You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by je...@apache.org on 2015/12/21 18:21:34 UTC
[6/7] incubator-geode git commit: GEM-164: move the security tests in
gemfire-test module inside the com.gemstone.gemfire.security packages to the
open side.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
new file mode 100644
index 0000000..e89e0d3
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
@@ -0,0 +1,798 @@
+
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+
+import templates.security.AuthzCredentialGenerator;
+import templates.security.CredentialGenerator;
+import templates.security.DummyCredentialGenerator;
+import templates.security.XmlAuthzCredentialGenerator;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.AvailablePort;
+import templates.security.UserPasswordAuthInit;
+
+import dunit.Host;
+import dunit.VM;
+
+/**
+ * Tests for authorization from client to server. This tests for authorization
+ * of all operations with both valid and invalid credentials/modules with
+ * pre-operation callbacks. It also checks for authorization in case of
+ * failover.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+public class ClientAuthorizationDUnitTest extends ClientAuthorizationTestBase {
+
+ /** constructor */
+ public ClientAuthorizationDUnitTest(String name) {
+ super(name);
+ }
+
+ @Override
+ public void setUp() throws Exception {
+
+ super.setUp();
+ final Host host = Host.getHost(0);
+ server1 = host.getVM(0);
+ server2 = host.getVM(1);
+ client1 = host.getVM(2);
+ client2 = host.getVM(3);
+
+ server1.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ server2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { serverExpectedExceptions });
+ client1.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { clientExpectedExceptions });
+ client2.invoke(SecurityTestUtil.class, "registerExpectedExceptions",
+ new Object[] { clientExpectedExceptions });
+ SecurityTestUtil.registerExpectedExceptions(clientExpectedExceptions);
+ }
+
+ private Properties getUserPassword(String userName) {
+
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ return props;
+ }
+
+ private void executeRIOpBlock(List opBlock, Integer port1, Integer port2,
+ String authInit, Properties extraAuthProps, Properties extraAuthzProps,
+ Properties javaProps) {
+
+ Iterator opIter = opBlock.iterator();
+ while (opIter.hasNext()) {
+ // Start client with valid credentials as specified in
+ // OperationWithAction
+ OperationWithAction currentOp = (OperationWithAction)opIter.next();
+ OperationCode opCode = currentOp.getOperationCode();
+ int opFlags = currentOp.getFlags();
+ int clientNum = currentOp.getClientNum();
+ VM clientVM = null;
+ boolean useThisVM = false;
+ switch (clientNum) {
+ case 1:
+ clientVM = client1;
+ break;
+ case 2:
+ clientVM = client2;
+ break;
+ case 3:
+ useThisVM = true;
+ break;
+ default:
+ fail("executeRIOpBlock: Unknown client number " + clientNum);
+ break;
+ }
+ getLogWriter().info(
+ "executeRIOpBlock: performing operation number ["
+ + currentOp.getOpNum() + "]: " + currentOp);
+ if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
+ Properties opCredentials = null;
+ String currentRegionName = '/' + regionName;
+ if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
+ currentRegionName += ('/' + subregionName);
+ }
+ String credentialsTypeStr;
+ OperationCode authOpCode = currentOp.getAuthzOperationCode();
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0
+ || (opFlags & OpFlags.USE_NOTAUTHZ) > 0
+ || !authOpCode.equals(opCode)) {
+ credentialsTypeStr = " unauthorized " + authOpCode;
+ if (authOpCode.isRegisterInterest()) {
+ opCredentials = getUserPassword("reader7");
+ }
+ else if (authOpCode.isUnregisterInterest()) {
+ opCredentials = getUserPassword("reader6");
+ }
+ else {
+ fail("executeRIOpBlock: cannot determine credentials for"
+ + credentialsTypeStr);
+ }
+ }
+ else {
+ credentialsTypeStr = " authorized " + authOpCode;
+ if (authOpCode.isRegisterInterest()
+ || authOpCode.isUnregisterInterest()) {
+ opCredentials = getUserPassword("reader5");
+ }
+ else if (authOpCode.isPut()) {
+ opCredentials = getUserPassword("writer1");
+ }
+ else if (authOpCode.isGet()) {
+ opCredentials = getUserPassword("reader1");
+ }
+ else {
+ fail("executeRIOpBlock: cannot determine credentials for"
+ + credentialsTypeStr);
+ }
+ }
+ Properties clientProps = SecurityTestUtil
+ .concatProperties(new Properties[] { opCredentials, extraAuthProps,
+ extraAuthzProps });
+ // Start the client with valid credentials but allowed or disallowed to
+ // perform an operation
+ getLogWriter().info(
+ "executeRIOpBlock: For client" + clientNum + credentialsTypeStr
+ + " credentials: " + opCredentials);
+ if (useThisVM) {
+ createCacheClient(authInit, clientProps, javaProps, new Integer[] {
+ port1, port2 }, null, Boolean.valueOf(false), new Integer(
+ SecurityTestUtil.NO_EXCEPTION));
+ }
+ else {
+ clientVM.invoke(ClientAuthorizationTestBase.class,
+ "createCacheClient", new Object[] { authInit, clientProps,
+ javaProps, new Integer[] { port1, port2 }, null,
+ Boolean.valueOf(false),
+ new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ }
+ }
+ int expectedResult;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ expectedResult = SecurityTestUtil.NOTAUTHZ_EXCEPTION;
+ }
+ else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
+ expectedResult = SecurityTestUtil.OTHER_EXCEPTION;
+ }
+ else {
+ expectedResult = SecurityTestUtil.NO_EXCEPTION;
+ }
+
+ // Perform the operation from selected client
+ if (useThisVM) {
+ doOp(new Byte(opCode.toOrdinal()), currentOp.getIndices(), new Integer(
+ opFlags), new Integer(expectedResult));
+ }
+ else {
+ clientVM.invoke(ClientAuthorizationTestBase.class, "doOp",
+ new Object[] { new Byte(opCode.toOrdinal()),
+ currentOp.getIndices(), new Integer(opFlags),
+ new Integer(expectedResult) });
+ }
+ }
+ }
+
+ // Region: Tests
+
+ public void testAllowPutsGets() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testAllowPutsGets: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testAllowPutsGets: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllowPutsGets: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = ((Integer)server1.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+ Integer port2 = ((Integer)server2.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.PUT },
+ new String[] { regionName }, 1);
+ javaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testAllowPutsGets: For first client credentials: "
+ + createCredentials);
+ client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, createCredentials, javaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Start client2 with valid GET credentials
+ Properties getCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 2);
+ javaProps = cGen.getJavaProperties();
+ getLogWriter()
+ .info(
+ "testAllowPutsGets: For second client credentials: "
+ + getCredentials);
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, javaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Verify that the gets succeed
+ client2.invoke(SecurityTestUtil.class, "doGets", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ }
+
+ public void testDisallowPutsGets() {
+
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testDisallowPutsGets: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testDisallowPutsGets: Using authenticator: " + authenticator);
+ getLogWriter().info("testDisallowPutsGets: Using accessor: " + accessor);
+
+ // Check that we indeed can obtain valid credentials not allowed to do
+ // gets
+ Properties createCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.PUT },
+ new String[] { regionName }, 1);
+ Properties createJavaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testDisallowPutsGets: For first client credentials: "
+ + createCredentials);
+ Properties getCredentials = gen.getDisallowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 2);
+ Properties getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info(
+ "testDisallowPutsGets: For second client disallowed GET credentials: "
+ + getCredentials);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = ((Integer)server1.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+ Integer port2 = ((Integer)server2.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+
+ // Start client1 with valid CREATE credentials
+ client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, createCredentials, createJavaProps, port1,
+ port2, null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Start client2 with invalid GET credentials
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, getJavaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Gets as normal user should throw exception
+ client2.invoke(SecurityTestUtil.class, "doGets", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) });
