+ CLIOperationContext context = CLIOperationContext.getOperationContext(command);
service.getAuthManager().authorize(credentials, context);
return context;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
index 9331740..7aa207f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
@@ -81,7 +81,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = CREATE_MOCK_REGION_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result createMockRegionExtension(@CliOption(key = OPTION_REGION_NAME, mandatory = true) final String regionName,
@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(CreateMockRegionExtensionFunction.INSTANCE, true,
@@ -102,7 +102,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = ALTER_MOCK_REGION_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result alterMockRegionExtension(@CliOption(key = OPTION_REGION_NAME, mandatory = true) final String regionName,
@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(AlterMockRegionExtensionFunction.INSTANCE, true,
@@ -121,7 +121,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = DESTROY_MOCK_REGION_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result destroyMockRegionExtension(@CliOption(key = OPTION_REGION_NAME, mandatory = true) final String regionName) {
return executeFunctionOnAllMembersTabulateResultPersist(DestroyMockRegionExtensionFunction.INSTANCE, true,
DestroyMockRegionExtensionFunction.toArgs(regionName));
@@ -138,7 +138,7 @@ public class MockExtensionCommands implements CommandMarker {
*/
@CliCommand(value = CREATE_MOCK_CACHE_EXTENSION)
@CliMetaData(writesToSharedConfiguration = true)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result createMockCacheExtension(@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(CreateMockCacheExtensionFunction.INSTANCE, true, CreateMockCacheExtensionFunction.toArgs(value));
}
@@ -153,7 +153,7 @@ public class MockExtensionCommands implements CommandMarker {
* @since 8.1
*/
@CliCommand(value = ALTER_MOCK_CACHE_EXTENSION)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
@CliMetaData(writesToSharedConfiguration = true)
public Result alterMockCacheExtension(@CliOption(key = OPTION_VALUE, mandatory = true) final String value) {
return executeFunctionOnAllMembersTabulateResultPersist(AlterMockCacheExtensionFunction.INSTANCE, true, AlterMockCacheExtensionFunction.toArgs(value));
@@ -166,7 +166,7 @@ public class MockExtensionCommands implements CommandMarker {
* @since 8.1
*/
@CliCommand(value = DESTROY_MOCK_CACHE_EXTENSION)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
@CliMetaData(writesToSharedConfiguration = true)
public Result destroyMockCacheExtension() {
return executeFunctionOnAllMembersTabulateResultPersist(DestroyMockCacheExtensionFunction.INSTANCE, false);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
index 0c24a23..66decd6 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
@@ -227,7 +227,7 @@ public class CommandManagerJUnitTest {
static public class Commands implements CommandMarker {
@CliCommand(value = { COMMAND1_NAME, COMMAND1_NAME_ALIAS }, help = COMMAND1_HELP)
@CliMetaData(shellOnly = true, relatedTopic = { "relatedTopicOfCommand1" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static String command1(
@CliArgument(name = ARGUMENT1_NAME, argumentContext = ARGUMENT1_CONTEXT, help = ARGUMENT1_HELP, mandatory = true)
String argument1,
@@ -243,13 +243,13 @@ public class CommandManagerJUnitTest {
}
@CliCommand(value = { COMMAND2_NAME })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static String command2() {
return null;
}
@CliCommand(value = { "testParamConcat" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result testParamConcat(
@CliOption(key = { "string" })
String string,
@@ -266,7 +266,7 @@ public class CommandManagerJUnitTest {
}
@CliCommand(value = { "testMultiWordArg" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result testMultiWordArg(@CliArgument(name = "arg1")
String arg1, @CliArgument(name = "arg2")
String arg2) {
@@ -317,7 +317,7 @@ public class CommandManagerJUnitTest {
public static class MockPluginCommand implements CommandMarker {
@CliCommand(value = "mock plugin command")
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result mockPluginCommand() {
return null;
}
@@ -325,7 +325,7 @@ public class CommandManagerJUnitTest {
public static class MockPluginCommandUnlisted implements CommandMarker {
@CliCommand(value = "mock plugin command unlisted")
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result mockPluginCommandUnlisted() {
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
