You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2016/07/19 16:51:58 UTC
incubator-geode git commit: GEODE-1571: Allow AuthInit to take either
a constructor or a static factory method
Repository: incubator-geode
Updated Branches:
refs/heads/develop 701909fd4 -> d37e08e69
GEODE-1571: Allow AuthInit to take either a constructor or a static factory method
* Allow AuthInit to take either a constructor or a static factory method
* add more javadoc
* simplify security check
* fix test failures
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/d37e08e6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/d37e08e6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/d37e08e6
Branch: refs/heads/develop
Commit: d37e08e69fe3b5920c98bd9198ad37a9edd17ed7
Parents: 701909f
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Mon Jul 18 11:48:44 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Tue Jul 19 09:50:27 2016 -0700
----------------------------------------------------------------------
.../membership/gms/auth/GMSAuthenticator.java | 24 ++--
.../cache/tier/sockets/AcceptorImpl.java | 4 +-
.../internal/cache/tier/sockets/HandShake.java | 26 ++---
.../internal/security/GeodeSecurityUtil.java | 117 +++++++++++++------
.../security/shiro/CustomAuthRealm.java | 6 +-
.../gemfire/security/AuthInitialize.java | 12 +-
.../apache/geode/security/GeodePermission.java | 21 ++++
.../apache/geode/security/PostProcessor.java | 2 +-
.../security/templates/SamplePostProcessor.java | 16 ++-
.../gms/auth/GMSAuthenticatorJUnitTest.java | 46 ++++----
.../security/GeodeSecurityUtilTest.java | 4 +-
.../security/ClientAuthenticationTestCase.java | 4 +-
.../gemfire/security/SecurityTestUtils.java | 9 ++
13 files changed, 191 insertions(+), 100 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index b82fdb1..f16a722 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -16,6 +16,14 @@
*/
package com.gemstone.gemfire.distributed.internal.membership.gms.auth;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*;
+
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.Properties;
+import java.util.Set;
+
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
@@ -26,19 +34,12 @@ import com.gemstone.gemfire.distributed.internal.membership.gms.interfaces.Authe
import com.gemstone.gemfire.internal.ClassLoadUtil;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.security.AuthInitialize;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.AuthenticationRequiredException;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import java.lang.reflect.Method;
-import java.security.Principal;
-import java.util.Properties;
-import java.util.Set;
-
-import static com.gemstone.gemfire.internal.i18n.LocalizedStrings.*;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
// static messages
public class GMSAuthenticator implements Authenticator {
@@ -195,12 +196,7 @@ public class GMSAuthenticator implements Authenticator {
try {
if (authMethod != null && authMethod.length() > 0) {
- Method getter = ClassLoadUtil.methodFromName(authMethod);
- AuthInitialize auth = (AuthInitialize)getter.invoke(null, (Object[]) null);
- if (auth == null) {
- throw new AuthenticationRequiredException(AUTH_FAILED_TO_ACQUIRE_AUTHINITIALIZE_INSTANCE.toLocalizedString(authMethod));
- }
-
+ AuthInitialize auth = GeodeSecurityUtil.getObjectOfType(authMethod, AuthInitialize.class);
try {
LogWriter logWriter = services.getLogWriter();
LogWriter securityLogWriter = services.getSecurityLogWriter();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
index e93faf8..43f90d5 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/AcceptorImpl.java
@@ -638,9 +638,9 @@ public class AcceptorImpl extends Acceptor implements Runnable
this.hsPool = tmp_hsPool;
}
- isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired(this.cache.getDistributedSystem().getSecurityProperties());
+ isAuthenticationRequired = GeodeSecurityUtil.isSecurityRequired();
- isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity(this.cache.getDistributedSystem().getSecurityProperties());
+ isIntegratedSecurity = GeodeSecurityUtil.isIntegratedSecurity();
String postAuthzFactoryName = this.cache.getDistributedSystem()
.getProperties().getProperty(SECURITY_CLIENT_ACCESSOR_PP);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
index a2951f5..2dcf8e7 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/cache/tier/sockets/HandShake.java
@@ -899,7 +899,7 @@ public class HandShake implements ClientHandShake
throws GemFireSecurityException, IOException {
Properties credentials = null;
- boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties());
+ boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
try {
byte secureMode = dis.readByte();
if (secureMode == CREDENTIALS_NONE) {
@@ -1161,7 +1161,7 @@ public class HandShake implements ClientHandShake
// non-blank setting for DH symmetric algo, or this is a server
// that has authenticator defined.
