You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by bs...@apache.org on 2017/08/15 23:10:52 UTC
[41/50] [abbrv] geode git commit: GEODE-3249: Validate internal
client/server messages
GEODE-3249: Validate internal client/server messages
Work in progress.
Messages that could harm a server now send credentials.
TODO: perform authorization checks on the server
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/6c2ea4ac
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/6c2ea4ac
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/6c2ea4ac
Branch: refs/heads/feature/GEODE-3249
Commit: 6c2ea4ac87298feedd44df40aa3df1899a0f6880
Parents: e07b5c1
Author: Bruce Schuchardt <bs...@pivotal.io>
Authored: Fri Aug 4 15:22:38 2017 -0700
Committer: Bruce Schuchardt <bs...@pivotal.io>
Committed: Tue Aug 15 15:33:59 2017 -0700
----------------------------------------------------------------------
.../geode/cache/client/internal/AbstractOp.java | 94 ++++++++++----------
.../cache/client/internal/AddPDXEnumOp.java | 14 ---
.../cache/client/internal/AddPDXTypeOp.java | 14 ---
.../client/internal/GetFunctionAttributeOp.java | 13 ---
.../cache/client/internal/GetPDXEnumByIdOp.java | 14 ---
.../cache/client/internal/GetPDXEnumsOp.java | 13 ---
.../client/internal/GetPDXIdForEnumOp.java | 13 ---
.../client/internal/GetPDXIdForTypeOp.java | 14 ---
.../cache/client/internal/GetPDXTypeByIdOp.java | 13 ---
.../cache/client/internal/GetPDXTypesOp.java | 13 ---
.../internal/RegisterDataSerializersOp.java | 13 ---
.../internal/RegisterInstantiatorsOp.java | 13 ---
.../internal/cache/tier/sockets/Message.java | 1 +
.../cache/tier/sockets/ServerConnection.java | 50 ++++++-----
.../cache/tier/sockets/command/AddPdxType.java | 1 +
.../tier/sockets/command/GetPDXIdForType.java | 1 +
.../security/ClientAuthenticationTestCase.java | 68 ++++++++++++++
.../security/ClientAuthorizationTestCase.java | 2 +-
.../geode/security/SecurityTestUtils.java | 3 +-
19 files changed, 149 insertions(+), 218 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/AbstractOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/AbstractOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/AbstractOp.java
index c4035f9..5f44058 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/AbstractOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/AbstractOp.java
@@ -140,44 +140,26 @@ public abstract class AbstractOp implements Op {
}
/**
- * Attempts to read a response to this operation by reading it from the given connection, and
- * returning it.
- *
- * @param cnx the connection to read the response from
- * @return the result of the operation or <code>null</code> if the operation has no result.
- * @throws Exception if the execute failed
+ * New implementations of AbstractOp should override this method to return false if the
+ * implementation should be excluded from client authentication. e.g. PingOp#needsUserId()
+ * <P/>
+ * Also, such an operation's <code>MessageType</code> must be added in the 'if' condition in
+ * {@link ServerConnection#updateAndGetSecurityPart()}
+ *
+ * @return boolean
+ * @see AbstractOp#sendMessage(Connection)
+ * @see AbstractOp#processSecureBytes(Connection, Message)
+ * @see ServerConnection#updateAndGetSecurityPart()
*/
- protected Object attemptReadResponse(Connection cnx) throws Exception {
- Message msg = createResponseMessage();
- if (msg != null) {
- msg.setComms(cnx.getSocket(), cnx.getInputStream(), cnx.getOutputStream(),
- cnx.getCommBuffer(), cnx.getStats());
- if (msg instanceof ChunkedMessage) {
- try {
- return processResponse(msg, cnx);
- } finally {
- msg.unsetComms();
- processSecureBytes(cnx, msg);
- }
- } else {
- try {
- msg.recv();
- } finally {
- msg.unsetComms();
- processSecureBytes(cnx, msg);
- }
- return processResponse(msg, cnx);
- }
- } else {
- return null;
- }
+ protected boolean needsUserId() {
+ return true;
}
/**
* New implementations of AbstractOp should override this method if the implementation should be
* excluded from client authentication. e.g. PingOp#processSecureBytes(Connection cnx, Message
* message)
- *
+ *
* @see AbstractOp#sendMessage(Connection)
* @see AbstractOp#needsUserId()
* @see ServerConnection#updateAndGetSecurityPart()
@@ -206,6 +188,40 @@ public abstract class AbstractOp implements Op {
}
/**
+ * Attempts to read a response to this operation by reading it from the given connection, and
+ * returning it.