index b9e3953..d51df2a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/GfshParserJUnitTest.java
@@ -1044,7 +1044,7 @@ public class GfshParserJUnitTest {
static class Commands implements CommandMarker {
@CliCommand(value = { COMMAND1_NAME, COMMAND1_NAME_ALIAS }, help = COMMAND1_HELP)
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static String command1(
@CliArgument(name = ARGUMENT1_NAME, argumentContext = ARGUMENT1_CONTEXT, help = ARGUMENT1_HELP, mandatory = true)
String argument1,
@@ -1060,13 +1060,13 @@ public class GfshParserJUnitTest {
}
@CliCommand(value = { COMMAND2_NAME })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static String command2() {
return null;
}
@CliCommand(value = { "testParamConcat" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result testParamConcat(
@CliOption(key = { "string" }) String string,
@CliOption(key = { "stringArray" }) @CliMetaData(valueSeparator = ",") String[] stringArray,
@@ -1077,7 +1077,7 @@ public class GfshParserJUnitTest {
}
@CliCommand(value = { "testMultiWordArg" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result testMultiWordArg(
@CliArgument(name = "arg1" ) String arg1,
@CliArgument(name = "arg2" ) String arg2) {
@@ -1134,13 +1134,13 @@ public class GfshParserJUnitTest {
static final String C2_MSG_AVAILABLE = C2_NAME + " is available.";
@CliCommand(value = { C1_NAME })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result command1() {
return ResultBuilder.createInfoResult(C1_MSG_AVAILABLE);
}
@CliCommand(value = { C2_NAME })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public Result command2() {
return ResultBuilder.createInfoResult(C2_MSG_AVAILABLE);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
index 05ed114..4579178 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
@@ -100,20 +100,20 @@ public class GfshExecutionStrategyJUnitTest {
@CliCommand(value = { COMMAND1_NAME, COMMAND1_NAME_ALIAS }, help = COMMAND1_HELP)
@CliMetaData(shellOnly = true )
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result command1() {
return ResultBuilder.createInfoResult(COMMAND1_SUCESS);
}
@CliCommand(value = { COMMAND2_NAME })
@CliMetaData(shellOnly = false )
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result command2() {
return ResultBuilder.createInfoResult(COMMAND2_SUCESS);
}
@CliCommand(value = { "testParamConcat" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result testParamConcat(
@CliOption(key = { "string" })
String string,
@@ -130,7 +130,7 @@ public class GfshExecutionStrategyJUnitTest {
}
@CliCommand(value = { "testMultiWordArg" })
- @ResourceOperation(resource = Resource.DISTRIBUTED_SYSTEM, operation = OperationCode.ALL)
+ @ResourceOperation(resource = Resource.CLUSTER, operation = OperationCode.READ)
public static Result testMultiWordArg(@CliArgument(name = "arg1")
String arg1, @CliArgument(name = "arg2")
String arg2) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
index 6f8cfbf..a3d5d13 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AccessControlMBeanJUnitTest.java
@@ -49,10 +49,10 @@ public class AccessControlMBeanJUnitTest {
* @throws Exception
*/
@Test
- @JMXConnectionConfiguration(user = "user", password = "1234567")
+ @JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testAnyAccess() throws Exception {
- assertThat(bean.authorize("JMX", "GET")).isEqualTo(true);
- assertThat(bean.authorize("INDEX", "DESTROY")).isEqualTo(false);
+ assertThat(bean.authorize("DATA", "READ")).isEqualTo(false);
+ assertThat(bean.authorize("CLUSTER", "READ")).isEqualTo(false);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
index 18deec9..b24a5cb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/AllCliCommandsSecurityTest.java
@@ -50,144 +50,147 @@ public class AllCliCommandsSecurityTest {
public AllCliCommandsSecurityTest() {
// ClientCommands
- commands.put("list clients", "CLIENT:LIST");
- commands.put("describe client --clientID=172.16.196.144", "CLIENT:LIST");
+ commands.put("list clients", "CLUSTER:READ");
+ commands.put("describe client --clientID=172.16.196.144", "CLUSTER:READ");
// ConfigCommands
- commands.put("alter runtime", "DISTRIBUTED_SYSTEM:ALTER_RUNTIME");
- commands.put("describe config --member=Member1", "CLUSTER_CONFIGURATION:LIST");
- commands.put("export config --member=member1", "CLUSTER_CONFIGURATION:EXPORT");
+ commands.put("alter runtime", "CLUSTER:MANAGE");
+ commands.put("describe config --member=Member1", "CLUSTER:READ");
+ commands.put("export config --member=member1", "CLUSTER:READ");
//CreateAlterDestroyRegionCommands
- commands.put("alter region --name=region1 --eviction-max=5000", "REGION:ALTER");
