You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by hi...@apache.org on 2016/09/13 22:56:17 UTC
[15/15] incubator-geode git commit: GEODE-37 Renamed security related
stuff
GEODE-37 Renamed security related stuff
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9d7a6960
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9d7a6960
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9d7a6960
Branch: refs/heads/feature/GEODE-37_2
Commit: 9d7a6960afedd8991fd6be44e4ca10a0b43b59ce
Parents: 7c20e69
Author: Hitesh Khamesra <hk...@pivotal.io>
Authored: Tue Sep 13 15:56:14 2016 -0700
Committer: Hitesh Khamesra <hk...@pivotal.io>
Committed: Tue Sep 13 15:56:14 2016 -0700
----------------------------------------------------------------------
.../gemfire/security/AccessControl.java | 105 -
.../gemfire/security/AuthInitialize.java | 97 -
.../security/AuthenticationFailedException.java | 53 -
.../AuthenticationRequiredException.java | 53 -
.../gemfire/security/Authenticator.java | 96 -
.../security/GemFireSecurityException.java | 132 --
.../security/NotAuthorizedException.java | 134 --
.../com/gemstone/gemfire/security/package.html | 39 -
.../apache/geode/security/AccessControl.java | 105 +
.../apache/geode/security/AuthInitialize.java | 97 +
.../security/AuthenticationFailedException.java | 53 +
.../AuthenticationRequiredException.java | 53 +
.../apache/geode/security/Authenticator.java | 96 +
.../security/GemFireSecurityException.java | 132 ++
.../geode/security/NotAuthorizedException.java | 134 ++
.../java/org/apache/geode/security/package.html | 39 +
.../security/AbstractSecureServerDUnitTest.java | 162 --
.../security/ClientAuthenticationDUnitTest.java | 90 -
.../ClientAuthenticationPart2DUnitTest.java | 76 -
.../security/ClientAuthenticationTestCase.java | 562 -----
.../security/ClientAuthenticationTestUtils.java | 90 -
.../security/ClientAuthorizationDUnitTest.java | 647 ------
.../security/ClientAuthorizationTestCase.java | 1325 ------------
.../security/ClientMultiUserAuthzDUnitTest.java | 345 ----
.../DeltaClientAuthorizationDUnitTest.java | 201 --
.../DeltaClientPostAuthorizationDUnitTest.java | 284 ---
.../security/GemFireSecurityExceptionTest.java | 169 --
.../security/IntegratedClientAuthDUnitTest.java | 64 -
...tedClientContainsKeyAuthDistributedTest.java | 55 -
...entDestroyInvalidateAuthDistributedTest.java | 84 -
...dClientDestroyRegionAuthDistributedTest.java | 65 -
...lientExecuteFunctionAuthDistributedTest.java | 61 -
...xecuteRegionFunctionAuthDistributedTest.java | 62 -
...tegratedClientGetAllAuthDistributedTest.java | 57 -
...tGetClientPRMetaDataAuthDistributedTest.java | 66 -
...ientPartitionAttrCmdAuthDistributedTest.java | 52 -
...gratedClientGetEntryAuthDistributedTest.java | 76 -
...tegratedClientGetPutAuthDistributedTest.java | 116 --
...tedClientRegionClearAuthDistributedTest.java | 63 -
...ientRegisterInterestAuthDistributedTest.java | 164 --
...ratedClientRemoveAllAuthDistributedTest.java | 65 -
...IntegratedClientSizeAuthDistributedTest.java | 54 -
...ntUnregisterInterestAuthDistributedTest.java | 48 -
...edSecurityCacheLifecycleDistributedTest.java | 134 --
...edSecurityCacheLifecycleIntegrationTest.java | 74 -
...tegratedSecurityPeerAuthDistributedTest.java | 146 --
.../security/NoShowValue1PostProcessor.java | 36 -
.../NoShowValue1PostProcessorDUnitTest.java | 86 -
.../security/NotAuthorizedExceptionTest.java | 200 --
.../security/P2PAuthenticationDUnitTest.java | 541 -----
.../PDXGfshPostProcessorOnRemoteServerTest.java | 159 --
.../gemfire/security/PDXPostProcessor.java | 60 -
.../security/PDXPostProcessorDUnitTest.java | 233 ---
.../security/PostProcessorDUnitTest.java | 126 --
.../gemfire/security/SecurityTestUtils.java | 1930 ------------------
.../gemfire/security/SpySecurityManager.java | 42 -
.../generator/AuthzCredentialGenerator.java | 447 ----
.../security/generator/CredentialGenerator.java | 333 ---
.../DummyAuthzCredentialGenerator.java | 129 --
.../generator/DummyCredentialGenerator.java | 89 -
.../generator/LdapUserCredentialGenerator.java | 165 --
.../generator/PKCSCredentialGenerator.java | 115 --
.../generator/SSLCredentialGenerator.java | 123 --
.../UserPasswordWithExtraPropsAuthInit.java | 70 -
.../generator/XmlAuthzCredentialGenerator.java | 257 ---
.../security/templates/DummyAuthenticator.java | 75 -
.../security/templates/DummyAuthorization.java | 122 --
.../templates/FunctionSecurityPrmsHolder.java | 50 -
.../templates/LdapUserAuthenticator.java | 107 -
.../security/templates/PKCSAuthInit.java | 120 --
.../security/templates/PKCSAuthenticator.java | 158 --
.../security/templates/PKCSPrincipal.java | 40 -
.../security/templates/PKCSPrincipalTest.java | 50 -
.../templates/UserPasswordAuthInit.java | 75 -
.../security/templates/UsernamePrincipal.java | 44 -
.../templates/UsernamePrincipalTest.java | 50 -
.../security/templates/XmlAuthorization.java | 615 ------
.../security/templates/XmlErrorHandler.java | 75 -
.../security/AbstractSecureServerDUnitTest.java | 162 ++
.../security/ClientAuthenticationDUnitTest.java | 90 +
.../ClientAuthenticationPart2DUnitTest.java | 76 +
.../security/ClientAuthenticationTestCase.java | 562 +++++
.../security/ClientAuthenticationTestUtils.java | 90 +
.../security/ClientAuthorizationDUnitTest.java | 647 ++++++
.../security/ClientAuthorizationTestCase.java | 1325 ++++++++++++
.../security/ClientMultiUserAuthzDUnitTest.java | 345 ++++
.../DeltaClientAuthorizationDUnitTest.java | 201 ++
.../DeltaClientPostAuthorizationDUnitTest.java | 284 +++
.../security/GemFireSecurityExceptionTest.java | 169 ++
.../security/IntegratedClientAuthDUnitTest.java | 64 +
...tedClientContainsKeyAuthDistributedTest.java | 55 +
...entDestroyInvalidateAuthDistributedTest.java | 84 +
...dClientDestroyRegionAuthDistributedTest.java | 65 +
...lientExecuteFunctionAuthDistributedTest.java | 61 +
...xecuteRegionFunctionAuthDistributedTest.java | 62 +
...tegratedClientGetAllAuthDistributedTest.java | 57 +
...tGetClientPRMetaDataAuthDistributedTest.java | 66 +
...ientPartitionAttrCmdAuthDistributedTest.java | 52 +
...gratedClientGetEntryAuthDistributedTest.java | 76 +
...tegratedClientGetPutAuthDistributedTest.java | 116 ++
...tedClientRegionClearAuthDistributedTest.java | 63 +
...ientRegisterInterestAuthDistributedTest.java | 164 ++
...ratedClientRemoveAllAuthDistributedTest.java | 65 +
...IntegratedClientSizeAuthDistributedTest.java | 54 +
...ntUnregisterInterestAuthDistributedTest.java | 48 +