+ *
+ * @param cnx the connection to read the response from
+ * @return the result of the operation or <code>null</code> if the operation has no result.
+ * @throws Exception if the execute failed
+ */
+ protected Object attemptReadResponse(Connection cnx) throws Exception {
+ Message msg = createResponseMessage();
+ if (msg != null) {
+ msg.setComms(cnx.getSocket(), cnx.getInputStream(), cnx.getOutputStream(),
+ cnx.getCommBuffer(), cnx.getStats());
+ if (msg instanceof ChunkedMessage) {
+ try {
+ return processResponse(msg, cnx);
+ } finally {
+ msg.unsetComms();
+ processSecureBytes(cnx, msg);
+ }
+ } else {
+ try {
+ msg.recv();
+ } finally {
+ msg.unsetComms();
+ processSecureBytes(cnx, msg);
+ }
+ return processResponse(msg, cnx);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ /**
* By default just create a normal one part msg. Subclasses can override this.
*/
protected Message createResponseMessage() {
@@ -405,22 +421,6 @@ public abstract class AbstractOp implements Op {
protected abstract void endAttempt(ConnectionStats stats, long start);
/**
- * New implementations of AbstractOp should override this method to return false if the
- * implementation should be excluded from client authentication. e.g. PingOp#needsUserId()
- * <P/>
- * Also, such an operation's <code>MessageType</code> must be added in the 'if' condition in
- * {@link ServerConnection#updateAndGetSecurityPart()}
- *
- * @return boolean
- * @see AbstractOp#sendMessage(Connection)
- * @see AbstractOp#processSecureBytes(Connection, Message)
- * @see ServerConnection#updateAndGetSecurityPart()
- */
- protected boolean needsUserId() {
- return true;
- }
-
- /**
* Subclasses for AbstractOp should override this method to return false in this message should
* not participate in any existing transaction
*
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXEnumOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXEnumOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXEnumOp.java
index ca7790a..857d1d3 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXEnumOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXEnumOp.java
@@ -75,25 +75,11 @@ public class AddPDXEnumOp {
stats.endAddPdxType(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
// Don't send the transaction id for this message type.
@Override
protected boolean participateInTransaction() {
return false;
}
- // override since this is not a message subject to security
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXTypeOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXTypeOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXTypeOp.java
index 88c8551..4eb137d 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXTypeOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/AddPDXTypeOp.java
@@ -75,25 +75,11 @@ public class AddPDXTypeOp {
stats.endAddPdxType(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
// Don't send the transaction id for this message type.
@Override
protected boolean participateInTransaction() {
return false;
}
- // override since this is not a message subject to security
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetFunctionAttributeOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetFunctionAttributeOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetFunctionAttributeOp.java
index c7edbfe..dea49a2 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetFunctionAttributeOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetFunctionAttributeOp.java
@@ -63,18 +63,5 @@ public class GetFunctionAttributeOp {
stats.endGet(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumByIdOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumByIdOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumByIdOp.java
index 7bbf740..dc94fe5 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumByIdOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumByIdOp.java
@@ -72,24 +72,10 @@ public class GetPDXEnumByIdOp {
stats.endGetPDXTypeById(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
// Don't send the transaction id for this message type.
@Override
protected boolean participateInTransaction() {
return false;
}
-
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumsOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumsOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumsOp.java
index be4c092..3158eb3 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumsOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXEnumsOp.java
@@ -84,22 +84,9 @@ public class GetPDXEnumsOp {
protected void endAttempt(ConnectionStats stats, long start) {}
@Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
- @Override
protected boolean participateInTransaction() {
return false;
}
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForEnumOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForEnumOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForEnumOp.java
index d87371c..9ad85f0 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForEnumOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForEnumOp.java
@@ -94,24 +94,11 @@ public class GetPDXIdForEnumOp {
stats.endGetPDXTypeById(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
// Don't send the transaction id for this message type.