- commands.put("create region --name=region12", "REGION:CREATE");
- commands.put("destroy region --name=value", "REGION:DESTROY");
+ commands.put("alter region --name=region1 --eviction-max=5000", "DATA:MANAGE");
+ commands.put("create region --name=region12", "DATA:MANAGE");
+ commands.put("destroy region --name=value", "DATA:MANAGE");
//Data Commands
- commands.put("rebalance --include-region=region1", "REGION:REBALANCE");
- commands.put("export data --region=region1 --file=foo.txt --member=value", "REGION:EXPORT");
- commands.put("import data --region=region1 --file=foo.txt --member=value", "REGION:IMPORT");
- commands.put("put --key=key1 --value=value1 --region=region1", "REGION:PUT");
- commands.put("get --key=key1 --region=region1", "REGION:GET");
- commands.put("remove --region=region1", "REGION:DELETE");
- commands.put("query --query='SELECT * FROM /region1'", "QUERY:EXECUTE");
+ commands.put("rebalance --include-region=region1", "DATA:MANAGE");
+ commands.put("export data --region=region1 --file=foo.txt --member=value", "DATA:READ");
+ commands.put("import data --region=region1 --file=foo.txt --member=value", "DATA:WRITE");
+ commands.put("put --key=key1 --value=value1 --region=region1", "DATA:WRITE");
+ commands.put("get --key=key1 --region=region1", "DATA:READ");
+ commands.put("remove --region=region1", "DATA:MANAGE");
+ commands.put("query --query='SELECT * FROM /region1'", "DATA:READ");
// Deploy commands
- commands.put("deploy --jar=group1_functions.jar --group=Group1", "FUNCTION:DEPLOY");
- commands.put("list deployed", "FUNCTION:LIST");
- commands.put("undeploy --group=Group1", "FUNCTION:UNDEPLOY");
+ commands.put("deploy --jar=group1_functions.jar --group=Group1", "DATA:MANAGE");
+ commands.put("list deployed", "CLUSTER:READ");
+ commands.put("undeploy --group=Group1", "DATA:MANAGE");
// Diskstore Commands
- commands.put("backup disk-store --dir=foo", "DISKSTORE:MANAGE");
- commands.put("list disk-stores", "DISKSTORE:LIST");
- commands.put("create disk-store --name=foo --dir=bar", "DISKSTORE:MANAGE");
- commands.put("compact disk-store --name=foo", "DISKSTORE:MANAGE");
- commands.put("compact offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
- commands.put("upgrade offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
- commands.put("describe disk-store --name=foo --member=baz", "DISKSTORE:LIST");
- commands.put("revoke missing-disk-store --id=foo", "DISKSTORE:MANAGE");
- commands.put("show missing-disk-stores", "DISKSTORE:MANAGE");
- commands.put("describe offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:LIST");
- commands.put("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", "DISKSTORE:MANAGE");
- commands.put("validate offline-disk-store --name=foo --disk-dirs=bar", "DISKSTORE:MANAGE");
- commands.put("alter disk-store --name=foo --region=xyz --disk-dirs=bar", "DISKSTORE:MANAGE");
- commands.put("destroy disk-store --name=foo", "DISKSTORE:MANAGE");
+ commands.put("backup disk-store --dir=foo", "DATA:READ");
+ commands.put("list disk-stores", "CLUSTER:READ");
+ commands.put("create disk-store --name=foo --dir=bar", "DATA:MANAGE");
+ commands.put("compact disk-store --name=foo", "DATA:MANAGE");
+ commands.put("compact offline-disk-store --name=foo --disk-dirs=bar", null);
+ commands.put("upgrade offline-disk-store --name=foo --disk-dirs=bar", null);
+ commands.put("describe disk-store --name=foo --member=baz", "CLUSTER:READ");
+ commands.put("revoke missing-disk-store --id=foo", "DATA:MANAGE");
+ commands.put("show missing-disk-stores", "CLUSTER:READ");
+ commands.put("describe offline-disk-store --name=foo --disk-dirs=bar", null);
+ commands.put("export offline-disk-store --name=foo --disk-dirs=bar --dir=baz", null);
+ commands.put("validate offline-disk-store --name=foo --disk-dirs=bar", null);
+ commands.put("alter disk-store --name=foo --region=xyz --disk-dirs=bar", null); // alteroffline
+ commands.put("destroy disk-store --name=foo", "DATA:MANAGE");
// DurableClientCommands
- commands.put("close durable-client --durable-client-id=client1", "CONTINUOUS_QUERY:STOP");
- commands.put("close durable-cq --durable-client-id=client1 --durable-cq-name=cq1", "CONTINUOUS_QUERY:STOP");
- commands.put("show subscription-queue-size --durable-client-id=client1", "CONTINUOUS_QUERY:LIST");
- commands.put("list durable-cqs --durable-client-id=client1", "CONTINUOUS_QUERY:LIST");
+ commands.put("close durable-client --durable-client-id=client1", "DATA:MANAGE");
+ commands.put("close durable-cq --durable-client-id=client1 --durable-cq-name=cq1", "DATA:MANAGE");
