You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2017/09/11 19:53:32 UTC
[geode] branch develop updated: GEODE-2817: consolidate
authorize(*) methods
This is an automated email from the ASF dual-hosted git repository.
jinmeiliao pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push:
new e00673b GEODE-2817: consolidate authorize(*) methods
e00673b is described below
commit e00673b254a118851fa5c6aa17a741ace52223b2
Author: Jinmei Liao <ji...@pivotal.io>
AuthorDate: Thu Sep 7 10:57:33 2017 -0700
GEODE-2817: consolidate authorize(*) methods
---
.../org/apache/geode/cache/execute/Function.java | 5 --
.../geode/cache/execute/FunctionContext.java | 2 -
.../membership/gms/auth/GMSAuthenticator.java | 11 ++-
.../cache/tier/sockets/BaseCommandQuery.java | 16 ++--
.../cache/tier/sockets/command/ClearRegion.java | 4 +-
.../cache/tier/sockets/command/ContainsKey.java | 4 +-
.../cache/tier/sockets/command/ContainsKey66.java | 4 +-
.../cache/tier/sockets/command/CreateRegion.java | 4 +-
.../cache/tier/sockets/command/Destroy.java | 4 +-
.../cache/tier/sockets/command/Destroy65.java | 5 +-
.../cache/tier/sockets/command/DestroyRegion.java | 4 +-
.../tier/sockets/command/ExecuteFunction.java | 4 +-
.../tier/sockets/command/ExecuteFunction65.java | 4 +-
.../tier/sockets/command/ExecuteFunction66.java | 4 +-
.../sockets/command/ExecuteRegionFunction.java | 4 +-
.../sockets/command/ExecuteRegionFunction65.java | 4 +-
.../sockets/command/ExecuteRegionFunction66.java | 4 +-
.../command/ExecuteRegionFunctionSingleHop.java | 4 +-
.../internal/cache/tier/sockets/command/Get70.java | 4 +-
.../cache/tier/sockets/command/GetAll.java | 4 +-
.../cache/tier/sockets/command/GetAll651.java | 4 +-
.../cache/tier/sockets/command/GetAll70.java | 4 +-
.../tier/sockets/command/GetAllWithCallback.java | 4 +-
.../cache/tier/sockets/command/Invalidate.java | 4 +-
.../cache/tier/sockets/command/KeySet.java | 4 +-
.../internal/cache/tier/sockets/command/Put.java | 4 +-
.../internal/cache/tier/sockets/command/Put61.java | 4 +-
.../internal/cache/tier/sockets/command/Put65.java | 5 +-
.../cache/tier/sockets/command/PutAll.java | 4 +-
.../cache/tier/sockets/command/PutAll70.java | 4 +-
.../cache/tier/sockets/command/PutAll80.java | 4 +-
.../tier/sockets/command/RegisterInterest.java | 6 +-
.../tier/sockets/command/RegisterInterest61.java | 6 +-
.../tier/sockets/command/RegisterInterestList.java | 12 +--
.../sockets/command/RegisterInterestList61.java | 12 +--
.../sockets/command/RegisterInterestList66.java | 10 ++-
.../cache/tier/sockets/command/RemoveAll.java | 4 +-
.../cache/tier/sockets/command/Request.java | 6 +-
.../internal/cache/tier/sockets/command/Size.java | 4 +-
.../tier/sockets/command/UnregisterInterest.java | 6 +-
.../sockets/command/UnregisterInterestList.java | 4 +-
.../security/IntegratedSecurityService.java | 89 ++--------------------
.../geode/internal/security/SecurityService.java | 36 +--------
.../internal/cli/commands/AlterRegionCommand.java | 4 +-
.../internal/cli/commands/ExportDataCommand.java | 4 +-
.../internal/cli/commands/GetCommand.java | 4 +-
.../internal/cli/commands/ImportDataCommand.java | 4 +-
.../internal/cli/commands/LocateEntryCommand.java | 4 +-
.../internal/cli/commands/PutCommand.java | 4 +-
.../internal/cli/commands/QueryCommand.java | 4 +-
.../internal/cli/commands/RemoveCommand.java | 6 +-
.../tier/sockets/command/ContainsKey66Test.java | 16 ++--
.../tier/sockets/command/ContainsKeyTest.java | 17 +++--
.../tier/sockets/command/CreateRegionTest.java | 14 +++-
.../cache/tier/sockets/command/Destroy65Test.java | 17 +++--
.../tier/sockets/command/DestroyRegionTest.java | 14 +++-
.../cache/tier/sockets/command/DestroyTest.java | 15 ++--
.../sockets/command/ExecuteFunction65Test.java | 19 +++--
.../sockets/command/ExecuteFunction66Test.java | 19 +++--
.../tier/sockets/command/ExecuteFunctionTest.java | 26 ++++---
.../cache/tier/sockets/command/Get70Test.java | 17 +++--
.../cache/tier/sockets/command/GetAll651Test.java | 19 +++--
.../cache/tier/sockets/command/GetAll70Test.java | 19 +++--
.../cache/tier/sockets/command/GetAllTest.java | 23 ++++--
.../sockets/command/GetAllWithCallbackTest.java | 19 +++--
.../cache/tier/sockets/command/InvalidateTest.java | 17 +++--
.../cache/tier/sockets/command/KeySetTest.java | 17 +++--
.../cache/tier/sockets/command/Put61Test.java | 25 +++---
.../cache/tier/sockets/command/Put65Test.java | 25 +++---
.../cache/tier/sockets/command/PutTest.java | 25 +++---
.../sockets/command/RegisterInterest61Test.java | 20 +++--
.../command/RegisterInterestList61Test.java | 17 +++--
.../command/RegisterInterestList66Test.java | 19 +++--
.../sockets/command/RegisterInterestListTest.java | 17 +++--
.../tier/sockets/command/RegisterInterestTest.java | 17 +++--
.../cache/tier/sockets/command/RemoveAllTest.java | 17 +++--
.../cache/tier/sockets/command/RequestTest.java | 19 +++--
.../sockets/command/UnregisterInterestTest.java | 15 ++--
.../cache/tier/sockets/command/GetCQStats.java | 8 +-
.../cache/tier/sockets/command/GetDurableCQs.java | 4 +-
.../cache/tier/sockets/command/MonitorCQ.java | 8 +-
.../lucene/internal/cli/LuceneIndexCommands.java | 2 +-
82 files changed, 522 insertions(+), 377 deletions(-)
diff --git a/geode-core/src/main/java/org/apache/geode/cache/execute/Function.java b/geode-core/src/main/java/org/apache/geode/cache/execute/Function.java
index 25ba4e3..49ed076 100755
--- a/geode-core/src/main/java/org/apache/geode/cache/execute/Function.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/execute/Function.java
@@ -28,11 +28,6 @@ import org.apache.geode.lang.Identifiable;
* return a non-null identifier and register your function using
* {@link FunctionService#registerFunction(Function)} or the cache.xml <code>function</code>
* element.