@Override
protected boolean participateInTransaction() {
return false;
}
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForTypeOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForTypeOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForTypeOp.java
index 27f600e..cc0cd65 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForTypeOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXIdForTypeOp.java
@@ -93,24 +93,10 @@ public class GetPDXIdForTypeOp {
stats.endGetPDXTypeById(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
// Don't send the transaction id for this message type.
@Override
protected boolean participateInTransaction() {
return false;
}
-
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypeByIdOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypeByIdOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypeByIdOp.java
index bee50b5..826d4cd 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypeByIdOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypeByIdOp.java
@@ -72,24 +72,11 @@ public class GetPDXTypeByIdOp {
stats.endGetPDXTypeById(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
// Don't send the transaction id for this message type.
@Override
protected boolean participateInTransaction() {
return false;
}
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypesOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypesOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypesOp.java
index 5256924..9186680 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypesOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/GetPDXTypesOp.java
@@ -84,22 +84,9 @@ public class GetPDXTypesOp {
protected void endAttempt(ConnectionStats stats, long start) {}
@Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
- @Override
protected boolean participateInTransaction() {
return false;
}
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterDataSerializersOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterDataSerializersOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterDataSerializersOp.java
index 5b25961..b40a840 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterDataSerializersOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterDataSerializersOp.java
@@ -117,18 +117,5 @@ public class RegisterDataSerializersOp {
stats.endRegisterDataSerializers(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterInstantiatorsOp.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterInstantiatorsOp.java b/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterInstantiatorsOp.java
index 114bebe..40ce619 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterInstantiatorsOp.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/RegisterInstantiatorsOp.java
@@ -150,18 +150,5 @@ public class RegisterInstantiatorsOp {
stats.endRegisterInstantiators(start, hasTimedOut(), hasFailed());
}
- @Override
- protected void processSecureBytes(Connection cnx, Message message) throws Exception {}
-
- @Override
- protected boolean needsUserId() {
- return false;
- }
-
- @Override
- protected void sendMessage(Connection cnx) throws Exception {
- getMessage().clearMessageHasSecurePartFlag();
- getMessage().send(false);
- }
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Message.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Message.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Message.java
index 1f9ef91..b7835a3 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Message.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Message.java
@@ -1029,6 +1029,7 @@ public class Message {
sb.append("type=").append(MessageType.getString(this.messageType));
sb.append("; payloadLength=").append(this.payloadLength);
sb.append("; numberOfParts=").append(this.numberOfParts);
+ sb.append("; hasSecurePart=").append(isSecureMode());
sb.append("; transactionId=").append(this.transactionId);
sb.append("; currentPart=").append(this.currentPart);
sb.append("; messageModified=").append(this.messageModified);
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
index 870d0ff..7af6da8 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ServerConnection.java
@@ -1082,33 +1082,39 @@ public abstract class ServerConnection implements Runnable {
}
private boolean isInternalMessage() {
- return (this.requestMsg.messageType == MessageType.CLIENT_READY
- || this.requestMsg.messageType == MessageType.CLOSE_CONNECTION
- || this.requestMsg.messageType == MessageType.GETCQSTATS_MSG_TYPE
- || this.requestMsg.messageType == MessageType.GET_CLIENT_PARTITION_ATTRIBUTES