...edSecurityCacheLifecycleDistributedTest.java | 134 ++
...edSecurityCacheLifecycleIntegrationTest.java | 74 +
...tegratedSecurityPeerAuthDistributedTest.java | 146 ++
.../security/NoShowValue1PostProcessor.java | 36 +
.../NoShowValue1PostProcessorDUnitTest.java | 86 +
.../security/NotAuthorizedExceptionTest.java | 200 ++
.../security/P2PAuthenticationDUnitTest.java | 541 +++++
.../PDXGfshPostProcessorOnRemoteServerTest.java | 159 ++
.../apache/geode/security/PDXPostProcessor.java | 60 +
.../security/PDXPostProcessorDUnitTest.java | 233 +++
.../geode/security/PostProcessorDUnitTest.java | 126 ++
.../geode/security/SecurityTestUtils.java | 1930 ++++++++++++++++++
.../geode/security/SpySecurityManager.java | 42 +
.../generator/AuthzCredentialGenerator.java | 447 ++++
.../security/generator/CredentialGenerator.java | 333 +++
.../DummyAuthzCredentialGenerator.java | 129 ++
.../generator/DummyCredentialGenerator.java | 89 +
.../generator/LdapUserCredentialGenerator.java | 165 ++
.../generator/PKCSCredentialGenerator.java | 115 ++
.../generator/SSLCredentialGenerator.java | 123 ++
.../UserPasswordWithExtraPropsAuthInit.java | 70 +
.../generator/XmlAuthzCredentialGenerator.java | 257 +++
.../security/templates/DummyAuthenticator.java | 75 +
.../security/templates/DummyAuthorization.java | 122 ++
.../templates/FunctionSecurityPrmsHolder.java | 50 +
.../templates/LdapUserAuthenticator.java | 107 +
.../geode/security/templates/PKCSAuthInit.java | 120 ++
.../security/templates/PKCSAuthenticator.java | 158 ++
.../geode/security/templates/PKCSPrincipal.java | 40 +
.../security/templates/PKCSPrincipalTest.java | 50 +
.../templates/UserPasswordAuthInit.java | 75 +
.../security/templates/UsernamePrincipal.java | 44 +
.../templates/UsernamePrincipalTest.java | 50 +
.../security/templates/XmlAuthorization.java | 615 ++++++
.../security/templates/XmlErrorHandler.java | 75 +
.../gemfire/security/generator/authz-dummy.xml | 124 --
.../gemfire/security/generator/authz-ldap.xml | 83 -
.../generator/authz-multiUser-dummy.xml | 104 -
.../security/generator/authz-multiUser-ldap.xml | 81 -
.../security/generator/keys/gemfire1.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire10.keystore | Bin 1546 -> 0 bytes
.../security/generator/keys/gemfire11.keystore | Bin 1546 -> 0 bytes
.../security/generator/keys/gemfire2.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire3.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire4.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire5.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire6.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire7.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire8.keystore | Bin 1536 -> 0 bytes
.../security/generator/keys/gemfire9.keystore | Bin 1536 -> 0 bytes
.../generator/keys/ibm/gemfire1.keystore | Bin 1426 -> 0 bytes
.../generator/keys/ibm/gemfire10.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire11.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire2.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire3.keystore | Bin 1426 -> 0 bytes
.../generator/keys/ibm/gemfire4.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire5.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire6.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire7.keystore | Bin 1426 -> 0 bytes
.../generator/keys/ibm/gemfire8.keystore | Bin 1434 -> 0 bytes
.../generator/keys/ibm/gemfire9.keystore | Bin 1426 -> 0 bytes
.../security/generator/keys/ibm/publickeyfile | Bin 4535 -> 0 bytes
.../security/generator/keys/publickeyfile | Bin 4535 -> 0 bytes
.../com/gemstone/gemfire/security/peerAuth.json | 36 -
.../gemfire/security/templates/authz5_5.dtd | 105 -
.../gemfire/security/templates/authz6_0.dtd | 110 -
.../geode/security/generator/authz-dummy.xml | 124 ++
.../geode/security/generator/authz-ldap.xml | 83 +
.../generator/authz-multiUser-dummy.xml | 104 +
.../security/generator/authz-multiUser-ldap.xml | 81 +
.../security/generator/keys/gemfire1.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire10.keystore | Bin 0 -> 1546 bytes
.../security/generator/keys/gemfire11.keystore | Bin 0 -> 1546 bytes
.../security/generator/keys/gemfire2.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire3.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire4.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire5.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire6.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire7.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire8.keystore | Bin 0 -> 1536 bytes
.../security/generator/keys/gemfire9.keystore | Bin 0 -> 1536 bytes
.../generator/keys/ibm/gemfire1.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire10.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire11.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire2.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire3.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire4.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire5.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire6.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire7.keystore | Bin 0 -> 1426 bytes
.../generator/keys/ibm/gemfire8.keystore | Bin 0 -> 1434 bytes
.../generator/keys/ibm/gemfire9.keystore | Bin 0 -> 1426 bytes
.../security/generator/keys/ibm/publickeyfile | Bin 0 -> 4535 bytes
.../geode/security/generator/keys/publickeyfile | Bin 0 -> 4535 bytes
.../org/apache/geode/security/peerAuth.json | 36 +
.../geode/security/templates/authz5_5.dtd | 105 +
.../geode/security/templates/authz6_0.dtd | 110 +
202 files changed, 13531 insertions(+), 13531 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
deleted file mode 100644
index 3d22864..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AccessControl.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.cache.operations.OperationContext;
-import com.gemstone.gemfire.distributed.DistributedMember;
-
-/**
- * Specifies the interface to authorize operations at the cache or region level
- * for clients or servers. Implementations should register name of the static
- * creation function as the <code>security-client-accessor</code> system
- * property with all the servers uniformly in the distributed system for client
- * authorization. When the <code>security-client-accessor-pp</code> property
- * is set then the callback mentioned is invoked after the operation completes
- * successfully and when sending notifications.