if ((dhSKAlgo != null && dhSKAlgo.length() > 0)
- || GeodeSecurityUtil.isSecurityRequired(config.getSecurityProps())) {
+ || GeodeSecurityUtil.isSecurityRequired()) {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
DHParameterSpec dhSpec = new DHParameterSpec(dhP, dhG, dhL);
keyGen.initialize(dhSpec);
@@ -1599,19 +1599,13 @@ public class HandShake implements ClientHandShake
Properties credentials = null;
try {
if (authInitMethod != null && authInitMethod.length() > 0) {
- Method instanceGetter = ClassLoadUtil.methodFromName(authInitMethod);
- AuthInitialize auth = (AuthInitialize)instanceGetter.invoke(null,
- (Object[])null);
- if (auth != null) {
- auth.init(logWriter,
- securityLogWriter);
- try {
- credentials = auth.getCredentials(securityProperties, server,
- isPeer);
- }
- finally {
- auth.close();
- }
+ AuthInitialize auth = GeodeSecurityUtil.getObjectOfType(authInitMethod, AuthInitialize.class);
+ auth.init(logWriter, securityLogWriter);
+ try {
+ credentials = auth.getCredentials(securityProperties, server, isPeer);
+ }
+ finally {
+ auth.close();
}
}
}
@@ -1638,7 +1632,7 @@ public class HandShake implements ClientHandShake
DataOutputStream dos, DistributedSystem system)
throws GemFireSecurityException, IOException {
- boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired(system.getSecurityProperties());
+ boolean requireAuthentication = GeodeSecurityUtil.isSecurityRequired();
Properties credentials = null;
try {
byte secureMode = dis.readByte();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
index 8707a78..d439b19 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtil.java
@@ -19,6 +19,7 @@ package com.gemstone.gemfire.internal.security;
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.util.Properties;
@@ -26,10 +27,14 @@ import java.util.Set;
import java.util.concurrent.Callable;
import org.apache.commons.lang.StringUtils;
+import org.apache.geode.security.GeodePermission;
+import org.apache.geode.security.GeodePermission.Operation;
+import org.apache.geode.security.GeodePermission.Resource;
+import org.apache.geode.security.PostProcessor;
+import org.apache.geode.security.SecurityManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.ShiroException;
-import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.config.Ini.Section;
import org.apache.shiro.config.IniSecurityManagerFactory;
@@ -47,12 +52,7 @@ import com.gemstone.gemfire.internal.security.shiro.ShiroPrincipal;
import com.gemstone.gemfire.management.internal.security.ResourceOperation;
import com.gemstone.gemfire.security.AuthenticationFailedException;
import com.gemstone.gemfire.security.GemFireSecurityException;
-import org.apache.geode.security.GeodePermission;
-import org.apache.geode.security.GeodePermission.Operation;
-import org.apache.geode.security.GeodePermission.Resource;
import com.gemstone.gemfire.security.NotAuthorizedException;
-import org.apache.geode.security.PostProcessor;
-import org.apache.geode.security.SecurityManager;
public class GeodeSecurityUtil {
@@ -65,7 +65,7 @@ public class GeodeSecurityUtil {
* @return the shiro subject, null if security is not enabled
*/
public static Subject getSubject() {
- if (!isSecured()) {
+ if (!isIntegratedSecure) {
return null;
}
@@ -102,7 +102,7 @@ public class GeodeSecurityUtil {
* @return null if security is not enabled, otherwise return a shiro subject
*/
public static Subject login(String username, String password) {
- if (!isSecured()) {
+ if (!isIntegratedSecure) {
return null;
}
@@ -269,18 +269,10 @@ public class GeodeSecurityUtil {
}
}
- private static boolean isSecured() {
- try {
- SecurityUtils.getSecurityManager();
- }
- catch (UnavailableSecurityManagerException e) {
- return false;
- }
- return true;
- }
-
private static PostProcessor postProcessor;
private static SecurityManager securityManager;
+ private static boolean isSecure;
+ private static boolean isIntegratedSecure;
/**
* initialize Shiro's Security Manager and Security Utilities
@@ -293,6 +285,7 @@ public class GeodeSecurityUtil {
String shiroConfig = securityProps.getProperty(SECURITY_SHIRO_INIT);
String securityConfig = securityProps.getProperty(SECURITY_MANAGER);
+ String clientAuthenticatorConfig = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
if (!StringUtils.isBlank(shiroConfig)) {