+
+ // Try to connect client2 with reader credentials
+ getCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 5);
+ getJavaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testDisallowPutsGets: For second client with GET credentials: "
+ + getCredentials);
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, getJavaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Verify that the gets succeed
+ client2.invoke(SecurityTestUtil.class, "doGets", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Verify that the puts throw exception
+ client2.invoke(SecurityTestUtil.class, "doNPuts", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) });
+ }
+
+ public void testInvalidAccessor() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testInvalidAccessor: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testInvalidAccessor: Using authenticator: " + authenticator);
+
+ // Start server1 with invalid accessor
+ Properties serverProps = buildProperties(authenticator,
+ "com.gemstone.none", false, extraAuthProps, extraAuthzProps);
+ Integer port1 = ((Integer)server1.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+ Integer port2 = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+
+ // Client creation should throw exceptions
+ Properties createCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.PUT },
+ new String[] { regionName }, 3);
+ Properties createJavaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testInvalidAccessor: For first client CREATE credentials: "
+ + createCredentials);
+ Properties getCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 7);
+ Properties getJavaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testInvalidAccessor: For second client GET credentials: "
+ + getCredentials);
+ client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, createCredentials, createJavaProps, port1,
+ port2, null, Boolean.FALSE, Boolean.FALSE,
+ Integer.valueOf(SecurityTestUtil.NO_EXCEPTION) });
+ client1.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(1), new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) });
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, getJavaProps, port1, port2,
+ null, Boolean.FALSE, Boolean.FALSE,
+ Integer.valueOf(SecurityTestUtil.NO_EXCEPTION) });
+ client2.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(1), new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) });
+
+ // Now start server2 that has valid accessor
+ getLogWriter().info("testInvalidAccessor: Using accessor: " + accessor);
+ serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ server2.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] { SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps });
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+
+ // Client creation should be successful now
+ client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, createCredentials, createJavaProps, port1,
+ port2, null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, getJavaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Now perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Verify that the gets succeed
+ client2.invoke(SecurityTestUtil.class, "doGets", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ }
+
+ public void testPutsGetsWithFailover() {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info(
+ "testPutsGetsWithFailover: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testPutsGetsWithFailover: Using authenticator: " + authenticator);
+ getLogWriter().info(
+ "testPutsGetsWithFailover: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ Integer port1 = ((Integer)server1.invoke(
+ ClientAuthorizationTestBase.class, "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), serverProps, javaProps }));
+ // Get a port for second server but do not start it
+ // This forces the clients to connect to the first server
+ Integer port2 = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+
+ // Start client1 with valid CREATE credentials
+ Properties createCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.PUT },
+ new String[] { regionName }, 1);
+ Properties createJavaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testPutsGetsWithFailover: For first client credentials: "
+ + createCredentials);
+ client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, createCredentials, createJavaProps, port1,
+ port2, null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Start client2 with valid GET credentials
+ Properties getCredentials = gen.getAllowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 5);
+ Properties getJavaProps = cGen.getJavaProperties();
+ getLogWriter().info(
+ "testPutsGetsWithFailover: For second client credentials: "
+ + getCredentials);
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, getJavaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ // Verify that the puts succeeded
+ client2.invoke(SecurityTestUtil.class, "doGets", new Object[] {
+ new Integer(2), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // start the second one and stop the first server to force a failover
+ server2.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] { SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps });
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doNPuts", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ // Verify that the puts succeeded
+ client2.invoke(SecurityTestUtil.class, "doNGets", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Now re-connect with credentials not allowed to do gets
+ Properties noGetCredentials = gen.getDisallowedCredentials(
+ new OperationCode[] { OperationCode.GET },
+ new String[] { regionName }, 9);
+ getJavaProps = cGen.getJavaProperties();
+
+ getLogWriter().info(
+ "testPutsGetsWithFailover: For second client disallowed GET credentials: "
+ + noGetCredentials);
+
+ // Re-connect client2 with invalid GET credentials
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, noGetCredentials, getJavaProps, port1,
+ port2, null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ // Gets as normal user should throw exception
+ client2.invoke(SecurityTestUtil.class, "doGets", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) });
+
+ // force a failover and do the drill again
+ server1.invoke(ClientAuthorizationTestBase.class, "createCacheServer",
+ new Object[] { SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps });
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+
+ // Perform some put operations from client1
+ client1.invoke(SecurityTestUtil.class, "doNPuts", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ // Gets as normal user should throw exception
+ client2.invoke(SecurityTestUtil.class, "doNGets", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) });
+
+ // Try to connect client2 with reader credentials
+ client2.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient",
+ new Object[] { authInit, getCredentials, getJavaProps, port1, port2,
+ null, new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Verify that the gets succeed
+ client2.invoke(SecurityTestUtil.class, "doNGets", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NO_EXCEPTION) });
+
+ // Verify that the puts throw exception
+ client2.invoke(SecurityTestUtil.class, "doPuts", new Object[] {
+ new Integer(4), new Integer(SecurityTestUtil.NOTAUTHZ_EXCEPTION) });
+ }
+
+ public void testUnregisterInterestWithFailover() {
+
+ OperationWithAction[] unregisterOps = {
+ // Register interest in all keys using one key at a time
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST, 3, OpFlags.NONE, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 2),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all keys using one key at a time
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3,
+ OpFlags.USE_OLDCONN | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2,
+ OpFlags.USE_OLDCONN, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Register interest in all keys using list
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_LIST, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 1,
+ OpFlags.USE_LIST, 4),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT, 2),
+ new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all keys using list
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3,
+ OpFlags.USE_OLDCONN | OpFlags.USE_LIST | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 1,
+ OpFlags.USE_OLDCONN | OpFlags.USE_LIST, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 2, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 1, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Register interest in all keys using regular expression
+ new OperationWithAction(OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST, 3, OpFlags.USE_REGEX, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 2,