- *
- * When the registration has been done for a client/peer then an object of this
- * class is created for each connection from the client/peer and the
- * <code>authorizeOperation</code> method invoked before/after each operation.
- *
- * @since GemFire 5.5
- *
- * @deprecated since Geode 1.0, use {@link SecurityManager} instead
- */
-public interface AccessControl extends CacheCallback {
-
- /**
- * Initialize the callback for a client/peer having the given principal.
- *
- * This is invoked when a new connection from a client/peer is created with
- * the host. The callback is expected to store authentication information of
- * the given principal for the different regions for maximum efficiency when
- * invoking <code>authorizeOperation</code> in each operation.
- *
- * @param principal
- * the principal associated with the authenticated client or
- * peer; a null principal implies an unauthenticated client
- * which should be handled properly by implementations
- * @param remoteMember
- * the {@link DistributedMember} object for the remote
- * authenticated client or peer
- * @param cache
- * reference to the cache object
- *
- * @throws NotAuthorizedException
- * if some exception condition happens during the
- * initialization; in such a case all subsequent client
- * operations on that connection will throw
- * <code>NotAuthorizedException</code>
- */
- void init(Principal principal, DistributedMember remoteMember,
- Cache cache) throws NotAuthorizedException;
-
- default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException {
- init(principal, remoteMember, null);
- }
-
- default void init(Principal principal) throws NotAuthorizedException {
- init(principal, null, null);
- }
-
- /**
- * Check if the given operation is allowed for the cache/region.
- *
- * This method is invoked in each cache and region level operation. It is,
- * therefore, expected that as far as possible relevant information has been
- * cached in the <code>init</code> call made when the connection was
- * established so that this call is as quick as possible.
- *
- * @param regionName
- * When null then it indicates a cache-level operation (i.e.
- * one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
- * {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
- * for the operation.
- * @param context
- * When invoked before the operation then the data required by
- * the operation. When invoked as a post-process filter then it
- * contains the result of the operation. The data in the
- * context can be possibly modified by the method.
- *
- * @return true if the operation is authorized and false otherwise
- *
- */
- boolean authorizeOperation(String regionName, OperationContext context);
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
deleted file mode 100644
index e92772b..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthInitialize.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
-
-// TODO Add example usage of this interface and configuration details
-/**
- * Specifies the mechanism to obtain credentials for a client or peer. It is
- * mandatory for clients and peers when running in secure mode and an
- * {@link Authenticator} has been configured on the server/locator side
- * respectively. Implementations should register name of the static creation
- * function (that returns an object of the class) as the
- * <i>security-peer-auth-init</i> system property on peers and as the
- * <i>security-client-auth-init</i> system property on clients.
- *
- * @since GemFire 5.5
- */
-public interface AuthInitialize extends CacheCallback {
-
- /**
- * Initialize the callback for a client/peer. This is invoked when a new
- * connection from a client/peer is created with the host.
- *
- * @param systemLogger
- * {@link LogWriter} for system logs
- * @param securityLogger
- * {@link LogWriter} for security logs
- *
- * @throws AuthenticationFailedException
- * if some exception occurs during the initialization
- *
- * @deprecated since Geode 1.0, use init()
- */
- public void init(LogWriter systemLogger, LogWriter securityLogger)
- throws AuthenticationFailedException;
-
- /**
- * @since Geode 1.0. implement this method instead of init with logwriters.
- * Implementation should use log4j instead of these loggers.
- */
- default public void init(){
- GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
- init(cache.getLogger(), cache.getSecurityLogger());
- }
- /**
- * Initialize with the given set of security properties and return the
- * credentials for the peer/client as properties.
- *
- * This method can modify the given set of properties. For example it may
- * invoke external agents or even interact with the user.
- *
- * Normally it is expected that implementations will filter out <i>security-*</i>
- * properties that are needed for credentials and return only those.
- *
- * @param securityProps
- * the security properties obtained using a call to
- * {@link DistributedSystem#getSecurityProperties} that will be
- * used for obtaining the credentials
- * @param server
- * the {@link DistributedMember} object of the
- * server/group-coordinator to which connection is being
- * attempted
- * @param isPeer
- * true when this is invoked for peer initialization and false
- * when invoked for client initialization
- *
- * @throws AuthenticationFailedException
- * in case of failure to obtain the credentials
- *
- * @return the credentials to be used for the given <code>server</code>
- */
- public Properties getCredentials(Properties securityProps,
- DistributedMember server, boolean isPeer)
- throws AuthenticationFailedException;
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
deleted file mode 100644
index 3ab728f..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationFailedException.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-/**
- * Thrown if authentication of this client/peer fails.
- *
- * @since GemFire 5.5
- */
-public class AuthenticationFailedException extends GemFireSecurityException {
-private static final long serialVersionUID = -8202866472279088879L;
-
- // TODO Derive from SecurityException
- /**
- * Constructs instance of <code>AuthenticationFailedException</code> with
- * error message.
- *
- * @param message
- * the error message
- */
- public AuthenticationFailedException(String message) {
- super(message);
- }
-
- /**
- * Constructs instance of <code>AuthenticationFailedException</code> with
- * error message and cause.
- *
- * @param message
- * the error message
- * @param cause
- * a <code>Throwable</code> that is a cause of this exception
- */
- public AuthenticationFailedException(String message, Throwable cause) {
- super(message, cause);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
deleted file mode 100644
index f67af39..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/AuthenticationRequiredException.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-/**
- * Thrown if the distributed system is in secure mode and this client/peer has
- * not set the security credentials.
- *
- * @since GemFire 5.5
- */
-public class AuthenticationRequiredException extends GemFireSecurityException {
-private static final long serialVersionUID = 4675976651103154919L;
-
- /**
- * Constructs instance of <code>NotAuthenticatedException</code> with error
- * message.