IniSecurityManagerFactory factory = new IniSecurityManagerFactory("classpath:" + shiroConfig);
@@ -306,24 +299,33 @@ public class GeodeSecurityUtil {
org.apache.shiro.mgt.SecurityManager securityManager = factory.getInstance();
SecurityUtils.setSecurityManager(securityManager);
+ isSecure = true;
+ isIntegratedSecure = true;
}
-
// only set up shiro realm if user has implemented SecurityManager
else if (!StringUtils.isBlank(securityConfig)) {
- securityManager = getObjectOfType(securityConfig, SecurityManager.class);
+ securityManager = getObjectOfTypeFromClassName(securityConfig, SecurityManager.class);
securityManager.init(securityProps);
Realm realm = new CustomAuthRealm(securityManager);
org.apache.shiro.mgt.SecurityManager shiroManager = new DefaultSecurityManager(realm);
SecurityUtils.setSecurityManager(shiroManager);
+ isSecure = true;
+ isIntegratedSecure = true;
+ }
+ else if( !StringUtils.isBlank(clientAuthenticatorConfig)) {
+ isSecure = true;
+ isIntegratedSecure = false;
}
else {
SecurityUtils.setSecurityManager(null);
+ isSecure = false;
+ isIntegratedSecure = false;
}
// this initializes the post processor
String customPostProcessor = securityProps.getProperty(SECURITY_POST_PROCESSOR);
if( !StringUtils.isBlank(customPostProcessor)) {
- postProcessor = getObjectOfType(customPostProcessor, PostProcessor.class);
+ postProcessor = getObjectOfTypeFromClassName(customPostProcessor, PostProcessor.class);
postProcessor.init(securityProps);
}
else{
@@ -342,6 +344,8 @@ public class GeodeSecurityUtil {
postProcessor = null;
}
ThreadContext.remove();
+ isSecure = false;
+ isIntegratedSecure = false;
}
/**
@@ -349,8 +353,7 @@ public class GeodeSecurityUtil {
* But if your postProcess is pretty involved with preparations and you need to bypass it entirely, call this first.
*/
public static boolean needPostProcess(){
- Subject subject = getSubject();
- return (subject != null && postProcessor != null);
+ return (isIntegratedSecure && postProcessor != null);
}
public static Object postProcess(String regionPath, Object key, Object result){
@@ -367,42 +370,88 @@ public class GeodeSecurityUtil {
}
- public static <T> T getObjectOfType(String className, Class<T> expectedClazz) {
+ /**
+ * this method would never return null, it either throws an exception or returns an object
+ * @param className
+ * @param expectedClazz
+ * @param <T>
+ * @return
+ */
+ public static <T> T getObjectOfTypeFromClassName(String className, Class<T> expectedClazz) {
Class actualClass = null;
try {
actualClass = ClassLoadUtil.classFromName(className);
}
catch (Exception ex) {
- throw new GemFireSecurityException(ex.toString(), ex);
+ throw new GemFireSecurityException("Instance could not be obtained, "+ex.toString(), ex);
}
if(!expectedClazz.isAssignableFrom(actualClass)){
- throw new GemFireSecurityException("Expecting a "+expectedClazz.getName()+" class.");
+ throw new GemFireSecurityException("Instance could not be obtained. Expecting a "+expectedClazz.getName()+" class.");
}
T actualObject = null;
try {
actualObject = (T)actualClass.newInstance();
} catch (Exception e) {
- throw new GemFireSecurityException("Error instantiating "+actualClass.getName(), e);
+ throw new GemFireSecurityException("Instance could not be obtained. Error instantiating "+actualClass.getName(), e);
}
return actualObject;
}
+ /**
+ * this method would never return null, it either throws an exception or returns an object
+ * @param factoryMethodName
+ * @param expectedClazz
+ * @param <T>
+ * @return
+ */
+ public static <T> T getObjectOfTypeFromFactoryMethod(String factoryMethodName, Class<T> expectedClazz){
+ T actualObject = null;
+ try {
+ Method factoryMethod = ClassLoadUtil.methodFromName(factoryMethodName);
+ actualObject = (T)factoryMethod.invoke(null, (Object[])null);
+ } catch (Exception e) {
+ throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName, e);
+ }
+
+ if(actualObject == null){
+ throw new GemFireSecurityException("Instance could not be obtained from "+factoryMethodName);
+ }
+
+ return actualObject;
+ }
+
+ /**
+ * this method would never return null, it either throws an exception or returns an object
+ * @param classOrMethod
+ * @param expectedClazz
+ * @param <T>
+ * @return an object of type expectedClazz. This method would never return null. It either returns an non-null
+ * object or throws exception.