+ commands.put("show subscription-queue-size --durable-client-id=client1", "CLUSTER:READ");
+ commands.put("list durable-cqs --durable-client-id=client1", "CLUSTER:READ");
//ExportIMportSharedConfigurationCommands
- commands.put("export cluster-configuration --zip-file-name=mySharedConfig.zip", "CLUSTER_CONFIGURATION:EXPORT");
- commands.put("import cluster-configuration --zip-file-name=value", "CLUSTER_CONFIGURATION:IMPORT");
+ commands.put("export cluster-configuration --zip-file-name=mySharedConfig.zip", "CLUSTER:READ");
+ commands.put("import cluster-configuration --zip-file-name=value", "CLUSTER:MANAGE");
//FunctionCommands
- commands.put("destroy function --id=InterestCalculations", "FUNCTION:DESTROY");
- commands.put("execute function --id=InterestCalculations --group=Group1", "FUNCTION:EXECUTE");
- commands.put("list functions", "FUNCTION:LIST");
+ commands.put("destroy function --id=InterestCalculations", "DATA:MANAGE");
+ commands.put("execute function --id=InterestCalculations --group=Group1", "DATA:WRITE");
+ commands.put("list functions", "CLUSTER:READ");
//GfshHelpCommands
- commands.put("hint", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("help", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("hint", null);
+ commands.put("help", null);
//IndexCommands
- commands.put("clear defined indexes", "INDEX:FLUSH");
- commands.put("create defined indexes", "INDEX:CREATE");
- commands.put("create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key", "INDEX:CREATE");
- commands.put("define index --name=myIndex1 --expression=exp1 --region=/exampleRegion", "INDEX:CREATE");
- commands.put("destroy index --member=server2", "INDEX:DESTROY");
- commands.put("list indexes", "INDEX:LIST");
+ commands.put("clear defined indexes", "DATA:MANAGE");
+ commands.put("create defined indexes", "DATA:MANAGE");
+ commands.put("create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key", "DATA:MANAGE");
+ commands.put("define index --name=myIndex1 --expression=exp1 --region=/exampleRegion", "DATA:MANAGE");
+ commands.put("destroy index --member=server2", "DATA:MANAGE");
+ commands.put("list indexes", "CLUSTER:READ");
//LauncherLifecycleCommands
- commands.put("start jconsole", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("start jvisualvm", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("start locator --name=locator1", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("start pulse", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("start server --name=server1", "MEMBER:START");
- commands.put("start vsd", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("status locator", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("status server", "MEMBER:STATUS");
- commands.put("stop locator --name=locator1", "LOCATOR:STOP");
- commands.put("stop server --name=server1", "MEMBER:STOP");
+ commands.put("start jconsole", null);
+ commands.put("start jvisualvm", null);
+ commands.put("start locator --name=locator1", null);
+ commands.put("start pulse", null);
+ commands.put("start server --name=server1", null);
+ commands.put("start vsd", null);
+ commands.put("status locator", null);
+ commands.put("status server", null);
+ commands.put("stop locator --name=locator1", "CLUSTER:MANAGE");
+ commands.put("stop server --name=server1", "CLUSTER:MANAGE");
//MemberCommands
- commands.put("describe member --name=server1", "MEMBER:LIST");
- commands.put("list members", "MEMBER:LIST");
+ commands.put("describe member --name=server1", "CLUSTER:READ");
+ commands.put("list members", "CLUSTER:READ");
// Misc Commands
- commands.put("change loglevel --loglevel=severe --member=server1", "DISTRIBUTED_SYSTEM:MANAGE");
- commands.put("export logs --dir=data/logs", "DISTRIBUTED_SYSTEM:LIST");
- commands.put("export stack-traces --file=stack.txt", "DISTRIBUTED_SYSTEM:LIST");
- commands.put("gc", "DISTRIBUTED_SYSTEM:MANAGE");
- commands.put("netstat --member=server1", "DISTRIBUTED_SYSTEM:MANAGE");
- commands.put("show dead-locks --file=deadlocks.txt", "DISTRIBUTED_SYSTEM:LIST");
- commands.put("show log --member=locator1 --lines=5", "DISTRIBUTED_SYSTEM:LIST");
- commands.put("show metrics", "DISTRIBUTED_SYSTEM:LIST");
+ commands.put("change loglevel --loglevel=severe --member=server1", "CLUSTER:WRITE");
+ commands.put("export logs --dir=data/logs", "CLUSTER:READ");
+ commands.put("export stack-traces --file=stack.txt", "CLUSTER:READ");
+ commands.put("gc", "CLUSTER:MANAGE");
+ commands.put("netstat --member=server1", "CLUSTER:READ");
+ commands.put("show dead-locks --file=deadlocks.txt", "CLUSTER:READ");