- *
- * @see FunctionAdapter
- * @see FunctionService
- *
- * @param T type of FunctionContext's arguments of this Function
*
* @since GemFire 6.0
*/
diff --git a/geode-core/src/main/java/org/apache/geode/cache/execute/FunctionContext.java b/geode-core/src/main/java/org/apache/geode/cache/execute/FunctionContext.java
index 0b4e7f9..7901620 100755
--- a/geode-core/src/main/java/org/apache/geode/cache/execute/FunctionContext.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/execute/FunctionContext.java
@@ -26,8 +26,6 @@ import org.apache.geode.cache.Cache;
* <p>
* This interface is implemented by GemFire. Instances of it will be passed in to
* {@link Function#execute(FunctionContext)}.
- *
- * @param T1 object type of Arguments
*
* @since GemFire 6.0
*
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
index f895b96..c15cb5e 100755
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/membership/gms/auth/GMSAuthenticator.java
@@ -21,7 +21,11 @@ import static org.apache.geode.internal.i18n.LocalizedStrings.AUTH_PEER_AUTHENTI
import static org.apache.geode.internal.i18n.LocalizedStrings.AUTH_PEER_AUTHENTICATION_MISSING_CREDENTIALS;
import static org.apache.geode.internal.i18n.LocalizedStrings.HandShake_FAILED_TO_ACQUIRE_AUTHENTICATOR_OBJECT;
+import java.security.Principal;
+import java.util.Properties;
+
import org.apache.commons.lang.StringUtils;
+
import org.apache.geode.LogWriter;
import org.apache.geode.distributed.DistributedMember;
import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
@@ -35,9 +39,8 @@ import org.apache.geode.internal.security.CallbackInstantiator;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.AuthenticationFailedException;
import org.apache.geode.security.GemFireSecurityException;
-
-import java.security.Principal;
-import java.util.Properties;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GMSAuthenticator implements Authenticator {
@@ -121,7 +124,7 @@ public class GMSAuthenticator implements Authenticator {
try {
if (securityService.isIntegratedSecurity()) {
securityService.login(credentials);
- securityService.authorizeClusterManage();
+ securityService.authorize(Resource.CLUSTER, Operation.MANAGE);
} else {
invokeAuthenticator(secProps, member, credentials);
}
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
index 184aa36..a162e75 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/BaseCommandQuery.java
@@ -14,6 +14,12 @@
*/
package org.apache.geode.internal.cache.tier.sockets;
+import java.io.IOException;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
import org.apache.geode.cache.RegionDestroyedException;
import org.apache.geode.cache.operations.QueryOperationContext;
import org.apache.geode.cache.query.Query;
@@ -37,12 +43,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
-
-import java.io.IOException;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public abstract class BaseCommandQuery extends BaseCommand {
@@ -87,7 +89,7 @@ public abstract class BaseCommandQuery extends BaseCommand {
try {
// integrated security
for (Object regionName : regionNames) {
- securityService.authorizeRegionRead(regionName.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName.toString());
}
// Execute query
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ClearRegion.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ClearRegion.java
index 610af43..0989226 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ClearRegion.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ClearRegion.java
@@ -36,6 +36,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class ClearRegion extends BaseCommand {
@@ -116,7 +118,7 @@ public class ClearRegion extends BaseCommand {
try {
// Clear the region
- securityService.authorizeRegionWrite(regionName);
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey.java
index d7a1b2b..fed613b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey.java
@@ -30,6 +30,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class ContainsKey extends BaseCommand {
@@ -116,7 +118,7 @@ public class ContainsKey extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66.java
index 03e798c..a953fef 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66.java
@@ -32,6 +32,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class ContainsKey66 extends BaseCommand {
@@ -118,7 +120,7 @@ public class ContainsKey66 extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegion.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegion.java
index 2be4724..de6eda6 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegion.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegion.java
@@ -29,6 +29,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class CreateRegion extends BaseCommand {
@@ -98,7 +100,7 @@ public class CreateRegion extends BaseCommand {
}
try {
- securityService.authorizeDataManage();
+ securityService.authorize(Resource.DATA, Operation.MANAGE);
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy.java
index cdbab80..dac60ed 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy.java
@@ -39,6 +39,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Destroy extends BaseCommand {
@@ -137,7 +139,7 @@ public class Destroy extends BaseCommand {
try {
// for integrated security
- securityService.authorizeRegionWrite(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65.java
index c8b794a..b7e5438 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65.java
@@ -45,6 +45,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.util.Breadcrumbs;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Destroy65 extends BaseCommand {
@@ -225,7 +227,8 @@ public class Destroy65 extends BaseCommand {
try {
// for integrated security
- securityService.authorizeRegionWrite(regionName, key.toString());
+ securityService.authorize(Resource.DATA, ResourcePermission.Operation.WRITE, regionName,
+ key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegion.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegion.java
index baa2f3f..e96885d 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegion.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegion.java
@@ -34,6 +34,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class DestroyRegion extends BaseCommand {
@@ -126,7 +128,7 @@ public class DestroyRegion extends BaseCommand {
try {
// user needs to have data:manage on all regions in order to destory a particular region
- securityService.authorizeDataManage();
+ securityService.authorize(Resource.DATA, Operation.MANAGE);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction.java
index 08f0264..d202610 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction.java
@@ -48,6 +48,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* This is the base command which read the parts for the MessageType.EXECUTE_FUNCTION.<br>
@@ -121,7 +123,7 @@ public class ExecuteFunction extends BaseCommand {
FunctionStats stats = FunctionStats.getFunctionStats(functionObject.getId());
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65.java
index 53db561..d1d5358 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65.java
@@ -49,6 +49,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.5
@@ -151,7 +153,7 @@ public class ExecuteFunction65 extends BaseCommand {
FunctionStats stats = FunctionStats.getFunctionStats(functionObject.getId());
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66.java
index a3b061f..89d76da 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66.java
@@ -61,6 +61,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.6
@@ -192,7 +194,7 @@ public class ExecuteFunction66 extends BaseCommand {
FunctionStats stats = FunctionStats.getFunctionStats(functionObject.getId());
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction.java
index 73eff40..38dff13 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction.java
@@ -44,6 +44,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* This is the base command which reads the parts for the MessageType.EXECUTE_REGION_FUNCTION and
@@ -156,7 +158,7 @@ public class ExecuteRegionFunction extends BaseCommand {
functionObject = (Function) function;
}
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction65.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction65.java
index 47684aa..de8ee8f 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction65.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction65.java
@@ -46,6 +46,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.5
@@ -190,7 +192,7 @@ public class ExecuteRegionFunction65 extends BaseCommand {
functionObject = (Function) function;
}
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction66.java
index 26d5d3f..2619cf6 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction66.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunction66.java
@@ -50,6 +50,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.6
@@ -209,7 +211,7 @@ public class ExecuteRegionFunction66 extends BaseCommand {
functionObject = (Function) function;
}
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunctionSingleHop.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunctionSingleHop.java
index 8c3bb38..f866822 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunctionSingleHop.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteRegionFunctionSingleHop.java
@@ -47,6 +47,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.5
@@ -209,7 +211,7 @@ public class ExecuteRegionFunctionSingleHop extends BaseCommand {
functionObject = (Function) function;
}
- securityService.authorizeDataWrite();
+ securityService.authorize(Resource.DATA, Operation.WRITE);
// check if the caller is authorized to do this operation on server
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Get70.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Get70.java
index 62644eb..6b5c6e5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Get70.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Get70.java
@@ -45,6 +45,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Get70 extends BaseCommand {
@@ -132,7 +134,7 @@ public class Get70 extends BaseCommand {
GetOperationContext getContext = null;
try {
// for integrated security
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll.java
index e214ce1..c32986d 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll.java
@@ -35,6 +35,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GetAll extends BaseCommand {
@@ -185,7 +187,7 @@ public class GetAll extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(
LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1,
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651.java
index aacfc6d..3ba2917 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651.java
@@ -35,6 +35,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GetAll651 extends BaseCommand {
@@ -184,7 +186,7 @@ public class GetAll651 extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(
LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1,
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70.java
index 0449447..304b787 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70.java
@@ -41,6 +41,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GetAll70 extends BaseCommand {
@@ -210,7 +212,7 @@ public class GetAll70 extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(
LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1,
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallback.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallback.java
index 9f970a5..6299cb6 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallback.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallback.java
@@ -41,6 +41,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* Initial version copied from GetAll70.java r48777.