+ */
+ public static <T> T getObjectOfType(String classOrMethod, Class<T> expectedClazz) {
+ T object = null;
+ try{
+ object = getObjectOfTypeFromClassName(classOrMethod, expectedClazz);
+ }
+ catch (Exception e){
+ object = getObjectOfTypeFromFactoryMethod(classOrMethod, expectedClazz);
+ }
+ return object;
+ }
+
public static SecurityManager getSecurityManager(){
return securityManager;
}
- public static boolean isSecurityRequired(Properties securityProps){
- String authenticator = securityProps.getProperty(SECURITY_CLIENT_AUTHENTICATOR);
- String securityManager = securityProps.getProperty(SECURITY_MANAGER);
- return !StringUtils.isEmpty(authenticator) || !StringUtils.isEmpty(securityManager);
+ public static boolean isSecurityRequired(){
+ return isSecure;
}
- public static boolean isIntegratedSecurity(Properties securityProps){
- String securityManager = securityProps.getProperty(SECURITY_MANAGER);
- return !StringUtils.isEmpty(securityManager);
+ public static boolean isIntegratedSecurity(){
+ return isIntegratedSecure;
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
index 3d6275b..db07fe0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/security/shiro/CustomAuthRealm.java
@@ -19,6 +19,8 @@ package com.gemstone.gemfire.internal.security.shiro;
import java.security.Principal;
import java.util.Properties;
+import org.apache.geode.security.GeodePermission;
+import org.apache.geode.security.SecurityManager;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
@@ -31,8 +33,6 @@ import org.apache.shiro.subject.PrincipalCollection;
import com.gemstone.gemfire.internal.security.GeodeSecurityUtil;
import com.gemstone.gemfire.management.internal.security.ResourceConstants;
-import org.apache.geode.security.SecurityManager;
-import org.apache.geode.security.GeodePermission;
public class CustomAuthRealm extends AuthorizingRealm{
@@ -45,7 +45,7 @@ public class CustomAuthRealm extends AuthorizingRealm{
}
public CustomAuthRealm (String authenticatorFactory) {
- this.securityManager = GeodeSecurityUtil.getObjectOfType(authenticatorFactory, SecurityManager.class);
+ this.securityManager = GeodeSecurityUtil.getObjectOfTypeFromClassName(authenticatorFactory, SecurityManager.class);
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
index 400c665..e92772b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
@@ -23,6 +23,7 @@ import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.cache.CacheCallback;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
// TODO Add example usage of this interface and configuration details
/**
@@ -49,11 +50,21 @@ public interface AuthInitialize extends CacheCallback {
*
* @throws AuthenticationFailedException
* if some exception occurs during the initialization
+ *
+ * @deprecated since Geode 1.0, use init()
*/
public void init(LogWriter systemLogger, LogWriter securityLogger)
throws AuthenticationFailedException;
/**
+ * @since Geode 1.0. implement this method instead of init with logwriters.
+ * Implementation should use log4j instead of these loggers.
+ */
+ default public void init(){
+ GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
+ init(cache.getLogger(), cache.getSecurityLogger());
+ }
+ /**
* Initialize with the given set of security properties and return the
* credentials for the peer/client as properties.
*
@@ -83,5 +94,4 @@ public interface AuthInitialize extends CacheCallback {
public Properties getCredentials(Properties securityProps,
DistributedMember server, boolean isPeer)
throws AuthenticationFailedException;
-
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
index 866b14e..0a777a8 100644
--- a/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
+++ b/geode-core/src/main/java/org/apache/geode/security/GeodePermission.java
@@ -19,6 +19,11 @@ package org.apache.geode.security;
import org.apache.shiro.authz.permission.WildcardPermission;
+/**
+ * GeodePermission defines the resource, the operation, the region and the key involved in the action to be authorized.