- || this.requestMsg.messageType == MessageType.GET_CLIENT_PR_METADATA
- || this.requestMsg.messageType == MessageType.INVALID
- || this.requestMsg.messageType == MessageType.MAKE_PRIMARY
- || this.requestMsg.messageType == MessageType.MONITORCQ_MSG_TYPE
- || this.requestMsg.messageType == MessageType.PERIODIC_ACK
- || this.requestMsg.messageType == MessageType.PING
- || this.requestMsg.messageType == MessageType.REGISTER_DATASERIALIZERS
- || this.requestMsg.messageType == MessageType.REGISTER_INSTANTIATORS
+ return this.requestMsg.messageType == MessageType.PING
+ || this.requestMsg.messageType == MessageType.USER_CREDENTIAL_MESSAGE
|| this.requestMsg.messageType == MessageType.REQUEST_EVENT_VALUE
- || this.requestMsg.messageType == MessageType.ADD_PDX_TYPE
- || this.requestMsg.messageType == MessageType.GET_PDX_ID_FOR_TYPE
- || this.requestMsg.messageType == MessageType.GET_PDX_TYPE_BY_ID
+ || this.requestMsg.messageType == MessageType.MAKE_PRIMARY
+ || this.requestMsg.messageType == MessageType.REMOVE_USER_AUTH
+ || this.requestMsg.messageType == MessageType.CLIENT_READY
|| this.requestMsg.messageType == MessageType.SIZE
|| this.requestMsg.messageType == MessageType.TX_FAILOVER
|| this.requestMsg.messageType == MessageType.TX_SYNCHRONIZATION
- || this.requestMsg.messageType == MessageType.GET_FUNCTION_ATTRIBUTES
- || this.requestMsg.messageType == MessageType.ADD_PDX_ENUM
- || this.requestMsg.messageType == MessageType.GET_PDX_ID_FOR_ENUM
- || this.requestMsg.messageType == MessageType.GET_PDX_ENUM_BY_ID
- || this.requestMsg.messageType == MessageType.GET_PDX_TYPES
- || this.requestMsg.messageType == MessageType.GET_PDX_ENUMS
|| this.requestMsg.messageType == MessageType.COMMIT
- || this.requestMsg.messageType == MessageType.ROLLBACK);
+ || this.requestMsg.messageType == MessageType.ROLLBACK
+ || this.requestMsg.messageType == MessageType.CLOSE_CONNECTION
+ || this.requestMsg.messageType == MessageType.INVALID
+ || this.requestMsg.messageType == MessageType.PERIODIC_ACK
+ || this.requestMsg.messageType == MessageType.GET_CLIENT_PARTITION_ATTRIBUTES
+ ;
+
+// || this.requestMsg.messageType == MessageType.GETCQSTATS_MSG_TYPE
+// || this.requestMsg.messageType == MessageType.GET_CLIENT_PR_METADATA
+// || this.requestMsg.messageType == MessageType.MAKE_PRIMARY
+// || this.requestMsg.messageType == MessageType.MONITORCQ_MSG_TYPE
+// || this.requestMsg.messageType == MessageType.REGISTER_DATASERIALIZERS
+// || this.requestMsg.messageType == MessageType.REGISTER_INSTANTIATORS
+// || this.requestMsg.messageType == MessageType.ADD_PDX_TYPE
+// || this.requestMsg.messageType == MessageType.GET_PDX_ID_FOR_TYPE
+// || this.requestMsg.messageType == MessageType.GET_PDX_TYPE_BY_ID
+// || this.requestMsg.messageType == MessageType.SIZE
+// || this.requestMsg.messageType == MessageType.GET_FUNCTION_ATTRIBUTES
+// || this.requestMsg.messageType == MessageType.ADD_PDX_ENUM
+// || this.requestMsg.messageType == MessageType.GET_PDX_ID_FOR_ENUM
+// || this.requestMsg.messageType == MessageType.GET_PDX_ENUM_BY_ID
+// || this.requestMsg.messageType == MessageType.GET_PDX_TYPES
+// || this.requestMsg.messageType == MessageType.GET_PDX_ENUMS
}
public void run() {
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
index cb4b261..041e12f 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/AddPdxType.java
@@ -24,6 +24,7 @@ import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
import org.apache.geode.internal.cache.tier.sockets.Message;
import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.pdx.internal.PdxType;
import org.apache.geode.pdx.internal.TypeRegistry;
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java
index caa0661..f2172ef 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/command/GetPDXIdForType.java
@@ -22,6 +22,7 @@ import org.apache.geode.internal.cache.tier.MessageType;
import org.apache.geode.internal.cache.tier.sockets.BaseCommand;
import org.apache.geode.internal.cache.tier.sockets.Message;
import org.apache.geode.internal.cache.tier.sockets.ServerConnection;
+import org.apache.geode.internal.security.AuthorizeRequest;
import org.apache.geode.internal.security.SecurityService;
import org.apache.geode.pdx.internal.PdxType;
import org.apache.geode.pdx.internal.TypeRegistry;
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
index 1293aff..d37902c 100644
--- a/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthenticationTestCase.java
@@ -24,11 +24,22 @@ import static org.apache.geode.test.dunit.IgnoredException.*;
import static org.apache.geode.test.dunit.LogWriterUtils.*;