@@ -191,7 +193,7 @@ public class GetAllWithCallback extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
} catch (NotAuthorizedException ex) {
logger.warn(LocalizedMessage.create(
LocalizedStrings.GetAll_0_CAUGHT_THE_FOLLOWING_EXCEPTION_ATTEMPTING_TO_GET_VALUE_FOR_KEY_1,
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Invalidate.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Invalidate.java
index 3952b0f..0624e5e 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Invalidate.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Invalidate.java
@@ -39,6 +39,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.util.Breadcrumbs;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Invalidate extends BaseCommand {
@@ -135,7 +137,7 @@ public class Invalidate extends BaseCommand {
try {
// for integrated security
- securityService.authorizeRegionWrite(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/KeySet.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/KeySet.java
index 202d91f..cc4fcb5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/KeySet.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/KeySet.java
@@ -39,6 +39,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class KeySet extends BaseCommand {
@@ -94,7 +96,7 @@ public class KeySet extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
} catch (NotAuthorizedException ex) {
writeChunkedException(clientMessage, ex, serverConnection);
serverConnection.setAsTrue(RESPONDED);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put.java
index 27f8cc5..fa049f6 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put.java
@@ -39,6 +39,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Put extends BaseCommand {
@@ -150,7 +152,7 @@ public class Put extends BaseCommand {
byte[] value = valuePart.getSerializedForm();
boolean isObject = valuePart.isObject();
- securityService.authorizeRegionWrite(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put61.java
index 60870d7..bfda2bd 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put61.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put61.java
@@ -40,6 +40,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.1
@@ -173,7 +175,7 @@ public class Put61 extends BaseCommand {
boolean isMetaRegion = region.isUsedForMetaRegion();
clientMessage.setMetaRegion(isMetaRegion);
- securityService.authorizeRegionWrite(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName, key.toString());
AuthorizeRequest authzRequest = null;
if (!isMetaRegion) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put65.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put65.java
index 8f65b9b..fcfe487 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put65.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Put65.java
@@ -51,6 +51,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.util.Breadcrumbs;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.5
@@ -233,7 +235,8 @@ public class Put65 extends BaseCommand {
boolean isMetaRegion = region.isUsedForMetaRegion();
clientMessage.setMetaRegion(isMetaRegion);
- securityService.authorizeRegionWrite(regionName, key.toString());
+ securityService.authorize(Resource.DATA, ResourcePermission.Operation.WRITE, regionName,
+ key.toString());
AuthorizeRequest authzRequest = null;
if (!isMetaRegion) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll.java
index f8cd57f..eec6ef4 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll.java
@@ -44,6 +44,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class PutAll extends BaseCommand {
@@ -164,7 +166,7 @@ public class PutAll extends BaseCommand {
serverConnection.setRequestSpecificTimeout(timeout);
}
- securityService.authorizeRegionWrite(regionName);
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
index 1bf4955..71e8053 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll70.java
@@ -47,6 +47,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class PutAll70 extends BaseCommand {
@@ -206,7 +208,7 @@ public class PutAll70 extends BaseCommand {
serverConnection.setRequestSpecificTimeout(timeout);
}
- securityService.authorizeRegionWrite(regionName);
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
index 3a8f0db..2769cca 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/PutAll80.java
@@ -49,6 +49,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.util.Breadcrumbs;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class PutAll80 extends BaseCommand {
@@ -243,7 +245,7 @@ public class PutAll80 extends BaseCommand {
serverConnection.setRequestSpecificTimeout(timeout);
}
- securityService.authorizeRegionWrite(regionName);
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
index a1cf93f..64291b6 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest.java
@@ -37,6 +37,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class RegisterInterest extends BaseCommand {
@@ -148,9 +150,9 @@ public class RegisterInterest extends BaseCommand {
// Register interest
try {
if (interestType == InterestType.REGULAR_EXPRESSION) {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
} else {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
}
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
index 111f234..e6ebfa5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61.java
@@ -38,6 +38,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.1
@@ -184,9 +186,9 @@ public class RegisterInterest61 extends BaseCommand {
try {
if (interestType == InterestType.REGULAR_EXPRESSION) {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
} else {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
}
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
index c64bc69..5621092 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList.java
@@ -14,6 +14,10 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
import org.apache.geode.cache.DynamicRegionFactory;
import org.apache.geode.cache.InterestResultPolicy;
import org.apache.geode.cache.operations.RegisterInterestOperationContext;
@@ -32,10 +36,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class RegisterInterestList extends BaseCommand {
@@ -171,7 +173,7 @@ public class RegisterInterestList extends BaseCommand {
// responded = true;
} // else { // region not null
try {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
index 82e2f0d..c1a3657 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61.java
@@ -14,6 +14,10 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
import org.apache.geode.cache.DynamicRegionFactory;
import org.apache.geode.cache.InterestResultPolicy;
import org.apache.geode.cache.operations.RegisterInterestOperationContext;
@@ -32,10 +36,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* @since GemFire 6.1
@@ -183,7 +185,7 @@ public class RegisterInterestList61 extends BaseCommand {
// responded = true;
} // else { // region not null
try {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
index 5f6ab9b..a5fd685 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66.java
@@ -14,6 +14,9 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
+import java.io.IOException;
+import java.util.List;
+
import org.apache.geode.cache.DynamicRegionFactory;
import org.apache.geode.cache.InterestResultPolicy;
import org.apache.geode.cache.operations.RegisterInterestOperationContext;
@@ -33,9 +36,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
-
-import java.io.IOException;
-import java.util.List;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
/**
* All keys of the register interest list are being sent as a single part since 6.6. There is no
@@ -163,7 +165,7 @@ public class RegisterInterestList66 extends BaseCommand {
new Object[] {serverConnection.getName(), regionName}));
}
try {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
if (!DynamicRegionFactory.regionIsDynamicRegionList(regionName)) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
index 2daf755..c61c2c5 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAll.java
@@ -45,6 +45,8 @@ import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.internal.util.Breadcrumbs;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class RemoveAll extends BaseCommand {
@@ -186,7 +188,7 @@ public class RemoveAll extends BaseCommand {
serverConnection.setRequestSpecificTimeout(timeout);
}
- securityService.authorizeRegionWrite(regionName);