+ *
+ * It is passed to the SecurityManager for the implementation to decide whether to grant a user this permission or not.
+ */
public class GeodePermission extends WildcardPermission {
public static String ALL_REGIONS = "*";
@@ -37,18 +42,34 @@ public class GeodePermission extends WildcardPermission {
READ
}
+ /**
+ * Returns the resource, could be either DATA or CLUSTER
+ * @return
+ */
public Resource getResource() {
return resource;
}
+ /**
+ * Returns the operation, could be either MANAGE, WRITE or READ
+ * @return
+ */
public Operation getOperation() {
return operation;
}
+ /**
+ * returns the regionName, could be "*", meaning all regions
+ * @return
+ */
public String getRegionName() {
return regionName;
}
+ /**
+ * returns the key, could be "*" meaning all keys.
+ * @return
+ */
public String getKey() {
return key;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
index 0f13b47..1a0e5de 100644
--- a/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/PostProcessor.java
@@ -44,7 +44,7 @@ public interface PostProcessor {
* @param key
* the key of the value that's been accessed. This could be null.
* @param value
- * the value, this could be null.
+ * the original value. The orginal value could be null as well.
* @return
* the value that will be returned to the requester
*/
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
index 7e078da..8f61db7 100644
--- a/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
+++ b/geode-core/src/main/java/org/apache/geode/security/templates/SamplePostProcessor.java
@@ -22,14 +22,28 @@ import java.util.Properties;
import org.apache.geode.security.PostProcessor;
+/**
+ * This is example that implements PostProcessor
+ */
public class SamplePostProcessor implements PostProcessor{
- public static String MASK = "****";
@Override
public void init(final Properties securityProps) {
}
+ /**
+ * this simply modifies the value with all the parameter values
+ * @param principal
+ * The principal that's accessing the value
+ * @param regionName
+ * The region that's been accessed. This could be null.
+ * @param key
+ * the key of the value that's been accessed. This could be null.
+ * @param value
+ * the value, this could be null.
+ * @return
+ */
@Override
public Object processRegionValue(Principal principal,
String regionName,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
index 78f752a..d52b261 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/auth/GMSAuthenticatorJUnitTest.java
@@ -16,6 +16,19 @@
*/
package com.gemstone.gemfire.distributed.internal.membership.gms.auth;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.*;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
+import org.junit.experimental.categories.Category;
+
import com.gemstone.gemfire.LogWriter;
import com.gemstone.gemfire.distributed.DistributedMember;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
@@ -27,19 +40,6 @@ import com.gemstone.gemfire.security.Authenticator;
import com.gemstone.gemfire.security.GemFireSecurityException;
import com.gemstone.gemfire.test.junit.categories.SecurityTest;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.contrib.java.lang.system.RestoreSystemProperties;
-import org.junit.experimental.categories.Category;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import static org.junit.Assert.*;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
@Category({ UnitTest.class, SecurityTest.class })
public class GMSAuthenticatorJUnitTest {
@@ -108,13 +108,13 @@ public class GMSAuthenticatorJUnitTest {
@Test
public void testGetCredentialWithNotExistAuth() throws Exception {
props.setProperty(SECURITY_PEER_AUTH_INIT, prefix + "NotExistAuth.create");
- verifyNegativeGetCredential(props, "Failed to acquire AuthInitialize method");
+ verifyNegativeGetCredential(props, "Instance could not be obtained");
}
@Test
public void testGetCredentialWithNullAuth() throws Exception {
props.setProperty(SECURITY_PEER_AUTH_INIT, prefix + "TestAuthInit1.create");
- verifyNegativeGetCredential(props, "AuthInitialize instance could not be obtained");
+ verifyNegativeGetCredential(props, "Instance could not be obtained");
}
@Test
@@ -198,7 +198,7 @@ public class GMSAuthenticatorJUnitTest {
assertTrue(result, result.startsWith(expectedError));
}
- private static class TestAuthInit1 implements AuthInitialize {
+ public static class TestAuthInit1 implements AuthInitialize {
public static AuthInitialize create() {
return null;
}
@@ -214,7 +214,7 @@ public class GMSAuthenticatorJUnitTest {
}
}
- private static class TestAuthInit2 extends TestAuthInit1 {