+ OpFlags.USE_REGEX, 4),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all keys using regular expression
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 3,
+ OpFlags.USE_OLDCONN | OpFlags.USE_REGEX | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2,
+ OpFlags.USE_OLDCONN | OpFlags.USE_REGEX, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END };
+
+ AuthzCredentialGenerator gen = new XmlAuthzCredentialGenerator();
+ CredentialGenerator cGen = new DummyCredentialGenerator();
+ cGen.init();
+ gen.init(cGen);
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+
+ getLogWriter().info("testAllOpsWithFailover: Using authinit: " + authInit);
+ getLogWriter().info(
+ "testAllOpsWithFailover: Using authenticator: " + authenticator);
+ getLogWriter().info("testAllOpsWithFailover: Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ // Get ports for the servers
+ Integer port1 = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+ Integer port2 = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+
+ // Perform all the ops on the clients
+ List opBlock = new ArrayList();
+ for (int opNum = 0; opNum < unregisterOps.length; ++opNum) {
+ // Start client with valid credentials as specified in
+ // OperationWithAction
+ OperationWithAction currentOp = unregisterOps[opNum];
+ if (currentOp.equals(OperationWithAction.OPBLOCK_END)
+ || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // End of current operation block; execute all the operations
+ // on the servers with/without failover
+ if (opBlock.size() > 0) {
+ // Start the first server and execute the operation block
+ server1.invoke(ClientAuthorizationTestBase.class,
+ "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps });
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
+ extraAuthzProps, javaProps);
+ if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // Failover to the second server and run the block again
+ server2.invoke(ClientAuthorizationTestBase.class,
+ "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps });
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ executeRIOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
+ extraAuthzProps, javaProps);
+ }
+ opBlock.clear();
+ }
+ }
+ else {
+ currentOp.setOpNum(opNum);
+ opBlock.add(currentOp);
+ }
+ }
+ }
+
+
+ public void testAllOpsWithFailover() {
+ addExpectedException("Read timed out");
+
+ OperationWithAction[] allOps = {
+ // Test CREATE and verify with a GET
+ new OperationWithAction(OperationCode.PUT, 3, OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 3, OpFlags.CHECK_NOKEY
+ | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.CHECK_NOKEY, 4),
+
+ // OPBLOCK_END indicates end of an operation block; the above block of
+ // three operations will be first executed on server1 and then on
+ // server2 after failover
+ OperationWithAction.OPBLOCK_END,
+
+ // Test PUTALL and verify with GETs
+ new OperationWithAction(OperationCode.PUTALL, 3, OpFlags.USE_NEWVAL
+ | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.PUTALL, 1, OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+ OperationWithAction.OPBLOCK_END,
+
+ // Test UPDATE and verify with a GET
+ new OperationWithAction(OperationCode.PUT, 3, OpFlags.USE_NEWVAL
+ | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Test DESTROY and verify with a GET and that key should not exist
+ new OperationWithAction(OperationCode.DESTROY, 3, OpFlags.USE_NEWVAL
+ | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.DESTROY),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.CHECK_FAIL, 4), // bruce: added check_nokey because we now bring tombstones to the client in 8.0
+ // Repopulate the region
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_NEWVAL, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Check CONTAINS_KEY
+ new OperationWithAction(OperationCode.CONTAINS_KEY, 3,
+ OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.CONTAINS_KEY),
+ // Destroy the keys and check for failure in CONTAINS_KEY
+ new OperationWithAction(OperationCode.DESTROY, 2),
+ new OperationWithAction(OperationCode.CONTAINS_KEY, 3,
+ OpFlags.CHECK_FAIL | OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.CONTAINS_KEY, 1,
+ OpFlags.USE_OLDCONN | OpFlags.CHECK_FAIL, 4),
+ // Repopulate the region
+ new OperationWithAction(OperationCode.PUT),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Check KEY_SET
+ new OperationWithAction(OperationCode.KEY_SET, 3,
+ OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.KEY_SET, 2),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Check QUERY
+ new OperationWithAction(OperationCode.QUERY, 3, OpFlags.CHECK_NOTAUTHZ,
+ 4),
+ new OperationWithAction(OperationCode.QUERY),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Register interest in all keys using one key at a time
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 3,
+ OpFlags.CHECK_NOTAUTHZ, 4),
+ new OperationWithAction(OperationCode.REGISTER_INTEREST, 2),
+ // UPDATE and test with GET
+ new OperationWithAction(OperationCode.PUT),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ // Unregister interest in all keys using one key at a time
+ new OperationWithAction(OperationCode.UNREGISTER_INTEREST, 2,
+ OpFlags.USE_OLDCONN, 4),
+ // UPDATE and test with GET for no updates
+ new OperationWithAction(OperationCode.PUT, 1, OpFlags.USE_OLDCONN
+ | OpFlags.USE_NEWVAL, 4),
+ new OperationWithAction(OperationCode.GET, 2, OpFlags.USE_OLDCONN
+ | OpFlags.LOCAL_OP, 4),
+
+ OperationWithAction.OPBLOCK_END,
+
+ // Test GET_ENTRY inside a TX, see #49951
+ new OperationWithAction(OperationCode.GET, 2,
+ OpFlags.USE_GET_ENTRY_IN_TX | OpFlags.CHECK_FAIL, 4),
+
+ OperationWithAction.OPBLOCK_END };
+
+ runOpsWithFailover(allOps, "testAllOpsWithFailover");
+ }
+
+ // End Region: Tests
+
+ @Override
+ public void tearDown2() throws Exception {
+
+ super.tearDown2();
+ // close the clients first
+ client1.invoke(SecurityTestUtil.class, "closeCache");
+ client2.invoke(SecurityTestUtil.class, "closeCache");
+ SecurityTestUtil.closeCache();
+ // then close the servers
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a622d6ec/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java b/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
new file mode 100644
index 0000000..ad6526a
--- /dev/null
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
@@ -0,0 +1,1384 @@
+
+package com.gemstone.gemfire.security;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Random;
+import java.util.Set;
+
+import templates.security.AuthzCredentialGenerator;
+import templates.security.CredentialGenerator;
+import templates.security.AuthzCredentialGenerator.ClassCode;
+
+import com.gemstone.gemfire.cache.DynamicRegionFactory;
+import com.gemstone.gemfire.cache.InterestResultPolicy;
+import com.gemstone.gemfire.cache.Operation;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.Region.Entry;
+import com.gemstone.gemfire.cache.RegionDestroyedException;
+import com.gemstone.gemfire.cache.client.ServerConnectivityException;
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.cache.query.CqAttributes;
+import com.gemstone.gemfire.cache.query.CqAttributesFactory;
+import com.gemstone.gemfire.cache.query.CqEvent;
+import com.gemstone.gemfire.cache.query.CqException;
+import com.gemstone.gemfire.cache.query.CqListener;
+import com.gemstone.gemfire.cache.query.CqQuery;
+import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
+import com.gemstone.gemfire.cache.query.QueryService;
+import com.gemstone.gemfire.cache.query.SelectResults;
+import com.gemstone.gemfire.cache.query.Struct;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.internal.AvailablePort.Keeper;
+import com.gemstone.gemfire.internal.cache.AbstractRegionEntry;
+import com.gemstone.gemfire.internal.cache.LocalRegion;
+import com.gemstone.gemfire.internal.util.Callable;
+
+import dunit.DistributedTestCase;
+import dunit.VM;
+import templates.security.DummyCredentialGenerator;
+import templates.security.XmlAuthzCredentialGenerator;
+
+/**
+ * Base class for tests for authorization from client to server. It contains
+ * utility functions for the authorization tests from client to server.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+public class ClientAuthorizationTestBase extends DistributedTestCase {
+
+ /** constructor */
+ public ClientAuthorizationTestBase(String name) {
+ super(name);
+ }
+
+ protected static VM server1 = null;
+
+ protected static VM server2 = null;
+
+ protected static VM client1 = null;
+
+ protected static VM client2 = null;
+
+ protected static final String regionName = SecurityTestUtil.regionName;
+
+ protected static final String subregionName = "AuthSubregion";
+
+ protected static final String[] serverExpectedExceptions = {
+ "Connection refused",
+ AuthenticationRequiredException.class.getName(),