- *
- * @param message
- * the error message
- */
- public AuthenticationRequiredException(String message) {
- super(message);
- }
-
- /**
- * Constructs instance of <code>NotAuthenticatedException</code> with error
- * message and cause.
- *
- * @param message
- * the error message
- * @param cause
- * a <code>Throwable</code> that is a cause of this exception
- */
- public AuthenticationRequiredException(String message, Throwable cause) {
- super(message, cause);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java b/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
deleted file mode 100644
index f66f092..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/Authenticator.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-import java.util.Properties;
-
-import com.gemstone.gemfire.LogWriter;
-import com.gemstone.gemfire.cache.CacheCallback;
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.distributed.DistributedSystem;
-
-/**
- * Specifies the mechanism to verify credentials for a client or peer.
- * Implementations should register name of the static creation function as the
- * <code>security-peer-authenticator</code> system property with all the
- * locators in the distributed system for peer authentication, and as
- * <code>security-client-authenticator</code> for client authentication. For
- * P2P an object is initialized on the group coordinator for each member during
- * the {@link DistributedSystem#connect(Properties)} call of a new member. For
- * client-server, an object of this class is created for each connection during
- * the client-server handshake.
- *
- * The static creation function should have the following signature:
- * <code>public static Authenticator [method-name]();</code> i.e. it should be
- * a zero argument function.
- *
- * @since GemFire 5.5
- *
- * @deprecated since Geode 1.0, use {@link SecurityManager} instead
- */
-public interface Authenticator extends CacheCallback {
-
- /**
- * Initialize the callback for a client/peer. This is invoked when a new
- * connection from a client/peer is created with the host.
- *
- * @param securityProps
- * the security properties obtained using a call to
- * {@link DistributedSystem#getSecurityProperties}
- * @param systemLogger
- * {@link LogWriter} for system logs
- * @param securityLogger
- * {@link LogWriter} for security logs
- *
- * @throws AuthenticationFailedException
- * if some exception occurs during the initialization
- */
- void init(Properties securityProps, LogWriter systemLogger,
- LogWriter securityLogger) throws AuthenticationFailedException;
-
- default void init(Properties securityProps) throws AuthenticationFailedException{
- init(securityProps, null, null);
- }
-
- /**
- * Verify the credentials provided in the properties for the client/peer as
- * specified in member ID and returns the principal associated with the
- * client/peer.
- *
- * @param props
- * the credentials of the client/peer as a set of property
- * key/values
- * @param member
- * the {@link DistributedMember} object of the connecting
- * client/peer member. NULL when invoked locally on the
- * member initiating the authentication request.
- *
- * @return the principal for the client/peer when authentication succeeded
- *
- * @throws AuthenticationFailedException
- * If the authentication of the client/peer fails.
- */
- Principal authenticate(Properties props, DistributedMember member)
- throws AuthenticationFailedException;
-
- default Principal authenticate(Properties props) throws AuthenticationFailedException{
- return authenticate(props, null);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
deleted file mode 100644
index 049137d..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/GemFireSecurityException.java
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.IOException;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import javax.naming.NamingException;
-
-import com.gemstone.gemfire.GemFireException;
-
-/**
- * The base class for all com.gemstone.gemfire.security package related
- * exceptions.
- *
- * @since GemFire 5.5
- */
-public class GemFireSecurityException extends GemFireException {
-
- private static final long serialVersionUID = 3814254578203076926L;
-
- private Throwable cause;
-
- /**
- * Constructs a new exception with the specified detail message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- */
- public GemFireSecurityException(final String message) {
- this(message, null);
- }
-
- /**
- * Constructs a new exception with the specified cause.
- *
- * <p>Note that the detail message associated with {@code cause} <i>is</i>
- * automatically used as this exception's detail message.
- *
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- */
- public GemFireSecurityException(final Throwable cause) {
- this(cause != null ? cause.getMessage() : null, cause);
- }
-
- /**
- * Constructs a new exception with the specified detail message and cause.
- *
- * <p>If {@code message} is null, then the detail message associated with
- * {@code cause} <i>is</i> automatically used as this exception's detail
- * message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- */
- public GemFireSecurityException(final String message, final Throwable cause) {
- super(message != null ? message : (cause != null ? cause.getMessage() : null));
- this.cause = cause;
- }
-
- @Override
- public final synchronized Throwable getCause() {
- return (this.cause == this ? null : this.cause);
- }
-
- /**
- * Returns true if the provided {@code object} implements {@code Serializable}.
- *
- * @param object the {@code object} to test for implementing {@code Serializable}.
- * @return true if the provided {@code object} implements {@code Serializable}.
- */
- protected final boolean isSerializable(final Object object) {
- if (object == null) {
- return true;
- }
- return Serializable.class.isInstance(object);
- }
-
- /**
- * Returns {@link NamingException#getResolvedObj()} if the {@code cause}
- * is a {@code NamingException}. Returns <tt>null</tt> for any other type
- * of {@code cause}.
- *
- * @return {@code NamingException#getResolvedObj()} if the {@code cause}
- * is a {@code NamingException}.
- */
- protected final Object getResolvedObj() {
- final Throwable thisCause = this.cause;
- if (thisCause != null && NamingException.class.isInstance(thisCause)) {
- return ((NamingException) thisCause).getResolvedObj();
- }
- return null;
- }
-
- private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
- final Object resolvedObj = getResolvedObj();
- if (isSerializable(resolvedObj)) {
- out.defaultWriteObject();
- } else {
- final NamingException namingException = (NamingException) getCause();
- namingException.setResolvedObj(null);
- try {
- out.defaultWriteObject();
- } finally {
- namingException.setResolvedObj(resolvedObj);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java b/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
deleted file mode 100644
index 2e834f8..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/NotAuthorizedException.java
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.io.IOException;
-import java.io.ObjectOutputStream;
-import java.security.Principal;
-import javax.naming.NamingException;
-
-/**
- * Thrown when a client/peer is unauthorized to perform a requested operation.
- *
- * @since GemFire 5.5
- */
-public class NotAuthorizedException extends GemFireSecurityException {
-
- private static final long serialVersionUID = 419215768216387745L;
-
- private Principal principal = null;
-
- /**
- * Constructs a new exception with the specified detail message and
- * principal.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- */
- public NotAuthorizedException(final String message) {
- this(message, null, null);
- }
-
- /**
- * Constructs a new exception with the specified detail message and cause.
- *
- * <p>If {@code message} is null, then the detail message associated with
- * {@code cause} <i>is</i> automatically used as this exception's detail
- * message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- */
- public NotAuthorizedException(final String message, final Throwable cause) {
- this(message, cause, null);
- }
-
- /**
- * Constructs a new exception with the specified detail message and
- * principal.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param principal the principal for which authorization failed.