+ securityService.authorize(Resource.DATA, Operation.WRITE, regionName);
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
index 25badd3..921e4b1 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Request.java
@@ -19,6 +19,7 @@ import java.io.IOException;
import org.apache.geode.cache.Region;
import org.apache.geode.cache.operations.GetOperationContext;
import org.apache.geode.distributed.internal.DistributionStats;
+import org.apache.geode.i18n.StringId;
import org.apache.geode.internal.cache.CachedDeserializable;
import org.apache.geode.internal.cache.LocalRegion;
import org.apache.geode.internal.cache.PartitionedRegion;
@@ -37,7 +38,8 @@ import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.AuthorizeRequestPP;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
-import org.apache.geode.i18n.StringId;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Request extends BaseCommand {
@@ -124,7 +126,7 @@ public class Request extends BaseCommand {
GetOperationContext getContext = null;
try {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
if (authzRequest != null) {
getContext = authzRequest.getAuthorize(regionName, key, callbackArg);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
index e4485b4..db96345 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/Size.java
@@ -31,6 +31,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.logging.log4j.LocalizedMessage;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.GemFireSecurityException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class Size extends BaseCommand {
@@ -90,7 +92,7 @@ public class Size extends BaseCommand {
// Size the entry
try {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
writeSizeResponse(region.size(), clientMessage, serverConnection);
} catch (RegionDestroyedException rde) {
writeException(clientMessage, rde, false, serverConnection);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
index 1af283b..fc6d559 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterest.java
@@ -30,6 +30,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class UnregisterInterest extends BaseCommand {
@@ -103,9 +105,9 @@ public class UnregisterInterest extends BaseCommand {
try {
if (interestType == InterestType.REGULAR_EXPRESSION) {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
} else {
- securityService.authorizeRegionRead(regionName, key.toString());
+ securityService.authorize(Resource.DATA, Operation.READ, regionName, key.toString());
}
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
index 035a953..cd45df7 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestList.java
@@ -34,6 +34,8 @@ import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class UnregisterInterestList extends BaseCommand {
@@ -123,7 +125,7 @@ public class UnregisterInterestList extends BaseCommand {
}
try {
- securityService.authorizeRegionRead(regionName);
+ securityService.authorize(Resource.DATA, Operation.READ, regionName);
} catch (NotAuthorizedException ex) {
writeException(clientMessage, ex, false, serverConnection);
serverConnection.setAsTrue(RESPONDED);
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
index da8a466..222cae9 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java
@@ -191,93 +191,23 @@ public class IntegratedSecurityService implements SecurityService {
}
@Override
- public void authorizeClusterManage() {
- authorize(Resource.CLUSTER, Operation.MANAGE, Target.ALL, ResourcePermission.ALL);
+ public void authorize(Resource resource, Operation operation) {
+ authorize(resource, operation, Target.ALL, ResourcePermission.ALL);
}
@Override
- public void authorizeClusterWrite() {
- authorize(Resource.CLUSTER, Operation.WRITE, Target.ALL, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeClusterRead() {
- authorize(Resource.CLUSTER, Operation.READ, Target.ALL, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeDataManage() {
- authorize(Resource.DATA, Operation.MANAGE, Target.ALL, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeDataWrite() {
- authorize(Resource.DATA, Operation.WRITE, Target.ALL, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeDataRead() {
- authorize(Resource.DATA, Operation.READ, Target.ALL, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeDiskManage() {
- authorize(Resource.CLUSTER, Operation.MANAGE, Target.DISK, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeGatewayManage() {
- authorize(Resource.CLUSTER, Operation.MANAGE, Target.GATEWAY, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeJarManage() {
- authorize(Resource.CLUSTER, Operation.MANAGE, Target.JAR, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeQueryManage() {
- authorize(Resource.CLUSTER, Operation.MANAGE, Target.QUERY, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeRegionManage(final String regionName) {
- authorize(Resource.DATA, Operation.MANAGE, regionName, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeRegionManage(final String regionName, final String key) {
- authorize(Resource.DATA, Operation.MANAGE, regionName, key);
- }
-
- @Override
- public void authorizeRegionWrite(final String regionName) {
- authorize(Resource.DATA, Operation.WRITE, regionName, ResourcePermission.ALL);
- }
-
- @Override
- public void authorizeRegionWrite(final String regionName, final String key) {
- authorize(Resource.DATA, Operation.WRITE, regionName, key);
- }
-
- @Override
- public void authorizeRegionRead(final String regionName) {
- authorize(Resource.DATA, Operation.READ, regionName, ResourcePermission.ALL);
+ public void authorize(Resource resource, Operation operation, Target target) {
+ authorize(resource, operation, target, ResourcePermission.ALL);
}
@Override
- public void authorizeRegionRead(final String regionName, final String key) {
- authorize(Resource.DATA, Operation.READ, regionName, key);
+ public void authorize(Resource resource, Operation operation, String target) {
+ authorize(resource, operation, target, ResourcePermission.ALL);
}
@Override
public void authorize(Resource resource, Operation operation, Target target, String key) {
- authorize(resource, operation, target.getName(), key);
- }
-
- @Override
- public void authorize(Resource resource, Operation operation, Target target) {
- authorize(resource, operation, target, ResourcePermission.ALL);
+ authorize(new ResourcePermission(resource, operation, target, key));
}
@Override
@@ -286,11 +216,6 @@ public class IntegratedSecurityService implements SecurityService {
}
@Override
- public void authorize(Resource resource, Operation operation, String target) {
- authorize(new ResourcePermission(resource, operation, target, ResourcePermission.ALL));
- }
-
- @Override
public void authorize(final ResourcePermission context) {
if (context == null) {
return;
diff --git a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
index 0fdb57d..e86050e 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/security/SecurityService.java
@@ -47,45 +47,15 @@ public interface SecurityService {
return callable;
}
- default void authorize(Resource resource, Operation operation, String target, String key) {}
-
- default void authorize(Resource resource, Operation operation, Target target, String key) {}
+ default void authorize(Resource resource, Operation operation) {}
default void authorize(Resource resource, Operation operation, Target target) {}
default void authorize(Resource resource, Operation operation, String target) {}
- default void authorizeClusterManage() {}
-
- default void authorizeClusterWrite() {}
-
- default void authorizeClusterRead() {}
-
- default void authorizeDataManage() {}
-
- default void authorizeDataWrite() {}
-
- default void authorizeDataRead() {}
-
- default void authorizeDiskManage() {}
-
- default void authorizeGatewayManage() {}
-
- default void authorizeJarManage() {}
-
- default void authorizeQueryManage() {}
-
- default void authorizeRegionManage(String regionName) {}
-
- default void authorizeRegionManage(String regionName, String key) {}
-
- default void authorizeRegionWrite(String regionName) {}
-
- default void authorizeRegionWrite(String regionName, String key) {}
-
- default void authorizeRegionRead(String regionName) {}
+ default void authorize(Resource resource, Operation operation, String target, String key) {}
- default void authorizeRegionRead(String regionName, String key) {}
+ default void authorize(Resource resource, Operation operation, Target target, String key) {}