+ AuthenticationFailedException.class.getName(),
+ NotAuthorizedException.class.getName(),
+ GemFireSecurityException.class.getName(),
+ RegionDestroyedException.class.getName(),
+ ClassNotFoundException.class.getName() };
+
+ protected static final String[] clientExpectedExceptions = {
+ AuthenticationFailedException.class.getName(),
+ NotAuthorizedException.class.getName(),
+ RegionDestroyedException.class.getName() };
+
+ protected static Properties buildProperties(String authenticator,
+ String accessor, boolean isAccessorPP, Properties extraAuthProps,
+ Properties extraAuthzProps) {
+
+ Properties authProps = new Properties();
+ if (authenticator != null) {
+ authProps.setProperty(
+ DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator);
+ }
+ if (accessor != null) {
+ if (isAccessorPP) {
+ authProps.setProperty(
+ DistributionConfig.SECURITY_CLIENT_ACCESSOR_PP_NAME, accessor);
+ }
+ else {
+ authProps.setProperty(DistributionConfig.SECURITY_CLIENT_ACCESSOR_NAME,
+ accessor);
+ }
+ }
+ return SecurityTestUtil.concatProperties(new Properties[] { authProps,
+ extraAuthProps, extraAuthzProps });
+ }
+
+ public static Integer createCacheServer(Integer locatorPort, Object authProps,
+ Object javaProps) {
+
+ if (locatorPort == null) {
+ locatorPort = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+ }
+ return SecurityTestUtil.createCacheServer((Properties)authProps, javaProps,
+ locatorPort, null, null, Boolean.TRUE, new Integer(
+ SecurityTestUtil.NO_EXCEPTION));
+ }
+
+ public static void createCacheServer(Integer locatorPort, Integer serverPort,
+ Object authProps, Object javaProps) {
+ if (locatorPort == null) {
+ locatorPort = new Integer(AvailablePort
+ .getRandomAvailablePort(AvailablePort.SOCKET));
+ }
+ SecurityTestUtil.createCacheServer((Properties)authProps, javaProps,
+ locatorPort, null, serverPort, Boolean.TRUE, new Integer(
+ SecurityTestUtil.NO_EXCEPTION));
+ }
+
+ public static void createCacheClient(Object authInit, Object authProps,
+ Object javaProps, Integer[] ports, Integer numConnections,
+ Boolean setupDynamicRegionFactory, Integer expectedResult) {
+
+ String authInitStr = (authInit == null ? null : authInit.toString());
+ if (authProps == null) {
+ authProps = new Properties();
+ }
+ SecurityTestUtil.createCacheClient(authInitStr, (Properties)authProps,
+ (Properties)javaProps, ports, numConnections,
+ setupDynamicRegionFactory, expectedResult);
+ }
+
+ protected static Region getRegion() {
+ return SecurityTestUtil.getCache().getRegion(regionName);
+ }
+
+ protected static Region getSubregion() {
+ return SecurityTestUtil.getCache().getRegion(
+ regionName + '/' + subregionName);
+ }
+
+ private static Region createSubregion(Region region) {
+
+ Region subregion = getSubregion();
+ if (subregion == null) {
+ subregion = region.createSubregion(subregionName, region.getAttributes());
+ }
+ return subregion;
+ }
+
+ protected static String indicesToString(int[] indices) {
+
+ String str = "";
+ if (indices != null && indices.length > 0) {
+ str += indices[0];
+ for (int index = 1; index < indices.length; ++index) {
+ str += ",";
+ str += indices[index];
+ }
+ }
+ return str;
+ }
+
+ private static final int PAUSE = 5 * 1000;
+
+ public static void doOp(Byte opCode, int[] indices, Integer flagsI,
+ Integer expectedResult) {
+
+ OperationCode op = OperationCode.fromOrdinal(opCode.byteValue());
+ boolean operationOmitted = false;
+ final int flags = flagsI.intValue();
+ Region region = getRegion();
+ if ((flags & OpFlags.USE_SUBREGION) > 0) {
+ assertNotNull(region);
+ Region subregion = null;
+ if ((flags & OpFlags.NO_CREATE_SUBREGION) > 0) {
+ if ((flags & OpFlags.CHECK_NOREGION) > 0) {
+ // Wait for some time for DRF update to come
+ SecurityTestUtil.waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ return Boolean.valueOf(getSubregion() == null);
+ }
+ });
+ subregion = getSubregion();
+ assertNull(subregion);
+ return;
+ }
+ else {
+ // Wait for some time for DRF update to come
+ SecurityTestUtil.waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ return Boolean.valueOf(getSubregion() != null);
+ }
+ });
+ subregion = getSubregion();
+ assertNotNull(subregion);
+ }
+ }
+ else {
+ subregion = createSubregion(region);
+ }
+ assertNotNull(subregion);
+ region = subregion;
+ }
+ else if ((flags & OpFlags.CHECK_NOREGION) > 0) {
+ // Wait for some time for region destroy update to come
+ SecurityTestUtil.waitForCondition(new Callable() {
+ public Object call() throws Exception {
+ return Boolean.valueOf(getRegion() == null);
+ }
+ });
+ region = getRegion();
+ assertNull(region);
+ return;
+ }
+ else {
+ assertNotNull(region);
+ }
+ final String[] keys = SecurityTestUtil.keys;
+ final String[] vals;
+ if ((flags & OpFlags.USE_NEWVAL) > 0) {
+ vals = SecurityTestUtil.nvalues;
+ }
+ else {
+ vals = SecurityTestUtil.values;
+ }
+ InterestResultPolicy policy = InterestResultPolicy.KEYS_VALUES;
+ if ((flags & OpFlags.REGISTER_POLICY_NONE) > 0) {
+ policy = InterestResultPolicy.NONE;
+ }
+ final int numOps = indices.length;
+ getLogWriter().info(
+ "Got doOp for op: " + op.toString() + ", numOps: " + numOps
+ + ", indices: " + indicesToString(indices) + ", expect: " + expectedResult);
+ boolean exceptionOccured = false;
+ boolean breakLoop = false;
+ if (op.isGet() ||
+ op.isContainsKey() ||
+ op.isKeySet() ||
+ op.isQuery() ||
+ op.isExecuteCQ()) {
+ try {
+ Thread.sleep(PAUSE);
+ }
+ catch (InterruptedException e) {
+ fail("interrupted");
+ }
+ }
+ for (int indexIndex = 0; indexIndex < numOps; ++indexIndex) {
+ if (breakLoop) {
+ break;
+ }
+ int index = indices[indexIndex];
+ try {
+ final Object key = keys[index];
+ final Object expectedVal = vals[index];
+ if (op.isGet()) {
+ Object value = null;
+ // this is the case for testing GET_ALL
+ if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ List keyList = new ArrayList(numOps);
+ Object searchKey;
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ searchKey = keys[keyNum];
+ keyList.add(searchKey);
+ // local invalidate some keys to force fetch of those keys from
+ // server
+ if ((flags & OpFlags.CHECK_NOKEY) > 0) {
+ AbstractRegionEntry entry = (AbstractRegionEntry)((LocalRegion)region).getRegionEntry(searchKey);
+ getLogWriter().info(""+keyNum+": key is " + searchKey + " and entry is " + entry);
+ assertFalse(region.containsKey(searchKey));
+ }
+ else {
+ if (keyNumIndex % 2 == 1) {
+ assertTrue(region.containsKey(searchKey));
+ region.localInvalidate(searchKey);
+ }
+ }
+ }
+ Map entries = region.getAll(keyList);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ searchKey = keys[keyNum];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(entries.containsKey(searchKey));
+ }
+ else {
+ assertTrue(entries.containsKey(searchKey));
+ value = entries.get(searchKey);
+ assertEquals(vals[keyNum], value);
+ }
+ }
+ break;
+ }
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ Callable cond = new Callable() {
+ private Region region;
+
+ public Object call() throws Exception {
+ Object value = SecurityTestUtil.getLocalValue(region, key);
+ return Boolean
+ .valueOf((flags & OpFlags.CHECK_FAIL) > 0 ? !expectedVal
+ .equals(value) : expectedVal.equals(value));
+ }
+
+ public Callable init(Region region) {
+ this.region = region;
+ return this;
+ }
+ }.init(region);
+ SecurityTestUtil.waitForCondition(cond);
+ value = SecurityTestUtil.getLocalValue(region, key);
+ }
+ else if ((flags & OpFlags.USE_GET_ENTRY_IN_TX) > 0) {
+ SecurityTestUtil.getCache().getCacheTransactionManager().begin();
+ Entry e = region.getEntry(key);
+ // Also, check getAll()
+ ArrayList a = new ArrayList();
+ a.addAll(a);
+ region.getAll(a);
+
+ SecurityTestUtil.getCache().getCacheTransactionManager().commit();
+ value = e.getValue();
+ }
+ else {
+ if ((flags & OpFlags.CHECK_NOKEY) > 0) {
+ assertFalse(region.containsKey(key));
+ }
+ else {
+ assertTrue(region.containsKey(key) || ((LocalRegion)region).getRegionEntry(key).isTombstone());
+ region.localInvalidate(key);
+ }
+ value = region.get(key);
+ }
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(expectedVal.equals(value));
+ }
+ else {
+ assertNotNull(value);
+ assertEquals(expectedVal, value);
+ }
+ }
+ else if (op.isPut()) {
+ region.put(key, expectedVal);
+ }
+ else if (op.isPutAll()) {
+ HashMap map = new HashMap();
+ for (int i=0; i<indices.length; i++) {
+ map.put(keys[indices[i]], vals[indices[i]]);
+ }
+ region.putAll(map);
+ breakLoop = true;
+ }
+ else if (op.isDestroy()) {
+ // if (!region.containsKey(key)) {
+ // // Since DESTROY will fail unless the value is present
+ // // in the local cache, this is a workaround for two cases:
+ // // 1. When the operation is supposed to succeed then in
+ // // the current AuthzCredentialGenerators the clients having
+ // // DESTROY permission also has CREATE/UPDATE permission
+ // // so that calling region.put() will work for that case.