- * (A <tt>null</tt> value is permitted.)
- */
- public NotAuthorizedException(final String message, final Principal principal) {
- this(message, null, principal);
- }
-
- /**
- * Constructs a new exception with the specified detail message, cause and
- * principal.
- *
- * <p>If {@code message} is null, then the detail message associated with
- * {@code cause} <i>is</i> automatically used as this exception's detail
- * message.
- *
- * @param message the detail message (which is saved for later retrieval
- * by the {@link #getMessage()} method). (A <tt>null</tt> value
- * is permitted.)
- * @param cause the cause (which is saved for later retrieval by the
- * {@link #getCause()} method). (A <tt>null</tt> value is
- * permitted, and indicates that the cause is nonexistent or
- * unknown.)
- * @param principal the principal for which authorization failed.
- * (A <tt>null</tt> value is permitted.)
- */
- public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) {
- super(message, cause);
- this.principal = principal;
- }
-
- /**
- * Returns the {@code principal} for which authorization failed.
- *
- * @return the {@code principal} for which authorization failed.
- */
- public synchronized Principal getPrincipal() {
- return this.principal;
- }
-
- private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
- final Principal thisPrincipal = this.principal;
- if (!isSerializable(thisPrincipal)) {
- this.principal = null;
- }
-
- final Object resolvedObj = getResolvedObj();
- NamingException namingException = null;
- if (!isSerializable(resolvedObj)) {
- namingException = (NamingException) getCause();
- namingException.setResolvedObj(null);
- }
-
- try {
- out.defaultWriteObject();
- } finally {
- this.principal = thisPrincipal;
- if (namingException != null) {
- namingException.setResolvedObj(resolvedObj);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html b/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
deleted file mode 100644
index 7772765..0000000
--- a/geode-core/src/main/java/com/gemstone/gemfire/security/package.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<HTML>
-<BODY>
-
-<P>Provides an API for plugging in authentication and authorization
-for members of a distributed system and clients.
-
-<H3>GemFire security framework</H3>
-The security framework tackles two requirements: authentication of nodes
-and authorization for operations. The authentication piece deals with
-authentication of nodes in a peer-to-peer network as well as of the clients
-that connect to the servers.
-
-<P>
-<I>
-It is not our plan to provide a sophisticated security infrastructure
-built into GemFire. Most enterprise customers have their own authentication
-and entitlement management infrastructure and our plan is make sure the
-framework allows application administrators to delegate the responsibility
-to external providers.
-</I>
-
-</BODY>
-</HTML>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AccessControl.java b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
new file mode 100644
index 0000000..3d22864
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AccessControl.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.cache.operations.OperationContext;
+import com.gemstone.gemfire.distributed.DistributedMember;
+
+/**
+ * Specifies the interface to authorize operations at the cache or region level
+ * for clients or servers. Implementations should register name of the static
+ * creation function as the <code>security-client-accessor</code> system
+ * property with all the servers uniformly in the distributed system for client
+ * authorization. When the <code>security-client-accessor-pp</code> property
+ * is set then the callback mentioned is invoked after the operation completes
+ * successfully and when sending notifications.
+ *
+ * When the registration has been done for a client/peer then an object of this
+ * class is created for each connection from the client/peer and the
+ * <code>authorizeOperation</code> method invoked before/after each operation.
+ *
+ * @since GemFire 5.5
+ *
+ * @deprecated since Geode 1.0, use {@link SecurityManager} instead
+ */
+public interface AccessControl extends CacheCallback {
+
+ /**
+ * Initialize the callback for a client/peer having the given principal.
+ *
+ * This is invoked when a new connection from a client/peer is created with
+ * the host. The callback is expected to store authentication information of
+ * the given principal for the different regions for maximum efficiency when
+ * invoking <code>authorizeOperation</code> in each operation.
+ *
+ * @param principal
+ * the principal associated with the authenticated client or
+ * peer; a null principal implies an unauthenticated client
+ * which should be handled properly by implementations
+ * @param remoteMember
+ * the {@link DistributedMember} object for the remote
+ * authenticated client or peer
+ * @param cache
+ * reference to the cache object
+ *
+ * @throws NotAuthorizedException
+ * if some exception condition happens during the
+ * initialization; in such a case all subsequent client
+ * operations on that connection will throw
+ * <code>NotAuthorizedException</code>
+ */
+ void init(Principal principal, DistributedMember remoteMember,
+ Cache cache) throws NotAuthorizedException;
+
+ default void init(Principal principal, DistributedMember remoteMember) throws NotAuthorizedException {
+ init(principal, remoteMember, null);
+ }
+
+ default void init(Principal principal) throws NotAuthorizedException {
+ init(principal, null, null);
+ }
+
+ /**
+ * Check if the given operation is allowed for the cache/region.
+ *
+ * This method is invoked in each cache and region level operation. It is,
+ * therefore, expected that as far as possible relevant information has been
+ * cached in the <code>init</code> call made when the connection was
+ * established so that this call is as quick as possible.
+ *
+ * @param regionName
+ * When null then it indicates a cache-level operation (i.e.
+ * one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
+ * {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
+ * for the operation.
+ * @param context
+ * When invoked before the operation then the data required by
+ * the operation. When invoked as a post-process filter then it
+ * contains the result of the operation. The data in the
+ * context can be possibly modified by the method.
+ *
+ * @return true if the operation is authorized and false otherwise
+ *
+ */
+ boolean authorizeOperation(String regionName, OperationContext context);
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
new file mode 100644
index 0000000..e92772b
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthInitialize.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
+
+// TODO Add example usage of this interface and configuration details
+/**
+ * Specifies the mechanism to obtain credentials for a client or peer. It is
+ * mandatory for clients and peers when running in secure mode and an
+ * {@link Authenticator} has been configured on the server/locator side
+ * respectively. Implementations should register name of the static creation
+ * function (that returns an object of the class) as the
+ * <i>security-peer-auth-init</i> system property on peers and as the
+ * <i>security-client-auth-init</i> system property on clients.
+ *
+ * @since GemFire 5.5
+ */
+public interface AuthInitialize extends CacheCallback {
+
+ /**
+ * Initialize the callback for a client/peer. This is invoked when a new
+ * connection from a client/peer is created with the host.