default void authorize(ResourcePermission context) {}
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AlterRegionCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AlterRegionCommand.java
index 0f9b5d8..3ddc476 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AlterRegionCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/AlterRegionCommand.java
@@ -38,6 +38,8 @@ import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.result.ResultBuilder;
import org.apache.geode.management.internal.cli.result.TabularResultData;
import org.apache.geode.management.internal.configuration.domain.XmlEntity;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class AlterRegionCommand implements GfshCommand {
@CliCommand(value = CliStrings.ALTER_REGION, help = CliStrings.ALTER_REGION__HELP)
@@ -88,7 +90,7 @@ public class AlterRegionCommand implements GfshCommand {
Result result;
AtomicReference<XmlEntity> xmlEntity = new AtomicReference<>();
- getSecurityService().authorizeRegionManage(regionPath);
+ getSecurityService().authorize(Resource.DATA, Operation.MANAGE, regionPath);
try {
InternalCache cache = getCache();
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ExportDataCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ExportDataCommand.java
index 036d2f2..dc74d12 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ExportDataCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ExportDataCommand.java
@@ -34,6 +34,8 @@ import org.apache.geode.management.internal.cli.CliUtil;
import org.apache.geode.management.internal.cli.functions.ExportDataFunction;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.result.ResultBuilder;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class ExportDataCommand implements GfshCommand {
private final ExportDataFunction exportDataFunction = new ExportDataFunction();
@@ -54,7 +56,7 @@ public class ExportDataCommand implements GfshCommand {
specifiedDefaultValue = "true",
help = CliStrings.EXPORT_DATA__PARALLEL_HELP) boolean parallel) {
- getSecurityService().authorizeRegionRead(regionName);
+ getSecurityService().authorize(Resource.DATA, Operation.READ, regionName);
final DistributedMember targetMember = CliUtil.getDistributedMemberByNameOrId(memberNameOrId);
if (targetMember == null) {
return ResultBuilder.createUserErrorResult(
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GetCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GetCommand.java
index f09174e..cf72207 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GetCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/GetCommand.java
@@ -37,6 +37,8 @@ import org.apache.geode.management.internal.cli.domain.DataCommandRequest;
import org.apache.geode.management.internal.cli.domain.DataCommandResult;
import org.apache.geode.management.internal.cli.functions.DataCommandFunction;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GetCommand implements GfshCommand {
@CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION})
@@ -56,7 +58,7 @@ public class GetCommand implements GfshCommand {
help = CliStrings.GET__LOAD__HELP) Boolean loadOnCacheMiss) {
InternalCache cache = getCache();
- cache.getSecurityService().authorizeRegionRead(regionPath, key);
+ cache.getSecurityService().authorize(Resource.DATA, Operation.READ, regionPath, key);
DataCommandResult dataResult;
if (StringUtils.isEmpty(regionPath)) {
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ImportDataCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ImportDataCommand.java
index c3ca0c1..f81c3f0 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ImportDataCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ImportDataCommand.java
@@ -32,6 +32,8 @@ import org.apache.geode.management.internal.cli.CliUtil;
import org.apache.geode.management.internal.cli.functions.ImportDataFunction;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.result.ResultBuilder;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class ImportDataCommand implements GfshCommand {
private final ImportDataFunction importDataFunction = new ImportDataFunction();
@@ -54,7 +56,7 @@ public class ImportDataCommand implements GfshCommand {
specifiedDefaultValue = "true",
help = CliStrings.IMPORT_DATA__PARALLEL_HELP) boolean parallel) {
- getSecurityService().authorizeRegionWrite(regionName);
+ getSecurityService().authorize(Resource.DATA, Operation.WRITE, regionName);
final DistributedMember targetMember = CliUtil.getDistributedMemberByNameOrId(memberNameOrId);
if (targetMember == null) {
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/LocateEntryCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/LocateEntryCommand.java
index f4caf13..7f3379a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/LocateEntryCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/LocateEntryCommand.java
@@ -34,6 +34,8 @@ import org.apache.geode.management.internal.cli.domain.DataCommandRequest;
import org.apache.geode.management.internal.cli.domain.DataCommandResult;
import org.apache.geode.management.internal.cli.functions.DataCommandFunction;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class LocateEntryCommand implements GfshCommand {
@CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION})
@@ -52,7 +54,7 @@ public class LocateEntryCommand implements GfshCommand {
help = CliStrings.LOCATE_ENTRY__RECURSIVE__HELP,
unspecifiedDefaultValue = "false") boolean recursive) {
- getSecurityService().authorizeRegionRead(regionPath, key);
+ getSecurityService().authorize(Resource.DATA, Operation.READ, regionPath, key);
DataCommandResult dataResult;
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/PutCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/PutCommand.java
index 3571f6d..c6a5042 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/PutCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/PutCommand.java
@@ -36,6 +36,8 @@ import org.apache.geode.management.internal.cli.domain.DataCommandRequest;
import org.apache.geode.management.internal.cli.domain.DataCommandResult;
import org.apache.geode.management.internal.cli.functions.DataCommandFunction;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class PutCommand implements GfshCommand {
@CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION})
@@ -56,7 +58,7 @@ public class PutCommand implements GfshCommand {
unspecifiedDefaultValue = "false") boolean putIfAbsent) {
InternalCache cache = getCache();
- cache.getSecurityService().authorizeRegionWrite(regionPath);
+ cache.getSecurityService().authorize(Resource.DATA, Operation.WRITE, regionPath);
DataCommandResult dataResult;
if (StringUtils.isEmpty(regionPath)) {
return makePresentationResult(DataCommandResult.createPutResult(key, null, null,
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/QueryCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/QueryCommand.java
index 3c039b3..f14f3f1 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/QueryCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/QueryCommand.java
@@ -47,6 +47,8 @@ import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.remote.CommandExecutionContext;
import org.apache.geode.management.internal.cli.result.CompositeResultData;
import org.apache.geode.management.internal.cli.result.ResultBuilder;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class QueryCommand implements GfshCommand {
private static final Logger logger = LogService.getLogger();
@@ -95,7 +97,7 @@ public class QueryCommand implements GfshCommand {
// authorize data read on these regions
for (String region : regions) {
- cache.getSecurityService().authorizeRegionRead(region);
+ cache.getSecurityService().authorize(Resource.DATA, Operation.READ, region);
}
regionsInQuery = Collections.unmodifiableSet(regions);
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/RemoveCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/RemoveCommand.java
index 12be62e..9bba7b7 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/RemoveCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/RemoveCommand.java
@@ -36,6 +36,8 @@ import org.apache.geode.management.internal.cli.domain.DataCommandRequest;
import org.apache.geode.management.internal.cli.domain.DataCommandResult;
import org.apache.geode.management.internal.cli.functions.DataCommandFunction;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class RemoveCommand implements GfshCommand {