+ // // 2. When the operation is supposed to fail with
+ // // NotAuthorizedException then in the current
+ // // AuthzCredentialGenerators the clients not
+ // // having DESTROY permission are those with reader role that have
+ // // GET permission.
+ // //
+ // // If either of these assumptions fails, then this has to be
+ // // adjusted or reworked accordingly.
+ // if ((flags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ // Object value = region.get(key);
+ // assertNotNull(value);
+ // assertEquals(vals[index], value);
+ // }
+ // else {
+ // region.put(key, vals[index]);
+ // }
+ // }
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localDestroy(key);
+ }
+ else {
+ region.destroy(key);
+ }
+ }
+ else if (op.isInvalidate()) {
+ if (region.containsKey(key)) {
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localInvalidate(key);
+ }
+ else {
+ region.invalidate(key);
+ }
+ }
+ }
+ else if (op.isContainsKey()) {
+ boolean result;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ result = region.containsKey(key);
+ }
+ else {
+ result = region.containsKeyOnServer(key);
+ }
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(result);
+ }
+ else {
+ assertTrue(result);
+ }
+ }
+ else if (op.isRegisterInterest()) {
+ if ((flags & OpFlags.USE_LIST) > 0) {
+ breakLoop = true;
+ // Register interest list in this case
+ List keyList = new ArrayList(numOps);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ keyList.add(keys[keyNum]);
+ }
+ region.registerInterest(keyList, policy);
+ }
+ else if ((flags & OpFlags.USE_REGEX) > 0) {
+ breakLoop = true;
+ region.registerInterestRegex("key[1-" + numOps + ']', policy);
+ }
+ else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ region.registerInterest("ALL_KEYS", policy);
+ }
+ else {
+ region.registerInterest(key, policy);
+ }
+ }
+ else if (op.isUnregisterInterest()) {
+ if ((flags & OpFlags.USE_LIST) > 0) {
+ breakLoop = true;
+ // Register interest list in this case
+ List keyList = new ArrayList(numOps);
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ keyList.add(keys[keyNum]);
+ }
+ region.unregisterInterest(keyList);
+ }
+ else if ((flags & OpFlags.USE_REGEX) > 0) {
+ breakLoop = true;
+ region.unregisterInterestRegex("key[1-" + numOps + ']');
+ }
+ else if ((flags & OpFlags.USE_ALL_KEYS) > 0) {
+ breakLoop = true;
+ region.unregisterInterest("ALL_KEYS");
+ }
+ else {
+ region.unregisterInterest(key);
+ }
+ }
+ else if (op.isKeySet()) {
+ breakLoop = true;
+ Set keySet;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ keySet = region.keySet();
+ }
+ else {
+ keySet = region.keySetOnServer();
+ }
+ assertNotNull(keySet);
+ if ((flags & OpFlags.CHECK_FAIL) == 0) {
+ assertEquals(numOps, keySet.size());
+ }
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(keySet.contains(keys[keyNum]));
+ }
+ else {
+ assertTrue(keySet.contains(keys[keyNum]));
+ }
+ }
+ }
+ else if (op.isQuery()) {
+ breakLoop = true;
+ SelectResults queryResults = region.query("SELECT DISTINCT * FROM "
+ + region.getFullPath());
+ assertNotNull(queryResults);
+ Set queryResultSet = queryResults.asSet();
+ if ((flags & OpFlags.CHECK_FAIL) == 0) {
+ assertEquals(numOps, queryResultSet.size());
+ }
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(queryResultSet.contains(vals[keyNum]));
+ }
+ else {
+ assertTrue(queryResultSet.contains(vals[keyNum]));
+ }
+ }
+ }
+ else if (op.isExecuteCQ()) {
+ breakLoop = true;
+ QueryService queryService = SecurityTestUtil.getCache()
+ .getQueryService();
+ CqQuery cqQuery;
+ if ((cqQuery = queryService.getCq("cq1")) == null) {
+ CqAttributesFactory cqFact = new CqAttributesFactory();
+ cqFact.addCqListener(new AuthzCqListener());
+ CqAttributes cqAttrs = cqFact.create();
+ cqQuery = queryService.newCq("cq1", "SELECT * FROM "
+ + region.getFullPath(), cqAttrs);
+ }
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ // Interpret this as testing results using CqListener
+ final AuthzCqListener listener = (AuthzCqListener)cqQuery
+ .getCqAttributes().getCqListener();
+ WaitCriterion ev = new WaitCriterion() {
+ public boolean done() {
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ return 0 == listener.getNumUpdates();
+ }
+ else {
+ return numOps == listener.getNumUpdates();
+ }
+ }
+ public String description() {
+ return null;
+ }
+ };
+ DistributedTestCase.waitForCriterion(ev, 3 * 1000, 200, true);
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertEquals(0, listener.getNumUpdates());
+ }
+ else {
+ assertEquals(numOps, listener.getNumUpdates());
+ listener.checkPuts(vals, indices);
+ }
+ assertEquals(0, listener.getNumCreates());
+ assertEquals(0, listener.getNumDestroys());
+ assertEquals(0, listener.getNumOtherOps());
+ assertEquals(0, listener.getNumErrors());
+ }
+ else {
+ SelectResults cqResults = cqQuery.executeWithInitialResults();
+ assertNotNull(cqResults);
+ Set cqResultValues = new HashSet();
+ for (Object o : cqResults.asList()) {
+ Struct s = (Struct)o;
+ cqResultValues.add(s.get("value"));
+ }
+ Set cqResultSet = cqResults.asSet();
+ if ((flags & OpFlags.CHECK_FAIL) == 0) {
+ assertEquals(numOps, cqResultSet.size());
+ }
+ for (int keyNumIndex = 0; keyNumIndex < numOps; ++keyNumIndex) {
+ int keyNum = indices[keyNumIndex];
+ if ((flags & OpFlags.CHECK_FAIL) > 0) {
+ assertFalse(cqResultValues.contains(vals[keyNum]));
+ }
+ else {
+ assertTrue(cqResultValues.contains(vals[keyNum]));
+ }
+ }
+ }
+ }
+ else if (op.isStopCQ()) {
+ breakLoop = true;
+ CqQuery cqQuery = SecurityTestUtil.getCache().getQueryService()
+ .getCq("cq1");
+ ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
+ cqQuery.stop();
+ }
+ else if (op.isCloseCQ()) {
+ breakLoop = true;
+ CqQuery cqQuery = SecurityTestUtil.getCache().getQueryService()
+ .getCq("cq1");
+ ((AuthzCqListener)cqQuery.getCqAttributes().getCqListener()).reset();
+ cqQuery.close();
+ }
+ else if (op.isRegionClear()) {
+ breakLoop = true;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localClear();
+ }
+ else {
+ region.clear();
+ }
+ }
+ else if (op.isRegionCreate()) {
+ breakLoop = true;
+ // Region subregion = createSubregion(region);
+ // subregion.createRegionOnServer();
+ // Create region on server using the DynamicRegionFactory
+ // Assume it has been already initialized
+ DynamicRegionFactory drf = DynamicRegionFactory.get();
+ Region subregion = drf.createDynamicRegion(regionName, subregionName);
+ assertEquals('/' + regionName + '/' + subregionName, subregion
+ .getFullPath());
+ }
+ else if (op.isRegionDestroy()) {
+ breakLoop = true;
+ if ((flags & OpFlags.LOCAL_OP) > 0) {