import static org.apache.geode.test.dunit.Wait.*;
+import java.io.DataInput;
+import java.io.DataOutput;
import java.io.IOException;
import java.util.Properties;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
+import org.apache.geode.DataSerializer;
+import org.apache.geode.cache.client.Pool;
+import org.apache.geode.cache.client.PoolManager;
+import org.apache.geode.cache.client.internal.ExecutablePool;
+import org.apache.geode.cache.client.internal.RegisterDataSerializersOp;
+import org.apache.geode.internal.HeapDataOutputStream;
+import org.apache.geode.internal.InternalDataSerializer;
+import org.apache.geode.internal.Version;
+import org.apache.geode.internal.cache.EventID;
import org.apache.geode.security.generator.CredentialGenerator;
import org.apache.geode.security.generator.DummyCredentialGenerator;
import org.apache.geode.test.dunit.Host;
@@ -52,6 +63,37 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest
{AuthenticationRequiredException.class.getName(),
AuthenticationFailedException.class.getName(), SSLHandshakeException.class.getName()};
+
+ public static enum Color {
+ red, orange, yellow, green, blue, indigo, violet
+ }
+
+
+ public static class MyDataSerializer extends DataSerializer {
+ public MyDataSerializer() {}
+
+ @Override
+ public Class<?>[] getSupportedClasses() {
+ return new Class[]{Color.class};
+ }
+
+ public int getId() {
+ return 1073741824;
+ }
+
+ @Override
+ public boolean toData(Object object, DataOutput output) {
+ return true;
+ }
+
+ @Override
+ public Object fromData(DataInput in) throws IOException, ClassNotFoundException {
+ return Color.red;
+ }
+ }
+
+
+
@Override
public final void postSetUp() throws Exception {
final Host host = Host.getHost(0);
@@ -170,6 +212,32 @@ public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTest
client2.invoke(
() -> createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION));
}
+
+ if (!gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) {
+ // Try to register a PDX type with the server
+ client2.invoke("register a PDX type", () -> {
+ HeapDataOutputStream outputStream = new HeapDataOutputStream(100, Version.CURRENT);
+ try {
+ DataSerializer.writeObject(new Employee(106l, "David", "Copperfield"), outputStream);
+ throw new Error("operation should have been rejected");
+ } catch (UnsupportedOperationException e) {
+ // "UnsupportedOperationException: Use Pool APIs for doing operations when multiuser-secure-mode-enabled is set to true."
+ }
+ });
+
+ // Try to register a DataSerializer with the server
+ client2.invoke("register a data serializer", () -> {
+ EventID eventId = InternalDataSerializer.generateEventId();
+ Pool pool = PoolManager.getAll().values().iterator().next();
+ try {
+ RegisterDataSerializersOp.execute((ExecutablePool)pool, new DataSerializer[]{new MyDataSerializer()}, eventId);
+ throw new Error("operation should have been rejected");
+ } catch (UnsupportedOperationException e) {
+ // "UnsupportedOperationException: Use Pool APIs for doing operations when multiuser-secure-mode-enabled is set to true."
+ }
+ });
+ }
+
}
protected void doTestInvalidCredentials(final boolean multiUser) throws Exception {
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java b/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
index 9d3f721..3910a5a 100644
--- a/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
+++ b/geode-core/src/test/java/org/apache/geode/security/ClientAuthorizationTestCase.java
@@ -288,7 +288,7 @@ public abstract class ClientAuthorizationTestCase extends JUnit4DistributedTestC
final int numOps = indices.length;
System.out.println("Got doOp for op: " + op.toString() + ", numOps: " + numOps + ", indices: "
- + indicesToString(indices) + ", expect: " + expectedResult);
+ + indicesToString(indices) + ", expect: " + expectedResult + " flags: " + OpFlags.description(flags));
boolean exceptionOccurred = false;
boolean breakLoop = false;
http://git-wip-us.apache.org/repos/asf/geode/blob/6c2ea4ac/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
index b1c0907..e69f36d 100644
--- a/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
+++ b/geode-core/src/test/java/org/apache/geode/security/SecurityTestUtils.java
@@ -1825,7 +1825,7 @@ public class SecurityTestUtils {
// ------------------------------- inner classes ----------------------------
- private static class Employee implements PdxSerializable {
+ public static class Employee implements PdxSerializable {
private Long Id;
private String fname;
@@ -1854,4 +1854,5 @@ public class SecurityTestUtils {
out.writeString("lname", lname);
}
}
+
}