+ commands.put("show log --member=locator1 --lines=5", "CLUSTER:READ");
+ commands.put("show metrics", "CLUSTER:READ");
// PDX Commands
- commands.put("configure pdx --read-serialized=true", "PDX:MANAGE");
- commands.put("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1", "PDX:MANAGE");
+ commands.put("configure pdx --read-serialized=true", "DATA:MANAGE");
+ commands.put("pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1", "DATA:MANAGE");
// Queue Commands
- commands.put("create async-event-queue --id=myAEQ --listener=myApp.myListener", "ASYNC_EVENT_QUEUE:MANAGE");
- commands.put("list async-event-queues", "ASYNC_EVENT_QUEUE:LIST");
+ commands.put("create async-event-queue --id=myAEQ --listener=myApp.myListener", "DATA:MANAGE");
+ commands.put("list async-event-queues", "CLUSTER:READ");
//RegionCommands
- commands.put("describe region --name=value", "REGION:LIST");
- commands.put("list regions", "REGION:LIST");
+ commands.put("describe region --name=value", "CLUSTER:READ");
+ commands.put("list regions", "CLUSTER:READ");
// StatusCommands
- commands.put("status cluster-config-service", "CLUSTER_CONFIGURATION:STATUS");
+ commands.put("status cluster-config-service", "CLUSTER:READ");
// Shell Commands
- commands.put("connect", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("debug --state=on", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("describe connection", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("echo --string=\"Hello World!\"", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("encrypt password --password=value", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("version", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("sleep", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("sh ls", "DISTRIBUTED_SYSTEM:ALL");
+ commands.put("connect", null);
+ commands.put("debug --state=on", null);
+ commands.put("describe connection", null);
+ commands.put("echo --string=\"Hello World!\"", null);
+ commands.put("encrypt password --password=value", null);
+ commands.put("version", null);
+ commands.put("sleep", null);
+ commands.put("sh ls", null);
// WAN Commands
- commands.put("create gateway-sender --id=sender1 --remote-distributed-system-id=2", "GATEWAY:MANAGE");
- commands.put("start gateway-sender --id=sender1", "GATEWAY:MANAGE");
- commands.put("pause gateway-sender --id=sender1", "GATEWAY:MANAGE");
- commands.put("resume gateway-sender --id=sender1", "GATEWAY:MANAGE");
- commands.put("stop gateway-sender --id=sender1", "GATEWAY:MANAGE");
- commands.put("load-balance gateway-sender --id=sender1", "GATEWAY:MANAGE");
- commands.put("list gateways", "GATEWAY:LIST");
- commands.put("create gateway-receiver", "GATEWAY:MANAGE");
- commands.put("start gateway-receiver", "GATEWAY:MANAGE");
- commands.put("stop gateway-receiver", "GATEWAY:MANAGE");
- commands.put("status gateway-receiver", "GATEWAY:LIST");
-
- commands.put("disconnect", "DISTRIBUTED_SYSTEM:ALL");
- commands.put("shutdown", "DISTRIBUTED_SYSTEM:MANAGE");
+ commands.put("create gateway-sender --id=sender1 --remote-distributed-system-id=2", "DATA:MANAGE");
+ commands.put("start gateway-sender --id=sender1", "DATA:MANAGE");
+ commands.put("pause gateway-sender --id=sender1", "DATA:MANAGE");
+ commands.put("resume gateway-sender --id=sender1", "DATA:MANAGE");
+ commands.put("stop gateway-sender --id=sender1", "DATA:MANAGE");
+ commands.put("load-balance gateway-sender --id=sender1", "DATA:MANAGE");
+ commands.put("list gateways", "CLUSTER:READ");
+ commands.put("create gateway-receiver", "DATA:MANAGE");
+ commands.put("start gateway-receiver", "DATA:MANAGE");
+ commands.put("stop gateway-receiver", "DATA:MANAGE");
+ commands.put("status gateway-receiver", "CLUSTER:READ");
+ commands.put("status gateway-sender --id=sender1", "CLUSTER:READ");
+
+ //ShellCommand
+ commands.put("disconnect", null);
+ //Misc commands
+ commands.put("shutdown", "CLUSTER:MANAGE");
}
@ClassRule
@@ -208,14 +211,20 @@ public class AllCliCommandsSecurityTest {
public void a_testNoAccess(){
for (Map.Entry<String, String> perm : commands.entrySet()) {
LogService.getLogger().info("processing: "+perm.getKey());
- assertThatThrownBy(() -> bean.processCommand(perm.getKey()))
- .hasMessageStartingWith("Access Denied: Not authorized for " + perm.getValue())
- .isInstanceOf(SecurityException.class);
+ // for those commands that don't require any permission, any user can execute them
+ if(perm.getValue()==null){
+ bean.processCommand(perm.getKey());
+ }
+ else {
+ assertThatThrownBy(() -> bean.processCommand(perm.getKey()))
+ .hasMessageContaining(perm.getValue())