@CliMetaData(relatedTopic = {CliStrings.TOPIC_GEODE_DATA, CliStrings.TOPIC_GEODE_REGION})
@@ -64,9 +66,9 @@ public class RemoveCommand implements GfshCommand {
}
if (removeAllKeys) {
- cache.getSecurityService().authorizeRegionWrite(regionPath);
+ cache.getSecurityService().authorize(Resource.DATA, Operation.WRITE, regionPath);
} else {
- cache.getSecurityService().authorizeRegionWrite(regionPath, key);
+ cache.getSecurityService().authorize(Resource.DATA, Operation.WRITE, regionPath, key);
}
@SuppressWarnings("rawtypes")
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
index 1d02852..96a1720 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKey66Test.java
@@ -14,9 +14,11 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.Matchers.eq;
import static org.mockito.ArgumentMatchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -35,6 +37,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -112,7 +116,7 @@ public class ContainsKey66Test {
this.containsKey66.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -120,12 +124,12 @@ public class ContainsKey66Test {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
this.containsKey66.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
index 0492997..9a15ada 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ContainsKeyTest.java
@@ -14,7 +14,12 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.isA;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -33,6 +38,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -100,7 +107,7 @@ public class ContainsKeyTest {
containsKey.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -108,12 +115,12 @@ public class ContainsKeyTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
containsKey.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
index 00420cc..6ce407a 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/CreateRegionTest.java
@@ -15,7 +15,10 @@
package org.apache.geode.internal.cache.tier.sockets.command;
import static org.mockito.ArgumentMatchers.eq;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -36,6 +39,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -113,7 +118,7 @@ public class CreateRegionTest {
this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
// assert
- verify(this.securityService).authorizeDataManage();
+ verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -121,11 +126,12 @@ public class CreateRegionTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataManage();
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.MANAGE);
this.createRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataManage();
+ verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65Test.java
index 729c68b..9e0fc59 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Destroy65Test.java
@@ -14,9 +14,12 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.Matchers.eq;
import static org.mockito.ArgumentMatchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -38,6 +41,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -130,7 +135,7 @@ public class Destroy65Test {
this.destroy65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -138,12 +143,12 @@ public class Destroy65Test {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE, REGION_NAME, KEY);
this.destroy65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegionTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegionTest.java
index bf699be..29d43b1 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyRegionTest.java
@@ -16,7 +16,10 @@ package org.apache.geode.internal.cache.tier.sockets.command;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -38,6 +41,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -112,7 +117,7 @@ public class DestroyRegionTest {
this.destroyRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataManage();
+ verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -123,7 +128,7 @@ public class DestroyRegionTest {
this.destroyRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataManage();
+ verify(this.securityService).authorize(Resource.DATA, Operation.MANAGE);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -131,7 +136,8 @@ public class DestroyRegionTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataManage();
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.MANAGE);
this.destroyRegion.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyTest.java
index 5995890..a911153 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/DestroyTest.java
@@ -14,9 +14,12 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.Matchers.eq;
import static org.mockito.ArgumentMatchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -38,6 +41,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -133,7 +138,7 @@ public class DestroyTest {
this.destroy.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -141,8 +146,8 @@ public class DestroyTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE, REGION_NAME, KEY);
this.destroy.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65Test.java
index c53b038..ffc7bee 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction65Test.java
@@ -14,8 +14,12 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Rule;
@@ -51,6 +55,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -165,7 +171,7 @@ public class ExecuteFunction65Test {
this.executeFunction65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.replyMessage).send(this.serverConnection); TODO: why do none of the reply message
// types get sent?
}
@@ -174,11 +180,12 @@ public class ExecuteFunction65Test {
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE);
this.executeFunction65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -204,7 +211,7 @@ public class ExecuteFunction65Test {
this.executeFunction65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66Test.java
index b2e30f2..7d7d0e8 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunction66Test.java
@@ -15,8 +15,12 @@
package org.apache.geode.internal.cache.tier.sockets.command;
import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Rule;
@@ -51,6 +55,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -163,7 +169,7 @@ public class ExecuteFunction66Test {
this.executeFunction66.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.replyMessage).send(this.serverConnection); TODO: why do none of the reply message
// types get sent?
}
@@ -172,12 +178,13 @@ public class ExecuteFunction66Test {
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE);
assertThatThrownBy(() -> this.executeFunction66.cmdExecute(this.message, this.serverConnection,
this.securityService, 0)).isExactlyInstanceOf(NullPointerException.class);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -204,7 +211,7 @@ public class ExecuteFunction66Test {
assertThatThrownBy(() -> this.executeFunction66.cmdExecute(this.message, this.serverConnection,
this.securityService, 0)).isExactlyInstanceOf(NullPointerException.class);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunctionTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunctionTest.java
index cfb4960..21e5bba 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunctionTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/ExecuteFunctionTest.java
@@ -14,25 +14,29 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
-
-import org.junit.Rule;
-import org.junit.contrib.java.lang.system.RestoreSystemProperties;
-import org.powermock.api.mockito.PowerMockito;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
+import org.junit.Rule;
import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
+import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.apache.geode.CancelCriterion;
+import org.apache.geode.cache.execute.Function;
import org.apache.geode.cache.execute.FunctionService;
import org.apache.geode.cache.operations.ExecuteFunctionOperationContext;
import org.apache.geode.distributed.internal.DistributionConfig;
@@ -51,8 +55,9 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
-import org.apache.geode.cache.execute.Function;
@Category(UnitTest.class)
@RunWith(PowerMockRunner.class)
@@ -168,7 +173,7 @@ public class ExecuteFunctionTest {
this.executeFunction.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
// verify(this.replyMessage).send(this.serverConnection); TODO: why do none of the reply message
// types get sent?