+ region.localDestroyRegion();
+ }
+ else {
+ if ((flags & OpFlags.USE_SUBREGION) > 0) {
+ try {
+ DynamicRegionFactory.get().destroyDynamicRegion(
+ region.getFullPath());
+ }
+ catch (RegionDestroyedException ex) {
+ // harmless to ignore this
+ getLogWriter().info(
+ "doOp: sub-region " + region.getFullPath()
+ + " already destroyed");
+ operationOmitted = true;
+ }
+ }
+ else {
+ region.destroyRegion();
+ }
+ }
+ }
+ else {
+ fail("doOp: Unhandled operation " + op);
+ }
+ if (expectedResult.intValue() != SecurityTestUtil.NO_EXCEPTION) {
+ if (!operationOmitted && !op.isUnregisterInterest()) {
+ fail("Expected an exception while performing operation op =" + op +
+ "flags = " + OpFlags.description(flags));
+ }
+ }
+ }
+ catch (Exception ex) {
+ exceptionOccured = true;
+ if ((ex instanceof ServerConnectivityException
+ || ex instanceof QueryInvocationTargetException || ex instanceof CqException)
+ && (expectedResult.intValue() == SecurityTestUtil.NOTAUTHZ_EXCEPTION)
+ && (ex.getCause() instanceof NotAuthorizedException)) {
+ getLogWriter().info(
+ "doOp: Got expected NotAuthorizedException when doing operation ["
+ + op + "] with flags " + OpFlags.description(flags)
+ + ": " + ex.getCause());
+ continue;
+ }
+ else if (expectedResult.intValue() == SecurityTestUtil.OTHER_EXCEPTION) {
+ getLogWriter().info(
+ "doOp: Got expected exception when doing operation: "
+ + ex.toString());
+ continue;
+ }
+ else {
+ fail("doOp: Got unexpected exception when doing operation. Policy = "
+ + policy + " flags = " + OpFlags.description(flags), ex);
+ }
+ }
+ }
+ if (!exceptionOccured && !operationOmitted
+ && expectedResult.intValue() != SecurityTestUtil.NO_EXCEPTION) {
+ fail("Expected an exception while performing operation: " + op +
+ " flags = " + OpFlags.description(flags));
+ }
+ }
+
+ protected void executeOpBlock(List opBlock, Integer port1, Integer port2,
+ String authInit, Properties extraAuthProps, Properties extraAuthzProps,
+ TestCredentialGenerator gen, Random rnd) {
+
+ Iterator opIter = opBlock.iterator();
+ while (opIter.hasNext()) {
+ // Start client with valid credentials as specified in
+ // OperationWithAction
+ OperationWithAction currentOp = (OperationWithAction)opIter.next();
+ OperationCode opCode = currentOp.getOperationCode();
+ int opFlags = currentOp.getFlags();
+ int clientNum = currentOp.getClientNum();
+ VM clientVM = null;
+ boolean useThisVM = false;
+ switch (clientNum) {
+ case 1:
+ clientVM = client1;
+ break;
+ case 2:
+ clientVM = client2;
+ break;
+ case 3:
+ useThisVM = true;
+ break;
+ default:
+ fail("executeOpBlock: Unknown client number " + clientNum);
+ break;
+ }
+ getLogWriter().info(
+ "executeOpBlock: performing operation number ["
+ + currentOp.getOpNum() + "]: " + currentOp);
+ if ((opFlags & OpFlags.USE_OLDCONN) == 0) {
+ Properties opCredentials;
+ int newRnd = rnd.nextInt(100) + 1;
+ String currentRegionName = '/' + regionName;
+ if ((opFlags & OpFlags.USE_SUBREGION) > 0) {
+ currentRegionName += ('/' + subregionName);
+ }
+ String credentialsTypeStr;
+ OperationCode authOpCode = currentOp.getAuthzOperationCode();
+ int[] indices = currentOp.getIndices();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties javaProps = null;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0
+ || (opFlags & OpFlags.USE_NOTAUTHZ) > 0) {
+ opCredentials = gen.getDisallowedCredentials(
+ new OperationCode[] { authOpCode },
+ new String[] { currentRegionName }, indices, newRnd);
+ credentialsTypeStr = " unauthorized " + authOpCode;
+ }
+ else {
+ opCredentials = gen.getAllowedCredentials(new OperationCode[] {
+ opCode, authOpCode }, new String[] { currentRegionName },
+ indices, newRnd);
+ credentialsTypeStr = " authorized " + authOpCode;
+ }
+ if (cGen != null) {
+ javaProps = cGen.getJavaProperties();
+ }
+ Properties clientProps = SecurityTestUtil
+ .concatProperties(new Properties[] { opCredentials, extraAuthProps,
+ extraAuthzProps });
+ // Start the client with valid credentials but allowed or disallowed to
+ // perform an operation
+ getLogWriter().info(
+ "executeOpBlock: For client" + clientNum + credentialsTypeStr
+ + " credentials: " + opCredentials);
+ boolean setupDynamicRegionFactory = (opFlags & OpFlags.ENABLE_DRF) > 0;
+ if (useThisVM) {
+ createCacheClient(authInit, clientProps, javaProps, new Integer[] {
+ port1, port2 }, null, Boolean.valueOf(setupDynamicRegionFactory),
+ new Integer(SecurityTestUtil.NO_EXCEPTION));
+ }
+ else {
+ clientVM.invoke(ClientAuthorizationTestBase.class,
+ "createCacheClient", new Object[] { authInit, clientProps,
+ javaProps, new Integer[] { port1, port2 }, null,
+ Boolean.valueOf(setupDynamicRegionFactory),
+ new Integer(SecurityTestUtil.NO_EXCEPTION) });
+ }
+ }
+ int expectedResult;
+ if ((opFlags & OpFlags.CHECK_NOTAUTHZ) > 0) {
+ expectedResult = SecurityTestUtil.NOTAUTHZ_EXCEPTION;
+ }
+ else if ((opFlags & OpFlags.CHECK_EXCEPTION) > 0) {
+ expectedResult = SecurityTestUtil.OTHER_EXCEPTION;
+ }
+ else {
+ expectedResult = SecurityTestUtil.NO_EXCEPTION;
+ }
+
+ // Perform the operation from selected client
+ if (useThisVM) {
+ doOp(new Byte(opCode.toOrdinal()), currentOp.getIndices(), new Integer(
+ opFlags), new Integer(expectedResult));
+ }
+ else {
+ clientVM.invoke(ClientAuthorizationTestBase.class, "doOp",
+ new Object[] { new Byte(opCode.toOrdinal()),
+ currentOp.getIndices(), new Integer(opFlags),
+ new Integer(expectedResult) });
+ }
+ }
+ }
+
+ protected AuthzCredentialGenerator getXmlAuthzGenerator(){
+ AuthzCredentialGenerator authzGen = new XmlAuthzCredentialGenerator();
+ CredentialGenerator cGen = new DummyCredentialGenerator();
+ cGen.init();
+ authzGen.init(cGen);
+ return authzGen;
+ }
+
+ protected List getDummyGeneratorCombos() {
+ List generators = new ArrayList();
+ Iterator authzCodeIter = AuthzCredentialGenerator.ClassCode.getAll()
+ .iterator();
+ while (authzCodeIter.hasNext()) {
+ ClassCode authzClassCode = (ClassCode) authzCodeIter.next();
+ AuthzCredentialGenerator authzGen = AuthzCredentialGenerator
+ .create(authzClassCode);
+ if (authzGen != null) {
+ CredentialGenerator cGen = new DummyCredentialGenerator();
+ cGen.init();
+ if (authzGen.init(cGen)) {
+ generators.add(authzGen);
+ }
+ }
+ }
+
+ assertTrue(generators.size() > 0);
+ return generators;
+ }
+
+
+ protected void runOpsWithFailover(OperationWithAction[] opCodes,
+ String testName) {
+ AuthzCredentialGenerator gen = getXmlAuthzGenerator();
+ CredentialGenerator cGen = gen.getCredentialGenerator();
+ Properties extraAuthProps = cGen.getSystemProperties();
+ Properties javaProps = cGen.getJavaProperties();