+ .isInstanceOf(SecurityException.class);
+ }
}
}
@Test
- @JMXConnectionConfiguration(user = "adminUser", password = "1234567")
+ @JMXConnectionConfiguration(user = "super-user", password = "1234567")
public void b_testAdminUser() throws Exception {
for (String cmd : commands.keySet()) {
LogService.getLogger().info("processing: "+cmd);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
index d099db1..728fc28 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthenticationJUnitTest.java
@@ -44,23 +44,15 @@ public class CacheServerMBeanAuthenticationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+ @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
- bean.removeIndex("foo"); // "INDEX:DESTROY",
- bean.executeContinuousQuery("bar"); // CONTNUOUS_QUERY:EXECUTE
- bean.fetchLoadProbe(); // DISTRIBUTED_SYSTEM:LIST_DS
- bean.getActiveCQCount(); // DISTRIBUTED_SYSTEM:LIST_DS
- bean.stopContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP
- bean.closeAllContinuousQuery("bar"); // CONTINUOUS_QUERY:STOP
- bean.isRunning(); // DISTRIBUTED_SYSTEM:LIST_DS
- bean.showClientQueueDetails("foo"); // DISTRIBUTED_SYSTEM:LIST_DS
- }
-
- @Test
- @JMXConnectionConfiguration(user = "user", password = "1234567")
- public void testSomeAccess() throws Exception {
bean.removeIndex("foo");
bean.executeContinuousQuery("bar");
bean.fetchLoadProbe();
+ bean.getActiveCQCount();
+ bean.stopContinuousQuery("bar");
+ bean.closeAllContinuousQuery("bar");
+ bean.isRunning();
+ bean.showClientQueueDetails("foo");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
index 16cbb21..929032a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/CacheServerMBeanAuthorizationJUnitTest.java
@@ -46,10 +46,10 @@ public class CacheServerMBeanAuthorizationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
- public void testAllAccess() throws Exception {
+ @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
+ public void testDataAdmin() throws Exception {
bean.removeIndex("foo");
- bean.executeContinuousQuery("bar");
+ assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:READ");
bean.fetchLoadProbe();
bean.getActiveCQCount();
bean.stopContinuousQuery("bar");
@@ -59,23 +59,32 @@ public class CacheServerMBeanAuthorizationJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "user", password = "1234567")
- public void testSomeAccess() throws Exception {
- assertThatThrownBy(() -> bean.removeIndex("foo")).isInstanceOf(SecurityException.class);
- assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class);
+ @JMXConnectionConfiguration(user = "cluster-admin", password = "1234567")
+ public void testClusterAdmin() throws Exception {
+ assertThatThrownBy(() -> bean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:READ");
bean.fetchLoadProbe();
}
+
+ @Test
+ @JMXConnectionConfiguration(user = "data-user", password = "1234567")
+ public void testDataUser() throws Exception {
+ assertThatThrownBy(() -> bean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:MANAGE");
+ bean.executeContinuousQuery("bar");
+ assertThatThrownBy(() -> bean.fetchLoadProbe()).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER:READ");
+ }
+
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> bean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("INDEX:DESTROY");
- assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("CONTINUOUS_QUERY:EXECUTE");
- assertThatThrownBy(() -> bean.fetchLoadProbe()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.getActiveCQCount()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP");
- assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("ONTINUOUS_QUERY:STOP");
- assertThatThrownBy(() -> bean.isRunning()).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("JMX:GET");
+ assertThatThrownBy(() -> bean.removeIndex("foo")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.executeContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:READ");
+ assertThatThrownBy(() -> bean.fetchLoadProbe()).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getActiveCQCount()).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.stopContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.closeAllContinuousQuery("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.isRunning()).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.showClientQueueDetails("bar")).isInstanceOf(SecurityException.class).hasMessageContaining("CLUSTER:READ");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
index 0623d47..085723c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DataCommandsSecurityTest.java