}
@@ -177,11 +182,12 @@ public class ExecuteFunctionTest {
public void withIntegratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService).authorizeDataWrite();
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE);
this.executeFunction.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeDataWrite();
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Get70Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Get70Test.java
index 78097d2..535ffe7 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Get70Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Get70Test.java
@@ -14,10 +14,13 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.Matchers.any;
import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Matchers.any;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -39,6 +42,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -125,7 +130,7 @@ public class Get70Test {
this.get70.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -133,12 +138,12 @@ public class Get70Test {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
this.get70.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651Test.java
index 40bfe45..9b7ae7e 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll651Test.java
@@ -15,11 +15,14 @@
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -43,6 +46,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -120,7 +125,8 @@ public class GetAll651Test {
assertThat(key).isIn(KEYS);
}
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
@@ -132,14 +138,15 @@ public class GetAll651Test {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
for (Object key : KEYS) {
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, key.toString());
}
this.getAll651.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70Test.java
index a3ee2c8..8d49b87 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAll70Test.java
@@ -14,11 +14,14 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -43,6 +46,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -133,7 +138,8 @@ public class GetAll70Test {
assertThat(key).isIn(KEYS);
}
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
@@ -145,14 +151,15 @@ public class GetAll70Test {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
for (Object key : KEYS) {
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, key.toString());
}
this.getAll70.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllTest.java
index ceb8882..18769fb 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllTest.java
@@ -14,9 +14,14 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -40,6 +45,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -117,7 +124,8 @@ public class GetAllTest {
assertThat(key).isIn(KEYS);
}
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
@@ -129,14 +137,15 @@ public class GetAllTest {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
for (Object key : KEYS) {
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, key.toString());
}
this.getAll.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallbackTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallbackTest.java
index 4497c7f..6c8af02 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallbackTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/GetAllWithCallbackTest.java
@@ -14,11 +14,14 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -40,6 +43,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -127,7 +132,8 @@ public class GetAllWithCallbackTest {
assertThat(key).isIn(KEYS);
}
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
@@ -139,14 +145,15 @@ public class GetAllWithCallbackTest {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
for (Object key : KEYS) {
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, key.toString());
}
this.getAll70.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME,
+ key.toString());
}
ArgumentCaptor<ObjectPartList> argument = ArgumentCaptor.forClass(ObjectPartList.class);
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/InvalidateTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/InvalidateTest.java
index 08e1a29..19ef0cc 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/InvalidateTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/InvalidateTest.java
@@ -14,11 +14,14 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -41,6 +44,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -127,7 +132,7 @@ public class InvalidateTest {
this.invalidate.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY_STRING));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY_STRING);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -135,12 +140,12 @@ public class InvalidateTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionWrite(eq(REGION_NAME), eq(KEY_STRING));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE, REGION_NAME, KEY_STRING);
this.invalidate.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY_STRING));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY_STRING);
verify(this.errorResponseMessage).send(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/KeySetTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/KeySetTest.java
index a4da48f..4aa4988 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/KeySetTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/KeySetTest.java
@@ -14,10 +14,13 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -40,6 +43,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -109,7 +114,7 @@ public class KeySetTest {
this.keySet.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -117,12 +122,12 @@ public class KeySetTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME);
this.keySet.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put61Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put61Test.java
index bd99e6c..c424b2c 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put61Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put61Test.java
@@ -23,6 +23,14 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.ArgumentCaptor;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
import org.apache.geode.CancelCriterion;
import org.apache.geode.cache.operations.PutOperationContext;
import org.apache.geode.internal.Version;
@@ -36,14 +44,9 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.mockito.ArgumentCaptor;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
@Category(UnitTest.class)
public class Put61Test {
@@ -151,7 +154,7 @@ public class Put61Test {
this.put61.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -159,12 +162,12 @@ public class Put61Test {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE, REGION_NAME, KEY);
this.put61.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put65Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put65Test.java
index 8d52b88..ee38cfd 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put65Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/Put65Test.java
@@ -23,6 +23,14 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.ArgumentCaptor;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
import org.apache.geode.CancelCriterion;
import org.apache.geode.cache.operations.PutOperationContext;
import org.apache.geode.internal.Version;
@@ -37,14 +45,9 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.mockito.ArgumentCaptor;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
@Category(UnitTest.class)
public class Put65Test {
@@ -172,7 +175,7 @@ public class Put65Test {
this.put65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -180,12 +183,12 @@ public class Put65Test {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE, REGION_NAME, KEY);
this.put65.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/PutTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/PutTest.java
index 6f894cf..a7a80cd 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/PutTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/PutTest.java
@@ -25,6 +25,14 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.ArgumentCaptor;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
import org.apache.geode.CancelCriterion;
import org.apache.geode.cache.operations.PutOperationContext;
import org.apache.geode.internal.Version;
@@ -38,14 +46,9 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.mockito.ArgumentCaptor;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
@Category(UnitTest.class)
public class PutTest {
@@ -149,7 +152,7 @@ public class PutTest {
this.put.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -157,12 +160,12 @@ public class PutTest {
public void integratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.WRITE, REGION_NAME, KEY);
this.put.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61Test.java
index 5437f71..2bc7c53 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterest61Test.java
@@ -15,8 +15,14 @@
package org.apache.geode.internal.cache.tier.sockets.command;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -40,6 +46,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -134,7 +142,7 @@ public class RegisterInterest61Test {
this.registerInterest61.cmdExecute(this.message, this.serverConnection, this.securityService,
0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -142,13 +150,13 @@ public class RegisterInterest61Test {
public void integratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
this.registerInterest61.cmdExecute(this.message, this.serverConnection, this.securityService,
0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61Test.java
index 0ed27a0..378c6a0 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList61Test.java
@@ -14,11 +14,14 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -42,6 +45,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -140,7 +145,7 @@ public class RegisterInterestList61Test {
this.registerInterestList61.cmdExecute(this.message, this.serverConnection,
this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -148,13 +153,13 @@ public class RegisterInterestList61Test {
public void integratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME);
this.registerInterestList61.cmdExecute(this.message, this.serverConnection,
this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66Test.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66Test.java
index bae07b4..8f6d02b 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66Test.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestList66Test.java
@@ -15,8 +15,13 @@