+ *
+ * @param systemLogger
+ * {@link LogWriter} for system logs
+ * @param securityLogger
+ * {@link LogWriter} for security logs
+ *
+ * @throws AuthenticationFailedException
+ * if some exception occurs during the initialization
+ *
+ * @deprecated since Geode 1.0, use init()
+ */
+ public void init(LogWriter systemLogger, LogWriter securityLogger)
+ throws AuthenticationFailedException;
+
+ /**
+ * @since Geode 1.0. implement this method instead of init with logwriters.
+ * Implementation should use log4j instead of these loggers.
+ */
+ default public void init(){
+ GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
+ init(cache.getLogger(), cache.getSecurityLogger());
+ }
+ /**
+ * Initialize with the given set of security properties and return the
+ * credentials for the peer/client as properties.
+ *
+ * This method can modify the given set of properties. For example it may
+ * invoke external agents or even interact with the user.
+ *
+ * Normally it is expected that implementations will filter out <i>security-*</i>
+ * properties that are needed for credentials and return only those.
+ *
+ * @param securityProps
+ * the security properties obtained using a call to
+ * {@link DistributedSystem#getSecurityProperties} that will be
+ * used for obtaining the credentials
+ * @param server
+ * the {@link DistributedMember} object of the
+ * server/group-coordinator to which connection is being
+ * attempted
+ * @param isPeer
+ * true when this is invoked for peer initialization and false
+ * when invoked for client initialization
+ *
+ * @throws AuthenticationFailedException
+ * in case of failure to obtain the credentials
+ *
+ * @return the credentials to be used for the given <code>server</code>
+ */
+ public Properties getCredentials(Properties securityProps,
+ DistributedMember server, boolean isPeer)
+ throws AuthenticationFailedException;
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
new file mode 100644
index 0000000..3ab728f
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationFailedException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+/**
+ * Thrown if authentication of this client/peer fails.
+ *
+ * @since GemFire 5.5
+ */
+public class AuthenticationFailedException extends GemFireSecurityException {
+private static final long serialVersionUID = -8202866472279088879L;
+
+ // TODO Derive from SecurityException
+ /**
+ * Constructs instance of <code>AuthenticationFailedException</code> with
+ * error message.
+ *
+ * @param message
+ * the error message
+ */
+ public AuthenticationFailedException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs instance of <code>AuthenticationFailedException</code> with
+ * error message and cause.
+ *
+ * @param message
+ * the error message
+ * @param cause
+ * a <code>Throwable</code> that is a cause of this exception
+ */
+ public AuthenticationFailedException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
new file mode 100644
index 0000000..f67af39
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/AuthenticationRequiredException.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+/**
+ * Thrown if the distributed system is in secure mode and this client/peer has
+ * not set the security credentials.
+ *
+ * @since GemFire 5.5
+ */
+public class AuthenticationRequiredException extends GemFireSecurityException {
+private static final long serialVersionUID = 4675976651103154919L;
+
+ /**
+ * Constructs instance of <code>NotAuthenticatedException</code> with error
+ * message.
+ *
+ * @param message
+ * the error message
+ */
+ public AuthenticationRequiredException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs instance of <code>NotAuthenticatedException</code> with error
+ * message and cause.
+ *
+ * @param message
+ * the error message
+ * @param cause
+ * a <code>Throwable</code> that is a cause of this exception
+ */
+ public AuthenticationRequiredException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/Authenticator.java b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
new file mode 100644
index 0000000..f66f092
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/Authenticator.java
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.security;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import com.gemstone.gemfire.LogWriter;
+import com.gemstone.gemfire.cache.CacheCallback;
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.distributed.DistributedSystem;
+
+/**
+ * Specifies the mechanism to verify credentials for a client or peer.
+ * Implementations should register name of the static creation function as the
+ * <code>security-peer-authenticator</code> system property with all the
+ * locators in the distributed system for peer authentication, and as
+ * <code>security-client-authenticator</code> for client authentication. For
+ * P2P an object is initialized on the group coordinator for each member during
+ * the {@link DistributedSystem#connect(Properties)} call of a new member. For
+ * client-server, an object of this class is created for each connection during
+ * the client-server handshake.
+ *
+ * The static creation function should have the following signature:
+ * <code>public static Authenticator [method-name]();</code> i.e. it should be
+ * a zero argument function.
+ *
+ * @since GemFire 5.5
+ *
+ * @deprecated since Geode 1.0, use {@link SecurityManager} instead
+ */
+public interface Authenticator extends CacheCallback {
+
+ /**
+ * Initialize the callback for a client/peer. This is invoked when a new
+ * connection from a client/peer is created with the host.
+ *
+ * @param securityProps
+ * the security properties obtained using a call to
+ * {@link DistributedSystem#getSecurityProperties}
+ * @param systemLogger
+ * {@link LogWriter} for system logs
+ * @param securityLogger
+ * {@link LogWriter} for security logs
+ *
+ * @throws AuthenticationFailedException
+ * if some exception occurs during the initialization
+ */
+ void init(Properties securityProps, LogWriter systemLogger,
+ LogWriter securityLogger) throws AuthenticationFailedException;
+
+ default void init(Properties securityProps) throws AuthenticationFailedException{
+ init(securityProps, null, null);
+ }
+
+ /**
+ * Verify the credentials provided in the properties for the client/peer as
+ * specified in member ID and returns the principal associated with the
+ * client/peer.
+ *
+ * @param props
+ * the credentials of the client/peer as a set of property
+ * key/values
+ * @param member
+ * the {@link DistributedMember} object of the connecting
+ * client/peer member. NULL when invoked locally on the
+ * member initiating the authentication request.
+ *
+ * @return the principal for the client/peer when authentication succeeded
+ *
+ * @throws AuthenticationFailedException
+ * If the authentication of the client/peer fails.
+ */
+ Principal authenticate(Properties props, DistributedMember member)
+ throws AuthenticationFailedException;
+
+ default Principal authenticate(Properties props) throws AuthenticationFailedException{
+ return authenticate(props, null);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
new file mode 100644
index 0000000..049137d
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/GemFireSecurityException.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import javax.naming.NamingException;
+
+import com.gemstone.gemfire.GemFireException;
+
+/**
+ * The base class for all com.gemstone.gemfire.security package related
+ * exceptions.
+ *
+ * @since GemFire 5.5
+ */
+public class GemFireSecurityException extends GemFireException {
+
+ private static final long serialVersionUID = 3814254578203076926L;
+
+ private Throwable cause;
+
+ /**
+ * Constructs a new exception with the specified detail message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ */
+ public GemFireSecurityException(final String message) {
+ this(message, null);
+ }
+
+ /**
+ * Constructs a new exception with the specified cause.