@@ -46,7 +46,7 @@ public class DataCommandsSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "dataUser", password = "1234567")
+ @JMXConnectionConfiguration(user = "region1-user", password = "1234567")
public void testDataUser() throws Exception {
bean.processCommand("locate entry --key=k1 --region=region1");
bean.processCommand("query --query='SELECT * FROM /region1'");
@@ -56,7 +56,7 @@ public class DataCommandsSecurityTest {
assertThatThrownBy(() -> bean.processCommand("query --query='SELECT * FROM /secureRegion")).isInstanceOf(SecurityException.class);
}
- @JMXConnectionConfiguration(user = "secureDataUser", password = "1234567")
+ @JMXConnectionConfiguration(user = "secure-user", password = "1234567")
@Test
public void testSecureDataUser(){
// can do all these on both regions
@@ -68,25 +68,20 @@ public class DataCommandsSecurityTest {
}
// dataUser has all the permissions granted, but not to region2 (only to region1)
- @JMXConnectionConfiguration(user = "dataUser", password = "1234567")
+ @JMXConnectionConfiguration(user = "region1-user", password = "1234567")
@Test
- public void testNoAccessToRegion(){
+ public void testRegionAcess(){
assertThatThrownBy(() -> bean.processCommand("rebalance --include-region=region2")).isInstanceOf(SecurityException.class)
- .hasMessageContaining("REGION:REBALANCE");
+ .hasMessageContaining("DATA:MANAGE");
- assertThatThrownBy(() -> bean.processCommand("export data --region=region2 --file=foo.txt --member=value")).isInstanceOf(SecurityException.class)
- .hasMessageContaining("REGION:EXPORT");
- assertThatThrownBy(() -> bean.processCommand("import data --region=region2 --file=foo.txt --member=value")).isInstanceOf(SecurityException.class)
- .hasMessageContaining("REGION:IMPORT");
+ assertThatThrownBy(() -> bean.processCommand("export data --region=region2 --file=foo.txt --member=value")).isInstanceOf(SecurityException.class);
+ assertThatThrownBy(() -> bean.processCommand("import data --region=region2 --file=foo.txt --member=value")).isInstanceOf(SecurityException.class);
assertThatThrownBy(() -> bean.processCommand("put --key=key1 --value=value1 --region=region2")).isInstanceOf(SecurityException.class)
- .hasMessageContaining("REGION:PUT");
+ .hasMessageContaining("DATA:WRITE");
- assertThatThrownBy(() -> bean.processCommand("get --key=key1 --region=region2")).isInstanceOf(SecurityException.class)
- .hasMessageContaining("REGION:GET");
-
- assertThatThrownBy(() -> bean.processCommand("query --query='SELECT * FROM /region2'")).isInstanceOf(SecurityException.class)
- .hasMessageContaining("QUERY:EXECUTE");
+ assertThatThrownBy(() -> bean.processCommand("get --key=key1 --region=region2")).isInstanceOf(SecurityException.class);
+ assertThatThrownBy(() -> bean.processCommand("query --query='SELECT * FROM /region2'")).isInstanceOf(SecurityException.class);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
index df95287..2fddb39 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/DiskStoreMXBeanSecurityJUnitTest.java
@@ -52,7 +52,7 @@ public class DiskStoreMXBeanSecurityJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+ @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.flush();
bean.forceCompaction();
@@ -67,17 +67,17 @@ public class DiskStoreMXBeanSecurityJUnitTest {
}
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ @JMXConnectionConfiguration(user = "data-user", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> bean.flush()).isInstanceOf(SecurityException.class).hasMessageContaining("DISKSTORE:FLUSH");
- assertThatThrownBy(() -> bean.forceCompaction()).hasMessageContaining("DISKSTORE:COMPACT");
- assertThatThrownBy(() -> bean.forceRoll()).hasMessageContaining("DISKSTORE:ROLL");
- assertThatThrownBy(() -> bean.getCompactionThreshold()).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.getDiskDirectories()).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.getDiskReadsRate()).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.isAutoCompact()).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.isForceCompactionAllowed()).hasMessageContaining("JMX:GET");
- assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f)).hasMessageContaining("DISKSTORE:ALTER");
- assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f)).hasMessageContaining("DISKSTORE:ALTER");