+ Properties extraAuthzProps = gen.getSystemProperties();
+ String authenticator = cGen.getAuthenticator();
+ String authInit = cGen.getAuthInit();
+ String accessor = gen.getAuthorizationCallback();
+ TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(gen);
+
+ getLogWriter().info(testName + ": Using authinit: " + authInit);
+ getLogWriter().info(testName + ": Using authenticator: " + authenticator);
+ getLogWriter().info(testName + ": Using accessor: " + accessor);
+
+ // Start servers with all required properties
+ Properties serverProps = buildProperties(authenticator, accessor, false,
+ extraAuthProps, extraAuthzProps);
+ // Get ports for the servers
+ Keeper port1Keeper = AvailablePort.getRandomAvailablePortKeeper(AvailablePort.SOCKET);
+ Keeper port2Keeper = AvailablePort.getRandomAvailablePortKeeper(AvailablePort.SOCKET);
+ int port1 = port1Keeper.getPort();
+ int port2 = port2Keeper.getPort();
+
+ // Perform all the ops on the clients
+ List opBlock = new ArrayList();
+ Random rnd = new Random();
+ for (int opNum = 0; opNum < opCodes.length; ++opNum) {
+ // Start client with valid credentials as specified in
+ // OperationWithAction
+ OperationWithAction currentOp = opCodes[opNum];
+ if (currentOp.equals(OperationWithAction.OPBLOCK_END)
+ || currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // End of current operation block; execute all the operations
+ // on the servers with/without failover
+ if (opBlock.size() > 0) {
+ port1Keeper.release();
+ // Start the first server and execute the operation block
+ server1.invoke(ClientAuthorizationTestBase.class,
+ "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), port1, serverProps,
+ javaProps });
+ server2.invoke(SecurityTestUtil.class, "closeCache");
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
+ extraAuthzProps, tgen, rnd);
+ if (!currentOp.equals(OperationWithAction.OPBLOCK_NO_FAILOVER)) {
+ // Failover to the second server and run the block again
+ port2Keeper.release();
+ server2.invoke(ClientAuthorizationTestBase.class,
+ "createCacheServer", new Object[] {
+ SecurityTestUtil.getLocatorPort(), port2, serverProps,
+ javaProps });
+ server1.invoke(SecurityTestUtil.class, "closeCache");
+ executeOpBlock(opBlock, port1, port2, authInit, extraAuthProps,
+ extraAuthzProps, tgen, rnd);
+ }
+ opBlock.clear();
+ }
+ }
+ else {
+ currentOp.setOpNum(opNum);
+ opBlock.add(currentOp);
+ }
+ }
+ }
+
+ /**
+ * Implements the {@link CqListener} interface and counts the number of
+ * different operations and also queues up the received updates to precise
+ * checking of each update.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+ public static class AuthzCqListener implements CqListener {
+
+ private List eventList;
+
+ private int numCreates;
+
+ private int numUpdates;
+
+ private int numDestroys;
+
+ private int numOtherOps;
+
+ private int numErrors;
+
+ public AuthzCqListener() {
+ this.eventList = new ArrayList();
+ reset();
+ }
+
+ public void reset() {
+ this.eventList.clear();
+ this.numCreates = 0;
+ this.numUpdates = 0;
+ this.numErrors = 0;
+ }
+
+ public void onEvent(CqEvent aCqEvent) {
+ Operation op = aCqEvent.getBaseOperation();
+ if (op.isCreate()) {
+ ++this.numCreates;
+ }
+ else if (op.isUpdate()) {
+ ++this.numUpdates;
+ }
+ else if (op.isDestroy()) {
+ ++this.numDestroys;
+ }
+ else {
+ ++this.numOtherOps;
+ }
+ eventList.add(aCqEvent);
+ }
+
+ public void onError(CqEvent aCqEvent) {
+ ++this.numErrors;
+ }
+
+ public void close() {
+ this.eventList.clear();
+ }
+
+ public int getNumCreates() {
+ return this.numCreates;
+ }
+
+ public int getNumUpdates() {
+ return this.numUpdates;
+ }
+
+ public int getNumDestroys() {
+ return this.numDestroys;
+ }
+
+ public int getNumOtherOps() {
+ return this.numOtherOps;
+ }
+
+ public int getNumErrors() {
+ return this.numErrors;
+ }
+
+ public void checkPuts(String[] vals, int[] indices) {
+ for (int indexIndex = 0; indexIndex < indices.length; ++indexIndex) {
+ int index = indices[indexIndex];
+ Iterator eventIter = this.eventList.iterator();
+ boolean foundKey = false;
+ while (eventIter.hasNext()) {
+ CqEvent event = (CqEvent)eventIter.next();
+ if (SecurityTestUtil.keys[index].equals(event.getKey())) {
+ assertEquals(vals[index], event.getNewValue());
+ foundKey = true;
+ break;
+ }
+ }
+ assertTrue(foundKey);
+ }
+ }
+ }
+
+ /**
+ * This class specifies flags that can be used to alter the behaviour of
+ * operations being performed by the <code>doOp</code> function.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+ public static class OpFlags {
+
+ /**
+ * Default behaviour.
+ */
+ public static final int NONE = 0x0;
+
+ /**
+ * Check that the operation should fail.
+ */
+ public static final int CHECK_FAIL = 0x1;
+
+ /**
+ * Check that the operation should throw <code>NotAuthorizedException</code>.
+ */
+ public static final int CHECK_NOTAUTHZ = 0x2;
+
+ /**
+ * Check that the region should not be available.
+ */
+ public static final int CHECK_NOREGION = 0x4;
+
+ /**
+ * Check that the operation should throw an exception other than the
+ * <code>NotAuthorizedException</code>.
+ */
+ public static final int CHECK_EXCEPTION = 0x8;
+
+ /**
+ * Check for nvalues[] instead of values[].
+ */
+ public static final int USE_NEWVAL = 0x10;
+
+ /**
+ * Register all keys. For GET operations indicates using getAll().
+ */
+ public static final int USE_ALL_KEYS = 0x20;
+
+ /**
+ * Register a regular expression.
+ */
+ public static final int USE_REGEX = 0x40;
+
+ /**
+ * Register a list of keys.
+ */
+ public static final int USE_LIST = 0x80;
+
+ /**
+ * Perform the local version of the operation.
+ */
+ public static final int LOCAL_OP = 0x100;
+
+ /**
+ * Check that the key for the operation should not be present.
+ */
+ public static final int CHECK_NOKEY = 0x200;
+
+ /**
+ * Use the sub-region for performing the operation.
+ */
+ public static final int USE_SUBREGION = 0x400;
+
+ /**
+ * Do not try to create the sub-region.
+ */
+ public static final int NO_CREATE_SUBREGION = 0x800;
+
+ /**
+ * Do not re-connect using new credentials rather use the previous
+ * connection.
+ */
+ public static final int USE_OLDCONN = 0x1000;
+
+ /**
+ * Do the connection with unauthorized credentials but do not check that the
+ * operation throws <code>NotAuthorizedException</code>.
+ */
+ public static final int USE_NOTAUTHZ = 0x2000;
+
+ /**
+ * Enable {@link DynamicRegionFactory} on the client.
+ */
+ public static final int ENABLE_DRF = 0x4000;
+
+ /**
+ * Use the {@link InterestResultPolicy#NONE} for register interest.