+ *
+ * <p>Note that the detail message associated with {@code cause} <i>is</i>
+ * automatically used as this exception's detail message.
+ *
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ */
+ public GemFireSecurityException(final Throwable cause) {
+ this(cause != null ? cause.getMessage() : null, cause);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message and cause.
+ *
+ * <p>If {@code message} is null, then the detail message associated with
+ * {@code cause} <i>is</i> automatically used as this exception's detail
+ * message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ */
+ public GemFireSecurityException(final String message, final Throwable cause) {
+ super(message != null ? message : (cause != null ? cause.getMessage() : null));
+ this.cause = cause;
+ }
+
+ @Override
+ public final synchronized Throwable getCause() {
+ return (this.cause == this ? null : this.cause);
+ }
+
+ /**
+ * Returns true if the provided {@code object} implements {@code Serializable}.
+ *
+ * @param object the {@code object} to test for implementing {@code Serializable}.
+ * @return true if the provided {@code object} implements {@code Serializable}.
+ */
+ protected final boolean isSerializable(final Object object) {
+ if (object == null) {
+ return true;
+ }
+ return Serializable.class.isInstance(object);
+ }
+
+ /**
+ * Returns {@link NamingException#getResolvedObj()} if the {@code cause}
+ * is a {@code NamingException}. Returns <tt>null</tt> for any other type
+ * of {@code cause}.
+ *
+ * @return {@code NamingException#getResolvedObj()} if the {@code cause}
+ * is a {@code NamingException}.
+ */
+ protected final Object getResolvedObj() {
+ final Throwable thisCause = this.cause;
+ if (thisCause != null && NamingException.class.isInstance(thisCause)) {
+ return ((NamingException) thisCause).getResolvedObj();
+ }
+ return null;
+ }
+
+ private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
+ final Object resolvedObj = getResolvedObj();
+ if (isSerializable(resolvedObj)) {
+ out.defaultWriteObject();
+ } else {
+ final NamingException namingException = (NamingException) getCause();
+ namingException.setResolvedObj(null);
+ try {
+ out.defaultWriteObject();
+ } finally {
+ namingException.setResolvedObj(resolvedObj);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
new file mode 100644
index 0000000..2e834f8
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/NotAuthorizedException.java
@@ -0,0 +1,134 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security;
+
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+import java.security.Principal;
+import javax.naming.NamingException;
+
+/**
+ * Thrown when a client/peer is unauthorized to perform a requested operation.
+ *
+ * @since GemFire 5.5
+ */
+public class NotAuthorizedException extends GemFireSecurityException {
+
+ private static final long serialVersionUID = 419215768216387745L;
+
+ private Principal principal = null;
+
+ /**
+ * Constructs a new exception with the specified detail message and
+ * principal.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ */
+ public NotAuthorizedException(final String message) {
+ this(message, null, null);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message and cause.
+ *
+ * <p>If {@code message} is null, then the detail message associated with
+ * {@code cause} <i>is</i> automatically used as this exception's detail
+ * message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ */
+ public NotAuthorizedException(final String message, final Throwable cause) {
+ this(message, cause, null);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message and
+ * principal.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param principal the principal for which authorization failed.
+ * (A <tt>null</tt> value is permitted.)
+ */
+ public NotAuthorizedException(final String message, final Principal principal) {
+ this(message, null, principal);
+ }
+
+ /**
+ * Constructs a new exception with the specified detail message, cause and
+ * principal.
+ *
+ * <p>If {@code message} is null, then the detail message associated with
+ * {@code cause} <i>is</i> automatically used as this exception's detail
+ * message.
+ *
+ * @param message the detail message (which is saved for later retrieval
+ * by the {@link #getMessage()} method). (A <tt>null</tt> value
+ * is permitted.)
+ * @param cause the cause (which is saved for later retrieval by the
+ * {@link #getCause()} method). (A <tt>null</tt> value is
+ * permitted, and indicates that the cause is nonexistent or
+ * unknown.)
+ * @param principal the principal for which authorization failed.
+ * (A <tt>null</tt> value is permitted.)
+ */
+ public NotAuthorizedException(final String message, final Throwable cause, final Principal principal) {
+ super(message, cause);
+ this.principal = principal;
+ }
+
+ /**
+ * Returns the {@code principal} for which authorization failed.
+ *
+ * @return the {@code principal} for which authorization failed.
+ */
+ public synchronized Principal getPrincipal() {
+ return this.principal;
+ }
+
+ private synchronized void writeObject(final ObjectOutputStream out) throws IOException {
+ final Principal thisPrincipal = this.principal;
+ if (!isSerializable(thisPrincipal)) {
+ this.principal = null;
+ }
+
+ final Object resolvedObj = getResolvedObj();
+ NamingException namingException = null;
+ if (!isSerializable(resolvedObj)) {
+ namingException = (NamingException) getCause();
+ namingException.setResolvedObj(null);
+ }
+
+ try {
+ out.defaultWriteObject();
+ } finally {
+ this.principal = thisPrincipal;
+ if (namingException != null) {
+ namingException.setResolvedObj(resolvedObj);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/main/java/org/apache/geode/security/package.html
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/security/package.html b/geode-core/src/main/java/org/apache/geode/security/package.html
new file mode 100644
index 0000000..7772765
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/security/package.html
@@ -0,0 +1,39 @@
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<HTML>
+<BODY>
+
+<P>Provides an API for plugging in authentication and authorization
+for members of a distributed system and clients.
+
+<H3>GemFire security framework</H3>
+The security framework tackles two requirements: authentication of nodes
+and authorization for operations. The authentication piece deals with
+authentication of nodes in a peer-to-peer network as well as of the clients
+that connect to the servers.
+
+<P>
+<I>
+It is not our plan to provide a sophisticated security infrastructure
+built into GemFire. Most enterprise customers have their own authentication
+and entitlement management infrastructure and our plan is make sure the
+framework allows application administrators to delegate the responsibility
+to external providers.