package org.apache.geode.internal.cache.tier.sockets.command;
import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import java.util.ArrayList;
@@ -42,6 +47,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -145,7 +152,7 @@ public class RegisterInterestList66Test {
this.registerInterestList66.cmdExecute(this.message, this.serverConnection,
this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -153,13 +160,13 @@ public class RegisterInterestList66Test {
public void integratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME);
this.registerInterestList66.cmdExecute(this.message, this.serverConnection,
this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestListTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestListTest.java
index 1074de5..4fb145a 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestListTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestListTest.java
@@ -14,11 +14,14 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -42,6 +45,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -140,7 +145,7 @@ public class RegisterInterestListTest {
this.registerInterestList.cmdExecute(this.message, this.serverConnection, this.securityService,
0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -148,13 +153,13 @@ public class RegisterInterestListTest {
public void integratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME);
this.registerInterestList.cmdExecute(this.message, this.serverConnection, this.securityService,
0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestTest.java
index cd07e71..c171707 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RegisterInterestTest.java
@@ -14,12 +14,15 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.assertj.core.api.Assertions.*;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -41,6 +44,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -127,7 +132,7 @@ public class RegisterInterestTest {
this.registerInterest.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
@@ -135,12 +140,12 @@ public class RegisterInterestTest {
public void integratedSecurityShouldThrowIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
this.registerInterest.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.chunkedResponseMessage).sendChunk(this.serverConnection);
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAllTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAllTest.java
index de5a459..d201cc9 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAllTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RemoveAllTest.java
@@ -14,10 +14,13 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.Matchers.any;
import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Matchers.any;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -39,6 +42,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -136,7 +141,7 @@ public class RemoveAllTest {
this.removeAll.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME);
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
@@ -148,14 +153,14 @@ public class RemoveAllTest {
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
for (Object key : KEYS) {
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(key.toString()));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, key.toString());
}
this.removeAll.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
for (Object key : KEYS) {
- verify(this.securityService).authorizeRegionWrite(eq(REGION_NAME));
+ verify(this.securityService).authorize(Resource.DATA, Operation.WRITE, REGION_NAME);
}
verify(this.chunkedResponseMessage).sendChunk(eq(this.serverConnection));
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RequestTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RequestTest.java
index bf7badb..0c1ca73 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RequestTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/RequestTest.java
@@ -14,8 +14,13 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
-import static org.mockito.ArgumentMatchers.*;
-import static org.mockito.Mockito.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.isA;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -37,6 +42,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@Category(UnitTest.class)
@@ -123,7 +130,7 @@ public class RequestTest {
this.request.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.responseMessage).send(this.serverConnection);
}
@@ -131,12 +138,12 @@ public class RequestTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
this.request.cmdExecute(this.message, this.serverConnection, this.securityService, 0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestTest.java b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestTest.java
index 50fb9cd..7779081 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/cache/tier/sockets/command/UnregisterInterestTest.java
@@ -18,7 +18,10 @@ import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Matchers.anyInt;
import static org.mockito.Matchers.eq;
import static org.mockito.Matchers.isA;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.Test;
@@ -48,6 +51,8 @@ import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.security.NotAuthorizedException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
import org.apache.geode.test.junit.categories.UnitTest;
@RunWith(PowerMockRunner.class)
@@ -163,7 +168,7 @@ public class UnregisterInterestTest {
this.unregisterInterest.cmdExecute(this.message, this.serverConnection, this.securityService,
0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.replyMessage).send(this.serverConnection);
}
@@ -171,13 +176,13 @@ public class UnregisterInterestTest {
public void integratedSecurityShouldFailIfNotAuthorized() throws Exception {
when(this.securityService.isClientSecurityRequired()).thenReturn(true);
when(this.securityService.isIntegratedSecurity()).thenReturn(true);
- doThrow(new NotAuthorizedException("")).when(this.securityService)
- .authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ doThrow(new NotAuthorizedException("")).when(this.securityService).authorize(Resource.DATA,
+ Operation.READ, REGION_NAME, KEY);
this.unregisterInterest.cmdExecute(this.message, this.serverConnection, this.securityService,
0);
- verify(this.securityService).authorizeRegionRead(eq(REGION_NAME), eq(KEY));
+ verify(this.securityService).authorize(Resource.DATA, Operation.READ, REGION_NAME, KEY);
verify(this.errorResponseMessage).send(eq(this.serverConnection));
}
diff --git a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetCQStats.java b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetCQStats.java
index a37263f..69be8eb 100644
--- a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetCQStats.java
+++ b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetCQStats.java
@@ -14,6 +14,8 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
+import java.io.IOException;
+
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.distributed.internal.DistributionStats;
import org.apache.geode.internal.cache.tier.CachedRegionHelper;
@@ -23,8 +25,8 @@ import org.apache.geode.internal.cache.tier.sockets.CacheServerStats;
import org.apache.geode.internal.cache.tier.sockets.Message;
import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.SecurityService;
-
-import java.io.IOException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GetCQStats extends BaseCQCommand {
@@ -70,7 +72,7 @@ public class GetCQStats extends BaseCQCommand {
return;
}
- securityService.authorizeClusterRead();
+ securityService.authorize(Resource.CLUSTER, Operation.READ);
// Process the cq request
try {
// make sure the cqservice has been created
diff --git a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetDurableCQs.java b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetDurableCQs.java
index 1ba5fed..9da8df1 100755
--- a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetDurableCQs.java
+++ b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetDurableCQs.java
@@ -33,6 +33,8 @@ import org.apache.geode.internal.cache.tier.sockets.Message;
import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class GetDurableCQs extends BaseCQCommand {
@@ -67,7 +69,7 @@ public class GetDurableCQs extends BaseCQCommand {
DefaultQueryService qService =
(DefaultQueryService) crHelper.getCache().getLocalQueryService();
- securityService.authorizeClusterRead();
+ securityService.authorize(Resource.CLUSTER, Operation.READ);
// Authorization check
AuthorizeRequest authzRequest = serverConnection.getAuthzRequest();
diff --git a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java
index e8df2e2..f8b228f 100644
--- a/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java
+++ b/geode-cq/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/MonitorCQ.java
@@ -14,6 +14,8 @@
*/
package org.apache.geode.internal.cache.tier.sockets.command;
+import java.io.IOException;
+
import org.apache.geode.cache.query.CqException;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.internal.cache.tier.CachedRegionHelper;
@@ -23,8 +25,8 @@ import org.apache.geode.internal.cache.tier.sockets.Message;
import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.i18n.LocalizedStrings;
import org.apache.geode.internal.security.SecurityService;
-
-import java.io.IOException;
+import org.apache.geode.security.ResourcePermission.Operation;
+import org.apache.geode.security.ResourcePermission.Resource;
public class MonitorCQ extends BaseCQCommand {
@@ -81,7 +83,7 @@ public class MonitorCQ extends BaseCQCommand {
regionName != null ? " RegionName: " + regionName : "");
}
- securityService.authorizeClusterRead();
+ securityService.authorize(Resource.CLUSTER, Operation.READ);
try {
CqService cqService = crHelper.getCache().getCqService();
diff --git a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
index 41c8923..090cd0f 100755
--- a/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
+++ b/geode-lucene/src/main/java/org/apache/geode/cache/lucene/internal/cli/LuceneIndexCommands.java
@@ -298,7 +298,7 @@ public class LuceneIndexCommands implements GfshCommand {
unspecifiedDefaultValue = "false",
help = LuceneCliStrings.LUCENE_SEARCH_INDEX__KEYSONLY__HELP) boolean keysOnly) {
- getSecurityService().authorizeRegionRead(regionPath);
+ getSecurityService().authorize(Resource.DATA, Operation.READ, regionPath);
try {
LuceneQueryInfo queryInfo =
--
To stop receiving notification emails like this one, please contact
['"commits@geode.apache.org" <co...@geode.apache.org>'].