+ assertThatThrownBy(() -> bean.flush()).isInstanceOf(SecurityException.class).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.forceCompaction()).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.forceRoll()).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.getCompactionThreshold()).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getDiskDirectories()).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getDiskReadsRate()).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.isAutoCompact()).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.isForceCompactionAllowed()).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.setDiskUsageCriticalPercentage(0.5f)).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.setDiskUsageWarningPercentage(0.5f)).hasMessageContaining("DATA:MANAGE");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
index 049f6cb..b28069f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewayReceiverMBeanSecurityTest.java
@@ -68,7 +68,7 @@ public class GatewayReceiverMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+ @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.getAverageBatchProcessingTime();
bean.getBindAddress();
@@ -79,11 +79,11 @@ public class GatewayReceiverMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "stranger", password = "1234567")
+ @JMXConnectionConfiguration(user = "data-user", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.start()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
- assertThatThrownBy(() -> bean.stop()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
+ assertThatThrownBy(() -> bean.getTotalConnectionsTimedOut()).hasMessageContaining("CLUSTER:READ");
+ assertThatThrownBy(() -> bean.start()).hasMessageContaining("DATA:MANAGE");
+ assertThatThrownBy(() -> bean.stop()).hasMessageContaining("DATA:MANAGE");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
index 72551a9..33758b7 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/GatewaySenderMBeanSecurityTest.java
@@ -69,7 +69,7 @@ public class GatewaySenderMBeanSecurityTest {
}
@Test
- @JMXConnectionConfiguration(user = "superuser", password = "1234567")
+ @JMXConnectionConfiguration(user = "data-admin", password = "1234567")
public void testAllAccess() throws Exception {
bean.getAlertThreshold();
bean.getAverageDistributionTimePerBatch();
@@ -88,18 +88,18 @@ public class GatewaySenderMBeanSecurityTest {
@Test
@JMXConnectionConfiguration(user = "stranger", password = "1234567")
public void testNoAccess() throws Exception {
- assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for JMX:GET");
- assertThatThrownBy(() -> bean.pause()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
- assertThatThrownBy(() -> bean.rebalance()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
- assertThatThrownBy(() -> bean.resume()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
- assertThatThrownBy(() -> bean.start()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
- assertThatThrownBy(() -> bean.stop()).hasMessageStartingWith("Access Denied: Not authorized for GATEWAY:MANAGE");
+ assertThatThrownBy(() -> bean.getAlertThreshold()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getAverageDistributionTimePerBatch()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getBatchSize()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getMaximumQueueMemory()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.getOrderPolicy()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.isBatchConflationEnabled()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.isManualStart()).hasMessageStartingWith("Access Denied: Not authorized for CLUSTER:READ");
+ assertThatThrownBy(() -> bean.pause()).hasMessageStartingWith("Access Denied: Not authorized for DATA:MANAGE");
+ assertThatThrownBy(() -> bean.rebalance()).hasMessageStartingWith("Access Denied: Not authorized for DATA:MANAGE");
+ assertThatThrownBy(() -> bean.resume()).hasMessageStartingWith("Access Denied: Not authorized for DATA:MANAGE");
+ assertThatThrownBy(() -> bean.start()).hasMessageStartingWith("Access Denied: Not authorized for DATA:MANAGE");
+ assertThatThrownBy(() -> bean.stop()).hasMessageStartingWith("Access Denied: Not authorized for DATA:MANAGE");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d0c4a991/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
index 90f664e..9e931ad 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
@@ -145,7 +145,7 @@ public class JSONAuthorization implements AccessControl, Authenticator {
for (int j = 0; j < ops.length(); j++) {
String[] parts = ops.getString(j).split(":");
Resource r = Resource.valueOf(parts[0]);
- OperationCode op = parts.length > 1 ? OperationCode.valueOf(parts[1]) : OperationCode.ALL;
+ OperationCode op = parts.length > 1 ? OperationCode.valueOf(parts[1]) : OperationCode.READ;
role.permissions.add(new Permission(r, op));
}