+</I>
+
+</BODY>
+</HTML>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
deleted file mode 100644
index fd38814..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AbstractSecureServerDUnitTest.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-import static org.assertj.core.api.Assertions.*;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-
-import org.apache.geode.security.templates.SampleSecurityManager;
-import org.assertj.core.api.ThrowableAssert.ThrowingCallable;
-import org.junit.Before;
-
-import com.gemstone.gemfire.cache.Cache;
-import com.gemstone.gemfire.cache.CacheFactory;
-import com.gemstone.gemfire.cache.Region;
-import com.gemstone.gemfire.cache.RegionShortcut;
-import com.gemstone.gemfire.cache.client.ClientCache;
-import com.gemstone.gemfire.cache.client.ClientCacheFactory;
-import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
-import com.gemstone.gemfire.cache.server.CacheServer;
-import com.gemstone.gemfire.distributed.*;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-import com.gemstone.gemfire.test.dunit.Host;
-import com.gemstone.gemfire.test.dunit.Invoke;
-import com.gemstone.gemfire.test.dunit.VM;
-import com.gemstone.gemfire.test.dunit.cache.internal.JUnit4CacheTestCase;
-
-public class AbstractSecureServerDUnitTest extends JUnit4CacheTestCase {
-
- protected static final String REGION_NAME = "AuthRegion";
-
- protected VM client1 = null;
- protected VM client2 = null;
- protected VM client3 = null;
- protected int serverPort;
-
- // child classes can customize these parameters
- protected Class postProcessor = null;
- protected boolean pdxPersistent = false;
- protected int jmxPort = 0;
- protected int restPort = 0;
- protected Map<String, Object> values;
- protected volatile Properties dsProperties;
-
- public AbstractSecureServerDUnitTest(){
- values = new HashMap();
- for(int i=0; i<5; i++){
- values.put("key"+i, "value"+i);
- }
- }
-
- @Before
- public void before() throws Exception {
- final Host host = Host.getHost(0);
- this.client1 = host.getVM(1);
- this.client2 = host.getVM(2);
- this.client3 = host.getVM(3);
-
- Properties props = new Properties();
- props.setProperty(SampleSecurityManager.SECURITY_JSON, "com/gemstone/gemfire/management/internal/security/clientServer.json");
- props.setProperty(SECURITY_MANAGER, SampleSecurityManager.class.getName());
-// props.setProperty(SECURITY_SHIRO_INIT, "shiro.ini");
- props.setProperty(LOCATORS, "");
- props.setProperty(MCAST_PORT, "0");
- if (postProcessor!=null) {
- props.setProperty(SECURITY_POST_PROCESSOR, postProcessor.getName());
- }
- props.setProperty(SECURITY_LOG_LEVEL, "finest");
-
- props.setProperty("security-pdx", pdxPersistent+"");
- if(jmxPort>0){
- props.put(JMX_MANAGER, "true");
- props.put(JMX_MANAGER_START, "true");
- props.put(JMX_MANAGER_PORT, String.valueOf(jmxPort));
- }
-
- if(restPort>0){
- props.setProperty(START_DEV_REST_API, "true");
- props.setProperty(HTTP_SERVICE_BIND_ADDRESS, "localhost");
- props.setProperty(HTTP_SERVICE_PORT, restPort+"");
- }
-
- props.put(ConfigurationProperties.ENABLE_NETWORK_PARTITION_DETECTION, "false");
-
- this.dsProperties = props;
-
- getSystem(props);
-
- CacheFactory cf = new CacheFactory();
- cf.setPdxPersistent(pdxPersistent);
- cf.setPdxReadSerialized(pdxPersistent);
- Cache cache = getCache(cf);
-
- Region region = cache.createRegionFactory(RegionShortcut.REPLICATE).create(REGION_NAME);
-
- CacheServer server = cache.addCacheServer();
- server.setPort(0);
- server.start();
-
- this.serverPort = server.getPort();
-
- for(Entry entry:values.entrySet()){
- region.put(entry.getKey(), entry.getValue());
- }
- }
-
- @Override
- public Properties getDistributedSystemProperties() {
- return dsProperties;
- }
-
- @Override
- public void preTearDownCacheTestCase() throws Exception {
- Invoke.invokeInEveryVM(()->closeCache());
- closeCache();
- }
-
- public static void assertNotAuthorized(ThrowingCallable shouldRaiseThrowable, String permString) {
- assertThatThrownBy(shouldRaiseThrowable).hasMessageContaining(permString);
- }
-
- public static Properties createClientProperties(String userName, String password) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, password);
- props.setProperty(LOG_LEVEL, "fine");
- props.setProperty(LOCATORS, "");
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(SECURITY_CLIENT_AUTH_INIT, UserPasswordAuthInit.class.getName() + ".create");
- props.setProperty(SECURITY_LOG_LEVEL, "finest");
- return props;
- }
-
- public static ClientCache createClientCache(String username, String password, int serverPort){
- ClientCache cache = new ClientCacheFactory(createClientProperties(username, password))
- .setPoolSubscriptionEnabled(true)
- .addPoolServer("localhost", serverPort)
- .create();
-
- cache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME);
- return cache;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9d7a6960/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
deleted file mode 100644
index dbc782f..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
-import com.gemstone.gemfire.test.junit.categories.FlakyTest;
-import com.gemstone.gemfire.test.junit.categories.SecurityTest;
-
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-/**
- * Test for authentication from client to server. This tests for both valid and
- * invalid credentials/modules. It also checks for authentication
- * success/failure in case of failover and for the notification channel.
- *
- * @since GemFire 5.5
- */
-@Category({ DistributedTest.class, SecurityTest.class })
-public class ClientAuthenticationDUnitTest extends ClientAuthenticationTestCase {
-
- @Test
- public void testValidCredentials() throws Exception {
- doTestValidCredentials(false);
- }
-
- @Test
- public void testNoCredentials() throws Exception {
- doTestNoCredentials(false);
- }
-
- @Test
- public void testInvalidCredentials() throws Exception {
- doTestInvalidCredentials(false);
- }
-
- @Test
- public void testInvalidAuthInit() throws Exception {
- doTestInvalidAuthInit(false);
- }
-
- @Test
- public void testNoAuthInitWithCredentials() throws Exception {
- doTestNoAuthInitWithCredentials(false);
- }
-
- @Test
- public void testInvalidAuthenticator() throws Exception {
- doTestInvalidAuthenticator(false);
- }
-
- @Test
- public void testNoAuthenticatorWithCredentials() throws Exception {
- doTestNoAuthenticatorWithCredentials(false);
- }
-
- @Test
- public void testCredentialsWithFailover() throws Exception {
- doTestCredentialsWithFailover(false);
- }
-
- @Category(FlakyTest.class) // GEODE-838: random ports, thread sleeps, time sensitive
- @Test
- public void testCredentialsForNotifications() throws Exception {
- doTestCredentialsForNotifications(false);
- }
-
- @Ignore("Disabled for unknown reason")
- @Test
- public void testValidCredentialsForMultipleUsers() throws Exception {
- doTestValidCredentials(true);
- }
-}