+ public static class TestAuthInit2 extends TestAuthInit1 {
private static TestAuthInit2 instance = null;
private static int createCount = 0;
@@ -245,7 +245,7 @@ public class GMSAuthenticatorJUnitTest {
}
// used by reflection by test
- private static class TestAuthInit3 extends TestAuthInit1 {
+ public static class TestAuthInit3 extends TestAuthInit1 {
public static AuthInitialize create() {
return new TestAuthInit3();
}
@@ -255,13 +255,13 @@ public class GMSAuthenticatorJUnitTest {
}
}
- private static class TestAuthInit4 extends TestAuthInit1 {
+ public static class TestAuthInit4 extends TestAuthInit1 {
public static AuthInitialize create() {
return new TestAuthInit4();
}
}
- private static class TestAuthenticator1 implements Authenticator {
+ public static class TestAuthenticator1 implements Authenticator {
public static Authenticator create() {
return null;
}
@@ -277,7 +277,7 @@ public class GMSAuthenticatorJUnitTest {
}
}
- private static class TestAuthenticator2 extends TestAuthenticator1 {
+ public static class TestAuthenticator2 extends TestAuthenticator1 {
public static Authenticator create() {
return new TestAuthenticator2();
}
@@ -287,7 +287,7 @@ public class GMSAuthenticatorJUnitTest {
}
}
- private static class TestAuthenticator3 extends TestAuthenticator1 {
+ public static class TestAuthenticator3 extends TestAuthenticator1 {
public static Authenticator create() {
return new TestAuthenticator3();
}
@@ -297,7 +297,7 @@ public class GMSAuthenticatorJUnitTest {
}
}
- private static class TestAuthenticator4 extends TestAuthenticator1 {
+ public static class TestAuthenticator4 extends TestAuthenticator1 {
private static Authenticator instance = null;
private static int createCount = 0;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
index 5e19a97..a26f06a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/security/GeodeSecurityUtilTest.java
@@ -18,9 +18,8 @@ package com.gemstone.gemfire.internal.security;
import static org.assertj.core.api.Java6Assertions.*;
-import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.*;
-import org.junit.Ignore;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -49,7 +48,6 @@ public class GeodeSecurityUtilTest {
}
@Test
- @Ignore
public void testGetObjectFromFactoryMethod(){
String string = GeodeSecurityUtil.getObjectOfType(Factories.class.getName()+".getString", String.class);
assertNotNull(string);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
index f51431a..d7c75c7 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java
@@ -221,7 +221,7 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest
Properties credentials = gen.getValidCredentials(1);
getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps);
- client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, AUTHREQ_EXCEPTION));
+ client1.invoke(() -> createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, false, multiUser, true, SECURITY_EXCEPTION));
}
protected void doTestNoAuthInitWithCredentials(final boolean multiUser) throws Exception {
@@ -477,7 +477,7 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest
// Now try to connect client2 with invalid auth-init method
// Trying to create the region on client with valid credentials should
// throw a security exception
- client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION));
+ client2.invoke(() -> createCacheClient("com.gemstone.none", credentials1, javaProps1, port1, port2, zeroConns, multiUser, SECURITY_EXCEPTION));
// Try connection with null auth-init on clients.
// Skip this test for a scheme which does not have an authInit in the
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d37e08e6/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
index 5ff0344..b74b054 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/SecurityTestUtils.java
@@ -103,6 +103,7 @@ public final class SecurityTestUtils {
protected static final int NOTAUTHZ_EXCEPTION = 4;
protected static final int OTHER_EXCEPTION = 5;
protected static final int NO_AVAILABLE_SERVERS = 6;
+ protected static final int SECURITY_EXCEPTION = 7;
// Indicates that AuthReqException may not necessarily be thrown
protected static final int NOFORCE_AUTHREQ_EXCEPTION = 16;
@@ -468,6 +469,14 @@ public final class SecurityTestUtils {
}
}
+ catch (GemFireSecurityException ex){
+ if(expectedResult == SECURITY_EXCEPTION){
+ getLogWriter().info("Got expected exception when starting client: " + ex);
+ }
+ else {
+ fail("Got unexpected exception when starting client", ex);
+ }
+ }
catch (Exception ex) {
fail("Got unexpected exception when starting client", ex);
}