+ */
+ public static final int REGISTER_POLICY_NONE = 0x8000;
+
+ /**
+ * Use the {@link LocalRegion#getEntry} under transaction.
+ */
+ public static final int USE_GET_ENTRY_IN_TX = 0x10000;
+
+ static public String description(int f) {
+ StringBuffer sb = new StringBuffer();
+ sb.append("[");
+ if ((f & CHECK_FAIL) != 0) {
+ sb.append("CHECK_FAIL,");
+ }
+ if ((f & CHECK_NOTAUTHZ) != 0) {
+ sb.append("CHECK_NOTAUTHZ,");
+ }
+ if ((f & CHECK_NOREGION) != 0) {
+ sb.append("CHECK_NOREGION,");
+ }
+ if ((f & CHECK_EXCEPTION) != 0) {
+ sb.append("CHECK_EXCEPTION,");
+ }
+ if ((f & USE_NEWVAL) != 0) {
+ sb.append("USE_NEWVAL,");
+ }
+ if ((f & USE_ALL_KEYS) != 0) {
+ sb.append("USE_ALL_KEYS,");
+ }
+ if ((f & USE_REGEX) != 0) {
+ sb.append("USE_REGEX,");
+ }
+ if ((f & USE_LIST) != 0) {
+ sb.append("USE_LIST,");
+ }
+ if ((f & LOCAL_OP) != 0) {
+ sb.append("LOCAL_OP,");
+ }
+ if ((f & CHECK_NOKEY) != 0) {
+ sb.append("CHECK_NOKEY,");
+ }
+ if ((f & USE_SUBREGION) != 0) {
+ sb.append("USE_SUBREGION,");
+ }
+ if ((f & NO_CREATE_SUBREGION) != 0) {
+ sb.append("NO_CREATE_SUBREGION,");
+ }
+ if ((f & USE_OLDCONN) != 0) {
+ sb.append("USE_OLDCONN,");
+ }
+ if ((f & USE_NOTAUTHZ) != 0) {
+ sb.append("USE_NOTAUTHZ");
+ }
+ if ((f & ENABLE_DRF) != 0) {
+ sb.append("ENABLE_DRF,");
+ }
+ if ((f & REGISTER_POLICY_NONE) != 0) {
+ sb.append("REGISTER_POLICY_NONE,");
+ }
+ sb.append("]");
+ return sb.toString();
+ }
+ }
+
+ /**
+ * This class encapsulates an {@link OperationCode} with associated flags, the
+ * client to perform the operation, and the number of operations to perform.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+ public static class OperationWithAction {
+
+ /**
+ * The operation to be performed.
+ */
+ private OperationCode opCode;
+
+ /**
+ * The operation for which authorized or unauthorized credentials have to be
+ * generated. This is the same as {@link #opCode} when not specified.
+ */
+ private OperationCode authzOpCode;
+
+ /**
+ * The client number on which the operation has to be performed.
+ */
+ private int clientNum;
+
+ /**
+ * Bitwise or'd {@link OpFlags} integer to change/specify the behaviour of
+ * the operations.
+ */
+ private int flags;
+
+ /**
+ * Indices of the keys array to be used for operations.
+ */
+ private int[] indices;
+
+ /**
+ * An index for the operation used for logging.
+ */
+ private int opNum;
+
+ /**
+ * Indicates end of an operation block which can be used for testing with
+ * failover
+ */
+ public static final OperationWithAction OPBLOCK_END = new OperationWithAction(
+ null, 4);
+
+ /**
+ * Indicates end of an operation block which should not be used for testing
+ * with failover
+ */
+ public static final OperationWithAction OPBLOCK_NO_FAILOVER = new OperationWithAction(
+ null, 5);
+
+ private void setIndices(int numOps) {
+
+ this.indices = new int[numOps];
+ for (int index = 0; index < numOps; ++index) {
+ this.indices[index] = index;
+ }
+ }
+
+ public OperationWithAction(OperationCode opCode) {
+
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = 1;
+ this.flags = OpFlags.NONE;
+ setIndices(4);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(OperationCode opCode, int clientNum) {
+
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = clientNum;
+ this.flags = OpFlags.NONE;
+ setIndices(4);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(OperationCode opCode, int clientNum, int flags,
+ int numOps) {
+
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ setIndices(numOps);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(OperationCode opCode,
+ OperationCode deniedOpCode, int clientNum, int flags, int numOps) {
+
+ this.opCode = opCode;
+ this.authzOpCode = deniedOpCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ setIndices(numOps);
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(OperationCode opCode, int clientNum, int flags,
+ int[] indices) {
+
+ this.opCode = opCode;
+ this.authzOpCode = opCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ this.indices = indices;
+ this.opNum = 0;
+ }
+
+ public OperationWithAction(OperationCode opCode,
+ OperationCode deniedOpCode, int clientNum, int flags, int[] indices) {
+
+ this.opCode = opCode;
+ this.authzOpCode = deniedOpCode;
+ this.clientNum = clientNum;
+ this.flags = flags;
+ this.indices = indices;
+ this.opNum = 0;
+ }
+
+ public OperationCode getOperationCode() {
+ return this.opCode;
+ }
+
+ public OperationCode getAuthzOperationCode() {
+ return this.authzOpCode;
+ }
+
+ public int getClientNum() {
+ return this.clientNum;
+ }
+
+ public int getFlags() {
+ return this.flags;
+ }
+
+ public int[] getIndices() {
+ return this.indices;
+ }
+
+ public int getOpNum() {
+ return this.opNum;
+ }
+
+ public void setOpNum(int opNum) {
+ this.opNum = opNum;
+ }
+
+ public String toString() {
+ return "opCode:" + this.opCode + ",authOpCode:" + this.authzOpCode
+ + ",clientNum:" + this.clientNum + ",flags:" + this.flags
+ + ",numOps:" + this.indices.length + ",indices:"
+ + indicesToString(this.indices);
+ }
+ }
+
+ /**
+ * Simple interface to generate credentials with authorization based on key
+ * indices also. This is utilized by the post-operation authorization tests
+ * where authorization is based on key indices.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+ public interface TestCredentialGenerator {
+
+ /**
+ * Get allowed credentials for the given set of operations in the given
+ * regions and indices of keys in the <code>keys</code> array
+ */
+ public Properties getAllowedCredentials(OperationCode[] opCodes,
+ String[] regionNames, int[] keyIndices, int num);
+
+ /**
+ * Get disallowed credentials for the given set of operations in the given
+ * regions and indices of keys in the <code>keys</code> array
+ */
+ public Properties getDisallowedCredentials(OperationCode[] opCodes,
+ String[] regionNames, int[] keyIndices, int num);
+
+ /**
+ * Get the {@link CredentialGenerator} if any.
+ */
+ public CredentialGenerator getCredentialGenerator();
+ }
+
+ /**
+ * Contains a {@link AuthzCredentialGenerator} and implements the
+ * {@link TestCredentialGenerator} interface.
+ *
+ * @author sumedh
+ * @since 5.5
+ */
+ protected static class TestAuthzCredentialGenerator implements
+ TestCredentialGenerator {
+
+ private AuthzCredentialGenerator authzGen;
+
+ public TestAuthzCredentialGenerator(AuthzCredentialGenerator authzGen) {
+ this.authzGen = authzGen;
+ }
+
+ public Properties getAllowedCredentials(OperationCode[] opCodes,
+ String[] regionNames, int[] keyIndices, int num) {
+
+ return this.authzGen.getAllowedCredentials(opCodes, regionNames, num);
+ }
+
+ public Properties getDisallowedCredentials(OperationCode[] opCodes,
+ String[] regionNames, int[] keyIndices, int num) {
+
+ return this.authzGen.getDisallowedCredentials(opCodes, regionNames, num);
+ }
+
+ public CredentialGenerator getCredentialGenerator() {
+
+ return authzGen.getCredentialGenerator();
+ }
+ }
+
+}